Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/XdeDdD5P1lFusk2KtpSX3uX0Kao.roa
File:                     XdeDdD5P1lFusk2KtpSX3uX0Kao.roa (raw, json)
Hash identifier:          NTU5kvJ+vLqaPbb9qrK9Ce4czGLkS3zUTz3I2muJHHU=
Subject key identifier:   5D:D7:83:74:3E:4F:D6:51:6E:B2:4D:8A:B6:94:97:DE:E5:F4:29:AA
Certificate issuer:       /CN=d00b37b6f4b445645e6993a9c5ec608492425f0e
Certificate serial:       019377303BD816FD03781B1D8B616ECFA912
Authority key identifier: D0:0B:37:B6:F4:B4:45:64:5E:69:93:A9:C5:EC:60:84:92:42:5F:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0As3tvS0RWReaZOpxexghJJCXw4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/XdeDdD5P1lFusk2KtpSX3uX0Kao.roa
Signing time:             Fri 29 Nov 2024 09:11:09 +0000
ROA not before:           Fri 29 Nov 2024 09:11:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42473
IP address blocks:        152.53.0.0/16 maxlen: 24
                          152.53.9.0/24 maxlen: 24
                          152.53.24.0/24 maxlen: 24
                          152.53.30.0/24 maxlen: 24
                          152.53.36.0/22 maxlen: 24
                          152.53.48.0/22 maxlen: 22
                          152.53.59.0/24 maxlen: 24
                          152.53.62.0/24 maxlen: 24
                          152.53.64.0/22 maxlen: 24
                          152.53.69.0/24 maxlen: 24
                          152.53.75.0/24 maxlen: 24
                          152.53.78.0/24 maxlen: 24
                          152.53.80.0/22 maxlen: 22
                          152.53.84.0/22 maxlen: 22
                          152.53.100.0/22 maxlen: 22
                          152.53.104.0/22 maxlen: 22
                          152.53.108.0/22 maxlen: 22
                          152.53.112.0/22 maxlen: 22
                          152.53.116.0/22 maxlen: 22
                          152.53.128.0/20 maxlen: 22
Validation:               Failed, certificate revoked on Fri 29 Nov 2024 16:22:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:77:30:3b:d8:16:fd:03:78:1b:1d:8b:61:6e:cf:a9:12
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d00b37b6f4b445645e6993a9c5ec608492425f0e
        Validity
            Not Before: Nov 29 09:11:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=5dd783743e4fd6516eb24d8ab69497dee5f429aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:8d:53:48:54:c8:91:8f:ab:e0:07:93:77:ea:
                    ef:2b:62:14:df:75:e2:9b:06:b4:18:64:73:1f:a6:
                    55:11:d9:4e:1e:bd:5a:3f:ba:d5:e4:66:26:b6:3f:
                    3f:f6:52:8e:a3:ed:6a:e6:cf:64:82:a6:77:d4:22:
                    54:4b:b5:97:ca:64:ea:a1:74:83:80:18:df:64:a2:
                    e6:a2:5e:3c:cd:09:00:fe:6c:20:ef:c9:51:44:b4:
                    ce:05:9d:eb:5e:4e:bd:3a:f3:7a:1c:2c:75:13:a0:
                    ff:f5:86:e9:0c:c7:9e:e4:ae:04:a0:2a:c8:a7:ef:
                    6b:19:76:78:71:a4:c3:a9:67:30:7c:41:c9:20:03:
                    d7:d3:f2:63:c5:8f:23:60:4c:4f:82:25:59:ba:c0:
                    cf:b9:cc:24:88:ce:62:72:fd:01:b5:0c:de:fa:d7:
                    cc:25:c3:e9:ab:9a:16:6d:03:c3:23:48:14:39:53:
                    9b:8a:36:79:95:03:bf:53:49:80:15:9c:22:a4:51:
                    e1:53:74:8c:46:25:8b:0c:f4:a3:67:11:24:95:18:
                    92:04:4a:f7:62:76:cc:d1:5e:1d:25:97:5a:30:bd:
                    25:da:54:f4:77:e2:e1:13:54:d7:95:20:60:8d:b0:
                    ae:e0:18:cc:a0:b0:67:a7:fd:b5:a5:6f:a4:f9:58:
                    35:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:D7:83:74:3E:4F:D6:51:6E:B2:4D:8A:B6:94:97:DE:E5:F4:29:AA
            X509v3 Authority Key Identifier:
                keyid:D0:0B:37:B6:F4:B4:45:64:5E:69:93:A9:C5:EC:60:84:92:42:5F:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0As3tvS0RWReaZOpxexghJJCXw4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/XdeDdD5P1lFusk2KtpSX3uX0Kao.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/0As3tvS0RWReaZOpxexghJJCXw4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.53.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         af:8f:7b:48:5c:3f:b3:db:88:73:b3:ea:d4:3b:f0:0b:ea:15:
         08:80:d8:53:43:bc:82:fe:7c:12:33:85:02:11:d1:32:51:af:
         e6:7d:7e:ed:6d:a2:81:75:59:63:3d:13:9f:fd:04:4a:3d:30:
         0e:f0:f1:60:42:33:9d:81:9c:73:35:0a:4f:ff:66:75:e7:67:
         ed:53:cb:a4:a0:d6:37:46:c2:61:b9:58:a8:17:8d:dc:2e:1b:
         4c:5e:7a:51:13:83:78:c8:5b:d7:d6:24:f5:2a:31:85:40:36:
         23:de:ce:82:97:3b:00:30:19:79:6d:f7:af:cc:c1:6d:1a:e4:
         72:a4:92:f2:ba:02:e0:05:b5:b4:ca:a6:de:9a:a6:9f:2b:73:
         03:92:a7:af:cf:48:d6:fe:df:10:48:16:c7:01:0c:3c:6d:eb:
         35:3d:3d:ce:35:99:83:a4:f1:e9:e9:89:98:fb:a7:2e:d1:33:
         cb:23:6b:47:a2:e0:a6:9f:5e:88:66:e2:e0:9e:bc:d1:39:96:
         a6:c7:67:55:e9:bc:1e:42:04:a6:88:d0:bf:8b:a9:7f:25:33:
         62:b2:29:e0:3c:fb:4b:3c:20:9e:fa:11:81:4e:9c:0b:66:e0:
         a5:68:4e:45:29:04:bc:bc:84:f0:38:01:56:5e:80:5c:58:eb:
         45:76:c2:fb
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZN3MDvYFv0DeBsdi2Fuz6kSMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwMGIzN2I2ZjRiNDQ1NjQ1ZTY5OTNhOWM1ZWM2MDg0OTI0
MjVmMGUwHhcNMjQxMTI5MDkxMTA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg1ZGQ3ODM3NDNlNGZkNjUxNmViMjRkOGFiNjk0OTdkZWU1ZjQyOWFhMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlo1TSFTIkY+r4AeTd+rvK2IU33Xi
mwa0GGRzH6ZVEdlOHr1aP7rV5GYmtj8/9lKOo+1q5s9kgqZ31CJUS7WXymTqoXSD
gBjfZKLmol48zQkA/mwg78lRRLTOBZ3rXk69OvN6HCx1E6D/9YbpDMee5K4EoCrI
p+9rGXZ4caTDqWcwfEHJIAPX0/JjxY8jYExPgiVZusDPucwkiM5icv0BtQze+tfM
JcPpq5oWbQPDI0gUOVObijZ5lQO/U0mAFZwipFHhU3SMRiWLDPSjZxEklRiSBEr3
YnbM0V4dJZdaML0l2lT0d+LhE1TXlSBgjbCu4BjMoLBnp/21pW+k+Vg1gQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFF3Xg3Q+T9ZRbrJNiraUl97l9CmqMB8GA1UdIwQY
MBaAFNALN7b0tEVkXmmTqcXsYISSQl8OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEFzM3R2UzBSV1JlYVpPcHhleGdoSkpDWHc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC83MzBmYzUtNzMwMS00YTYwLTg2ZDEt
N2RiNjg2OGQ4NDc0LzEvWGRlRGRENVAxbEZ1c2syS3RwU1gzdVgwS2FvLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC83MzBmYzUtNzMwMS00YTYwLTg2ZDEtN2RiNjg2OGQ4NDc0
LzEvMEFzM3R2UzBSV1JlYVpPcHhleGdoSkpDWHc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAmDUwDQYJ
KoZIhvcNAQELBQADggEBAK+Pe0hcP7PbiHOz6tQ78AvqFQiA2FNDvIL+fBIzhQIR
0TJRr+Z9fu1tooF1WWM9E5/9BEo9MA7w8WBCM52BnHM1Ck//ZnXnZ+1Ty6Sg1jdG
wmG5WKgXjdwuG0xeelETg3jIW9fWJPUqMYVANiPezoKXOwAwGXlt96/MwW0a5HKk
kvK6AuAFtbTKpt6app8rcwOSp6/PSNb+3xBIFscBDDxt6zU9Pc41mYOk8enpiZj7
py7RM8sja0ei4KafXohm4uCevNE5lqbHZ1XpvB5CBKaI0L+LqX8lM2KyKeA8+0s8
IJ76EYFOnAtm4KVoTkUpBLy8hPA4AVZegFxY60V2wvs=
-----END CERTIFICATE-----