Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A911636A/B0F33D2A66EE11EDB3B41A5DC4F9AE02/2DC12D804E8211F0A5AF3482C4F9AE02.roa
File:                     2DC12D804E8211F0A5AF3482C4F9AE02.roa (raw, json)
Hash identifier:          A7t7GmBBDDDYs0pyIJHUb1Aak40qzHkB6wk2hdrjD90=
Subject key identifier:   DA:A5:7A:80:43:D6:F1:4B:16:65:66:5A:52:1D:73:9C:61:A0:0B:99
Certificate issuer:       /CN=A911636A/serialNumber=5C9CC1142A907560CD99F06E5DD02DE4E22E9445
Certificate serial:       01FC
Authority key identifier: 5C:9C:C1:14:2A:90:75:60:CD:99:F0:6E:5D:D0:2D:E4:E2:2E:94:45
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XJzBFCqQdWDNmfBuXdAt5OIulEU.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A911636A/B0F33D2A66EE11EDB3B41A5DC4F9AE02/2DC12D804E8211F0A5AF3482C4F9AE02.roa
Signing time:             Sat 21 Jun 2025 11:50:24 +0000
ROA not before:           Sat 21 Jun 2025 11:50:24 +0000
ROA not after:            Tue 30 Dec 2025 00:00:00 +0000
asID:                     150434
IP address blocks:        103.40.156.0/23 maxlen: 24
                          103.145.75.0/24 maxlen: 24
                          2400:c360::/36 maxlen: 36
                          2400:c360:1000::/36 maxlen: 36
                          2400:c360:2000::/36 maxlen: 36
                          2400:c360:3000::/36 maxlen: 36
                          2400:c360:4000::/36 maxlen: 36
                          2400:c360:5000::/36 maxlen: 36
                          2400:c360:6000::/36 maxlen: 36
                          2400:c360:7000::/36 maxlen: 36
                          2400:c360:8000::/36 maxlen: 36
                          2400:c360:9000::/36 maxlen: 36
                          2400:c360:a000::/36 maxlen: 36
                          2400:c360:b000::/36 maxlen: 36
                          2400:c360:c000::/36 maxlen: 36
                          2400:c360:d000::/36 maxlen: 36
                          2400:c360:e000::/36 maxlen: 36
                          2400:c360:f000::/36 maxlen: 36
Validation:               Failed, certificate revoked on Sun 22 Jun 2025 08:42:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 508 (0x1fc)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A911636A, serialNumber=5C9CC1142A907560CD99F06E5DD02DE4E22E9445
        Validity
            Not Before: Jun 21 11:50:24 2025 GMT
            Not After : Dec 30 00:00:00 2025 GMT
        Subject: CN=68569c7f-5533
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:87:23:53:50:25:64:8c:33:4e:a2:4d:cb:7a:
                    df:9f:e1:a3:45:75:90:a6:8b:0d:18:4b:05:7c:4a:
                    7a:cc:04:5d:70:d0:3d:e8:dd:60:2d:e1:e2:8c:51:
                    fb:54:50:19:79:39:43:03:cd:d6:6c:91:43:aa:86:
                    fb:62:9a:04:df:f3:34:9a:97:a2:36:d7:f1:66:ff:
                    00:5d:7f:7c:cc:71:8c:50:56:9c:ba:4a:f6:81:ea:
                    fc:9a:16:42:69:ad:e7:4b:60:25:d5:56:1d:48:fb:
                    b3:3b:77:fe:9f:15:aa:1b:f0:cc:a5:01:8a:a4:f6:
                    c0:cf:d0:66:f6:09:da:5c:c7:58:b1:59:f9:ea:4a:
                    48:b2:18:83:fa:23:61:d8:d7:f8:2d:4b:3e:b3:b1:
                    51:74:52:44:15:c0:69:af:b9:9e:eb:45:07:6e:1a:
                    e0:c3:53:4c:ae:54:fc:4f:94:2f:41:fd:b1:29:01:
                    de:b1:f0:aa:e0:aa:0e:b4:61:7c:26:17:e7:2b:4c:
                    5f:7c:47:1b:b9:4a:26:93:9a:19:46:df:b3:b8:59:
                    cc:2f:a2:c3:bc:f7:6f:ad:9f:51:9c:51:33:46:92:
                    bb:66:a9:28:95:d6:a4:b3:8b:21:dd:75:02:13:b0:
                    c7:ed:c4:0b:66:f6:ec:a1:8d:c2:28:ef:64:34:74:
                    62:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DA:A5:7A:80:43:D6:F1:4B:16:65:66:5A:52:1D:73:9C:61:A0:0B:99
            X509v3 Authority Key Identifier:
                keyid:5C:9C:C1:14:2A:90:75:60:CD:99:F0:6E:5D:D0:2D:E4:E2:2E:94:45

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A911636A/B0F33D2A66EE11EDB3B41A5DC4F9AE02/XJzBFCqQdWDNmfBuXdAt5OIulEU.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XJzBFCqQdWDNmfBuXdAt5OIulEU.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A911636A/B0F33D2A66EE11EDB3B41A5DC4F9AE02/2DC12D804E8211F0A5AF3482C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.40.156.0/23
                  103.145.75.0/24
                IPv6:
                  2400:c360::/32

    Signature Algorithm: sha256WithRSAEncryption
         8d:07:f2:eb:26:aa:0f:da:b5:04:88:2d:ef:3c:68:11:20:03:
         90:03:39:69:d0:b9:7e:ca:25:f6:14:65:76:3b:1c:a9:27:84:
         72:70:e8:49:56:0f:e3:1b:b5:b4:7a:db:6d:3f:e1:63:34:81:
         d0:44:2f:48:8d:c6:2a:1b:1d:5a:6a:bc:48:44:b1:29:23:72:
         35:4d:e9:66:28:2a:c7:4b:af:6c:4c:bf:dd:8a:65:84:31:dc:
         f0:0c:3b:6a:8a:f2:7c:0f:d8:51:e6:68:7c:aa:ed:a9:e7:38:
         37:81:8c:1e:8e:d7:b8:a6:89:a6:8d:ff:37:8d:b8:41:2f:35:
         ca:35:10:1a:41:07:7d:90:98:18:21:4f:19:58:6c:96:21:0d:
         25:de:d7:29:7d:d6:ad:84:1a:6f:1b:33:8e:82:f9:7d:c2:52:
         cc:84:be:57:e7:57:a6:aa:ad:0d:82:ea:48:30:f9:fb:16:a6:
         67:88:d3:07:7a:2e:d6:47:f3:7e:13:3c:3d:74:a3:8b:d3:8a:
         47:cd:88:f1:68:a8:b1:58:01:dd:1e:50:f5:2f:13:fa:63:27:
         a2:65:7e:ec:a1:05:ab:9c:7f:a0:2c:c2:a8:44:66:19:ff:0e:
         85:fc:25:59:ff:56:8a:bc:93:54:43:f4:1d:82:00:6c:37:89:
         0b:c8:bb:1a
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgICAfwwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MTYzNkExMTAvBgNVBAUTKDVDOUNDMTE0MkE5MDc1NjBDRDk5RjA2RTVERDAyREU0
RTIyRTk0NDUwHhcNMjUwNjIxMTE1MDI0WhcNMjUxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODU2OWM3Zi01NTMzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAnocjU1AlZIwzTqJNy3rfn+GjRXWQposNGEsFfEp6zARdcNA96N1gLeHijFH7
VFAZeTlDA83WbJFDqob7YpoE3/M0mpeiNtfxZv8AXX98zHGMUFacukr2ger8mhZC
aa3nS2Al1VYdSPuzO3f+nxWqG/DMpQGKpPbAz9Bm9gnaXMdYsVn56kpIshiD+iNh
2Nf4LUs+s7FRdFJEFcBpr7me60UHbhrgw1NMrlT8T5QvQf2xKQHesfCq4KoOtGF8
JhfnK0xffEcbuUomk5oZRt+zuFnML6LDvPdvrZ9RnFEzRpK7Zqkoldaks4sh3XUC
E7DH7cQLZvbsoY3CKO9kNHRiYwIDAQABo4ICqjCCAqYwHQYDVR0OBBYEFNqleoBD
1vFLFmVmWlIdc5xhoAuZMB8GA1UdIwQYMBaAFFycwRQqkHVgzZnwbl3QLeTiLpRF
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTExNjM2QS9CMEYzM0QyQTY2
RUUxMUVEQjNCNDFBNURDNEY5QUUwMi9YSnpCRkNxUWRXRE5tZkJ1WGRBdDVPSXVs
RVUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1hKekJGQ3FRZFdETm1mQnVYZEF0NU9JdWxFVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MTYzNkEvQjBGMzNEMkE2NkVFMTFFREIzQjQxQTVEQzRGOUFFMDIvMkRDMTJEODA0
RTgyMTFGMEE1QUYzNDgyQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNAYIKwYBBQUHAQcBAf8E
JTAjMBIEAgABMAwDBAFnKJwDBABnkUswDQQCAAIwBwMFACQAw2AwDQYJKoZIhvcN
AQELBQADggEBAI0H8usmqg/atQSILe88aBEgA5ADOWnQuX7KJfYUZXY7HKknhHJw
6ElWD+MbtbR6220/4WM0gdBEL0iNxiobHVpqvEhEsSkjcjVN6WYoKsdLr2xMv92K
ZYQx3PAMO2qK8nwP2FHmaHyq7annODeBjB6O17imiaaN/zeNuEEvNco1EBpBB32Q
mBghTxlYbJYhDSXe1yl91q2EGm8bM46C+X3CUsyEvlfnV6aqrQ2C6kgw+fsWpmeI
0wd6LtZH834TPD10o4vTikfNiPFoqLFYAd0eUPUvE/pjJ6JlfuyhBaucf6AswqhE
Zhn/DoX8JVn/Voq8k1RD9B2CAGw3iQvIuxo=
-----END CERTIFICATE-----