Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/wGNnrE4l9ljpFcBxWXEK2c9TgKg.roa
File:                     wGNnrE4l9ljpFcBxWXEK2c9TgKg.roa (raw, json)
Hash identifier:          f2fFN7brHS78iQSEdEHdex+wkyk72EG4czXntJ+ZacM=
Subject key identifier:   C0:63:67:AC:4E:25:F6:58:E9:15:C0:71:59:71:0A:D9:CF:53:80:A8
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018A927B54924FF9C13131EBFD2313669EBC
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/wGNnrE4l9ljpFcBxWXEK2c9TgKg.roa
Signing time:             Thu 14 Sep 2023 06:57:50 +0000
ROA not before:           Thu 14 Sep 2023 06:57:50 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     208680
IP address blocks:        2a0e:b107:790::/48 maxlen: 48
                          2a0e:b107:795::/48 maxlen: 48
                          2a0e:b107:79a::/48 maxlen: 48
                          2a0e:b107:794::/48 maxlen: 48
                          2a0e:b107:799::/48 maxlen: 48
                          2a0e:b107:793::/48 maxlen: 48
                          2a0e:b107:798::/48 maxlen: 48
                          2a0e:b107:79d::/48 maxlen: 48
                          2a0e:b107:792::/48 maxlen: 48
                          2a0e:b107:797::/48 maxlen: 48
                          2a0e:b107:79c::/48 maxlen: 48
                          2a0e:b107:791::/48 maxlen: 48
                          2a0e:b107:796::/48 maxlen: 48
                          2a0e:b107:79b::/48 maxlen: 48

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8a:92:7b:54:92:4f:f9:c1:31:31:eb:fd:23:13:66:9e:bc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Sep 14 06:57:50 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=c06367ac4e25f658e915c07159710ad9cf5380a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:dd:53:5a:63:51:c8:0b:01:f6:bc:75:f1:dc:
                    fc:0e:cc:f9:14:18:f0:6d:03:3c:d3:1b:f5:dc:20:
                    08:ba:de:86:c8:96:7f:10:4e:f3:38:ba:b2:96:a8:
                    e6:e6:10:22:22:6b:ba:a1:c6:7f:fd:e1:4b:72:ad:
                    f2:09:ad:94:05:d6:8b:9f:e4:b3:a5:c0:d4:cf:7e:
                    66:24:98:e8:11:ef:53:4e:a4:60:ba:71:16:f1:c6:
                    17:d0:7e:ff:f0:08:7d:e8:4b:df:04:a7:23:da:7b:
                    39:48:66:67:f4:1e:a4:fa:97:77:32:83:4a:6f:20:
                    3a:4a:3e:72:e6:6e:ad:22:92:67:b4:1e:96:9f:3c:
                    be:71:59:fa:2c:ad:5c:6b:f9:d0:29:80:ed:23:6f:
                    d2:d1:81:44:08:5a:bf:85:29:42:9c:5e:9f:7a:81:
                    57:3f:e6:5c:03:a9:50:9f:3b:5c:62:8a:43:98:10:
                    7c:b2:9f:ba:fd:8d:c8:b2:43:e1:92:f5:2a:a6:b5:
                    a9:1a:35:fc:99:59:78:62:4e:69:8c:16:4c:24:e6:
                    65:68:8f:72:5a:e7:aa:12:36:b5:6b:74:17:5e:f4:
                    46:86:55:b5:15:32:e4:36:63:c5:e1:39:cd:aa:6a:
                    1f:1e:ca:1e:7d:d3:1b:d6:21:f5:a7:96:b4:5b:41:
                    7f:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:63:67:AC:4E:25:F6:58:E9:15:C0:71:59:71:0A:D9:CF:53:80:A8
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/wGNnrE4l9ljpFcBxWXEK2c9TgKg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:790::-2a0e:b107:79d:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         cc:5b:22:ac:a1:34:29:d7:6f:db:f1:e0:30:91:eb:75:5e:55:
         06:aa:57:15:a6:8f:40:07:60:a7:2e:f2:5a:2d:00:af:bb:dd:
         47:a8:43:a8:ca:8f:d6:67:7d:12:5d:45:c9:4c:16:e7:8e:ff:
         d9:c2:b7:28:27:c8:89:01:f7:82:1d:5e:3b:bc:d4:37:2c:b0:
         c9:ab:ab:6e:87:4c:89:11:56:dd:d7:b4:d1:21:40:c8:59:fd:
         11:2e:95:bb:ae:a1:38:0e:84:d0:17:69:ba:44:12:a4:8c:04:
         a2:58:73:4e:81:e6:80:85:0e:5f:fc:5c:bc:47:21:64:6b:1f:
         8f:a3:37:1e:fa:0c:da:fd:a6:f4:f3:2d:5c:9f:72:67:46:79:
         97:ec:ff:34:2c:90:e2:12:bf:b4:64:1d:79:7e:ad:da:79:28:
         53:23:6b:f1:d9:bc:3f:59:84:58:68:e7:09:e7:12:0c:39:cd:
         64:4f:d9:4f:cd:fa:22:a9:6b:69:ac:cb:20:d7:a0:24:09:f9:
         16:31:8f:02:a8:ef:0a:03:2c:05:42:cf:d1:fb:d5:d4:a7:61:
         84:1f:25:c9:79:a6:ef:a7:32:a2:95:16:f7:64:4a:21:47:ed:
         bd:de:45:37:a5:91:42:27:dd:0e:83:92:19:57:1f:96:4c:3c:
         a6:e9:99:dc
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgISAYqSe1SST/nBMTHr/SMTZp68MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjMwOTE0MDY1NzUwWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjMDYzNjdhYzRlMjVmNjU4ZTkxNWMwNzE1OTcxMGFkOWNmNTM4MGE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAld1TWmNRyAsB9rx18dz8Dsz5FBjw
bQM80xv13CAIut6GyJZ/EE7zOLqylqjm5hAiImu6ocZ//eFLcq3yCa2UBdaLn+Sz
pcDUz35mJJjoEe9TTqRgunEW8cYX0H7/8Ah96EvfBKcj2ns5SGZn9B6k+pd3MoNK
byA6Sj5y5m6tIpJntB6Wnzy+cVn6LK1ca/nQKYDtI2/S0YFECFq/hSlCnF6feoFX
P+ZcA6lQnztcYopDmBB8sp+6/Y3IskPhkvUqprWpGjX8mVl4Yk5pjBZMJOZlaI9y
WueqEja1a3QXXvRGhlW1FTLkNmPF4TnNqmofHsoefdMb1iH1p5a0W0F/OwIDAQAB
o4ICFzCCAhMwHQYDVR0OBBYEFMBjZ6xOJfZY6RXAcVlxCtnPU4CoMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvd0dObnJFNGw5bGpwRmNCeFdYRUsyYzlUZ0tnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMC0GCCsGAQUFBwEHAQH/BB4wHDAaBAIAAjAUMBIDBwQqDrEH
B5ADBwEqDrEHB5wwDQYJKoZIhvcNAQELBQADggEBAMxbIqyhNCnXb9vx4DCR63Ve
VQaqVxWmj0AHYKcu8lotAK+73UeoQ6jKj9ZnfRJdRclMFueO/9nCtygnyIkB94Id
Xju81DcssMmrq26HTIkRVt3XtNEhQMhZ/REulbuuoTgOhNAXabpEEqSMBKJYc06B
5oCFDl/8XLxHIWRrH4+jNx76DNr9pvTzLVyfcmdGeZfs/zQskOISv7RkHXl+rdp5
KFMja/HZvD9ZhFho5wnnEgw5zWRP2U/N+iKpa2msyyDXoCQJ+RYxjwKo7woDLAVC
z9H71dSnYYQfJcl5pu+nMqKVFvdkSiFH7b3eRTelkUIn3Q6DkhlXH5ZMPKbpmdw=
-----END CERTIFICATE-----