Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/kv_TvSoKHy7uVamacnisHW8WwqE.roa
File:                     kv_TvSoKHy7uVamacnisHW8WwqE.roa (raw, json)
Hash identifier:          NYPE7eqt1TFrmFMD/jx6ciL0gqp1o3t+CMafkM8fznc=
Subject key identifier:   92:FF:D3:BD:2A:0A:1F:2E:EE:55:A9:9A:72:78:AC:1D:6F:16:C2:A1
Certificate issuer:       /CN=d00b37b6f4b445645e6993a9c5ec608492425f0e
Certificate serial:       0194DFD091CB1866F02F8A7C835194FED4AA
Authority key identifier: D0:0B:37:B6:F4:B4:45:64:5E:69:93:A9:C5:EC:60:84:92:42:5F:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0As3tvS0RWReaZOpxexghJJCXw4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/kv_TvSoKHy7uVamacnisHW8WwqE.roa
Signing time:             Fri 07 Feb 2025 09:49:35 +0000
ROA not before:           Fri 07 Feb 2025 09:49:35 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197540
IP address blocks:        152.53.0.0/16 maxlen: 24
                          152.53.5.0/24 maxlen: 24
                          152.53.7.0/24 maxlen: 24
                          152.53.12.0/22 maxlen: 24
                          152.53.16.0/22 maxlen: 24
                          152.53.20.0/22 maxlen: 24
                          152.53.32.0/22 maxlen: 24
                          152.53.44.0/22 maxlen: 24
                          152.53.48.0/22 maxlen: 22
                          152.53.64.0/22 maxlen: 24
                          152.53.84.0/22 maxlen: 22
                          152.53.92.0/22 maxlen: 22
                          152.53.100.0/22 maxlen: 22
                          152.53.104.0/22 maxlen: 22
                          152.53.108.0/22 maxlen: 22
                          152.53.112.0/22 maxlen: 22
                          152.53.116.0/22 maxlen: 22
                          152.53.124.0/22 maxlen: 22
                          152.53.128.0/20 maxlen: 22
Validation:               Failed, certificate revoked on Tue 18 Feb 2025 10:27:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:94:df:d0:91:cb:18:66:f0:2f:8a:7c:83:51:94:fe:d4:aa
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d00b37b6f4b445645e6993a9c5ec608492425f0e
        Validity
            Not Before: Feb  7 09:49:35 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=92ffd3bd2a0a1f2eee55a99a7278ac1d6f16c2a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:1f:89:4b:de:91:5d:a8:55:e1:06:91:1e:28:
                    c3:1c:96:53:91:56:24:2c:2e:b0:4c:f2:c1:99:6b:
                    c2:09:c5:84:b0:a9:0a:72:94:9f:4a:ce:32:0b:c3:
                    72:99:8a:e4:34:d8:c7:f0:2d:5c:c8:49:79:96:b9:
                    fd:ae:eb:4b:02:34:fb:bf:10:42:5c:b7:65:ab:5c:
                    8d:cd:52:19:b4:19:0a:d5:2f:d7:fc:4f:ef:09:ad:
                    56:0a:4f:a2:f5:31:7d:b0:04:76:a9:ee:a8:7a:88:
                    7d:52:05:04:e9:c8:fa:a2:61:17:cd:bb:7e:01:04:
                    65:02:c7:8f:93:5e:db:fb:61:59:68:66:64:c8:5c:
                    ef:8c:c8:7d:f7:76:1b:81:1b:43:a2:fc:cf:1a:59:
                    a4:96:ac:5f:7d:36:fe:e9:53:fc:39:44:1a:db:74:
                    34:9b:7c:b1:c4:77:3b:cc:4b:f7:76:ec:ce:69:d6:
                    9d:37:ba:a2:f9:76:aa:06:00:e2:4f:0f:d4:42:72:
                    10:93:84:4c:2d:1e:96:97:e0:53:a0:2e:d7:64:a0:
                    86:3c:05:6d:d0:e3:50:86:39:7b:88:f0:dc:c0:cf:
                    b4:2a:c5:51:76:62:23:49:7a:36:92:52:0f:cb:25:
                    c9:23:a5:fa:b2:0c:02:9e:b4:7c:e7:69:37:a2:30:
                    18:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:FF:D3:BD:2A:0A:1F:2E:EE:55:A9:9A:72:78:AC:1D:6F:16:C2:A1
            X509v3 Authority Key Identifier:
                keyid:D0:0B:37:B6:F4:B4:45:64:5E:69:93:A9:C5:EC:60:84:92:42:5F:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0As3tvS0RWReaZOpxexghJJCXw4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/kv_TvSoKHy7uVamacnisHW8WwqE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/0As3tvS0RWReaZOpxexghJJCXw4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.53.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         46:c8:21:9c:d7:1a:f4:7d:8d:2c:f6:14:16:69:20:89:4e:97:
         23:a3:7a:f2:87:ca:71:dc:a6:41:2c:33:dc:60:80:31:55:76:
         d9:d7:09:58:4d:74:53:27:d3:eb:3d:c9:6f:84:dc:6b:f1:93:
         93:f9:f1:d3:33:52:d2:c1:2b:7a:14:fe:73:ac:49:ae:42:ee:
         be:fa:9b:e1:86:25:b3:d9:4a:08:b3:5d:90:86:7d:c0:89:92:
         3e:7f:2c:9a:d2:cf:bc:e2:97:49:86:b7:59:88:18:60:82:e9:
         2d:fb:9a:f6:83:74:10:e9:42:8f:0c:4a:9e:b7:f5:5b:fd:1e:
         df:cb:7f:dd:c4:58:10:94:c5:0d:ad:14:08:03:cb:1f:aa:50:
         59:26:d6:2d:7c:22:76:c3:a1:aa:82:89:d3:5e:3d:b9:69:8b:
         e3:c5:1d:2b:66:28:3c:0a:7f:82:77:c7:4d:d0:e6:fe:fb:47:
         39:0d:b5:fe:02:d4:1a:62:5d:4f:26:2a:95:24:99:bb:37:96:
         68:d8:10:96:ee:35:fd:bc:81:82:62:85:b8:40:1e:91:92:0c:
         54:8e:24:d8:d1:5f:40:e5:51:2c:5b:e2:50:65:91:4b:b9:c4:
         33:ca:36:e8:d0:17:80:8d:65:5f:ae:99:3f:f5:9b:8b:af:af:
         c0:8d:c7:a2
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZTf0JHLGGbwL4p8g1GU/tSqMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwMGIzN2I2ZjRiNDQ1NjQ1ZTY5OTNhOWM1ZWM2MDg0OTI0
MjVmMGUwHhcNMjUwMjA3MDk0OTM1WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg5MmZmZDNiZDJhMGExZjJlZWU1NWE5OWE3Mjc4YWMxZDZmMTZjMmExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAlh+JS96RXahV4QaRHijDHJZTkVYk
LC6wTPLBmWvCCcWEsKkKcpSfSs4yC8NymYrkNNjH8C1cyEl5lrn9rutLAjT7vxBC
XLdlq1yNzVIZtBkK1S/X/E/vCa1WCk+i9TF9sAR2qe6oeoh9UgUE6cj6omEXzbt+
AQRlAsePk17b+2FZaGZkyFzvjMh993YbgRtDovzPGlmklqxffTb+6VP8OUQa23Q0
m3yxxHc7zEv3duzOadadN7qi+XaqBgDiTw/UQnIQk4RMLR6Wl+BToC7XZKCGPAVt
0ONQhjl7iPDcwM+0KsVRdmIjSXo2klIPyyXJI6X6sgwCnrR852k3ojAYlwIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFJL/070qCh8u7lWpmnJ4rB1vFsKhMB8GA1UdIwQY
MBaAFNALN7b0tEVkXmmTqcXsYISSQl8OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEFzM3R2UzBSV1JlYVpPcHhleGdoSkpDWHc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC83MzBmYzUtNzMwMS00YTYwLTg2ZDEt
N2RiNjg2OGQ4NDc0LzEva3ZfVHZTb0tIeTd1VmFtYWNuaXNIVzhXd3FFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC83MzBmYzUtNzMwMS00YTYwLTg2ZDEtN2RiNjg2OGQ4NDc0
LzEvMEFzM3R2UzBSV1JlYVpPcHhleGdoSkpDWHc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAmDUwDQYJ
KoZIhvcNAQELBQADggEBAEbIIZzXGvR9jSz2FBZpIIlOlyOjevKHynHcpkEsM9xg
gDFVdtnXCVhNdFMn0+s9yW+E3Gvxk5P58dMzUtLBK3oU/nOsSa5C7r76m+GGJbPZ
SgizXZCGfcCJkj5/LJrSz7zil0mGt1mIGGCC6S37mvaDdBDpQo8MSp639Vv9Ht/L
f93EWBCUxQ2tFAgDyx+qUFkm1i18InbDoaqCidNePblpi+PFHStmKDwKf4J3x03Q
5v77RzkNtf4C1BpiXU8mKpUkmbs3lmjYEJbuNf28gYJihbhAHpGSDFSOJNjRX0Dl
USxb4lBlkUu5xDPKNujQF4CNZV+umT/1m4uvr8CNx6I=
-----END CERTIFICATE-----