Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A916C61B/51EFFA30826911ECAD2E9524C4F9AE02/8DEC4450338B11EF9934223AC4F9AE02.roa
File:                     8DEC4450338B11EF9934223AC4F9AE02.roa (raw, json)
Hash identifier:          M0BAHvYA2QvWMJli2SPl4qliG98j73XQ2SGtCaz2560=
Subject key identifier:   B4:AA:59:38:7D:C3:7A:56:F5:84:07:55:EB:E3:1B:E0:9B:87:F2:9C
Certificate issuer:       /CN=A916C61B/serialNumber=F539291919CDE144B034EF288B0A634783E82C7F
Certificate serial:       03F5
Authority key identifier: F5:39:29:19:19:CD:E1:44:B0:34:EF:28:8B:0A:63:47:83:E8:2C:7F
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/9TkpGRnN4USwNO8oiwpjR4PoLH8.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A916C61B/51EFFA30826911ECAD2E9524C4F9AE02/8DEC4450338B11EF9934223AC4F9AE02.roa
Signing time:             Wed 27 Nov 2024 16:24:06 +0000
ROA not before:           Wed 27 Nov 2024 16:24:06 +0000
ROA not after:            Thu 01 May 2025 00:00:00 +0000
asID:                     153038
IP address blocks:        116.204.140.0/23 maxlen: 23
                          116.204.140.0/24 maxlen: 24
                          116.204.141.0/24 maxlen: 24
                          116.204.142.0/24 maxlen: 24
                          2400:c7c0::/48 maxlen: 48
                          2400:c7c0:4000::/34 maxlen: 34
                          2400:c7c0:4000::/40 maxlen: 40
                          2400:c7c0:4000::/48 maxlen: 48
                          2400:c7c0:43c0::/43 maxlen: 43
                          2400:c7c0:43c0::/48 maxlen: 48
                          2400:c7c0:43e0::/43 maxlen: 43
Validation:               Failed, certificate revoked on Wed 05 Feb 2025 06:25:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1013 (0x3f5)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A916C61B
        Validity
            Not Before: Nov 27 16:24:06 2024 GMT
            Not After : May  1 00:00:00 2025 GMT
        Subject: CN=674747a6-26d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:21:0f:b9:0a:05:d6:0e:cd:e3:da:e2:66:6c:
                    59:ab:08:43:08:6f:01:74:ce:1f:b0:70:8e:e5:65:
                    46:8c:be:6b:6b:e8:55:70:76:63:17:81:3f:e3:40:
                    95:cb:6c:ef:88:89:75:30:d4:ec:e3:0b:bd:6a:5d:
                    3c:15:19:ae:fb:d2:c3:bf:d0:1a:93:17:e7:14:5f:
                    4e:45:ef:d3:bc:03:d4:7d:7e:5f:2a:df:4a:5d:67:
                    a8:94:dc:ea:ee:a2:6e:e3:64:3d:ae:79:3b:69:00:
                    a0:49:e1:1e:32:7d:fe:36:c8:5a:ab:cc:d2:45:0c:
                    52:74:5d:0d:42:c5:d3:80:ee:94:91:05:27:fa:79:
                    96:c1:4c:c8:43:5f:7c:69:26:43:97:f8:30:b2:e6:
                    18:64:c9:28:e1:be:3f:ad:06:3d:00:29:66:ad:c7:
                    a6:c2:50:1f:19:b6:8a:16:ec:7f:3c:82:dc:29:c4:
                    ea:e7:94:c8:00:ae:07:0f:9b:5b:8b:18:a3:ba:61:
                    b0:a9:28:70:69:0e:03:92:4e:0f:00:db:a6:aa:9d:
                    47:76:84:e8:9d:85:45:e6:a6:fe:63:9a:5c:65:87:
                    3f:06:72:eb:b4:6a:bb:de:5d:a1:66:c9:ae:1f:15:
                    be:f7:9f:01:ac:58:b8:14:90:83:c6:2e:c3:48:54:
                    07:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:AA:59:38:7D:C3:7A:56:F5:84:07:55:EB:E3:1B:E0:9B:87:F2:9C
            X509v3 Authority Key Identifier:
                keyid:F5:39:29:19:19:CD:E1:44:B0:34:EF:28:8B:0A:63:47:83:E8:2C:7F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A916C61B/51EFFA30826911ECAD2E9524C4F9AE02/9TkpGRnN4USwNO8oiwpjR4PoLH8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/9TkpGRnN4USwNO8oiwpjR4PoLH8.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A916C61B/51EFFA30826911ECAD2E9524C4F9AE02/8DEC4450338B11EF9934223AC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  116.204.140.0-116.204.142.255
                IPv6:
                  2400:c7c0::/48
                  2400:c7c0:4000::/34

    Signature Algorithm: sha256WithRSAEncryption
         7e:97:2d:e8:c1:dd:15:4b:65:8e:c8:f5:4c:45:72:bb:1a:53:
         7a:9b:cf:c6:4a:18:f5:e6:a1:d3:b5:3e:e6:82:4c:66:e1:bd:
         15:47:d4:5e:a3:8c:14:6e:49:5a:44:54:db:36:28:e7:88:ab:
         3b:61:cc:df:f1:38:cb:d7:1c:6d:dd:27:63:5a:54:17:66:47:
         6a:af:dd:04:12:36:bd:13:b7:c4:f8:13:f5:cd:9f:80:fb:b9:
         a9:6d:02:f5:f6:12:d9:b1:37:68:64:7d:03:49:25:f5:97:b5:
         5b:25:f6:4a:a4:ae:00:e9:82:90:67:84:e7:07:4c:a8:05:1a:
         49:37:8e:b3:77:c7:b5:0a:d5:b9:76:ab:12:eb:1b:7f:96:e8:
         85:de:c4:b9:f6:65:b8:a1:7a:cb:7c:09:da:41:17:02:66:7e:
         6d:4e:9f:82:37:b1:a4:e7:67:34:12:32:e2:7c:3f:24:24:71:
         1e:7b:26:e1:c9:54:75:13:f4:e7:0c:a1:41:67:29:4c:24:f6:
         69:31:51:4f:5d:41:5c:ed:93:78:46:2f:a6:19:26:db:aa:f6:
         7e:ea:f0:56:a1:39:86:26:b2:80:92:c5:ca:8c:e4:9b:2e:9d:
         e9:a1:7a:e0:45:eb:ea:07:a3:61:0b:1c:ff:cc:3c:88:ab:61:
         d1:21:29:0d
-----BEGIN CERTIFICATE-----
MIIFkjCCBHqgAwIBAgICA/UwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NkM2MUIxMTAvBgNVBAUTKEY1MzkyOTE5MTlDREUxNDRCMDM0RUYyODhCMEE2MzQ3
ODNFODJDN0YwHhcNMjQxMTI3MTYyNDA2WhcNMjUwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzQ3NDdhNi0yNmQwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAsSEPuQoF1g7N49riZmxZqwhDCG8BdM4fsHCO5WVGjL5ra+hVcHZjF4E/40CV
y2zviIl1MNTs4wu9al08FRmu+9LDv9AakxfnFF9ORe/TvAPUfX5fKt9KXWeolNzq
7qJu42Q9rnk7aQCgSeEeMn3+Nshaq8zSRQxSdF0NQsXTgO6UkQUn+nmWwUzIQ198
aSZDl/gwsuYYZMko4b4/rQY9AClmrcemwlAfGbaKFux/PILcKcTq55TIAK4HD5tb
ixijumGwqShwaQ4Dkk4PANumqp1HdoTonYVF5qb+Y5pcZYc/BnLrtGq73l2hZsmu
HxW+958BrFi4FJCDxi7DSFQHZQIDAQABo4ICtjCCArIwHQYDVR0OBBYEFLSqWTh9
w3pW9YQHVevjG+Cbh/KcMB8GA1UdIwQYMBaAFPU5KRkZzeFEsDTvKIsKY0eD6Cx/
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE2QzYxQi81MUVGRkEzMDgy
NjkxMUVDQUQyRTk1MjRDNEY5QUUwMi85VGtwR1JuTjRVU3dOTzhvaXdwalI0UG9M
SDguY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzlUa3BHUm5ONFVTd05POG9pd3BqUjRQb0xIOC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NkM2MUIvNTFFRkZBMzA4MjY5MTFFQ0FEMkU5NTI0QzRGOUFFMDIvOERFQzQ0NTAz
MzhCMTFFRjk5MzQyMjNBQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwQAYIKwYBBQUHAQcBAf8E
MTAvMBQEAgABMA4wDAMEAnTMjAMEAHTMjjAXBAIAAjARAwcAJADHwAAAAwYGJADH
wEAwDQYJKoZIhvcNAQELBQADggEBAH6XLejB3RVLZY7I9UxFcrsaU3qbz8ZKGPXm
odO1PuaCTGbhvRVH1F6jjBRuSVpEVNs2KOeIqzthzN/xOMvXHG3dJ2NaVBdmR2qv
3QQSNr0Tt8T4E/XNn4D7ualtAvX2EtmxN2hkfQNJJfWXtVsl9kqkrgDpgpBnhOcH
TKgFGkk3jrN3x7UK1bl2qxLrG3+W6IXexLn2Zbihest8CdpBFwJmfm1On4I3saTn
ZzQSMuJ8PyQkcR57JuHJVHUT9OcMoUFnKUwk9mkxUU9dQVztk3hGL6YZJtuq9n7q
8FahOYYmsoCSxcqM5JsunemheuBF6+oHo2ELHP/MPIirYdEhKQ0=
-----END CERTIFICATE-----