Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/uMIRelJrOqwWOvnHeVTG6QogUXI.roa
File:                     uMIRelJrOqwWOvnHeVTG6QogUXI.roa (raw, json)
Hash identifier:          PCZtc2YdH0ToqtVEw62Pfkt2cM0vjQRBwbGflE9gKc0=
Subject key identifier:   B8:C2:11:7A:52:6B:3A:AC:16:3A:F9:C7:79:54:C6:E9:0A:20:51:72
Certificate issuer:       /CN=e37ee1eced19f8a0a3a635bfaa264293e3437795
Certificate serial:       01885840DB3EC2D56D60EDB3FC59A956DEC5
Authority key identifier: E3:7E:E1:EC:ED:19:F8:A0:A3:A6:35:BF:AA:26:42:93:E3:43:77:95
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/437h7O0Z-KCjpjW_qiZCk-NDd5U.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/uMIRelJrOqwWOvnHeVTG6QogUXI.roa
Signing time:             Fri 26 May 2023 13:30:25 +0000
ROA not before:           Fri 26 May 2023 13:30:25 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     203622
IP address blocks:        46.32.166.0/24 maxlen: 24
                          46.32.165.0/24 maxlen: 24
                          46.32.164.0/24 maxlen: 24
                          46.32.160.0/24 maxlen: 24
                          46.32.162.0/24 maxlen: 24
                          46.32.161.0/24 maxlen: 24
                          46.32.167.0/24 maxlen: 24
                          46.32.170.0/24 maxlen: 24
                          46.32.171.0/24 maxlen: 24
                          46.32.179.0/24 maxlen: 24
                          46.32.191.0/24 maxlen: 24
                          46.32.188.0/24 maxlen: 24
                          46.32.190.0/24 maxlen: 24
                          46.32.189.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 03 Jul 2023 06:37:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:88:58:40:db:3e:c2:d5:6d:60:ed:b3:fc:59:a9:56:de:c5
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e37ee1eced19f8a0a3a635bfaa264293e3437795
        Validity
            Not Before: May 26 13:30:25 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=b8c2117a526b3aac163af9c77954c6e90a205172
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:92:1b:dd:e7:18:1b:04:9a:ad:24:a3:6a:5e:9d:
                    55:9d:f6:e7:da:a6:d9:b6:f3:2a:47:cb:2d:99:c3:
                    ab:5f:a2:22:26:e8:fe:87:97:51:dc:00:e7:fb:83:
                    b1:d1:71:f1:c1:16:4a:2f:89:14:86:bb:e3:58:e3:
                    3c:f8:19:ed:be:52:81:aa:45:34:a4:a1:65:ac:68:
                    9e:f4:ec:80:3d:79:bf:a8:e0:33:1d:54:ff:a9:ef:
                    7c:6f:55:3d:d9:9e:e6:69:ec:6b:f2:e0:f0:79:e5:
                    c7:c1:c6:25:18:20:98:7f:eb:27:25:7a:0f:89:02:
                    b0:ab:e8:56:b9:46:2d:87:10:c0:f2:ba:e0:31:25:
                    99:09:6c:fa:f1:bc:fa:f5:89:ff:07:4d:e6:15:d1:
                    3c:35:63:7a:12:85:a1:32:81:42:d9:42:8f:e5:69:
                    5d:46:da:c5:8b:25:8a:1f:3a:6f:92:60:2f:44:9f:
                    4d:ad:fa:fe:29:e4:79:14:df:5d:de:b5:81:ab:8b:
                    57:ea:8f:3f:85:a2:4e:a1:87:f8:1a:3a:c2:a3:46:
                    cf:19:05:2b:84:72:2d:e4:2c:9d:11:17:20:83:f2:
                    f3:14:4d:26:37:18:73:91:8d:a6:54:ee:81:77:6f:
                    d4:ce:1d:05:5b:ac:df:80:8a:20:23:94:3b:61:ea:
                    f3:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B8:C2:11:7A:52:6B:3A:AC:16:3A:F9:C7:79:54:C6:E9:0A:20:51:72
            X509v3 Authority Key Identifier:
                keyid:E3:7E:E1:EC:ED:19:F8:A0:A3:A6:35:BF:AA:26:42:93:E3:43:77:95

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/437h7O0Z-KCjpjW_qiZCk-NDd5U.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/uMIRelJrOqwWOvnHeVTG6QogUXI.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/b8/6d5d75-4d1e-4697-b1d3-36e344abc9d3/1/437h7O0Z-KCjpjW_qiZCk-NDd5U.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  46.32.160.0-46.32.162.255
                  46.32.164.0/22
                  46.32.170.0/23
                  46.32.179.0/24
                  46.32.188.0/22

    Signature Algorithm: sha256WithRSAEncryption
         43:24:4a:3b:7a:1f:07:59:62:74:54:eb:19:5a:af:5d:79:2f:
         b7:bb:85:5d:12:1a:ca:41:25:db:33:60:10:c5:15:e3:a7:56:
         be:b5:af:12:7f:95:d9:b4:8a:e3:a9:04:25:f9:76:22:a3:b7:
         b6:ac:a3:df:37:54:44:1d:57:dc:f5:30:46:6e:12:4d:9c:82:
         a9:37:d7:d8:56:f7:c9:d3:83:c6:09:57:1e:74:a9:37:3e:87:
         1a:e2:ee:be:b4:c8:dd:2e:e5:e7:e3:e1:d1:b9:4f:c4:11:98:
         2d:30:5c:f7:b9:da:2c:d5:3f:62:73:30:e2:20:66:29:aa:f5:
         ab:01:23:1a:c1:ef:02:3f:1e:ee:52:1d:7d:6b:17:19:c2:ac:
         ca:23:a4:d1:d0:2e:6c:96:6f:c3:f1:d1:68:42:40:71:20:8c:
         cb:20:2f:82:30:1d:c0:0a:68:fd:3f:3d:05:b9:26:66:0b:c1:
         34:33:06:66:db:8d:33:b7:b8:6b:73:69:43:df:9c:c6:3a:27:
         b8:dc:cb:b5:25:a8:23:bf:9a:22:19:da:c6:d5:28:af:a0:44:
         c1:5e:db:aa:e3:8f:95:46:fa:f7:c0:79:3c:86:30:1f:e2:72:
         7b:f7:a8:fc:07:af:3f:d3:4e:c9:49:21:eb:eb:ed:fc:1f:36:
         46:9d:a4:75
-----BEGIN CERTIFICATE-----
MIIFHTCCBAWgAwIBAgISAYhYQNs+wtVtYO2z/FmpVt7FMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGUzN2VlMWVjZWQxOWY4YTBhM2E2MzViZmFhMjY0MjkzZTM0
Mzc3OTUwHhcNMjMwNTI2MTMzMDI1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhiOGMyMTE3YTUyNmIzYWFjMTYzYWY5Yzc3OTU0YzZlOTBhMjA1MTcyMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAkhvd5xgbBJqtJKNqXp1Vnfbn2qbZ
tvMqR8stmcOrX6IiJuj+h5dR3ADn+4Ox0XHxwRZKL4kUhrvjWOM8+BntvlKBqkU0
pKFlrGie9OyAPXm/qOAzHVT/qe98b1U92Z7maexr8uDweeXHwcYlGCCYf+snJXoP
iQKwq+hWuUYthxDA8rrgMSWZCWz68bz69Yn/B03mFdE8NWN6EoWhMoFC2UKP5Wld
RtrFiyWKHzpvkmAvRJ9Nrfr+KeR5FN9d3rWBq4tX6o8/haJOoYf4GjrCo0bPGQUr
hHIt5CydERcgg/LzFE0mNxhzkY2mVO6Bd2/Uzh0FW6zfgIogI5Q7YerzewIDAQAB
o4ICKTCCAiUwHQYDVR0OBBYEFLjCEXpSazqsFjr5x3lUxukKIFFyMB8GA1UdIwQY
MBaAFON+4eztGfigo6Y1v6omQpPjQ3eVMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNDM3aDdPMFotS0NqcGpXX3FpWkNrLU5EZDVVLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC9iOC82ZDVkNzUtNGQxZS00Njk3LWIxZDMt
MzZlMzQ0YWJjOWQzLzEvdU1JUmVsSnJPcXdXT3ZuSGVWVEc2UW9nVVhJLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC9iOC82ZDVkNzUtNGQxZS00Njk3LWIxZDMtMzZlMzQ0YWJjOWQz
LzEvNDM3aDdPMFotS0NqcGpXX3FpWkNrLU5EZDVVLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMD8GCCsGAQUFBwEHAQH/BDAwLjAsBAIAATAmMAwDBAUuIKAD
BAAuIKIDBAIuIKQDBAEuIKoDBAAuILMDBAIuILwwDQYJKoZIhvcNAQELBQADggEB
AEMkSjt6HwdZYnRU6xlar115L7e7hV0SGspBJdszYBDFFeOnVr61rxJ/ldm0iuOp
BCX5diKjt7aso983VEQdV9z1MEZuEk2cgqk319hW98nTg8YJVx50qTc+hxri7r60
yN0u5efj4dG5T8QRmC0wXPe52izVP2JzMOIgZimq9asBIxrB7wI/Hu5SHX1rFxnC
rMojpNHQLmyWb8Px0WhCQHEgjMsgL4IwHcAKaP0/PQW5JmYLwTQzBmbbjTO3uGtz
aUPfnMY6J7jcy7UlqCO/miIZ2sbVKK+gRMFe26rjj5VG+vfAeTyGMB/icnv3qPwH
rz/TTslJIevr7fwfNkadpHU=
-----END CERTIFICATE-----