Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/lT3C15WK58qXrQRsrkdbdJ1hyv4.roa
File:                     lT3C15WK58qXrQRsrkdbdJ1hyv4.roa (raw, json)
Hash identifier:          hW4kAyMHk8QwZk/+KViQla2D2NZwlIQzZlC5GwdkXt0=
Subject key identifier:   95:3D:C2:D7:95:8A:E7:CA:97:AD:04:6C:AE:47:5B:74:9D:61:CA:FE
Certificate issuer:       /CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
Certificate serial:       018C29EDD63A5C97674BDA3CC5E4CBDF11C4
Authority key identifier: 63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/lT3C15WK58qXrQRsrkdbdJ1hyv4.roa
Signing time:             Sat 02 Dec 2023 09:48:21 +0000
ROA not before:           Sat 02 Dec 2023 09:48:21 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     211293
IP address blocks:        2a0e:b107:2190::/48 maxlen: 48
                          2a0e:b107:2195::/48 maxlen: 48
                          2a0e:b107:219a::/48 maxlen: 48
                          2a0e:b107:219f::/48 maxlen: 48
                          2a0e:b107:2194::/48 maxlen: 48
                          2a0e:b107:2199::/48 maxlen: 48
                          2a0e:b107:2228::/45 maxlen: 48
                          2a0e:b107:219e::/48 maxlen: 48
                          2a0e:b107:2193::/48 maxlen: 48
                          2a0e:b107:2198::/48 maxlen: 48
                          2a0e:b107:219d::/48 maxlen: 48
                          2a0e:b107:21c0::/44 maxlen: 48
                          2a0e:b107:2192::/48 maxlen: 48
                          2a0e:b107:2197::/48 maxlen: 48
                          2a0e:b107:219c::/48 maxlen: 48
                          2a0e:b107:2191::/48 maxlen: 48
                          2a0e:b107:2220::/45 maxlen: 48
                          2a0e:b107:21c0::/45 maxlen: 48
                          2a0e:b107:2196::/48 maxlen: 48
                          2a0e:b107:219b::/48 maxlen: 48

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:29:ed:d6:3a:5c:97:67:4b:da:3c:c5:e4:cb:df:11:c4
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=63e916717ab11cccf11ef1fb5c12ee41950fad9b
        Validity
            Not Before: Dec  2 09:48:21 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=953dc2d7958ae7ca97ad046cae475b749d61cafe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:fe:a0:95:8c:82:5b:fc:5f:51:58:ac:d2:17:
                    5c:3c:d2:2c:b9:4a:ac:fd:04:bf:86:3e:4c:bd:ab:
                    bd:5d:4c:9f:02:30:93:8f:d0:dc:81:1f:7b:93:61:
                    65:31:17:05:30:80:3e:80:5e:92:25:33:e2:65:11:
                    36:61:55:88:1b:22:18:bf:8b:73:6d:cd:dc:65:74:
                    fc:45:f4:98:21:55:eb:ad:47:29:13:ee:eb:eb:12:
                    2e:94:e5:c5:01:bd:90:4f:e7:3a:ed:46:18:ea:57:
                    56:1c:09:98:9f:ec:81:fb:96:02:67:cd:36:ae:f7:
                    6e:1b:1a:1e:23:8e:f3:0d:38:f9:59:b3:d1:26:d8:
                    78:9c:92:6f:47:99:92:6f:4f:23:ac:dc:63:17:57:
                    4c:12:db:d7:07:74:ba:a8:ef:63:c2:ec:44:4c:14:
                    94:0d:81:ab:af:8e:8e:b7:2f:56:28:b2:c8:d5:d9:
                    50:67:75:9d:bd:55:56:69:ed:4d:60:e8:91:b5:ef:
                    a7:ea:a2:03:5a:a2:5e:94:14:5e:d8:1b:cd:d1:da:
                    c8:ad:2b:b0:c3:fc:4c:e9:2e:c3:7d:a2:8b:9f:f6:
                    f1:7d:e8:30:48:af:18:17:c3:62:25:04:cb:b6:7d:
                    6d:10:51:19:c0:a9:8a:a0:e0:23:eb:36:34:00:79:
                    6a:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:3D:C2:D7:95:8A:E7:CA:97:AD:04:6C:AE:47:5B:74:9D:61:CA:FE
            X509v3 Authority Key Identifier:
                keyid:63:E9:16:71:7A:B1:1C:CC:F1:1E:F1:FB:5C:12:EE:41:95:0F:AD:9B

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/lT3C15WK58qXrQRsrkdbdJ1hyv4.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/51/4957a4-ce59-4315-9976-dc5ec748f6a5/1/Y-kWcXqxHMzxHvH7XBLuQZUPrZs.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2a0e:b107:2190::/44
                  2a0e:b107:21c0::/44
                  2a0e:b107:2220::/44

    Signature Algorithm: sha256WithRSAEncryption
         5d:44:8c:ba:b9:c4:c4:3c:85:97:28:0c:e4:3c:a6:35:8f:bf:
         0c:3a:3d:78:07:51:b3:15:4f:b8:29:50:f5:67:71:d5:58:e0:
         30:60:21:1b:22:61:a6:a4:4f:6c:6c:3c:d6:c7:4f:c6:f6:ed:
         3b:80:5c:93:0b:9b:11:46:a0:11:e4:73:6d:e7:97:dd:ad:4b:
         c8:30:96:2b:5c:66:6d:eb:20:c6:4f:48:2f:7e:ca:1b:21:80:
         ef:af:a6:50:23:5e:13:b9:cd:a5:bd:34:73:1d:84:12:e2:5c:
         bf:30:f0:91:e6:bd:2e:a9:dd:4e:b4:a8:8e:76:53:6e:41:64:
         c5:35:23:b4:3d:6a:b9:b4:5f:45:27:e7:f6:17:c9:23:6e:3f:
         83:81:bc:ff:c9:7d:0e:bd:67:49:67:6f:b6:11:78:e0:c0:52:
         e7:58:ae:f9:e3:3c:b8:b7:c5:c6:27:65:5a:5c:f4:96:8d:15:
         08:47:95:f3:fc:84:76:5f:ad:11:02:60:9c:1f:80:4d:fe:93:
         28:79:de:27:19:b6:d6:75:23:0e:cb:1f:2f:13:3b:2a:fe:ea:
         71:10:b9:c4:46:d4:5f:08:c8:9a:be:68:77:5b:bf:f2:63:fc:
         c8:e4:d3:a1:fb:09:78:74:61:40:14:20:92:e5:da:3a:66:96:
         31:b8:65:f8
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgISAYwp7dY6XJdnS9o8xeTL3xHEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKDYzZTkxNjcxN2FiMTFjY2NmMTFlZjFmYjVjMTJlZTQxOTUw
ZmFkOWIwHhcNMjMxMjAyMDk0ODIxWhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5NTNkYzJkNzk1OGFlN2NhOTdhZDA0NmNhZTQ3NWI3NDlkNjFjYWZlMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAw/6glYyCW/xfUVis0hdcPNIsuUqs
/QS/hj5Mvau9XUyfAjCTj9DcgR97k2FlMRcFMIA+gF6SJTPiZRE2YVWIGyIYv4tz
bc3cZXT8RfSYIVXrrUcpE+7r6xIulOXFAb2QT+c67UYY6ldWHAmYn+yB+5YCZ802
rvduGxoeI47zDTj5WbPRJth4nJJvR5mSb08jrNxjF1dMEtvXB3S6qO9jwuxETBSU
DYGrr46Oty9WKLLI1dlQZ3WdvVVWae1NYOiRte+n6qIDWqJelBRe2BvN0drIrSuw
w/xM6S7DfaKLn/bxfegwSK8YF8NiJQTLtn1tEFEZwKmKoOAj6zY0AHlqvwIDAQAB
o4ICHjCCAhowHQYDVR0OBBYEFJU9wteViufKl60EbK5HW3SdYcr+MB8GA1UdIwQY
MBaAFGPpFnF6sRzM8R7x+1wS7kGVD62bMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYt
ZGM1ZWM3NDhmNmE1LzEvbFQzQzE1V0s1OHFYclFSc3JrZGJkSjFoeXY0LnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC81MS80OTU3YTQtY2U1OS00MzE1LTk5NzYtZGM1ZWM3NDhmNmE1
LzEvWS1rV2NYcXhITXp4SHZIN1hCTHVRWlVQclpzLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDQGCCsGAQUFBwEHAQH/BCUwIzAhBAIAAjAbAwcEKg6xByGQ
AwcEKg6xByHAAwcEKg6xByIgMA0GCSqGSIb3DQEBCwUAA4IBAQBdRIy6ucTEPIWX
KAzkPKY1j78MOj14B1GzFU+4KVD1Z3HVWOAwYCEbImGmpE9sbDzWx0/G9u07gFyT
C5sRRqAR5HNt55fdrUvIMJYrXGZt6yDGT0gvfsobIYDvr6ZQI14Tuc2lvTRzHYQS
4ly/MPCR5r0uqd1OtKiOdlNuQWTFNSO0PWq5tF9FJ+f2F8kjbj+Dgbz/yX0OvWdJ
Z2+2EXjgwFLnWK754zy4t8XGJ2VaXPSWjRUIR5Xz/IR2X60RAmCcH4BN/pMoed4n
GbbWdSMOyx8vEzsq/upxELnERtRfCMiavmh3W7/yY/zI5NOh+wl4dGFAFCCS5do6
ZpYxuGX4
-----END CERTIFICATE-----