Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/yf2nGBR8d7QWWaWcIqD22NJQueU.roa
File:                     yf2nGBR8d7QWWaWcIqD22NJQueU.roa (raw, json)
Hash identifier:          LSCckGW5R6LfgjBzmtGYkWjp/ij1XB2SbESWWSPFH1U=
Subject key identifier:   C9:FD:A7:18:14:7C:77:B4:16:59:A5:9C:22:A0:F6:D8:D2:50:B9:E5
Certificate issuer:       /CN=d00b37b6f4b445645e6993a9c5ec608492425f0e
Certificate serial:       0195A852BF6E3077EAB890B2D6C203229ECB
Authority key identifier: D0:0B:37:B6:F4:B4:45:64:5E:69:93:A9:C5:EC:60:84:92:42:5F:0E
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/0As3tvS0RWReaZOpxexghJJCXw4.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/yf2nGBR8d7QWWaWcIqD22NJQueU.roa
Signing time:             Tue 18 Mar 2025 08:15:49 +0000
ROA not before:           Tue 18 Mar 2025 08:15:49 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     197540
IP address blocks:        152.53.0.0/16 maxlen: 24
                          152.53.5.0/24 maxlen: 24
                          152.53.7.0/24 maxlen: 24
                          152.53.12.0/22 maxlen: 24
                          152.53.16.0/22 maxlen: 24
                          152.53.20.0/22 maxlen: 24
                          152.53.32.0/22 maxlen: 24
                          152.53.44.0/22 maxlen: 24
                          152.53.48.0/22 maxlen: 22
                          152.53.64.0/22 maxlen: 24
                          152.53.84.0/22 maxlen: 22
                          152.53.92.0/22 maxlen: 22
                          152.53.100.0/22 maxlen: 22
                          152.53.104.0/22 maxlen: 22
                          152.53.108.0/22 maxlen: 22
                          152.53.112.0/22 maxlen: 22
                          152.53.116.0/22 maxlen: 22
                          152.53.124.0/22 maxlen: 22
                          152.53.128.0/20 maxlen: 22
                          152.53.224.0/22 maxlen: 22
                          152.53.228.0/22 maxlen: 22
                          152.53.236.0/22 maxlen: 22
                          152.53.244.0/22 maxlen: 22
                          152.53.248.0/22 maxlen: 22
Validation:               Failed, certificate revoked on Tue 08 Apr 2025 09:32:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:95:a8:52:bf:6e:30:77:ea:b8:90:b2:d6:c2:03:22:9e:cb
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=d00b37b6f4b445645e6993a9c5ec608492425f0e
        Validity
            Not Before: Mar 18 08:15:49 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=c9fda718147c77b41659a59c22a0f6d8d250b9e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:47:3d:b0:cc:2e:55:bb:a0:0a:1e:6b:86:60:
                    61:b3:ea:c8:c2:a2:b6:2d:9c:6e:fb:64:37:cc:f2:
                    30:d0:19:b0:bb:c3:20:e5:32:ac:41:7c:c9:31:fe:
                    b8:c4:a9:ad:79:e6:2f:24:72:ff:f0:ab:93:98:8a:
                    14:d8:70:4b:3a:1e:0e:a0:55:71:25:15:b4:90:44:
                    6e:a3:c5:9d:4e:07:93:f1:cf:ad:24:0a:41:45:4d:
                    c9:a0:db:9d:40:94:87:ef:39:24:3b:47:a0:3f:a2:
                    d7:28:9d:a6:da:c8:e4:88:4b:70:a3:e0:39:1b:37:
                    56:1e:d7:ca:46:db:11:b5:6e:29:73:77:97:b5:42:
                    f0:c7:e7:7d:cd:86:1e:79:63:26:13:52:4b:16:54:
                    48:b6:2d:c9:8c:d8:a0:0c:24:29:3e:07:13:16:89:
                    cd:3f:82:03:34:1a:52:16:bc:ba:2d:b7:29:4e:ff:
                    de:d2:5e:3e:36:7a:41:8b:04:e2:89:2f:4b:f1:7e:
                    da:89:5d:b0:34:ae:1e:64:50:8d:73:1c:60:bb:d0:
                    a0:82:d2:12:cd:53:32:1e:4f:a4:34:58:3f:66:31:
                    b8:60:55:b6:4a:f9:c5:67:09:af:cf:2e:71:89:2c:
                    9d:c6:f6:32:52:a0:ac:b5:59:6a:dc:38:92:0a:94:
                    fb:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:FD:A7:18:14:7C:77:B4:16:59:A5:9C:22:A0:F6:D8:D2:50:B9:E5
            X509v3 Authority Key Identifier:
                keyid:D0:0B:37:B6:F4:B4:45:64:5E:69:93:A9:C5:EC:60:84:92:42:5F:0E

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/0As3tvS0RWReaZOpxexghJJCXw4.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/yf2nGBR8d7QWWaWcIqD22NJQueU.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/80/730fc5-7301-4a60-86d1-7db6868d8474/1/0As3tvS0RWReaZOpxexghJJCXw4.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.53.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         5a:70:04:69:f7:ee:d3:94:14:97:ee:e0:88:83:92:4f:86:92:
         d4:a5:ff:04:b4:c9:1e:24:87:ab:88:a0:af:f6:04:67:d4:9d:
         62:d7:de:2f:aa:79:d5:a5:b9:cd:5a:f9:b1:c5:2a:6c:85:d2:
         2f:ed:b6:9c:5b:73:e9:14:89:59:11:ff:39:b5:22:2d:dd:08:
         75:fc:af:7c:4e:ce:43:55:e6:31:ff:8c:b5:d7:70:1b:33:41:
         77:b8:9e:2c:e7:2b:bb:7b:0e:7b:1f:08:13:c0:49:18:8d:11:
         a6:14:cd:78:d4:77:6d:25:56:56:4c:c7:0d:6f:dd:2c:7a:c3:
         41:9c:1c:54:dd:65:e2:1c:d1:de:00:65:51:47:87:84:7e:ec:
         8f:40:7a:4a:8f:9b:19:89:21:8d:3d:1d:90:33:8c:b5:3c:af:
         3c:9c:40:68:e3:73:ab:0b:73:1b:13:47:b2:bd:f3:30:97:99:
         76:85:82:e1:1b:dc:3a:03:ff:3d:f5:4b:d3:93:7a:6d:cb:3b:
         95:9a:70:d0:f2:46:c4:52:8d:19:32:3f:ad:64:12:f5:15:fa:
         9b:70:03:b0:f9:0d:a5:03:19:89:b3:a5:70:89:e6:e2:28:47:
         cd:63:bf:2e:01:9c:ad:4f:3a:7d:b9:08:bc:6e:41:1f:1f:39:
         c4:e9:cf:e6
-----BEGIN CERTIFICATE-----
MIIE/DCCA+SgAwIBAgISAZWoUr9uMHfquJCy1sIDIp7LMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGQwMGIzN2I2ZjRiNDQ1NjQ1ZTY5OTNhOWM1ZWM2MDg0OTI0
MjVmMGUwHhcNMjUwMzE4MDgxNTQ5WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhjOWZkYTcxODE0N2M3N2I0MTY1OWE1OWMyMmEwZjZkOGQyNTBiOWU1MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAu0c9sMwuVbugCh5rhmBhs+rIwqK2
LZxu+2Q3zPIw0Bmwu8Mg5TKsQXzJMf64xKmteeYvJHL/8KuTmIoU2HBLOh4OoFVx
JRW0kERuo8WdTgeT8c+tJApBRU3JoNudQJSH7zkkO0egP6LXKJ2m2sjkiEtwo+A5
GzdWHtfKRtsRtW4pc3eXtULwx+d9zYYeeWMmE1JLFlRIti3JjNigDCQpPgcTFonN
P4IDNBpSFry6LbcpTv/e0l4+NnpBiwTiiS9L8X7aiV2wNK4eZFCNcxxgu9CggtIS
zVMyHk+kNFg/ZjG4YFW2SvnFZwmvzy5xiSydxvYyUqCstVlq3DiSCpT7gQIDAQAB
o4ICCDCCAgQwHQYDVR0OBBYEFMn9pxgUfHe0FlmlnCKg9tjSULnlMB8GA1UdIwQY
MBaAFNALN7b0tEVkXmmTqcXsYISSQl8OMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvMEFzM3R2UzBSV1JlYVpPcHhleGdoSkpDWHc0LmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84MC83MzBmYzUtNzMwMS00YTYwLTg2ZDEt
N2RiNjg2OGQ4NDc0LzEveWYybkdCUjhkN1FXV2FXY0lxRDIyTkpRdWVVLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84MC83MzBmYzUtNzMwMS00YTYwLTg2ZDEtN2RiNjg2OGQ4NDc0
LzEvMEFzM3R2UzBSV1JlYVpPcHhleGdoSkpDWHc0LmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB4GCCsGAQUFBwEHAQH/BA8wDTALBAIAATAFAwMAmDUwDQYJ
KoZIhvcNAQELBQADggEBAFpwBGn37tOUFJfu4IiDkk+GktSl/wS0yR4kh6uIoK/2
BGfUnWLX3i+qedWluc1a+bHFKmyF0i/ttpxbc+kUiVkR/zm1Ii3dCHX8r3xOzkNV
5jH/jLXXcBszQXe4niznK7t7DnsfCBPASRiNEaYUzXjUd20lVlZMxw1v3Sx6w0Gc
HFTdZeIc0d4AZVFHh4R+7I9AekqPmxmJIY09HZAzjLU8rzycQGjjc6sLcxsTR7K9
8zCXmXaFguEb3DoD/z31S9OTem3LO5WacNDyRsRSjRkyP61kEvUV+ptwA7D5DaUD
GYmzpXCJ5uIoR81jvy4BnK1POn25CLxuQR8fOcTpz+Y=
-----END CERTIFICATE-----