Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A913F721/6442437A53AC11EA9AD54B2FC4F9AE02/9629134AC2C411EBBAC7F36BC4F9AE02.roa
File:                     9629134AC2C411EBBAC7F36BC4F9AE02.roa (raw, json)
Hash identifier:          3yCkGIN8uMlf4OguwSafMbdaQyiaRwigWB9IJTKO7f4=
Subject key identifier:   76:91:8C:82:4D:D7:26:02:72:B3:22:5F:18:37:9E:50:FF:F1:86:6E
Certificate issuer:       /CN=A913F721/serialNumber=1DD717B229936190CEB667C7CE1CA9F9BFB5FAC4
Certificate serial:       0951
Authority key identifier: 1D:D7:17:B2:29:93:61:90:CE:B6:67:C7:CE:1C:A9:F9:BF:B5:FA:C4
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/HdcXsimTYZDOtmfHzhyp-b-1-sQ.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A913F721/6442437A53AC11EA9AD54B2FC4F9AE02/9629134AC2C411EBBAC7F36BC4F9AE02.roa
Signing time:             Thu 04 May 2023 21:58:34 +0000
ROA not before:           Thu 04 May 2023 21:58:34 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     137703
IP address blocks:        103.113.192.0/22 maxlen: 22
                          103.113.192.0/24 maxlen: 24
                          103.113.193.0/24 maxlen: 24
                          103.113.194.0/23 maxlen: 24
                          2404:5e40::/32 maxlen: 32
                          2404:5e40::/48 maxlen: 48
                          2404:5e40:1::/48 maxlen: 48
                          2404:5e40:2::/48 maxlen: 48
                          2404:5e40:3::/48 maxlen: 48
                          2404:5e40:4::/48 maxlen: 48
                          2404:5e40:5::/48 maxlen: 48
                          2404:5e40:6::/48 maxlen: 48
                          2404:5e40:7::/48 maxlen: 48
                          2404:5e40:8::/48 maxlen: 48
                          2404:5e40:9::/48 maxlen: 48

Validation:               Failed, certificate revoked on Fri 05 Jan 2024 23:40:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2385 (0x951)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A913F721/serialNumber=1DD717B229936190CEB667C7CE1CA9F9BFB5FAC4
        Validity
            Not Before: May  4 21:58:34 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=64542a89-9233
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:38:44:79:2b:46:b5:7d:17:a9:75:02:40:a6:
                    c5:b8:e0:2c:96:59:66:be:d7:e7:96:de:67:09:a2:
                    36:d7:49:f6:68:28:9b:c8:cb:e8:6a:a9:3c:89:15:
                    c0:a1:a9:4e:14:27:21:95:67:57:9a:04:a4:6b:2f:
                    5e:af:01:4f:b5:6f:fc:cb:40:69:46:13:25:06:5f:
                    44:cc:5a:10:a9:1f:69:bb:ad:f4:15:ce:18:59:19:
                    c6:bd:88:35:a6:49:ae:6a:51:7c:6d:e0:5c:e1:23:
                    e8:b7:c2:be:ed:5f:bf:d5:3b:44:2e:76:31:78:95:
                    db:5a:fb:32:43:72:76:9d:19:19:03:76:3e:3d:ff:
                    1a:02:f9:9f:a8:2e:4e:51:5e:7e:e4:67:da:af:54:
                    af:7c:91:68:3a:ab:13:55:8e:75:b9:c4:dd:57:3c:
                    a9:78:0a:99:f8:1e:46:48:cf:50:a9:2c:36:68:8e:
                    e6:b7:6f:3d:d4:5a:bc:c0:9e:6e:41:7f:2a:a4:cf:
                    99:5a:52:4e:f1:46:b7:ba:f1:23:92:18:a2:fd:1e:
                    c2:3e:08:30:98:43:ca:00:96:08:c9:cb:f2:16:1f:
                    39:bf:05:d5:39:49:c2:07:46:e6:b4:3e:20:c1:f5:
                    5b:86:dc:9a:c4:8a:4c:08:b3:5a:7d:66:5c:ac:84:
                    ae:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:91:8C:82:4D:D7:26:02:72:B3:22:5F:18:37:9E:50:FF:F1:86:6E
            X509v3 Authority Key Identifier:
                keyid:1D:D7:17:B2:29:93:61:90:CE:B6:67:C7:CE:1C:A9:F9:BF:B5:FA:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A913F721/6442437A53AC11EA9AD54B2FC4F9AE02/HdcXsimTYZDOtmfHzhyp-b-1-sQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/HdcXsimTYZDOtmfHzhyp-b-1-sQ.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A913F721/6442437A53AC11EA9AD54B2FC4F9AE02/9629134AC2C411EBBAC7F36BC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.113.192.0/22
                IPv6:
                  2404:5e40::/32

    Signature Algorithm: sha256WithRSAEncryption
         75:92:a0:87:5a:54:f4:86:eb:e0:91:1f:0a:b8:e3:19:40:81:
         05:10:0e:84:a0:b9:f0:b7:39:08:b2:50:67:3d:a8:35:19:a9:
         13:55:9d:76:a7:21:c9:b0:e3:f4:8c:50:25:98:ad:8d:b9:4f:
         fc:81:9a:bd:cf:d1:ee:6d:03:2c:0a:e0:da:42:77:b4:1d:c8:
         32:4e:66:1c:1d:94:d1:2f:a3:28:f7:85:88:08:e3:cc:eb:05:
         1f:80:08:68:0b:9e:8f:7d:ba:b5:ed:a7:2f:d1:b3:e6:a8:2c:
         b7:07:a5:b4:96:4a:13:80:f0:d4:97:df:a8:c9:32:b0:c3:c3:
         45:86:7f:98:83:5f:ef:ac:81:b7:ea:2e:16:c6:ba:39:10:ce:
         7c:a7:79:8c:7d:69:fc:ab:91:c4:25:4d:ff:e3:bd:fc:ac:a5:
         7a:58:ca:41:b4:59:43:24:34:b3:4c:ac:9b:35:83:fe:bd:6a:
         27:46:27:89:f6:e0:38:6e:8c:ec:a4:16:79:20:7c:fa:43:d1:
         fb:96:7e:b5:35:d3:dc:b2:8e:6c:3d:7f:63:26:6a:8d:bc:dc:
         12:80:f5:fa:fe:79:98:a5:19:82:73:0a:2a:c4:de:4f:86:dc:
         af:f7:33:5e:2a:d9:38:95:8c:46:c9:25:5d:73:95:bd:a6:65:
         5c:fe:49:1f
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICCVEwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
M0Y3MjExMTAvBgNVBAUTKDFERDcxN0IyMjk5MzYxOTBDRUI2NjdDN0NFMUNBOUY5
QkZCNUZBQzQwHhcNMjMwNTA0MjE1ODM0WhcNMjQwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDU0MmE4OS05MjMzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAuDhEeStGtX0XqXUCQKbFuOAslllmvtfnlt5nCaI210n2aCibyMvoaqk8iRXA
oalOFCchlWdXmgSkay9erwFPtW/8y0BpRhMlBl9EzFoQqR9pu630Fc4YWRnGvYg1
pkmualF8beBc4SPot8K+7V+/1TtELnYxeJXbWvsyQ3J2nRkZA3Y+Pf8aAvmfqC5O
UV5+5Gfar1SvfJFoOqsTVY51ucTdVzypeAqZ+B5GSM9QqSw2aI7mt2891Fq8wJ5u
QX8qpM+ZWlJO8Ua3uvEjkhii/R7CPggwmEPKAJYIycvyFh85vwXVOUnCB0bmtD4g
wfVbhtyaxIpMCLNafWZcrISueQIDAQABo4ICpDCCAqAwHQYDVR0OBBYEFHaRjIJN
1yYCcrMiXxg3nlD/8YZuMB8GA1UdIwQYMBaAFB3XF7Ipk2GQzrZnx84cqfm/tfrE
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEzRjcyMS82NDQyNDM3QTUz
QUMxMUVBOUFENTRCMkZDNEY5QUUwMi9IZGNYc2ltVFlaRE90bWZIemh5cC1iLTEt
c1EuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0hkY1hzaW1UWVpET3RtZkh6aHlwLWItMS1zUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
M0Y3MjEvNjQ0MjQzN0E1M0FDMTFFQTlBRDU0QjJGQzRGOUFFMDIvOTYyOTEzNEFD
MkM0MTFFQkJBQzdGMzZCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLgYIKwYBBQUHAQcBAf8E
HzAdMAwEAgABMAYDBAJnccAwDQQCAAIwBwMFACQEXkAwDQYJKoZIhvcNAQELBQAD
ggEBAHWSoIdaVPSG6+CRHwq44xlAgQUQDoSgufC3OQiyUGc9qDUZqRNVnXanIcmw
4/SMUCWYrY25T/yBmr3P0e5tAywK4NpCd7QdyDJOZhwdlNEvoyj3hYgI48zrBR+A
CGgLno99urXtpy/Rs+aoLLcHpbSWShOA8NSX36jJMrDDw0WGf5iDX++sgbfqLhbG
ujkQznyneYx9afyrkcQlTf/jvfyspXpYykG0WUMkNLNMrJs1g/69aidGJ4n24Dhu
jOykFnkgfPpD0fuWfrU109yyjmw9f2Mmao283BKA9fr+eZilGYJzCirE3k+G3K/3
M14q2TiVjEbJJV1zlb2mZVz+SR8=
-----END CERTIFICATE-----