Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/2_1c8ItuWFNLw1YuADLotdN5hJU.roa
File:                     2_1c8ItuWFNLw1YuADLotdN5hJU.roa (raw, json)
Hash identifier:          1gynX90uE2hTEZq5Urfp6dlQzWSspForeKdTSGNxIkc=
Subject key identifier:   DB:FD:5C:F0:8B:6E:58:53:4B:C3:56:2E:00:32:E8:B5:D3:79:84:95
Certificate issuer:       /CN=e37ee1eced19f8a0a3a635bfaa264293e3437795
Certificate serial:       01970E9B193D8444B6308A8B59FBCD18C987
Authority key identifier: E3:7E:E1:EC:ED:19:F8:A0:A3:A6:35:BF:AA:26:42:93:E3:43:77:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/437h7O0Z-KCjpjW_qiZCk-NDd5U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/2_1c8ItuWFNLw1YuADLotdN5hJU.roa
Signing time:             Mon 26 May 2025 21:58:54 +0000
ROA not before:           Mon 26 May 2025 21:58:54 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     203622
IP address blocks:        46.32.160.0/24 maxlen: 24
                          46.32.161.0/24 maxlen: 24
                          46.32.162.0/24 maxlen: 24
                          46.32.164.0/24 maxlen: 24
                          46.32.165.0/24 maxlen: 24
                          46.32.166.0/24 maxlen: 24
                          46.32.167.0/24 maxlen: 24
                          46.32.170.0/24 maxlen: 24
                          46.32.171.0/24 maxlen: 24
                          46.32.176.0/24 maxlen: 24
                          46.32.189.0/24 maxlen: 24
                          46.32.190.0/24 maxlen: 24
                          46.32.191.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Tue 03 Jun 2025 19:41:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:0e:9b:19:3d:84:44:b6:30:8a:8b:59:fb:cd:18:c9:87
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e37ee1eced19f8a0a3a635bfaa264293e3437795
        Validity
            Not Before: May 26 21:58:54 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=dbfd5cf08b6e58534bc3562e0032e8b5d3798495
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:7a:21:ce:96:1d:7a:e2:32:2a:19:80:cd:ae:
                    09:d1:98:36:57:93:56:8b:f1:3a:d6:97:b8:9b:e8:
                    7d:c9:84:f6:1a:f2:aa:b6:c7:84:68:b8:02:49:c8:
                    47:13:15:da:96:58:61:c4:4a:bf:71:ae:56:bc:2d:
                    ac:c2:17:7b:c7:6f:03:ea:f0:9a:3f:8f:57:e8:e5:
                    b9:a7:a2:7d:1b:69:34:28:4c:09:86:3b:11:7b:6d:
                    a6:ed:49:9d:bd:4f:23:a8:22:cc:d8:77:98:48:9e:
                    e4:f1:1d:7e:94:d6:6d:62:4b:2e:9b:55:96:5d:2f:
                    32:0a:83:b7:5e:da:bf:3d:85:d5:82:90:d4:4e:f6:
                    df:32:48:c9:9d:53:c4:a3:fd:1a:ba:dd:bd:a8:1a:
                    42:33:b9:9f:90:89:2d:0a:1e:30:a2:a8:c5:75:33:
                    9b:77:3f:ee:dc:3e:5d:9b:69:77:2b:c0:5e:e9:00:
                    d7:2b:de:69:2e:aa:31:2c:f9:1d:cd:63:26:cf:91:
                    be:a7:28:74:16:c2:e2:91:44:bb:76:ce:6a:03:ae:
                    5a:e5:20:05:37:f0:91:a2:54:70:92:2c:a1:1f:aa:
                    e5:d5:53:82:4d:13:10:0f:f5:98:fa:97:54:e8:26:
                    71:f7:a3:60:ce:3a:89:b4:3f:05:0f:c2:f4:26:3c:
                    40:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:FD:5C:F0:8B:6E:58:53:4B:C3:56:2E:00:32:E8:B5:D3:79:84:95
            X509v3 Authority Key Identifier:
                keyid:E3:7E:E1:EC:ED:19:F8:A0:A3:A6:35:BF:AA:26:42:93:E3:43:77:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/437h7O0Z-KCjpjW_qiZCk-NDd5U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/2_1c8ItuWFNLw1YuADLotdN5hJU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/437h7O0Z-KCjpjW_qiZCk-NDd5U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.32.160.0-46.32.162.255
                  46.32.164.0/22
                  46.32.170.0/23
                  46.32.176.0/24
                  46.32.189.0-46.32.191.255

    Signature Algorithm: sha256WithRSAEncryption
         05:b0:ad:27:ef:8d:a7:23:41:71:0e:b3:fb:e8:2b:49:a9:03:
         b1:a4:8c:ca:2a:53:67:f5:20:f4:5b:d7:d4:d6:27:bf:2e:74:
         48:f0:de:af:19:d8:21:ed:37:fb:ec:94:92:57:e8:50:4d:15:
         4b:0d:89:b1:f7:ea:67:d8:62:c3:78:7e:04:11:8a:1a:3e:26:
         75:ea:20:96:25:97:14:84:40:df:3d:9d:19:fd:1c:e4:6c:e2:
         2d:2e:e4:22:a9:30:2a:99:8b:c6:cd:18:f8:58:11:63:31:4c:
         bb:54:2f:05:fc:d9:65:ff:43:18:f0:9d:fc:c9:76:b5:5e:4d:
         f7:f8:29:46:01:9f:1d:e9:e8:6b:11:b8:83:09:73:e7:57:5d:
         f7:6d:2f:26:f1:32:13:9d:c2:b7:14:da:d1:91:a9:2c:6e:e2:
         66:c4:00:e6:86:b9:71:c8:ee:82:d7:3f:b9:5b:84:4d:f5:72:
         3a:fe:0c:20:13:51:4b:c3:cf:62:b6:e0:cc:fe:5e:a2:e1:47:
         e9:dd:c5:2c:d7:25:dd:26:f2:37:34:a6:9a:a9:48:0a:8e:03:
         18:87:eb:ac:a3:bf:d5:aa:be:59:dd:39:10:e1:34:5e:27:01:
         29:ca:03:41:77:17:c8:cf:5d:b5:c9:5b:42:00:6b:1d:f8:08:
         df:61:da:07
-----BEGIN CERTIFICATE-----
MIIFJTCCBA2gAwIBAgISAZcOmxk9hES2MIqLWfvNGMmHMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzN2VlMWVjZWQxOWY4YTBhM2E2MzViZmFhMjY0MjkzZTM0
Mzc3OTUwHhcNMjUwNTI2MjE1ODU0WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhkYmZkNWNmMDhiNmU1ODUzNGJjMzU2MmUwMDMyZThiNWQzNzk4NDk1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAt3ohzpYdeuIyKhmAza4J0Zg2V5NW
i/E61pe4m+h9yYT2GvKqtseEaLgCSchHExXallhhxEq/ca5WvC2swhd7x28D6vCa
P49X6OW5p6J9G2k0KEwJhjsRe22m7UmdvU8jqCLM2HeYSJ7k8R1+lNZtYksum1WW
XS8yCoO3Xtq/PYXVgpDUTvbfMkjJnVPEo/0aut29qBpCM7mfkIktCh4woqjFdTOb
dz/u3D5dm2l3K8Be6QDXK95pLqoxLPkdzWMmz5G+pyh0FsLikUS7ds5qA65a5SAF
N/CRolRwkiyhH6rl1VOCTRMQD/WY+pdU6CZx96NgzjqJtD8FD8L0JjxAxQIDAQAB
o4ICMTCCAi0wHQYDVR0OBBYEFNv9XPCLblhTS8NWLgAy6LXTeYSVMB8GA1UdIwQY
MBaAFON+4eztGfigo6Y1v6omQpPjQ3eVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDM3aDdPMFotS0NqcGpXX3FpWkNrLU5EZDVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC82ZDVkNzUtNGQxZS00Njk3LWIxZDMt
MzZlMzQ0YWJjOWQzLzEvMl8xYzhJdHVXRk5MdzFZdUFETG90ZE41aEpVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC82ZDVkNzUtNGQxZS00Njk3LWIxZDMtMzZlMzQ0YWJjOWQz
LzEvNDM3aDdPMFotS0NqcGpXX3FpWkNrLU5EZDVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMEcGCCsGAQUFBwEHAQH/BDgwNjA0BAIAATAuMAwDBAUuIKAD
BAAuIKIDBAIuIKQDBAEuIKoDBAAuILAwDAMEAC4gvQMEBi4ggDANBgkqhkiG9w0B
AQsFAAOCAQEABbCtJ++NpyNBcQ6z++grSakDsaSMyipTZ/Ug9FvX1NYnvy50SPDe
rxnYIe03++yUklfoUE0VSw2JsffqZ9hiw3h+BBGKGj4mdeogliWXFIRA3z2dGf0c
5GziLS7kIqkwKpmLxs0Y+FgRYzFMu1QvBfzZZf9DGPCd/Ml2tV5N9/gpRgGfHeno
axG4gwlz51dd920vJvEyE53CtxTa0ZGpLG7iZsQA5oa5ccjugtc/uVuETfVyOv4M
IBNRS8PPYrbgzP5eouFH6d3FLNcl3SbyNzSmmqlICo4DGIfrrKO/1aq+Wd05EOE0
XicBKcoDQXcXyM9dtclbQgBrHfgI32HaBw==
-----END CERTIFICATE-----