Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/EFK2-OId9yT3bcRFTP6T8gZLQBg.roa
File:                     EFK2-OId9yT3bcRFTP6T8gZLQBg.roa (raw, json)
Hash identifier:          c/qlLddDDJ4EZpnKRjAdTbYBkjFNirm58IZmLrVBkNI=
Subject key identifier:   10:52:B6:F8:E2:1D:F7:24:F7:6D:C4:45:4C:FE:93:F2:06:4B:40:18
Certificate issuer:       /CN=d00b37b6f4b445645e6993a9c5ec608492425f0e
Certificate serial:       01938B6E1E714CA2C4C05D216F89046C9079
Authority key identifier: D0:0B:37:B6:F4:B4:45:64:5E:69:93:A9:C5:EC:60:84:92:42:5F:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0As3tvS0RWReaZOpxexghJJCXw4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/EFK2-OId9yT3bcRFTP6T8gZLQBg.roa
Signing time:             Tue 03 Dec 2024 07:31:09 +0000
ROA not before:           Tue 03 Dec 2024 07:31:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42473
IP address blocks:        152.53.0.0/16 maxlen: 24
                          152.53.9.0/24 maxlen: 24
                          152.53.24.0/24 maxlen: 24
                          152.53.30.0/24 maxlen: 24
                          152.53.36.0/22 maxlen: 24
                          152.53.48.0/22 maxlen: 22
                          152.53.59.0/24 maxlen: 24
                          152.53.62.0/24 maxlen: 24
                          152.53.64.0/22 maxlen: 24
                          152.53.69.0/24 maxlen: 24
                          152.53.75.0/24 maxlen: 24
                          152.53.78.0/24 maxlen: 24
                          152.53.80.0/22 maxlen: 22
                          152.53.84.0/22 maxlen: 22
                          152.53.88.0/22 maxlen: 22
                          152.53.98.0/24 maxlen: 24
                          152.53.100.0/22 maxlen: 22
                          152.53.104.0/22 maxlen: 22
                          152.53.108.0/22 maxlen: 22
                          152.53.112.0/22 maxlen: 22
                          152.53.116.0/22 maxlen: 22
                          152.53.128.0/20 maxlen: 22
Validation:               Failed, certificate revoked on Thu 19 Dec 2024 13:38:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:8b:6e:1e:71:4c:a2:c4:c0:5d:21:6f:89:04:6c:90:79
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d00b37b6f4b445645e6993a9c5ec608492425f0e
        Validity
            Not Before: Dec  3 07:31:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=1052b6f8e21df724f76dc4454cfe93f2064b4018
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:7d:6a:34:de:be:92:74:0f:d7:bc:1b:1c:26:
                    94:a7:79:4b:7d:d7:9b:87:f7:c2:2e:85:30:87:c8:
                    01:d1:7c:d9:f2:90:fc:31:62:69:7e:ff:6e:98:1d:
                    5c:e2:05:7e:73:df:e2:7c:f8:49:4d:4d:79:b6:eb:
                    73:d6:57:a4:3d:b1:ef:0b:44:4a:49:66:9e:ea:1d:
                    73:53:6d:d2:91:8f:cb:17:e9:5d:ad:ed:ce:96:b6:
                    08:92:8b:f5:35:d1:e0:51:8b:f2:b5:91:73:ff:f7:
                    31:fc:de:cd:9f:32:41:48:c8:80:34:f4:29:3f:09:
                    98:17:87:47:f7:c0:a3:6a:6a:ae:46:b3:e6:8d:7e:
                    2a:19:9a:37:88:35:ba:f5:ae:ba:19:73:42:ca:80:
                    8d:15:da:c8:c0:d5:a6:f5:8b:93:86:03:1d:bf:7f:
                    1a:f5:50:c8:38:2b:15:78:7a:c6:24:c3:5f:d4:56:
                    a1:14:fc:f2:10:da:81:71:48:89:3b:12:9f:a9:2f:
                    92:22:e4:4d:a4:87:83:37:43:2c:30:37:bd:68:69:
                    af:00:a1:5f:06:f3:c7:2a:ee:cb:5c:c9:e6:64:8a:
                    ca:fe:2b:d1:e1:b9:e7:b5:63:32:ae:e4:fc:34:5e:
                    0c:81:19:8a:aa:a5:23:f3:4f:4e:33:63:c0:a7:44:
                    b1:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:52:B6:F8:E2:1D:F7:24:F7:6D:C4:45:4C:FE:93:F2:06:4B:40:18
            X509v3 Authority Key Identifier:
                keyid:D0:0B:37:B6:F4:B4:45:64:5E:69:93:A9:C5:EC:60:84:92:42:5F:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0As3tvS0RWReaZOpxexghJJCXw4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/EFK2-OId9yT3bcRFTP6T8gZLQBg.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/0As3tvS0RWReaZOpxexghJJCXw4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.53.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         2f:98:46:45:6b:31:4a:d0:a6:79:b8:ed:9b:5a:f7:a5:b5:d9:
         91:d6:5f:1e:f9:d4:1c:3b:3e:ee:b3:b1:00:1f:d7:f5:5d:37:
         34:34:94:b7:c4:66:34:87:21:9f:73:84:95:64:08:e7:9b:d1:
         26:c2:20:e1:33:8d:52:00:7b:c8:9c:d9:ef:c9:20:9f:a6:14:
         39:65:c4:a0:11:1a:57:95:5b:39:5e:cd:2e:8e:6b:62:54:18:
         70:a7:d8:6c:a4:cd:60:d5:80:48:49:9c:a3:12:36:c9:1f:ae:
         4c:9b:40:b6:e4:5d:32:ce:15:9e:fc:b1:c4:a6:e1:d7:1c:6b:
         e1:63:7c:a0:f9:be:0d:99:e1:d9:6a:f2:a4:f1:20:45:55:51:
         62:5a:2e:e1:bc:3d:10:d6:53:32:d2:0d:70:7a:38:27:18:d7:
         ee:21:d4:c0:02:2d:c1:00:e5:4d:13:86:4b:67:e8:ac:d6:c1:
         5a:8b:5f:6b:03:1e:24:52:b1:7c:68:27:ab:c9:cc:1e:19:e4:
         6b:b9:c4:9c:8f:41:09:5d:b2:bf:36:74:19:61:45:21:60:53:
         7a:62:22:7b:e7:8f:eb:36:43:52:6f:3c:87:64:cd:0f:a9:56:
         40:5d:2f:2f:29:df:a4:06:f0:35:56:42:f0:8d:5f:48:43:47:
         31:6d:58:59
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZOLbh5xTKLEwF0hb4kEbJB5MA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwMGIzN2I2ZjRiNDQ1NjQ1ZTY5OTNhOWM1ZWM2MDg0OTI0
MjVmMGUwHhcNMjQxMjAzMDczMTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygxMDUyYjZmOGUyMWRmNzI0Zjc2ZGM0NDU0Y2ZlOTNmMjA2NGI0MDE4MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAun1qNN6+knQP17wbHCaUp3lLfdeb
h/fCLoUwh8gB0XzZ8pD8MWJpfv9umB1c4gV+c9/ifPhJTU15tutz1lekPbHvC0RK
SWae6h1zU23SkY/LF+ldre3OlrYIkov1NdHgUYvytZFz//cx/N7NnzJBSMiANPQp
PwmYF4dH98CjamquRrPmjX4qGZo3iDW69a66GXNCyoCNFdrIwNWm9YuThgMdv38a
9VDIOCsVeHrGJMNf1FahFPzyENqBcUiJOxKfqS+SIuRNpIeDN0MsMDe9aGmvAKFf
BvPHKu7LXMnmZIrK/ivR4bnntWMyruT8NF4MgRmKqqUj809OM2PAp0SxdwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFBBStvjiHfck923ERUz+k/IGS0AYMB8GA1UdIwQY
MBaAFNALN7b0tEVkXmmTqcXsYISSQl8OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEFzM3R2UzBSV1JlYVpPcHhleGdoSkpDWHc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC83MzBmYzUtNzMwMS00YTYwLTg2ZDEt
N2RiNjg2OGQ4NDc0LzEvRUZLMi1PSWQ5eVQzYmNSRlRQNlQ4Z1pMUUJnLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC83MzBmYzUtNzMwMS00YTYwLTg2ZDEtN2RiNjg2OGQ4NDc0
LzEvMEFzM3R2UzBSV1JlYVpPcHhleGdoSkpDWHc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAmDUwDQYJ
KoZIhvcNAQELBQADggEBAC+YRkVrMUrQpnm47Zta96W12ZHWXx751Bw7Pu6zsQAf
1/VdNzQ0lLfEZjSHIZ9zhJVkCOeb0SbCIOEzjVIAe8ic2e/JIJ+mFDllxKARGleV
WzlezS6Oa2JUGHCn2GykzWDVgEhJnKMSNskfrkybQLbkXTLOFZ78scSm4dcca+Fj
fKD5vg2Z4dlq8qTxIEVVUWJaLuG8PRDWUzLSDXB6OCcY1+4h1MACLcEA5U0Thktn
6KzWwVqLX2sDHiRSsXxoJ6vJzB4Z5Gu5xJyPQQldsr82dBlhRSFgU3piInvnj+s2
Q1JvPIdkzQ+pVkBdLy8p36QG8DVWQvCNX0hDRzFtWFk=
-----END CERTIFICATE-----