Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/ykqlj7Fy9B78T8PgE2aHxI2igm8.roa
File:                     ykqlj7Fy9B78T8PgE2aHxI2igm8.roa (raw, json)
Hash identifier:          Lz9LwDYujJ00YwkTPnuRmJepjcsKwy6hGyvRWu14pOE=
Subject key identifier:   CA:4A:A5:8F:B1:72:F4:1E:FC:4F:C3:E0:13:66:87:C4:8D:A2:82:6F
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018973BDD28C950B1A2C736140E0DEF3766C
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/ykqlj7Fy9B78T8PgE2aHxI2igm8.roa
Signing time:             Thu 20 Jul 2023 14:39:27 +0000
ROA not before:           Thu 20 Jul 2023 14:39:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     20473
IP address blocks:        2a0e:b107:1870::/48 maxlen: 48
                          2a0c:3b87:ff00::/40 maxlen: 48
                          2a0e:b107:9f4::/48 maxlen: 48
                          2a0c:3b87:ffff::/48 maxlen: 48
                          2a0e:97c0:791::/48 maxlen: 48
                          2a0e:b107:1b9e::/48 maxlen: 48
                          2a0e:97c0:792::/48 maxlen: 48
                          2a0e:b107:5d0::/44 maxlen: 48
                          2a0e:97c0:750::/48 maxlen: 48
                          2a0e:b107:df2::/48 maxlen: 48
                          2a10:ccc3:ccca::/48 maxlen: 48
                          2a10:ccc7:9000::/38 maxlen: 48
                          2a10:ccc3:ccca::/47 maxlen: 48
                          2a0e:b107:9f6::/48 maxlen: 48
                          2a0e:97c0:76f::/48 maxlen: 48

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:89:73:bd:d2:8c:95:0b:1a:2c:73:61:40:e0:de:f3:76:6c
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Jul 20 14:39:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=ca4aa58fb172f41efc4fc3e0136687c48da2826f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:81:05:ff:ab:04:73:24:a6:2d:33:25:a1:b4:86:
                    44:d4:ef:76:67:42:2e:53:b2:e0:20:ff:fd:d3:e6:
                    03:33:70:e3:cb:6d:ea:8e:fa:20:75:0f:33:92:52:
                    84:b4:6b:6d:0a:43:d2:85:13:82:78:85:c8:7e:59:
                    f2:20:1b:c1:09:c0:6f:fe:3b:73:f0:ed:8b:b9:ac:
                    f7:5d:b4:88:af:2c:73:76:c2:2d:11:94:da:85:c7:
                    a8:08:57:ec:13:05:6f:cd:f7:d4:01:52:4b:85:b8:
                    6a:51:43:cd:c4:97:60:bc:ac:fb:0d:98:29:24:2f:
                    2d:75:6c:82:41:1a:6d:e9:d8:32:af:48:4e:19:9d:
                    42:4b:e6:fd:22:0c:31:58:04:32:56:05:ba:9f:1e:
                    68:35:f6:19:07:92:14:03:6b:14:a9:ee:a2:64:34:
                    65:fc:ff:bd:49:d3:53:0b:06:dd:24:fd:25:d3:d9:
                    a7:bf:19:90:a6:24:46:fe:f9:25:a1:72:50:3a:6c:
                    bc:b2:f9:dc:1d:44:87:9a:47:d0:20:45:a0:c2:03:
                    9d:5a:7d:5c:c4:27:87:fa:5f:ad:af:4a:4f:44:8d:
                    02:a1:20:30:79:6d:99:0a:ba:1c:38:f2:69:0b:db:
                    7d:91:ac:bf:cf:e9:8b:4f:58:73:50:9f:56:a8:36:
                    9b:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:4A:A5:8F:B1:72:F4:1E:FC:4F:C3:E0:13:66:87:C4:8D:A2:82:6F
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/ykqlj7Fy9B78T8PgE2aHxI2igm8.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0c:3b87:ff00::/40
                  2a0e:97c0:750::/48
                  2a0e:97c0:76f::/48
                  2a0e:97c0:791::-2a0e:97c0:792:ffff:ffff:ffff:ffff:ffff
                  2a0e:b107:5d0::/44
                  2a0e:b107:9f4::/48
                  2a0e:b107:9f6::/48
                  2a0e:b107:df2::/48
                  2a0e:b107:1870::/48
                  2a0e:b107:1b9e::/48
                  2a10:ccc3:ccca::/47
                  2a10:ccc7:9000::/38

    Signature Algorithm: sha256WithRSAEncryption
         62:7d:45:34:98:29:62:b9:a8:5a:08:bf:8d:75:34:69:ea:7b:
         47:3a:16:ad:63:7c:c3:50:f0:10:c1:ce:8d:af:f3:a4:49:18:
         29:12:8e:f9:88:7b:fc:2b:8e:85:7f:41:84:c6:4a:94:13:85:
         64:b0:65:b6:b7:7f:9a:15:ea:cc:32:9b:bb:aa:a2:76:ec:9c:
         67:4c:34:3e:a1:a7:f3:42:0a:8b:d4:f5:a4:24:7a:11:34:0e:
         db:e8:01:13:48:0c:0c:67:15:c3:10:8a:2c:af:19:fd:d8:86:
         30:c2:11:30:bb:68:e3:75:54:34:df:f9:d4:7a:29:9b:46:19:
         2b:ce:e8:8d:ba:20:22:51:c4:c0:ca:a1:b7:e5:27:77:15:ef:
         08:c1:08:3e:49:f4:8b:e5:3c:01:2e:e3:df:f2:d0:37:b2:45:
         f0:eb:38:09:d8:62:96:bd:03:53:d8:29:ae:8a:ca:87:96:68:
         4d:fd:e7:10:9b:50:5b:bb:3b:01:ab:65:63:f2:c1:cc:34:f1:
         dc:d8:d8:49:0c:d3:84:f0:55:d0:c2:d8:48:b7:b3:ae:88:52:
         c1:bf:b1:68:86:d9:54:ff:ba:0a:bd:7e:c6:33:fe:0a:8c:d5:
         8e:9a:f9:4c:6e:db:43:22:59:3f:5d:78:b7:53:ba:bf:cb:52:
         d3:0e:ce:b1
-----BEGIN CERTIFICATE-----
MIIFbTCCBFWgAwIBAgISAYlzvdKMlQsaLHNhQODe83ZsMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjMwNzIwMTQzOTI3WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjYTRhYTU4ZmIxNzJmNDFlZmM0ZmMzZTAxMzY2ODdjNDhkYTI4MjZmMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAgQX/qwRzJKYtMyWhtIZE1O92Z0Iu
U7LgIP/90+YDM3Djy23qjvogdQ8zklKEtGttCkPShROCeIXIflnyIBvBCcBv/jtz
8O2Luaz3XbSIryxzdsItEZTahceoCFfsEwVvzffUAVJLhbhqUUPNxJdgvKz7DZgp
JC8tdWyCQRpt6dgyr0hOGZ1CS+b9IgwxWAQyVgW6nx5oNfYZB5IUA2sUqe6iZDRl
/P+9SdNTCwbdJP0l09mnvxmQpiRG/vkloXJQOmy8svncHUSHmkfQIEWgwgOdWn1c
xCeH+l+tr0pPRI0CoSAweW2ZCrocOPJpC9t9kay/z+mLT1hzUJ9WqDabHwIDAQAB
o4ICeTCCAnUwHQYDVR0OBBYEFMpKpY+xcvQe/E/D4BNmh8SNooJvMB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEveWtxbGo3Rnk5Qjc4VDhQZ0UyYUh4STJpZ204LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMIGOBggrBgEFBQcBBwEB/wR/MH0wewQCAAIwdQMGACoMO4f/
AwcAKg6XwAdQAwcAKg6XwAdvMBIDBwAqDpfAB5EDBwAqDpfAB5IDBwQqDrEHBdAD
BwAqDrEHCfQDBwAqDrEHCfYDBwAqDrEHDfIDBwAqDrEHGHADBwAqDrEHG54DBwEq
EMzDzMoDBgIqEMzHkDANBgkqhkiG9w0BAQsFAAOCAQEAYn1FNJgpYrmoWgi/jXU0
aep7RzoWrWN8w1DwEMHOja/zpEkYKRKO+Yh7/CuOhX9BhMZKlBOFZLBltrd/mhXq
zDKbu6qiduycZ0w0PqGn80IKi9T1pCR6ETQO2+gBE0gMDGcVwxCKLK8Z/diGMMIR
MLto43VUNN/51Hopm0YZK87ojbogIlHEwMqht+UndxXvCMEIPkn0i+U8AS7j3/LQ
N7JF8Os4Cdhilr0DU9gprorKh5ZoTf3nEJtQW7s7AatlY/LBzDTx3NjYSQzThPBV
0MLYSLezrohSwb+xaIbZVP+6Cr1+xjP+CozVjpr5TG7bQyJZP114t1O6v8tS0w7O
sQ==
-----END CERTIFICATE-----