Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/ICK_OT4dfoEQU9I8Q7Driy675Gc.roa
File:                     ICK_OT4dfoEQU9I8Q7Driy675Gc.roa (raw, json)
Hash identifier:          ioyNpJnt0eXahfvWuKk71NrWGRdW2XTvmxRJFxaqrMA=
Subject key identifier:   20:22:BF:39:3E:1D:7E:81:10:53:D2:3C:43:B0:EB:8B:2E:BB:E4:67
Certificate issuer:       /CN=c66266f466fb2498a39459b3352da25151a5a4c0
Certificate serial:       019749B0E17100837D800B239D8DACD4E55A
Authority key identifier: C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/ICK_OT4dfoEQU9I8Q7Driy675Gc.roa
Signing time:             Sat 07 Jun 2025 09:20:18 +0000
ROA not before:           Sat 07 Jun 2025 09:20:18 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     57043
IP address blocks:        37.202.203.0/24 maxlen: 24
                          151.240.1.0/24 maxlen: 24
                          151.240.9.0/24 maxlen: 24
                          151.240.10.0/24 maxlen: 24
                          151.240.77.0/24 maxlen: 24
                          151.241.18.0/24 maxlen: 24
                          151.242.202.0/23 maxlen: 23
                          151.243.206.0/23 maxlen: 23
                          151.243.217.0/24 maxlen: 24
                          151.244.88.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Mon 09 Jun 2025 04:08:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:97:49:b0:e1:71:00:83:7d:80:0b:23:9d:8d:ac:d4:e5:5a
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=c66266f466fb2498a39459b3352da25151a5a4c0
        Validity
            Not Before: Jun  7 09:20:18 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=2022bf393e1d7e811053d23c43b0eb8b2ebbe467
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:8b:b9:36:69:20:08:ba:89:28:9b:e6:c1:d6:
                    64:c8:d2:3c:e4:dd:5c:5f:43:da:d6:dd:fe:fc:52:
                    4c:cb:dc:fd:e3:f5:2e:eb:34:2d:63:0f:2a:be:34:
                    96:23:ba:ae:e3:f6:b0:12:be:6c:c4:88:a6:07:f0:
                    95:bd:41:fe:9c:39:83:6e:fc:6f:8f:ab:b8:5a:55:
                    63:ec:01:e7:bb:8d:87:28:56:2c:9f:10:a4:f2:d6:
                    44:d6:0c:93:31:16:c0:bb:aa:6d:4e:d7:9d:47:a1:
                    35:e0:f8:f9:d9:83:43:bb:f7:9c:8d:00:3f:79:97:
                    ec:86:44:b0:79:89:84:b3:eb:b6:15:69:4a:e4:3d:
                    1a:4d:0d:ec:a5:35:be:cd:0a:22:75:4b:91:b0:3c:
                    90:23:89:00:59:f4:99:ad:79:7e:60:d7:47:a8:69:
                    1c:b4:56:81:de:46:b9:72:8e:e1:0a:8e:1d:f0:cb:
                    6f:84:3d:81:a0:06:9f:ba:70:f3:f2:27:8a:e2:73:
                    95:d2:00:2f:db:20:c8:2f:e5:59:4c:01:89:bd:b5:
                    9d:47:50:98:30:ca:f5:39:8e:8d:c4:d6:32:74:37:
                    85:69:ea:ea:80:b4:8f:de:3d:48:0e:02:f0:fe:0a:
                    fc:a0:a0:58:18:0d:fe:db:2d:d8:2f:a7:d0:19:9c:
                    22:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                20:22:BF:39:3E:1D:7E:81:10:53:D2:3C:43:B0:EB:8B:2E:BB:E4:67
            X509v3 Authority Key Identifier:
                keyid:C6:62:66:F4:66:FB:24:98:A3:94:59:B3:35:2D:A2:51:51:A5:A4:C0

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/xmJm9Gb7JJijlFmzNS2iUVGlpMA.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/ICK_OT4dfoEQU9I8Q7Driy675Gc.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/8e/f43b1d-9e50-4551-ae6a-17b9de141252/1/xmJm9Gb7JJijlFmzNS2iUVGlpMA.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.202.203.0/24
                  151.240.1.0/24
                  151.240.9.0-151.240.10.255
                  151.240.77.0/24
                  151.241.18.0/24
                  151.242.202.0/23
                  151.243.206.0/23
                  151.243.217.0/24
                  151.244.88.0/24

    Signature Algorithm: sha256WithRSAEncryption
         94:2a:89:6e:8f:87:74:00:05:6a:c2:4e:98:1c:c0:3f:5e:3a:
         56:d2:d8:69:f2:41:f1:73:e5:99:66:ec:85:ac:25:cd:0b:fa:
         8f:dd:07:fe:0f:3a:b5:99:7d:3a:9c:6e:bf:45:69:b3:5d:3a:
         b1:d1:90:13:f0:b2:a0:81:4f:e7:ab:68:dc:8d:6c:1b:1f:ca:
         80:eb:bd:dc:9a:51:f2:fb:7a:17:df:a7:17:c2:a9:60:f1:c3:
         88:db:a4:66:29:f8:c1:01:4f:af:cb:69:60:20:74:0e:94:f9:
         80:ae:de:f1:37:0c:c5:e9:32:a2:55:1a:f5:b5:a1:62:63:48:
         56:1c:2f:e0:d1:a0:c7:5b:c1:b4:58:0d:ae:0c:7e:93:c3:45:
         1b:b6:5d:34:fd:cb:8d:2c:85:19:24:23:8d:01:74:f3:4d:64:
         82:b1:43:fa:bd:ce:43:5c:aa:53:a8:83:a4:52:78:ce:47:7f:
         89:22:c0:17:dd:fa:34:8e:9c:2a:ef:eb:44:25:fa:67:02:2c:
         00:f5:40:92:61:47:c2:9d:97:3a:cd:8e:e1:27:24:80:16:04:
         7a:8b:40:b4:78:94:07:0b:6e:46:50:ae:1f:93:c0:12:8f:dc:
         55:86:12:2c:85:2c:a1:d3:56:be:09:ea:2b:82:31:d2:07:af:
         a0:f4:15:bf
-----BEGIN CERTIFICATE-----
MIIFNTCCBB2gAwIBAgISAZdJsOFxAIN9gAsjnY2s1OVaMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGM2NjI2NmY0NjZmYjI0OThhMzk0NTliMzM1MmRhMjUxNTFh
NWE0YzAwHhcNMjUwNjA3MDkyMDE4WhcNMjYwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EygyMDIyYmYzOTNlMWQ3ZTgxMTA1M2QyM2M0M2IwZWI4YjJlYmJlNDY3MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAuYu5NmkgCLqJKJvmwdZkyNI85N1c
X0Pa1t3+/FJMy9z94/Uu6zQtYw8qvjSWI7qu4/awEr5sxIimB/CVvUH+nDmDbvxv
j6u4WlVj7AHnu42HKFYsnxCk8tZE1gyTMRbAu6ptTtedR6E14Pj52YNDu/ecjQA/
eZfshkSweYmEs+u2FWlK5D0aTQ3spTW+zQoidUuRsDyQI4kAWfSZrXl+YNdHqGkc
tFaB3ka5co7hCo4d8MtvhD2BoAafunDz8ieK4nOV0gAv2yDIL+VZTAGJvbWdR1CY
MMr1OY6NxNYydDeFaerqgLSP3j1IDgLw/gr8oKBYGA3+2y3YL6fQGZwi0QIDAQAB
o4ICQTCCAj0wHQYDVR0OBBYEFCAivzk+HX6BEFPSPEOw64suu+RnMB8GA1UdIwQY
MBaAFMZiZvRm+ySYo5RZszUtolFRpaTAMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEt
MTdiOWRlMTQxMjUyLzEvSUNLX09UNGRmb0VRVTlJOFE3RHJpeTY3NUdjLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC84ZS9mNDNiMWQtOWU1MC00NTUxLWFlNmEtMTdiOWRlMTQxMjUy
LzEveG1KbTlHYjdKSmlqbEZtek5TMmlVVkdscE1BLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMFcGCCsGAQUFBwEHAQH/BEgwRjBEBAIAATA+AwQAJcrLAwQA
l/ABMAwDBACX8AkDBACX8AoDBACX8E0DBACX8RIDBAGX8soDBAGX884DBACX89kD
BACX9FgwDQYJKoZIhvcNAQELBQADggEBAJQqiW6Ph3QABWrCTpgcwD9eOlbS2Gny
QfFz5Zlm7IWsJc0L+o/dB/4POrWZfTqcbr9FabNdOrHRkBPwsqCBT+eraNyNbBsf
yoDrvdyaUfL7ehffpxfCqWDxw4jbpGYp+MEBT6/LaWAgdA6U+YCu3vE3DMXpMqJV
GvW1oWJjSFYcL+DRoMdbwbRYDa4MfpPDRRu2XTT9y40shRkkI40BdPNNZIKxQ/q9
zkNcqlOog6RSeM5Hf4kiwBfd+jSOnCrv60Ql+mcCLAD1QJJhR8KdlzrNjuEnJIAW
BHqLQLR4lAcLbkZQrh+TwBKP3FWGEiyFLKHTVr4J6iuCMdIHr6D0Fb8=
-----END CERTIFICATE-----