Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9143DB0/B895AF74051511E58D49AE42C4F9AE02/949FF22A0F8211EE9C28226AC4F9AE02.roa
File:                     949FF22A0F8211EE9C28226AC4F9AE02.roa (raw, json)
Hash identifier:          /caEAePnKT7ITLEvb3LSk2ednKAtBpTkWioTlhfKwbA=
Subject key identifier:   A8:8F:E7:7F:41:51:BF:C2:C4:15:90:DB:B8:2A:CE:F8:D2:72:DA:49
Certificate issuer:       /CN=A9143DB0/serialNumber=9BC7651AC4BABF8C4478534FADA610ACDA746BD4
Certificate serial:       26C5
Authority key identifier: 9B:C7:65:1A:C4:BA:BF:8C:44:78:53:4F:AD:A6:10:AC:DA:74:6B:D4
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/m8dlGsS6v4xEeFNPraYQrNp0a9Q.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9143DB0/B895AF74051511E58D49AE42C4F9AE02/949FF22A0F8211EE9C28226AC4F9AE02.roa
Signing time:             Mon 30 Jun 2025 11:59:34 +0000
ROA not before:           Mon 30 Jun 2025 11:59:34 +0000
ROA not after:            Thu 28 May 2026 00:00:00 +0000
asID:                     137812
IP address blocks:        103.139.234.0/24 maxlen: 24
                          103.228.201.0/24 maxlen: 24
                          2400:eb80:ffff::/48 maxlen: 48
Validation:               Failed, certificate revoked on Tue 08 Jul 2025 16:10:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 9925 (0x26c5)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9143DB0, serialNumber=9BC7651AC4BABF8C4478534FADA610ACDA746BD4
        Validity
            Not Before: Jun 30 11:59:34 2025 GMT
            Not After : May 28 00:00:00 2026 GMT
        Subject: CN=68627c26-6360
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:49:58:48:29:7c:48:65:2d:3d:d7:c3:38:9b:
                    5e:69:60:ad:b2:03:52:19:21:92:c8:8d:e3:4a:17:
                    1b:f9:85:3e:91:6d:12:43:c9:c3:0d:7e:91:95:31:
                    fb:cb:46:52:1a:8b:f8:d1:e8:6b:b1:54:37:97:31:
                    df:32:b1:15:c9:e1:75:3f:d8:da:de:80:d4:2c:4d:
                    2b:d9:30:7f:cc:e9:5a:ad:53:df:ff:38:2f:81:2a:
                    f7:5c:2c:a2:b7:cb:ba:4d:6b:c4:15:b1:7e:26:c4:
                    0d:bf:a9:43:9b:36:82:ab:c9:23:95:c9:51:2c:39:
                    9a:d5:ae:ac:a6:65:4f:b3:85:6d:ae:5b:28:fd:a8:
                    21:ab:aa:2e:8d:ee:9f:20:d3:0c:b2:d1:1f:aa:14:
                    a9:f3:ee:3d:2d:b2:23:13:18:77:61:3e:22:e8:b5:
                    60:73:42:be:62:2d:e8:f5:a6:68:ea:a5:44:d3:49:
                    6f:3a:75:66:4c:63:28:f7:d5:8c:19:73:6f:c3:01:
                    e4:08:d3:ea:2a:da:e7:c2:f3:0b:4b:1d:84:ef:47:
                    fa:91:9e:f4:12:21:96:3e:12:ae:fc:3c:79:81:2e:
                    58:32:7a:02:2f:86:2e:5d:78:e8:38:d4:0e:22:5f:
                    e9:24:14:84:75:76:50:40:71:d3:89:91:ae:d2:b3:
                    07:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:8F:E7:7F:41:51:BF:C2:C4:15:90:DB:B8:2A:CE:F8:D2:72:DA:49
            X509v3 Authority Key Identifier:
                keyid:9B:C7:65:1A:C4:BA:BF:8C:44:78:53:4F:AD:A6:10:AC:DA:74:6B:D4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9143DB0/B895AF74051511E58D49AE42C4F9AE02/m8dlGsS6v4xEeFNPraYQrNp0a9Q.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/m8dlGsS6v4xEeFNPraYQrNp0a9Q.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9143DB0/B895AF74051511E58D49AE42C4F9AE02/949FF22A0F8211EE9C28226AC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.139.234.0/24
                  103.228.201.0/24
                IPv6:
                  2400:eb80:ffff::/48

    Signature Algorithm: sha256WithRSAEncryption
         71:bd:21:1c:b6:7a:0c:70:d8:1e:35:84:a2:6f:06:f5:83:dd:
         40:7e:9d:69:90:3a:e7:15:a2:2f:3a:24:bf:1d:7d:20:be:0f:
         6b:b1:d6:53:58:28:7b:a5:a9:d3:88:4e:f8:e4:26:c0:43:05:
         0d:74:08:4c:2b:e5:b3:11:e3:03:2a:a5:ee:57:80:20:6c:76:
         98:33:f4:93:db:d8:03:32:a4:51:54:46:9e:cb:75:80:8b:c3:
         b2:d9:25:5e:8d:3b:c9:a8:cd:50:98:3b:0b:00:f9:ea:b6:94:
         12:e2:4b:43:54:fb:39:6e:d4:aa:9f:5a:2c:80:b7:de:db:e3:
         b9:29:36:5c:88:27:0d:39:ef:c2:8c:be:73:90:7c:b3:f3:e0:
         ff:04:1f:87:c8:8e:02:6f:4c:f3:5f:93:64:69:b0:5c:b0:30:
         88:5d:e2:0f:e0:95:8b:23:1e:98:72:d5:c0:0c:9d:dd:b5:e5:
         d3:00:95:be:cb:ae:12:c0:40:f1:4b:47:57:f9:1f:80:d5:88:
         96:49:79:ee:af:f7:63:a8:45:a0:2f:c2:25:37:4f:9c:af:e8:
         de:7d:4b:a8:ac:c1:d4:7b:52:a2:c7:a3:74:2a:44:90:83:89:
         a9:39:f8:73:5b:b4:bc:82:ab:9e:dd:ae:f9:b0:90:f6:13:dc:
         b2:00:ac:4e
-----BEGIN CERTIFICATE-----
MIIFiDCCBHCgAwIBAgICJsUwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDNEQjAxMTAvBgNVBAUTKDlCQzc2NTFBQzRCQUJGOEM0NDc4NTM0RkFEQTYxMEFD
REE3NDZCRDQwHhcNMjUwNjMwMTE1OTM0WhcNMjYwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02ODYyN2MyNi02MzYwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAsUlYSCl8SGUtPdfDOJteaWCtsgNSGSGSyI3jShcb+YU+kW0SQ8nDDX6RlTH7
y0ZSGov40ehrsVQ3lzHfMrEVyeF1P9ja3oDULE0r2TB/zOlarVPf/zgvgSr3XCyi
t8u6TWvEFbF+JsQNv6lDmzaCq8kjlclRLDma1a6spmVPs4Vtrlso/aghq6ouje6f
INMMstEfqhSp8+49LbIjExh3YT4i6LVgc0K+Yi3o9aZo6qVE00lvOnVmTGMo99WM
GXNvwwHkCNPqKtrnwvMLSx2E70f6kZ70EiGWPhKu/Dx5gS5YMnoCL4YuXXjoONQO
Il/pJBSEdXZQQHHTiZGu0rMHuQIDAQABo4ICrDCCAqgwHQYDVR0OBBYEFKiP539B
Ub/CxBWQ27gqzvjSctpJMB8GA1UdIwQYMBaAFJvHZRrEur+MRHhTT62mEKzadGvU
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0M0RCMC9CODk1QUY3NDA1
MTUxMUU1OEQ0OUFFNDJDNEY5QUUwMi9tOGRsR3NTNnY0eEVlRk5QcmFZUXJOcDBh
OVEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL204ZGxHc1M2djR4RWVGTlByYVlRck5wMGE5US5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDNEQjAvQjg5NUFGNzQwNTE1MTFFNThENDlBRTQyQzRGOUFFMDIvOTQ5RkYyMkEw
RjgyMTFFRTlDMjgyMjZBQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNgYIKwYBBQUHAQcBAf8E
JzAlMBIEAgABMAwDBABni+oDBABn5MkwDwQCAAIwCQMHACQA64D//zANBgkqhkiG
9w0BAQsFAAOCAQEAcb0hHLZ6DHDYHjWEom8G9YPdQH6daZA65xWiLzokvx19IL4P
a7HWU1goe6Wp04hO+OQmwEMFDXQITCvlsxHjAyql7leAIGx2mDP0k9vYAzKkUVRG
nst1gIvDstklXo07yajNUJg7CwD56raUEuJLQ1T7OW7Uqp9aLIC33tvjuSk2XIgn
DTnvwoy+c5B8s/Pg/wQfh8iOAm9M81+TZGmwXLAwiF3iD+CViyMemHLVwAyd3bXl
0wCVvsuuEsBA8UtHV/kfgNWIlkl57q/3Y6hFoC/CJTdPnK/o3n1LqKzB1HtSosej
dCpEkIOJqTn4c1u0vIKrnt2u+bCQ9hPcsgCsTg==
-----END CERTIFICATE-----