Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/ZIZPtYmxYzOQI-0NDa2F7PTlY9k.roa
File:                     ZIZPtYmxYzOQI-0NDa2F7PTlY9k.roa (raw, json)
Hash identifier:          4G1O4f88I3/CcyncuPp1IaXYaYDbTzS+Pvd7smmlnaw=
Subject key identifier:   64:86:4F:B5:89:B1:63:33:90:23:ED:0D:0D:AD:85:EC:F4:E5:63:D9
Certificate issuer:       /CN=d00b37b6f4b445645e6993a9c5ec608492425f0e
Certificate serial:       019378BAD3A6C9DC8A7E3929D7CA71096604
Authority key identifier: D0:0B:37:B6:F4:B4:45:64:5E:69:93:A9:C5:EC:60:84:92:42:5F:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0As3tvS0RWReaZOpxexghJJCXw4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/ZIZPtYmxYzOQI-0NDa2F7PTlY9k.roa
Signing time:             Fri 29 Nov 2024 16:22:09 +0000
ROA not before:           Fri 29 Nov 2024 16:22:09 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     42473
IP address blocks:        152.53.0.0/16 maxlen: 24
                          152.53.9.0/24 maxlen: 24
                          152.53.24.0/24 maxlen: 24
                          152.53.30.0/24 maxlen: 24
                          152.53.36.0/22 maxlen: 24
                          152.53.48.0/22 maxlen: 22
                          152.53.59.0/24 maxlen: 24
                          152.53.62.0/24 maxlen: 24
                          152.53.64.0/22 maxlen: 24
                          152.53.69.0/24 maxlen: 24
                          152.53.75.0/24 maxlen: 24
                          152.53.78.0/24 maxlen: 24
                          152.53.80.0/22 maxlen: 22
                          152.53.84.0/22 maxlen: 22
                          152.53.88.0/22 maxlen: 22
                          152.53.100.0/22 maxlen: 22
                          152.53.104.0/22 maxlen: 22
                          152.53.108.0/22 maxlen: 22
                          152.53.112.0/22 maxlen: 22
                          152.53.116.0/22 maxlen: 22
                          152.53.128.0/20 maxlen: 22
Validation:               Failed, certificate revoked on Tue 03 Dec 2024 07:31:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:93:78:ba:d3:a6:c9:dc:8a:7e:39:29:d7:ca:71:09:66:04
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d00b37b6f4b445645e6993a9c5ec608492425f0e
        Validity
            Not Before: Nov 29 16:22:09 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=64864fb589b163339023ed0d0dad85ecf4e563d9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:64:88:9e:0c:d0:f3:60:2c:63:8c:43:4f:bd:
                    cc:c8:7b:46:fd:ca:53:6e:d2:ad:74:af:67:83:30:
                    c0:de:e5:bf:e4:09:17:0c:9b:7b:1a:fb:d8:cf:2e:
                    08:0f:88:03:18:6d:ea:bd:00:bb:3b:80:b0:9d:88:
                    ed:97:46:8f:6a:72:b2:ca:d7:70:1d:33:e3:fe:2c:
                    32:ae:30:a7:d5:15:c9:be:4f:87:95:9a:65:9c:fb:
                    d3:ce:f5:6b:a4:5a:b6:06:01:9b:36:60:e1:50:99:
                    5d:4c:a2:48:71:0a:29:2f:c1:90:58:23:a9:a9:70:
                    95:cb:d8:07:a2:66:4c:c8:ab:9b:60:de:66:40:26:
                    d1:21:c1:f4:da:5d:cb:85:48:ab:3e:79:e4:21:3f:
                    b9:0a:0d:8e:58:b1:69:bb:18:86:7a:32:ec:da:93:
                    6d:e6:0d:97:d7:a1:1a:dd:84:d6:6e:ba:e3:e1:6b:
                    31:d1:de:ad:34:03:c7:7c:dc:fb:11:8e:43:e9:b3:
                    20:7e:61:07:a9:67:76:3f:7f:e9:d5:9e:9e:a3:53:
                    db:2f:90:cf:b1:c0:b4:3f:24:58:62:f8:43:de:49:
                    bb:fc:df:64:d7:a9:87:8a:34:1f:32:9f:b2:88:91:
                    3c:6b:c2:23:b6:98:c7:7a:11:de:0e:21:d4:96:ec:
                    89:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:86:4F:B5:89:B1:63:33:90:23:ED:0D:0D:AD:85:EC:F4:E5:63:D9
            X509v3 Authority Key Identifier:
                keyid:D0:0B:37:B6:F4:B4:45:64:5E:69:93:A9:C5:EC:60:84:92:42:5F:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0As3tvS0RWReaZOpxexghJJCXw4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/ZIZPtYmxYzOQI-0NDa2F7PTlY9k.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/0As3tvS0RWReaZOpxexghJJCXw4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.53.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         56:9a:63:ed:b2:65:9f:53:2b:12:f5:a1:17:01:cc:15:ab:ad:
         bc:4f:91:27:67:bf:09:dd:52:b6:fc:84:7d:8b:9d:d9:a7:9d:
         1c:b6:11:b9:b2:f2:3e:51:93:d8:d7:e0:67:fd:2a:c5:64:cf:
         23:36:0b:0d:97:c8:bf:cb:bd:e3:cf:c4:c5:50:88:8c:63:90:
         25:a9:58:44:4e:1a:3c:4f:93:a8:db:96:7b:c3:fa:86:fe:55:
         09:ef:98:df:7e:00:99:de:04:48:ae:80:eb:37:b0:a0:75:a4:
         cd:7f:ae:d7:77:41:a3:32:c2:42:5f:46:a6:b8:a4:ea:e0:fd:
         24:7b:ca:a1:49:fc:e5:f5:15:7c:fa:66:26:9b:38:a9:55:f0:
         5d:34:21:9c:25:85:b9:c6:ec:77:52:a1:32:98:0e:fc:d5:1a:
         99:e6:e0:01:f9:69:01:0b:e7:fa:29:f8:fd:ed:7e:ad:3d:8f:
         a6:27:45:ca:87:0c:12:7c:5b:61:92:98:48:7e:1e:3b:a3:ad:
         d8:26:c3:6f:75:f4:56:d9:a8:eb:46:cc:2e:ac:6f:0f:db:91:
         02:56:55:4f:2a:39:94:a4:b3:9b:6c:bc:fc:dc:7b:32:da:2d:
         2f:d7:52:a0:36:42:d6:ab:70:84:9a:aa:8a:f3:4f:1d:2d:40:
         9c:2c:d9:9c
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZN4utOmydyKfjkp18pxCWYEMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwMGIzN2I2ZjRiNDQ1NjQ1ZTY5OTNhOWM1ZWM2MDg0OTI0
MjVmMGUwHhcNMjQxMTI5MTYyMjA5WhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2NDg2NGZiNTg5YjE2MzMzOTAyM2VkMGQwZGFkODVlY2Y0ZTU2M2Q5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAs2SIngzQ82AsY4xDT73MyHtG/cpT
btKtdK9ngzDA3uW/5AkXDJt7GvvYzy4ID4gDGG3qvQC7O4CwnYjtl0aPanKyytdw
HTPj/iwyrjCn1RXJvk+HlZplnPvTzvVrpFq2BgGbNmDhUJldTKJIcQopL8GQWCOp
qXCVy9gHomZMyKubYN5mQCbRIcH02l3LhUirPnnkIT+5Cg2OWLFpuxiGejLs2pNt
5g2X16Ea3YTWbrrj4Wsx0d6tNAPHfNz7EY5D6bMgfmEHqWd2P3/p1Z6eo1PbL5DP
scC0PyRYYvhD3km7/N9k16mHijQfMp+yiJE8a8IjtpjHehHeDiHUluyJawIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFGSGT7WJsWMzkCPtDQ2thez05WPZMB8GA1UdIwQY
MBaAFNALN7b0tEVkXmmTqcXsYISSQl8OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEFzM3R2UzBSV1JlYVpPcHhleGdoSkpDWHc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC83MzBmYzUtNzMwMS00YTYwLTg2ZDEt
N2RiNjg2OGQ4NDc0LzEvWklaUHRZbXhZek9RSS0wTkRhMkY3UFRsWTlrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC83MzBmYzUtNzMwMS00YTYwLTg2ZDEtN2RiNjg2OGQ4NDc0
LzEvMEFzM3R2UzBSV1JlYVpPcHhleGdoSkpDWHc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAmDUwDQYJ
KoZIhvcNAQELBQADggEBAFaaY+2yZZ9TKxL1oRcBzBWrrbxPkSdnvwndUrb8hH2L
ndmnnRy2Ebmy8j5Rk9jX4Gf9KsVkzyM2Cw2XyL/LvePPxMVQiIxjkCWpWEROGjxP
k6jblnvD+ob+VQnvmN9+AJneBEiugOs3sKB1pM1/rtd3QaMywkJfRqa4pOrg/SR7
yqFJ/OX1FXz6ZiabOKlV8F00IZwlhbnG7HdSoTKYDvzVGpnm4AH5aQEL5/op+P3t
fq09j6YnRcqHDBJ8W2GSmEh+Hjujrdgmw2919FbZqOtGzC6sbw/bkQJWVU8qOZSk
s5tsvPzcezLaLS/XUqA2QtarcISaqorzTx0tQJws2Zw=
-----END CERTIFICATE-----