Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/R7_B4mH6h5xLSw3NzbGg2qvZkUU.roa
File:                     R7_B4mH6h5xLSw3NzbGg2qvZkUU.roa (raw, json)
Hash identifier:          x4b78YV6+hU2EequZfhWMQyWKJ7F2ljkkAtPTmIOYcw=
Subject key identifier:   47:BF:C1:E2:61:FA:87:9C:4B:4B:0D:CD:CD:B1:A0:DA:AB:D9:91:45
Certificate issuer:       /CN=d00b37b6f4b445645e6993a9c5ec608492425f0e
Certificate serial:       01937324C5B0716EEA2724AD8E35131F860E
Authority key identifier: D0:0B:37:B6:F4:B4:45:64:5E:69:93:A9:C5:EC:60:84:92:42:5F:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0As3tvS0RWReaZOpxexghJJCXw4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/R7_B4mH6h5xLSw3NzbGg2qvZkUU.roa
Signing time:             Thu 28 Nov 2024 14:20:09 +0000
ROA not before:           Thu 28 Nov 2024 14:20:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42473
IP address blocks:        152.53.0.0/16 maxlen: 24
                          152.53.9.0/24 maxlen: 24
                          152.53.24.0/24 maxlen: 24
                          152.53.30.0/24 maxlen: 24
                          152.53.36.0/22 maxlen: 24
                          152.53.48.0/22 maxlen: 22
                          152.53.59.0/24 maxlen: 24
                          152.53.62.0/24 maxlen: 24
                          152.53.64.0/22 maxlen: 24
                          152.53.69.0/24 maxlen: 24
                          152.53.75.0/24 maxlen: 24
                          152.53.78.0/24 maxlen: 24
                          152.53.80.0/22 maxlen: 22
                          152.53.100.0/22 maxlen: 22
                          152.53.104.0/22 maxlen: 22
                          152.53.108.0/22 maxlen: 22
                          152.53.112.0/22 maxlen: 22
                          152.53.128.0/20 maxlen: 22
Validation:               Failed, certificate revoked on Fri 29 Nov 2024 09:11:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:73:24:c5:b0:71:6e:ea:27:24:ad:8e:35:13:1f:86:0e
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d00b37b6f4b445645e6993a9c5ec608492425f0e
        Validity
            Not Before: Nov 28 14:20:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=47bfc1e261fa879c4b4b0dcdcdb1a0daabd99145
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:a2:a5:03:45:a3:04:35:fa:f0:96:4d:30:87:
                    f1:a6:0c:32:27:81:3a:40:ac:08:5d:9a:99:1b:85:
                    50:34:a3:b6:4d:b2:a3:a6:b9:50:5c:2a:26:eb:6b:
                    39:5e:a9:bf:21:ab:ef:91:b4:2d:3f:c9:30:6c:5a:
                    2a:79:c8:36:a2:b1:c1:ba:58:7b:93:11:b9:0a:03:
                    89:95:f8:f4:87:7a:76:9e:10:01:92:88:c2:10:e0:
                    9d:a9:d4:4a:76:39:0a:95:9b:a6:a6:8b:69:a6:e1:
                    e4:e1:1a:dc:ad:f9:46:a6:35:e5:fb:d6:a9:4b:06:
                    b1:dc:ab:f4:f9:6f:a5:d6:21:65:7d:b9:cb:45:61:
                    f3:46:bb:2d:e2:90:c0:30:98:d7:fe:d4:e5:05:2c:
                    e0:9e:8d:06:84:f8:19:f8:0a:0e:ac:80:dc:30:ad:
                    7d:29:0d:e1:a2:86:a3:0d:49:8c:2e:e3:a7:9d:1f:
                    4e:76:61:d8:62:c6:8e:68:fd:8a:8c:54:86:d4:68:
                    d5:73:de:9d:86:1e:63:05:c4:f3:c3:1d:03:f5:c5:
                    1f:73:5f:10:c0:06:3c:e6:a1:f9:e4:10:3e:97:5a:
                    1a:48:8b:c0:07:70:a0:2b:32:da:de:24:1e:aa:cb:
                    ee:69:46:85:b4:ff:87:fe:7b:74:7f:a9:1a:f8:61:
                    5a:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:BF:C1:E2:61:FA:87:9C:4B:4B:0D:CD:CD:B1:A0:DA:AB:D9:91:45
            X509v3 Authority Key Identifier:
                keyid:D0:0B:37:B6:F4:B4:45:64:5E:69:93:A9:C5:EC:60:84:92:42:5F:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0As3tvS0RWReaZOpxexghJJCXw4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/R7_B4mH6h5xLSw3NzbGg2qvZkUU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/0As3tvS0RWReaZOpxexghJJCXw4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.53.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         00:9f:12:b4:e3:ef:96:09:2f:7e:32:d1:bc:ca:1e:32:0e:33:
         21:79:42:a9:81:9a:7c:c8:02:a9:aa:6f:ca:7b:f2:4c:f0:70:
         78:c4:61:33:fe:1b:33:f6:02:7a:0c:65:86:00:11:9e:ea:ab:
         14:e3:6f:e1:6e:df:c0:b4:50:4e:dd:4b:d3:9a:15:3f:bd:bb:
         eb:8e:4e:87:08:6d:02:9b:32:7e:50:6e:c9:5f:ca:d6:cc:59:
         3a:44:ca:b2:22:c0:49:3f:f0:88:1a:49:3d:8b:97:7d:29:6f:
         97:8d:6f:5c:44:3a:1b:83:2b:06:74:1d:11:4b:92:8b:43:4c:
         cf:c9:75:bc:15:be:f0:da:3b:dd:c5:6c:22:9e:38:e0:f2:1f:
         2f:8d:2b:50:12:36:22:a0:06:56:b1:43:15:9c:9d:17:e8:22:
         95:ba:e3:48:77:21:3d:76:b2:4e:45:11:06:b0:eb:62:40:68:
         18:36:97:77:f8:08:d9:af:af:5e:95:5b:96:f3:64:3d:8a:37:
         80:8d:ac:36:a4:cd:12:80:1a:04:90:f3:b2:c3:69:10:cc:bc:
         02:f0:4f:fe:1b:5e:15:66:0a:83:fb:88:0c:07:e9:ce:f3:5f:
         1a:76:83:ff:e7:1f:f7:d5:d4:29:80:59:51:80:e1:fb:17:ad:
         e1:b8:7c:a1
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZNzJMWwcW7qJyStjjUTH4YOMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwMGIzN2I2ZjRiNDQ1NjQ1ZTY5OTNhOWM1ZWM2MDg0OTI0
MjVmMGUwHhcNMjQxMTI4MTQyMDA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg0N2JmYzFlMjYxZmE4NzljNGI0YjBkY2RjZGIxYTBkYWFiZDk5MTQ1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA06KlA0WjBDX68JZNMIfxpgwyJ4E6
QKwIXZqZG4VQNKO2TbKjprlQXCom62s5Xqm/IavvkbQtP8kwbFoqecg2orHBulh7
kxG5CgOJlfj0h3p2nhABkojCEOCdqdRKdjkKlZumpotppuHk4RrcrflGpjXl+9ap
Swax3Kv0+W+l1iFlfbnLRWHzRrst4pDAMJjX/tTlBSzgno0GhPgZ+AoOrIDcMK19
KQ3hooajDUmMLuOnnR9OdmHYYsaOaP2KjFSG1GjVc96dhh5jBcTzwx0D9cUfc18Q
wAY85qH55BA+l1oaSIvAB3CgKzLa3iQeqsvuaUaFtP+H/nt0f6ka+GFa1wIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFEe/weJh+oecS0sNzc2xoNqr2ZFFMB8GA1UdIwQY
MBaAFNALN7b0tEVkXmmTqcXsYISSQl8OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEFzM3R2UzBSV1JlYVpPcHhleGdoSkpDWHc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC83MzBmYzUtNzMwMS00YTYwLTg2ZDEt
N2RiNjg2OGQ4NDc0LzEvUjdfQjRtSDZoNXhMU3czTnpiR2cycXZaa1VVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC83MzBmYzUtNzMwMS00YTYwLTg2ZDEtN2RiNjg2OGQ4NDc0
LzEvMEFzM3R2UzBSV1JlYVpPcHhleGdoSkpDWHc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAmDUwDQYJ
KoZIhvcNAQELBQADggEBAACfErTj75YJL34y0bzKHjIOMyF5QqmBmnzIAqmqb8p7
8kzwcHjEYTP+GzP2AnoMZYYAEZ7qqxTjb+Fu38C0UE7dS9OaFT+9u+uOTocIbQKb
Mn5QbslfytbMWTpEyrIiwEk/8IgaST2Ll30pb5eNb1xEOhuDKwZ0HRFLkotDTM/J
dbwVvvDaO93FbCKeOODyHy+NK1ASNiKgBlaxQxWcnRfoIpW640h3IT12sk5FEQaw
62JAaBg2l3f4CNmvr16VW5bzZD2KN4CNrDakzRKAGgSQ87LDaRDMvALwT/4bXhVm
CoP7iAwH6c7zXxp2g//nH/fV1CmAWVGA4fsXreG4fKE=
-----END CERTIFICATE-----