Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/07/011ef2-7012-4a6e-8a1c-0e0e137e5591/1/CuWTEdlO85DlbBfoEj3x82hCc1o.roa
File:                     CuWTEdlO85DlbBfoEj3x82hCc1o.roa (raw, json)
Hash identifier:          1JUSPxKMMtEDpEQMFN+vnE4d4ynwYJjSKf7ULMHQFeI=
Subject key identifier:   0A:E5:93:11:D9:4E:F3:90:E5:6C:17:E8:12:3D:F1:F3:68:42:73:5A
Certificate issuer:       /CN=e520446f79ffc2d7c3a9ef340ce9de25723a719a
Certificate serial:       018F12A18ECD51BB4E7E26A909362D48BF2E
Authority key identifier: E5:20:44:6F:79:FF:C2:D7:C3:A9:EF:34:0C:E9:DE:25:72:3A:71:9A
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/5SBEb3n_wtfDqe80DOneJXI6cZo.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/07/011ef2-7012-4a6e-8a1c-0e0e137e5591/1/CuWTEdlO85DlbBfoEj3x82hCc1o.roa
Signing time:             Thu 25 Apr 2024 00:22:08 +0000
ROA not before:           Thu 25 Apr 2024 00:22:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     35539
IP address blocks:        31.134.192.0/21 maxlen: 21
                          46.160.224.0/21 maxlen: 21
                          46.160.232.0/21 maxlen: 21
                          46.160.240.0/21 maxlen: 21
                          46.160.248.0/21 maxlen: 21
                          93.95.160.0/21 maxlen: 21
                          93.95.160.0/22 maxlen: 22
                          93.95.164.0/22 maxlen: 22
                          93.123.128.0/17 maxlen: 17
                          93.123.128.0/18 maxlen: 18
                          93.123.192.0/18 maxlen: 18
                          95.131.208.0/21 maxlen: 21
                          95.131.208.0/22 maxlen: 22
                          95.131.212.0/22 maxlen: 22

Validation:               Failed, certificate revoked on Mon 20 May 2024 00:00:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8f:12:a1:8e:cd:51:bb:4e:7e:26:a9:09:36:2d:48:bf:2e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=e520446f79ffc2d7c3a9ef340ce9de25723a719a
        Validity
            Not Before: Apr 25 00:22:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=0ae59311d94ef390e56c17e8123df1f36842735a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:c5:03:b4:68:2f:70:46:ac:8e:e0:83:29:ec:
                    32:be:bb:62:ce:ed:d5:e3:1a:d5:3e:d3:07:60:8d:
                    23:5c:0e:43:d3:34:b8:85:6a:69:07:d8:f4:85:2f:
                    0c:5c:c6:6c:c7:d4:3e:47:0c:1a:5b:26:07:94:78:
                    cc:35:f7:7e:fa:8a:33:46:5f:28:11:09:54:5d:7a:
                    07:5a:e5:50:10:06:1d:61:86:22:96:c4:cd:ec:07:
                    9a:51:c7:16:66:e7:4c:c9:7c:28:58:e9:90:72:73:
                    c6:d1:58:6d:f0:d9:69:c2:88:24:cb:d0:f7:f0:a2:
                    9b:f3:fb:1f:68:6c:00:e5:29:d2:5e:b5:3f:27:24:
                    2f:2c:18:b2:8c:55:ff:13:83:dc:3c:c0:e6:67:30:
                    89:23:20:74:66:62:82:67:3c:24:cb:b9:2b:31:37:
                    0a:4c:30:77:e7:35:ad:24:9a:8c:69:78:84:c2:56:
                    a4:2c:d5:65:c8:b9:ca:52:48:04:97:3b:5c:1a:3f:
                    db:ce:59:92:8a:fa:f9:80:ed:e8:f8:73:42:4b:ab:
                    a9:55:4e:0d:a9:0f:28:f5:aa:db:b2:f1:a2:61:e5:
                    16:24:57:51:85:80:e6:25:39:da:99:21:40:fa:a9:
                    22:7d:04:15:5f:cf:98:60:3c:7c:87:b3:28:18:b2:
                    0c:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0A:E5:93:11:D9:4E:F3:90:E5:6C:17:E8:12:3D:F1:F3:68:42:73:5A
            X509v3 Authority Key Identifier:
                keyid:E5:20:44:6F:79:FF:C2:D7:C3:A9:EF:34:0C:E9:DE:25:72:3A:71:9A

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5SBEb3n_wtfDqe80DOneJXI6cZo.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/07/011ef2-7012-4a6e-8a1c-0e0e137e5591/1/CuWTEdlO85DlbBfoEj3x82hCc1o.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/07/011ef2-7012-4a6e-8a1c-0e0e137e5591/1/5SBEb3n_wtfDqe80DOneJXI6cZo.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  31.134.192.0/21
                  46.160.224.0/19
                  93.95.160.0/21
                  93.123.128.0/17
                  95.131.208.0/21

    Signature Algorithm: sha256WithRSAEncryption
         29:ea:20:40:44:fb:55:45:15:e5:96:86:96:e1:68:c2:dd:d3:
         fb:03:0a:87:26:2d:c3:7e:de:0c:16:16:24:13:82:35:c3:86:
         e1:cd:de:12:f8:55:09:ca:96:ed:73:28:8a:db:14:3c:cc:da:
         bc:55:b1:52:b3:df:1d:56:a1:a5:41:42:23:0c:bd:56:43:dd:
         87:7c:4c:3a:a4:eb:99:89:08:02:79:a7:7c:f5:bd:3b:08:03:
         98:1d:e3:1e:55:2a:08:dc:be:24:13:e2:f2:77:f0:0d:06:ad:
         cd:88:c1:6e:47:ed:64:fd:f3:ca:de:31:ef:40:d3:96:c9:c9:
         ef:ab:97:7e:f6:f3:b3:04:70:98:04:31:e0:00:65:d8:7e:53:
         38:59:6a:bd:e4:58:b3:fc:65:33:5c:46:ed:6e:33:4e:50:e8:
         08:8b:65:c9:c5:25:0b:39:58:88:a8:29:bf:59:69:84:06:77:
         11:66:a5:dd:ab:e3:96:eb:10:37:5e:d2:04:a7:7d:e3:8d:4d:
         25:60:7d:a3:76:4b:02:6d:fa:a0:ae:04:ed:4c:fd:3f:af:25:
         a2:aa:18:75:ac:ca:77:d8:3a:aa:e6:0a:8c:9a:48:24:8e:6e:
         d3:1d:06:58:57:2f:b9:d9:2e:52:dd:54:41:77:13:f7:e3:32:
         17:9f:48:b2
-----BEGIN CERTIFICATE-----
MIIFFTCCA/2gAwIBAgISAY8SoY7NUbtOfiapCTYtSL8uMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU1MjA0NDZmNzlmZmMyZDdjM2E5ZWYzNDBjZTlkZTI1NzIz
YTcxOWEwHhcNMjQwNDI1MDAyMjA4WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygwYWU1OTMxMWQ5NGVmMzkwZTU2YzE3ZTgxMjNkZjFmMzY4NDI3MzVhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAusUDtGgvcEasjuCDKewyvrtizu3V
4xrVPtMHYI0jXA5D0zS4hWppB9j0hS8MXMZsx9Q+RwwaWyYHlHjMNfd++oozRl8o
EQlUXXoHWuVQEAYdYYYilsTN7AeaUccWZudMyXwoWOmQcnPG0Vht8Nlpwogky9D3
8KKb8/sfaGwA5SnSXrU/JyQvLBiyjFX/E4PcPMDmZzCJIyB0ZmKCZzwky7krMTcK
TDB35zWtJJqMaXiEwlakLNVlyLnKUkgElztcGj/bzlmSivr5gO3o+HNCS6upVU4N
qQ8o9arbsvGiYeUWJFdRhYDmJTnamSFA+qkifQQVX8+YYDx8h7MoGLIM6QIDAQAB
o4ICITCCAh0wHQYDVR0OBBYEFArlkxHZTvOQ5WwX6BI98fNoQnNaMB8GA1UdIwQY
MBaAFOUgRG95/8LXw6nvNAzp3iVyOnGaMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNVNCRWIzbl93dGZEcWU4MERPbmVKWEk2Y1pvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wNy8wMTFlZjItNzAxMi00YTZlLThhMWMt
MGUwZTEzN2U1NTkxLzEvQ3VXVEVkbE84NURsYkJmb0VqM3g4MmhDYzFvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wNy8wMTFlZjItNzAxMi00YTZlLThhMWMtMGUwZTEzN2U1NTkx
LzEvNVNCRWIzbl93dGZEcWU4MERPbmVKWEk2Y1pvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMDcGCCsGAQUFBwEHAQH/BCgwJjAkBAIAATAeAwQDH4bAAwQF
LqDgAwQDXV+gAwQHXXuAAwQDX4PQMA0GCSqGSIb3DQEBCwUAA4IBAQAp6iBARPtV
RRXlloaW4WjC3dP7AwqHJi3Dft4MFhYkE4I1w4bhzd4S+FUJypbtcyiK2xQ8zNq8
VbFSs98dVqGlQUIjDL1WQ92HfEw6pOuZiQgCead89b07CAOYHeMeVSoI3L4kE+Ly
d/ANBq3NiMFuR+1k/fPK3jHvQNOWycnvq5d+9vOzBHCYBDHgAGXYflM4WWq95Fiz
/GUzXEbtbjNOUOgIi2XJxSULOViIqCm/WWmEBncRZqXdq+OW6xA3XtIEp33jjU0l
YH2jdksCbfqgrgTtTP0/ryWiqhh1rMp32Dqq5gqMmkgkjm7THQZYVy+52S5S3VRB
dxP34zIXn0iy
-----END CERTIFICATE-----