Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/IPN2K1xs2tv8krLrJNOAhqlYdLM.roa
File:                     IPN2K1xs2tv8krLrJNOAhqlYdLM.roa (raw, json)
Hash identifier:          6WOrgOgM0bm5rhcmjpttGyy8JasTrlUo7ww5MzWT8fM=
Subject key identifier:   20:F3:76:2B:5C:6C:DA:DB:FC:92:B2:EB:24:D3:80:86:A9:58:74:B3
Certificate issuer:       /CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
Certificate serial:       01856E8B49643BF817D7DC4DE32B3FBBFF17
Authority key identifier: 62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/IPN2K1xs2tv8krLrJNOAhqlYdLM.roa
Signing time:             Sun 01 Jan 2023 18:14:59 +0000
ROA not before:           Sun 01 Jan 2023 18:14:59 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     50007
IP address blocks:        2a09:f180::/48 maxlen: 48
                          2a09:98c0::/48 maxlen: 48
                          2a09:9940::/48 maxlen: 48
                          2a09:4040::/48 maxlen: 48
                          2a09:1140::/48 maxlen: 48
                          2a06:3b00::/48 maxlen: 48
                          2a09:6a80::/48 maxlen: 48
                          2a09:40c0::/48 maxlen: 48
                          2a09:9740::/48 maxlen: 48

Validation:               Failed, certificate revoked on Tue 02 Jan 2024 06:31:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:85:6e:8b:49:64:3b:f8:17:d7:dc:4d:e3:2b:3f:bb:ff:17
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=62fdb67654df6184e7d60c4150ea9533c2cf9704
        Validity
            Not Before: Jan  1 18:14:59 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=20f3762b5c6cdadbfc92b2eb24d38086a95874b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:0c:00:ba:af:e6:95:af:f8:a1:03:91:fc:66:
                    05:02:54:57:76:31:9d:1d:15:46:f6:44:68:53:04:
                    8e:04:8c:11:90:1d:bf:c6:b8:21:48:32:09:83:95:
                    43:33:72:84:04:82:0b:2c:0b:d8:de:22:0d:aa:05:
                    ed:d7:e2:1a:73:69:d3:27:67:39:62:ce:1f:9f:d6:
                    ff:31:37:2f:a4:d4:d0:aa:47:83:8c:0c:9d:55:3b:
                    6d:4d:28:ad:7f:74:16:2d:14:be:5c:79:8b:23:be:
                    9d:07:1f:27:33:ca:05:90:9f:72:9e:dc:34:a2:92:
                    d8:0a:79:b4:68:e2:7f:1f:f7:c2:b1:7b:59:91:e6:
                    a9:45:07:fe:16:79:a0:62:dc:ec:87:94:3b:07:f7:
                    60:c5:8e:23:a6:67:7c:f5:79:4d:cc:82:f1:79:74:
                    9c:b5:19:fe:46:31:35:39:1e:b5:d6:2f:e5:63:b6:
                    b2:48:e1:5e:76:5e:ea:15:bf:66:7b:26:28:17:03:
                    62:7a:4f:ea:4d:6d:7a:09:9f:24:9f:94:ff:d5:d2:
                    0f:c1:04:ab:e1:e3:66:38:4d:22:0f:d1:76:b3:bf:
                    9f:69:52:9d:77:aa:73:3d:4a:47:8c:bb:cf:d4:f5:
                    18:43:77:26:59:0c:0d:d4:5d:60:56:c9:50:81:da:
                    0d:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:F3:76:2B:5C:6C:DA:DB:FC:92:B2:EB:24:D3:80:86:A9:58:74:B3
            X509v3 Authority Key Identifier:
                keyid:62:FD:B6:76:54:DF:61:84:E7:D6:0C:41:50:EA:95:33:C2:CF:97:04

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/IPN2K1xs2tv8krLrJNOAhqlYdLM.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b2/704071-8dc0-4ed6-9457-e86121c594df/1/Yv22dlTfYYTn1gxBUOqVM8LPlwQ.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a06:3b00::/48
                  2a09:1140::/48
                  2a09:4040::/48
                  2a09:40c0::/48
                  2a09:6a80::/48
                  2a09:9740::/48
                  2a09:98c0::/48
                  2a09:9940::/48
                  2a09:f180::/48

    Signature Algorithm: sha256WithRSAEncryption
         c3:83:3e:6a:31:e1:61:4d:fd:6e:2a:a5:69:87:fc:d7:d8:b4:
         30:8b:41:6d:43:1d:71:cc:cd:82:0d:57:aa:53:3f:fa:33:f9:
         1f:82:39:3b:09:81:07:92:9e:19:96:e5:b2:e1:32:93:a3:f1:
         92:0a:42:1a:fa:dd:3f:b4:b9:0b:df:4a:c3:65:00:ef:c3:56:
         f3:0c:95:f5:e4:24:35:db:c0:53:ad:09:86:d4:ed:e1:42:46:
         cf:5e:83:07:d8:d4:82:16:e5:98:b0:9e:3b:6e:fe:46:33:a6:
         2c:17:48:79:e0:dc:7e:8a:90:96:5c:46:5f:15:cb:0e:d6:0e:
         0e:fb:6c:07:c5:f2:dc:8f:2b:56:c7:f6:64:3f:56:61:7e:0d:
         fb:db:4a:1a:e0:6b:2e:fa:ea:53:26:a0:ea:9c:fd:a5:45:1e:
         89:f3:58:60:60:e4:c3:fb:ef:57:73:c5:82:2e:3c:56:7d:4d:
         ff:71:9b:d4:f6:24:ac:b6:2e:dd:cf:c4:9f:27:dd:0b:9c:74:
         64:e3:d5:b4:6b:d9:3c:93:75:30:c8:71:2a:0b:91:ef:27:f8:
         1f:bb:1a:8c:1e:85:e9:cd:d0:41:49:4a:bf:8d:58:4a:02:e9:
         49:50:31:b6:fd:5e:4f:e4:21:78:ae:5c:ed:ba:47:04:7b:82:
         f6:b6:f4:c4
-----BEGIN CERTIFICATE-----
MIIFSDCCBDCgAwIBAgISAYVui0lkO/gX19xN4ys/u/8XMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYyZmRiNjc2NTRkZjYxODRlN2Q2MGM0MTUwZWE5NTMzYzJj
Zjk3MDQwHhcNMjMwMTAxMTgxNDU5WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMGYzNzYyYjVjNmNkYWRiZmM5MmIyZWIyNGQzODA4NmE5NTg3NGIzMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoAwAuq/mla/4oQOR/GYFAlRXdjGd
HRVG9kRoUwSOBIwRkB2/xrghSDIJg5VDM3KEBIILLAvY3iINqgXt1+Iac2nTJ2c5
Ys4fn9b/MTcvpNTQqkeDjAydVTttTSitf3QWLRS+XHmLI76dBx8nM8oFkJ9yntw0
opLYCnm0aOJ/H/fCsXtZkeapRQf+FnmgYtzsh5Q7B/dgxY4jpmd89XlNzILxeXSc
tRn+RjE1OR611i/lY7aySOFedl7qFb9meyYoFwNiek/qTW16CZ8kn5T/1dIPwQSr
4eNmOE0iD9F2s7+faVKdd6pzPUpHjLvP1PUYQ3cmWQwN1F1gVslQgdoNYQIDAQAB
o4ICVDCCAlAwHQYDVR0OBBYEFCDzditcbNrb/JKy6yTTgIapWHSzMB8GA1UdIwQY
MBaAFGL9tnZU32GE59YMQVDqlTPCz5cEMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTct
ZTg2MTIxYzU5NGRmLzEvSVBOMksxeHMydHY4a3JMckpOT0FocWxZZExNLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iMi83MDQwNzEtOGRjMC00ZWQ2LTk0NTctZTg2MTIxYzU5NGRm
LzEvWXYyMmRsVGZZWVRuMWd4QlVPcVZNOExQbHdRLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMGoGCCsGAQUFBwEHAQH/BFswWTBXBAIAAjBRAwcAKgY7AAAA
AwcAKgkRQAAAAwcAKglAQAAAAwcAKglAwAAAAwcAKglqgAAAAwcAKgmXQAAAAwcA
KgmYwAAAAwcAKgmZQAAAAwcAKgnxgAAAMA0GCSqGSIb3DQEBCwUAA4IBAQDDgz5q
MeFhTf1uKqVph/zX2LQwi0FtQx1xzM2CDVeqUz/6M/kfgjk7CYEHkp4ZluWy4TKT
o/GSCkIa+t0/tLkL30rDZQDvw1bzDJX15CQ128BTrQmG1O3hQkbPXoMH2NSCFuWY
sJ47bv5GM6YsF0h54Nx+ipCWXEZfFcsO1g4O+2wHxfLcjytWx/ZkP1Zhfg3720oa
4Gsu+upTJqDqnP2lRR6J81hgYOTD++9Xc8WCLjxWfU3/cZvU9iSsti7dz8SfJ90L
nHRk49W0a9k8k3UwyHEqC5HvJ/gfuxqMHoXpzdBBSUq/jVhKAulJUDG2/V5P5CF4
rlztukcEe4L2tvTE
-----END CERTIFICATE-----