Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A914A139/EBB9EC6024CA11EAAC2AE586C4F9AE02/858C82D8D3DB11EB9FCD6135C4F9AE02.roa
File:                     858C82D8D3DB11EB9FCD6135C4F9AE02.roa (raw, json)
Hash identifier:          kFROAL0pGLfhTNh43pbuZi45Omi/FY/T2v6J0gze/eY=
Subject key identifier:   2A:45:B4:66:97:7D:26:CF:EE:B0:60:CF:F3:58:0C:A3:68:6B:D6:10
Certificate issuer:       /CN=A914A139/serialNumber=A25ED8A1427AE93B24D30DCCDFA832538B5008AD
Certificate serial:       0AB3
Authority key identifier: A2:5E:D8:A1:42:7A:E9:3B:24:D3:0D:CC:DF:A8:32:53:8B:50:08:AD
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ol7YoUJ66Tsk0w3M36gyU4tQCK0.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A914A139/EBB9EC6024CA11EAAC2AE586C4F9AE02/858C82D8D3DB11EB9FCD6135C4F9AE02.roa
Signing time:             Wed 24 Jan 2024 05:43:55 +0000
ROA not before:           Wed 24 Jan 2024 05:43:55 +0000
ROA not after:            Thu 31 Oct 2024 00:00:00 +0000
asID:                     139325
IP address blocks:        103.141.64.0/23 maxlen: 23
                          103.141.64.0/24 maxlen: 24
                          103.141.65.0/24 maxlen: 24
                          2001:df0:f280::/48 maxlen: 48
                          2001:df0:f280::/56 maxlen: 56
                          2001:df0:f280:100::/56 maxlen: 56
                          2001:df0:f280:200::/56 maxlen: 56
                          2001:df0:f280:300::/56 maxlen: 56
                          2001:df0:f280:400::/56 maxlen: 56
                          2001:df0:f280:500::/56 maxlen: 56
                          2001:df0:f280:600::/56 maxlen: 56
                          2001:df0:f280:700::/56 maxlen: 56
                          2401:79e0:4000::/34 maxlen: 38

Validation:               Failed, certificate revoked on Wed 24 Jan 2024 06:14:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2739 (0xab3)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A914A139/serialNumber=A25ED8A1427AE93B24D30DCCDFA832538B5008AD
        Validity
            Not Before: Jan 24 05:43:55 2024 GMT
            Not After : Oct 31 00:00:00 2024 GMT
        Subject: CN=65b0a39b-a735
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:ea:7e:56:77:dc:e0:32:1e:e9:c3:5c:e9:42:
                    69:b3:5d:82:d9:16:0a:46:81:9c:d3:2e:f4:9d:72:
                    b0:eb:4e:7b:f0:55:1a:3d:e5:b7:2b:b0:42:e0:29:
                    4d:c6:8a:d1:aa:1e:98:27:e2:41:7c:5e:31:81:e6:
                    c0:f3:2c:e7:88:d7:14:30:f1:61:a3:5c:59:aa:5c:
                    d9:8b:18:37:76:74:5f:9e:29:47:b3:86:e0:9a:4c:
                    00:c0:b8:b1:27:31:64:66:d1:34:40:95:a6:65:05:
                    a6:40:e3:2e:7c:64:90:4c:82:51:7a:51:61:2d:0b:
                    0b:31:c9:6c:ce:fc:1b:e4:ea:bf:16:98:4a:41:7f:
                    e1:ea:04:47:7c:d2:03:ae:ec:b3:0d:0b:65:b2:bd:
                    73:9e:14:26:f9:f7:2d:57:cf:92:1a:c0:4a:ce:b2:
                    6f:83:92:83:13:0b:5a:cd:e3:6c:d9:7e:35:09:c3:
                    59:8c:fe:1e:df:0d:e5:e5:c8:f5:53:69:c8:be:cc:
                    4b:b6:33:af:0b:89:c5:89:ca:64:d5:81:0f:bc:73:
                    08:e2:57:e2:ae:a3:c4:69:36:f9:a0:94:91:f9:d4:
                    fd:7d:48:02:4e:41:1a:d3:8c:5d:4a:af:dd:c0:63:
                    6f:0d:d2:5a:73:3f:1f:a2:16:53:fa:01:e8:5e:4c:
                    5c:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:45:B4:66:97:7D:26:CF:EE:B0:60:CF:F3:58:0C:A3:68:6B:D6:10
            X509v3 Authority Key Identifier:
                keyid:A2:5E:D8:A1:42:7A:E9:3B:24:D3:0D:CC:DF:A8:32:53:8B:50:08:AD

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A914A139/EBB9EC6024CA11EAAC2AE586C4F9AE02/ol7YoUJ66Tsk0w3M36gyU4tQCK0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ol7YoUJ66Tsk0w3M36gyU4tQCK0.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A914A139/EBB9EC6024CA11EAAC2AE586C4F9AE02/858C82D8D3DB11EB9FCD6135C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.141.64.0/23
                IPv6:
                  2001:df0:f280::/48
                  2401:79e0:4000::/34

    Signature Algorithm: sha256WithRSAEncryption
         21:ac:c2:3c:33:3a:de:db:2a:2c:8d:bb:8e:1d:d7:5d:73:36:
         9d:2e:b3:d1:32:db:10:ab:75:20:16:e0:13:86:ab:09:1c:3f:
         af:b8:15:7e:87:e4:9b:b5:94:73:c1:0c:19:b2:c8:28:44:66:
         b6:92:a8:b5:fe:79:d2:57:6e:f6:72:b8:81:d3:a9:e1:5f:07:
         73:4a:5d:eb:dd:cb:17:01:2f:c1:e4:1a:3a:67:d2:23:29:ee:
         7e:8a:12:f3:7b:81:8d:a5:8a:5e:cf:38:b1:ac:1f:26:d3:0a:
         e0:f6:9e:d7:9c:72:15:9c:b2:e1:11:a3:c4:7c:e6:dd:62:5c:
         46:5c:e5:82:4f:90:92:4f:a7:79:20:5c:42:06:12:d5:63:73:
         00:be:d6:3b:72:40:93:3c:29:33:62:54:0b:86:89:d5:17:6e:
         30:96:0b:df:4b:be:18:22:13:21:11:c4:c5:a8:60:d6:72:10:
         4d:7f:bd:e0:da:e8:3b:2c:b3:32:b4:1f:88:a1:ae:ac:8d:97:
         89:85:f4:d6:d2:44:7a:20:f2:47:26:32:1b:45:f0:46:5c:fe:
         22:cc:41:01:e7:da:c6:82:10:d6:c7:30:72:ef:89:f3:09:fc:
         19:83:80:4c:64:84:d1:af:69:8a:ef:db:88:5e:3f:75:eb:83:
         38:08:33:85
-----BEGIN CERTIFICATE-----
MIIFijCCBHKgAwIBAgICCrMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NEExMzkxMTAvBgNVBAUTKEEyNUVEOEExNDI3QUU5M0IyNEQzMERDQ0RGQTgzMjUz
OEI1MDA4QUQwHhcNMjQwMTI0MDU0MzU1WhcNMjQxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWIwYTM5Yi1hNzM1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAtup+Vnfc4DIe6cNc6UJps12C2RYKRoGc0y70nXKw60578FUaPeW3K7BC4ClN
xorRqh6YJ+JBfF4xgebA8yzniNcUMPFho1xZqlzZixg3dnRfnilHs4bgmkwAwLix
JzFkZtE0QJWmZQWmQOMufGSQTIJRelFhLQsLMclszvwb5Oq/FphKQX/h6gRHfNID
ruyzDQtlsr1znhQm+fctV8+SGsBKzrJvg5KDEwtazeNs2X41CcNZjP4e3w3l5cj1
U2nIvsxLtjOvC4nFicpk1YEPvHMI4lfirqPEaTb5oJSR+dT9fUgCTkEa04xdSq/d
wGNvDdJacz8fohZT+gHoXkxc6wIDAQABo4ICrjCCAqowHQYDVR0OBBYEFCpFtGaX
fSbP7rBgz/NYDKNoa9YQMB8GA1UdIwQYMBaAFKJe2KFCeuk7JNMNzN+oMlOLUAit
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0QTEzOS9FQkI5RUM2MDI0
Q0ExMUVBQUMyQUU1ODZDNEY5QUUwMi9vbDdZb1VKNjZUc2swdzNNMzZneVU0dFFD
SzAuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL29sN1lvVUo2NlRzazB3M00zNmd5VTR0UUNLMC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NEExMzkvRUJCOUVDNjAyNENBMTFFQUFDMkFFNTg2QzRGOUFFMDIvODU4QzgyRDhE
M0RCMTFFQjlGQ0Q2MTM1QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwOAYIKwYBBQUHAQcBAf8E
KTAnMAwEAgABMAYDBAFnjUAwFwQCAAIwEQMHACABDfDygAMGBiQBeeBAMA0GCSqG
SIb3DQEBCwUAA4IBAQAhrMI8Mzre2yosjbuOHdddczadLrPRMtsQq3UgFuAThqsJ
HD+vuBV+h+SbtZRzwQwZssgoRGa2kqi1/nnSV272criB06nhXwdzSl3r3csXAS/B
5Bo6Z9IjKe5+ihLze4GNpYpezzixrB8m0wrg9p7XnHIVnLLhEaPEfObdYlxGXOWC
T5CST6d5IFxCBhLVY3MAvtY7ckCTPCkzYlQLhonVF24wlgvfS74YIhMhEcTFqGDW
chBNf73g2ug7LLMytB+Ioa6sjZeJhfTW0kR6IPJHJjIbRfBGXP4izEEB59rGghDW
xzBy74nzCfwZg4BMZITRr2mK79uIXj9164M4CDOF
-----END CERTIFICATE-----