Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/7nUt22J-6xc2lvupeRtR3D1QneY.roa
File:                     7nUt22J-6xc2lvupeRtR3D1QneY.roa (raw, json)
Hash identifier:          al6IO4bfGcSD9sh0ENuajjLc9BlIPZkp63wQtP9hsY8=
Subject key identifier:   EE:75:2D:DB:62:7E:EB:17:36:96:FB:A9:79:1B:51:DC:3D:50:9D:E6
Certificate issuer:       /CN=d00b37b6f4b445645e6993a9c5ec608492425f0e
Certificate serial:       0193DF23C62EE9A85CCE711769F44821A277
Authority key identifier: D0:0B:37:B6:F4:B4:45:64:5E:69:93:A9:C5:EC:60:84:92:42:5F:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0As3tvS0RWReaZOpxexghJJCXw4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/7nUt22J-6xc2lvupeRtR3D1QneY.roa
Signing time:             Thu 19 Dec 2024 13:38:03 +0000
ROA not before:           Thu 19 Dec 2024 13:38:03 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42473
IP address blocks:        152.53.0.0/16 maxlen: 24
                          152.53.9.0/24 maxlen: 24
                          152.53.24.0/24 maxlen: 24
                          152.53.30.0/24 maxlen: 24
                          152.53.36.0/22 maxlen: 24
                          152.53.48.0/22 maxlen: 22
                          152.53.59.0/24 maxlen: 24
                          152.53.62.0/24 maxlen: 24
                          152.53.64.0/22 maxlen: 24
                          152.53.69.0/24 maxlen: 24
                          152.53.75.0/24 maxlen: 24
                          152.53.78.0/24 maxlen: 24
                          152.53.80.0/22 maxlen: 22
                          152.53.84.0/22 maxlen: 22
                          152.53.88.0/22 maxlen: 22
                          152.53.92.0/22 maxlen: 22
                          152.53.98.0/24 maxlen: 24
                          152.53.100.0/22 maxlen: 22
                          152.53.104.0/22 maxlen: 22
                          152.53.108.0/22 maxlen: 22
                          152.53.112.0/22 maxlen: 22
                          152.53.116.0/22 maxlen: 22
                          152.53.128.0/20 maxlen: 22
Validation:               Failed, certificate revoked on Thu 02 Jan 2025 07:49:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:df:23:c6:2e:e9:a8:5c:ce:71:17:69:f4:48:21:a2:77
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d00b37b6f4b445645e6993a9c5ec608492425f0e
        Validity
            Not Before: Dec 19 13:38:03 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=ee752ddb627eeb173696fba9791b51dc3d509de6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:ab:8f:ed:6e:27:b5:c5:47:a0:5d:2f:c5:4a:
                    8f:8d:85:86:35:59:89:54:bf:80:62:fa:91:71:48:
                    44:a4:5a:e2:f9:cd:54:79:2b:32:1e:f5:98:56:5c:
                    f0:cd:60:45:cb:c3:85:df:da:58:6c:f7:b5:79:b7:
                    78:a3:b6:35:c8:39:0e:de:b3:76:ad:62:de:48:e5:
                    31:70:ad:ff:00:ca:33:fc:ae:21:50:35:6e:de:05:
                    61:72:b6:3a:f9:10:68:40:a6:c3:c3:c8:e3:74:e9:
                    c5:ee:ef:d9:7f:a5:3c:a1:2f:fe:e5:c5:45:18:8f:
                    24:57:a9:d1:a4:c0:6d:cd:4a:0a:fc:e5:44:7d:30:
                    60:23:39:78:8d:2e:f3:0f:40:32:7e:eb:bf:62:e3:
                    76:76:4a:b2:92:a8:40:a6:24:4c:ff:4d:15:b2:0f:
                    86:94:be:83:6e:be:0d:83:a5:87:16:2d:dc:5d:78:
                    d2:c8:28:d3:b2:a0:cd:9e:29:9e:b1:d5:c5:bd:17:
                    b2:13:be:1e:54:c1:51:f6:c2:54:ad:0f:55:53:17:
                    eb:4f:00:8a:24:e2:3b:cd:79:f6:17:da:cd:10:78:
                    81:ba:e4:a6:74:6c:fa:c3:2c:72:67:47:3b:05:96:
                    47:8e:91:50:4c:23:96:97:22:cb:33:98:9f:1a:38:
                    46:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:75:2D:DB:62:7E:EB:17:36:96:FB:A9:79:1B:51:DC:3D:50:9D:E6
            X509v3 Authority Key Identifier:
                keyid:D0:0B:37:B6:F4:B4:45:64:5E:69:93:A9:C5:EC:60:84:92:42:5F:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0As3tvS0RWReaZOpxexghJJCXw4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/7nUt22J-6xc2lvupeRtR3D1QneY.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/0As3tvS0RWReaZOpxexghJJCXw4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.53.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         82:74:1f:6d:7d:c0:25:7b:83:cf:99:16:fb:18:67:8d:cf:e3:
         7c:71:c7:dc:59:06:42:15:f4:ee:9d:8c:38:52:ee:67:ce:be:
         38:af:46:2f:9d:bf:85:60:9d:6a:a1:07:08:4f:2c:54:39:8b:
         be:75:01:5b:45:8e:d1:ec:e1:b9:4c:95:a7:20:ba:40:30:30:
         2e:22:a0:97:57:2b:cc:c2:8d:5d:b8:10:e7:a8:09:10:74:ab:
         c0:0f:a0:b1:21:f7:ce:a1:e4:51:30:14:bd:9b:7f:ea:24:c0:
         cf:ec:6b:19:11:c3:c4:d4:03:a6:87:9d:ce:8a:31:f1:f9:85:
         94:f0:d2:8a:28:9d:13:71:08:f1:47:7a:8b:c1:21:f9:df:94:
         ba:35:88:8a:ca:01:7b:be:55:da:b4:3e:7e:ec:24:6d:e1:a5:
         04:23:6c:f7:39:23:bd:00:4c:7e:c4:0d:65:34:c4:be:ff:73:
         e3:8d:c8:2f:3a:21:3a:0d:80:3d:fb:22:21:75:f9:60:14:1e:
         2a:2e:ce:29:d7:fe:86:90:18:be:5a:f4:d1:bb:ff:ef:9b:57:
         37:ef:f1:70:87:fc:4e:db:ab:09:ac:7a:a9:44:ed:6d:e3:64:
         6e:2c:e2:00:49:c3:5d:99:8a:fe:da:44:24:99:f3:fd:16:f6:
         da:5b:79:82
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZPfI8Yu6ahcznEXafRIIaJ3MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwMGIzN2I2ZjRiNDQ1NjQ1ZTY5OTNhOWM1ZWM2MDg0OTI0
MjVmMGUwHhcNMjQxMjE5MTMzODAzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhlZTc1MmRkYjYyN2VlYjE3MzY5NmZiYTk3OTFiNTFkYzNkNTA5ZGU2MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAo6uP7W4ntcVHoF0vxUqPjYWGNVmJ
VL+AYvqRcUhEpFri+c1UeSsyHvWYVlzwzWBFy8OF39pYbPe1ebd4o7Y1yDkO3rN2
rWLeSOUxcK3/AMoz/K4hUDVu3gVhcrY6+RBoQKbDw8jjdOnF7u/Zf6U8oS/+5cVF
GI8kV6nRpMBtzUoK/OVEfTBgIzl4jS7zD0Ayfuu/YuN2dkqykqhApiRM/00Vsg+G
lL6Dbr4Ng6WHFi3cXXjSyCjTsqDNnimesdXFvReyE74eVMFR9sJUrQ9VUxfrTwCK
JOI7zXn2F9rNEHiBuuSmdGz6wyxyZ0c7BZZHjpFQTCOWlyLLM5ifGjhGrQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFO51LdtifusXNpb7qXkbUdw9UJ3mMB8GA1UdIwQY
MBaAFNALN7b0tEVkXmmTqcXsYISSQl8OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEFzM3R2UzBSV1JlYVpPcHhleGdoSkpDWHc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC83MzBmYzUtNzMwMS00YTYwLTg2ZDEt
N2RiNjg2OGQ4NDc0LzEvN25VdDIySi02eGMybHZ1cGVSdFIzRDFRbmVZLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC83MzBmYzUtNzMwMS00YTYwLTg2ZDEtN2RiNjg2OGQ4NDc0
LzEvMEFzM3R2UzBSV1JlYVpPcHhleGdoSkpDWHc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAmDUwDQYJ
KoZIhvcNAQELBQADggEBAIJ0H219wCV7g8+ZFvsYZ43P43xxx9xZBkIV9O6djDhS
7mfOvjivRi+dv4VgnWqhBwhPLFQ5i751AVtFjtHs4blMlacgukAwMC4ioJdXK8zC
jV24EOeoCRB0q8APoLEh986h5FEwFL2bf+okwM/saxkRw8TUA6aHnc6KMfH5hZTw
0ooonRNxCPFHeovBIfnflLo1iIrKAXu+Vdq0Pn7sJG3hpQQjbPc5I70ATH7EDWU0
xL7/c+ONyC86IToNgD37IiF1+WAUHiouzinX/oaQGL5a9NG7/++bVzfv8XCH/E7b
qwmseqlE7W3jZG4s4gBJw12Ziv7aRCSZ8/0W9tpbeYI=
-----END CERTIFICATE-----