Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/s3lA0MAgl_9U9t7jMHY5cTJ15XA.roa
File:                     s3lA0MAgl_9U9t7jMHY5cTJ15XA.roa (raw, json)
Hash identifier:          aLPdtF3emwlcQnSRlhX0RYAJlCKlpRQmQZkWzKb9scU=
Subject key identifier:   B3:79:40:D0:C0:20:97:FF:54:F6:DE:E3:30:76:39:71:32:75:E5:70
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018AB9079A37206CB055A3F34E8D0290B3FC
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/s3lA0MAgl_9U9t7jMHY5cTJ15XA.roa
Signing time:             Thu 21 Sep 2023 18:36:37 +0000
ROA not before:           Thu 21 Sep 2023 18:36:37 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     200993
IP address blocks:        2a0e:97c0:5d0::/44 maxlen: 48
                          2a0e:b107:279d::/48 maxlen: 48
                          2a0e:b107:279a::/48 maxlen: 48
                          2a0e:b107:278a::/48 maxlen: 48
                          2a0e:b107:279f::/48 maxlen: 48
                          2a0e:b107:2691::/48 maxlen: 48
                          2a0e:b107:2799::/48 maxlen: 48
                          2a0e:b107:279e::/48 maxlen: 48

Validation:               Failed, certificate revoked on Wed 27 Dec 2023 23:35:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:b9:07:9a:37:20:6c:b0:55:a3:f3:4e:8d:02:90:b3:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Sep 21 18:36:37 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b37940d0c02097ff54f6dee3307639713275e570
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:b9:fc:5a:68:73:b6:fb:a3:11:0b:04:fc:de:
                    47:2a:c7:63:fb:c0:98:ad:73:7b:62:73:ee:5e:46:
                    6b:7d:9c:b7:20:30:5a:c0:b9:d2:8b:15:e6:4a:34:
                    4c:ef:a1:9c:d5:c0:18:42:5f:68:56:c2:ad:a5:87:
                    0b:6a:df:a0:80:af:4b:1d:92:8e:35:c2:e3:bd:f7:
                    d1:03:5b:9f:e3:96:5f:ed:1e:4d:54:ed:30:6b:94:
                    bd:f5:1e:8b:83:5d:44:79:95:dd:28:5f:08:1b:06:
                    0d:14:c5:fb:bd:6b:26:ed:78:69:66:76:5a:db:24:
                    45:ca:aa:a9:5d:64:00:24:58:06:81:5e:51:ff:34:
                    2c:05:2e:f6:ec:df:02:66:07:ed:ed:33:bb:36:29:
                    e8:c3:47:b8:77:1e:c0:41:71:de:a9:33:97:41:af:
                    53:e1:a6:c6:d7:fb:a1:87:87:0d:74:1f:fa:af:23:
                    95:34:46:37:68:73:f0:55:4e:61:70:79:0d:0a:36:
                    4c:77:ab:3f:54:4f:e2:b4:c5:79:c1:d0:cf:4e:f5:
                    be:63:c4:6f:fc:d3:cf:cd:18:25:de:dd:1a:57:fc:
                    1e:e2:51:60:6d:18:7f:09:59:65:0c:51:35:c1:03:
                    7a:6a:14:9b:3b:74:ad:42:3c:6a:b1:2d:fd:9a:ff:
                    b5:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:79:40:D0:C0:20:97:FF:54:F6:DE:E3:30:76:39:71:32:75:E5:70
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/s3lA0MAgl_9U9t7jMHY5cTJ15XA.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:97c0:5d0::/44
                  2a0e:b107:2691::/48
                  2a0e:b107:278a::/48
                  2a0e:b107:2799::-2a0e:b107:279a:ffff:ffff:ffff:ffff:ffff
                  2a0e:b107:279d::-2a0e:b107:279f:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         45:59:92:e6:72:74:65:b6:0e:a9:b7:86:ed:12:7d:a3:d1:b9:
         ca:2f:6b:b8:b0:c2:c2:9d:d3:62:d2:47:2c:04:17:62:80:2b:
         a3:55:27:f3:c6:ae:05:27:21:1f:aa:6c:4f:c6:c4:28:ea:6c:
         f6:86:9a:e7:26:b1:9f:8d:a0:28:bc:9e:ee:be:4e:3e:9a:53:
         20:f7:1e:7d:92:a0:d4:7a:52:f0:55:8e:ca:6b:56:67:4c:c2:
         0b:b0:13:35:57:59:6c:4d:13:41:ab:fc:78:30:c6:06:ff:f9:
         eb:a5:08:79:bc:66:32:93:a4:2d:ea:9d:e6:b4:0f:a9:60:39:
         89:1e:54:d2:16:d9:0d:46:5d:90:de:38:4d:21:a9:cd:94:c0:
         92:9b:63:30:e9:b8:2f:bf:03:d7:d0:7d:c7:45:98:10:ab:0c:
         05:bc:7d:a5:e5:4b:25:90:15:c6:d9:c8:71:06:d4:59:1c:65:
         7d:55:dd:d6:37:5c:85:62:36:16:59:ec:a4:d8:db:08:fb:b9:
         23:c7:5e:77:45:46:1c:76:6d:79:4e:7b:8a:01:7d:16:ac:30:
         72:3b:8a:64:18:8c:ef:d1:2a:60:b5:08:07:c3:91:83:5d:5f:
         85:1f:28:51:29:09:77:9d:34:48:ea:fe:fc:de:a4:a2:54:be:
         4e:7e:d1:8e
-----BEGIN CERTIFICATE-----
MIIFOjCCBCKgAwIBAgISAYq5B5o3IGywVaPzTo0CkLP8MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjMwOTIxMTgzNjM3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiMzc5NDBkMGMwMjA5N2ZmNTRmNmRlZTMzMDc2Mzk3MTMyNzVlNTcwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA2bn8WmhztvujEQsE/N5HKsdj+8CY
rXN7YnPuXkZrfZy3IDBawLnSixXmSjRM76Gc1cAYQl9oVsKtpYcLat+ggK9LHZKO
NcLjvffRA1uf45Zf7R5NVO0wa5S99R6Lg11EeZXdKF8IGwYNFMX7vWsm7XhpZnZa
2yRFyqqpXWQAJFgGgV5R/zQsBS727N8CZgft7TO7Ninow0e4dx7AQXHeqTOXQa9T
4abG1/uhh4cNdB/6ryOVNEY3aHPwVU5hcHkNCjZMd6s/VE/itMV5wdDPTvW+Y8Rv
/NPPzRgl3t0aV/we4lFgbRh/CVllDFE1wQN6ahSbO3StQjxqsS39mv+1+QIDAQAB
o4ICRjCCAkIwHQYDVR0OBBYEFLN5QNDAIJf/VPbe4zB2OXEydeVwMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvczNsQTBNQWdsXzlVOXQ3ak1IWTVjVEoxNVhBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFwGCCsGAQUFBwEHAQH/BE0wSzBJBAIAAjBDAwcEKg6XwAXQ
AwcAKg6xByaRAwcAKg6xByeKMBIDBwAqDrEHJ5kDBwAqDrEHJ5owEgMHACoOsQcn
nQMHBSoOsQcngDANBgkqhkiG9w0BAQsFAAOCAQEARVmS5nJ0ZbYOqbeG7RJ9o9G5
yi9ruLDCwp3TYtJHLAQXYoAro1Un88auBSchH6psT8bEKOps9oaa5yaxn42gKLye
7r5OPppTIPcefZKg1HpS8FWOymtWZ0zCC7ATNVdZbE0TQav8eDDGBv/566UIebxm
MpOkLeqd5rQPqWA5iR5U0hbZDUZdkN44TSGpzZTAkptjMOm4L78D19B9x0WYEKsM
Bbx9peVLJZAVxtnIcQbUWRxlfVXd1jdchWI2FlnspNjbCPu5I8ded0VGHHZteU57
igF9FqwwcjuKZBiM79EqYLUIB8ORg11fhR8oUSkJd500SOr+/N6kolS+Tn7Rjg==
-----END CERTIFICATE-----