Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A916EB94/E3CC25D8811E11EC92025551C4F9AE02/1E2FCD68812111ECA7AE555AC4F9AE02.roa
File:                     1E2FCD68812111ECA7AE555AC4F9AE02.roa (raw, json)
Hash identifier:          rDlo34c0IDxsIVu4vUuWuGljtuLuWSzMXS8Btmrp+Mg=
Subject key identifier:   D4:4B:94:43:3F:97:0A:F8:96:60:B4:A8:F0:F0:9F:1F:00:73:07:D4
Certificate issuer:       /CN=A916EB94/serialNumber=C4D4FB0FF027796E9DAA17B75551FD0B77F1982F
Certificate serial:       0249
Authority key identifier: C4:D4:FB:0F:F0:27:79:6E:9D:AA:17:B7:55:51:FD:0B:77:F1:98:2F
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xNT7D_AneW6dqhe3VVH9C3fxmC8.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A916EB94/E3CC25D8811E11EC92025551C4F9AE02/1E2FCD68812111ECA7AE555AC4F9AE02.roa
Signing time:             Tue 31 Jan 2023 04:53:36 +0000
ROA not before:           Tue 31 Jan 2023 04:53:36 +0000
ROA not after:            Sat 31 Aug 2024 00:00:00 +0000
asID:                     58688
IP address blocks:        45.112.72.0/23 maxlen: 24
                          45.248.152.0/22 maxlen: 24
                          103.20.180.0/22 maxlen: 24
                          103.217.112.0/22 maxlen: 24
                          103.247.44.0/22 maxlen: 24
                          2405:6900:f000::/36 maxlen: 36

Validation:               Failed, certificate revoked on Wed 06 Mar 2024 13:10:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 585 (0x249)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A916EB94/serialNumber=C4D4FB0FF027796E9DAA17B75551FD0B77F1982F
        Validity
            Not Before: Jan 31 04:53:36 2023 GMT
            Not After : Aug 31 00:00:00 2024 GMT
        Subject: CN=63d89ed0-9c62
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:00:37:86:f9:5b:5b:f9:96:54:13:69:63:9f:
                    42:75:03:ad:9c:9e:8e:a8:c8:68:ea:35:a5:27:7f:
                    47:39:53:80:0e:e8:76:37:17:15:49:45:4b:04:5a:
                    a2:b8:8e:bb:f4:74:10:ab:10:4d:2b:32:6a:d8:1f:
                    1e:50:b3:df:ad:96:c6:34:7f:eb:58:81:ce:ab:ca:
                    50:c1:0e:fa:77:cb:82:77:2a:14:3d:a4:81:44:cb:
                    2e:d5:a7:7a:72:46:17:53:59:a7:50:8e:f5:fc:65:
                    a8:03:4f:a0:96:2e:ba:c9:72:e2:44:d0:4b:ab:cd:
                    ba:5c:84:52:b4:d0:a9:0d:51:dd:de:f3:97:ac:c2:
                    79:c1:1f:b7:a9:f3:38:e2:3e:fa:63:36:05:cf:05:
                    63:57:16:55:85:c3:c3:5c:b8:e2:0c:28:47:47:db:
                    7b:d4:ec:b5:37:f5:cb:32:47:ad:a4:2a:fb:23:30:
                    c9:8d:98:c4:84:e4:12:95:34:ea:48:78:8c:77:ae:
                    ee:92:ed:1d:22:62:50:a4:a1:3e:22:a0:4f:e6:fd:
                    07:9c:56:aa:ec:71:36:bf:3d:42:4e:51:7b:fc:2a:
                    12:20:a5:cf:88:7c:1f:3b:c2:55:a8:a8:88:11:3f:
                    e3:81:33:dc:c2:79:4e:fd:96:9f:d1:a1:a8:47:ee:
                    fe:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:4B:94:43:3F:97:0A:F8:96:60:B4:A8:F0:F0:9F:1F:00:73:07:D4
            X509v3 Authority Key Identifier:
                keyid:C4:D4:FB:0F:F0:27:79:6E:9D:AA:17:B7:55:51:FD:0B:77:F1:98:2F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A916EB94/E3CC25D8811E11EC92025551C4F9AE02/xNT7D_AneW6dqhe3VVH9C3fxmC8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xNT7D_AneW6dqhe3VVH9C3fxmC8.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A916EB94/E3CC25D8811E11EC92025551C4F9AE02/1E2FCD68812111ECA7AE555AC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.112.72.0/23
                  45.248.152.0/22
                  103.20.180.0/22
                  103.217.112.0/22
                  103.247.44.0/22
                IPv6:
                  2405:6900:f000::/36

    Signature Algorithm: sha256WithRSAEncryption
         9c:e0:9a:6c:72:ad:0a:94:46:de:41:f4:45:bf:cf:42:7b:4b:
         2d:d6:cc:9b:9f:69:86:44:42:68:65:ba:2b:db:60:ca:dd:2c:
         e7:a6:6c:f1:11:78:43:c7:07:15:c9:e4:98:b4:e3:22:7e:eb:
         6a:92:12:b6:e7:93:03:fa:f8:8d:74:54:4a:0b:9a:46:85:10:
         12:42:9c:49:c7:05:34:02:19:c7:57:e4:e5:bc:ad:0f:ab:8d:
         71:a6:8f:8b:9f:34:c2:33:de:71:7a:57:f4:68:56:ad:ec:73:
         74:68:0f:e8:35:45:ee:86:30:e3:49:ac:bb:69:0b:5a:ae:7a:
         b9:51:45:69:b7:4e:51:21:a9:37:c1:54:51:80:78:fa:bc:df:
         2a:aa:de:ca:9f:7a:a5:66:4b:3d:39:e8:ed:be:bb:97:a5:f0:
         a5:2f:96:8e:d1:7b:2a:e2:aa:bd:0b:ca:40:bd:4b:ba:bf:54:
         03:cb:46:ce:ca:79:3a:0c:7c:e4:06:b3:c7:e9:c2:74:9f:c8:
         f1:b3:f4:e3:50:6d:4a:78:56:75:fb:a7:69:19:b2:e9:f6:b0:
         d3:10:78:21:fd:97:85:67:97:13:a0:e7:6e:bf:5e:7a:16:52:
         ba:8d:73:32:da:85:af:9e:c2:1d:b1:c6:4c:b8:12:66:44:05:
         4b:4a:bd:40
-----BEGIN CERTIFICATE-----
MIIFmTCCBIGgAwIBAgICAkkwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NkVCOTQxMTAvBgNVBAUTKEM0RDRGQjBGRjAyNzc5NkU5REFBMTdCNzU1NTFGRDBC
NzdGMTk4MkYwHhcNMjMwMTMxMDQ1MzM2WhcNMjQwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02M2Q4OWVkMC05YzYyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAxQA3hvlbW/mWVBNpY59CdQOtnJ6OqMho6jWlJ39HOVOADuh2NxcVSUVLBFqi
uI679HQQqxBNKzJq2B8eULPfrZbGNH/rWIHOq8pQwQ76d8uCdyoUPaSBRMsu1ad6
ckYXU1mnUI71/GWoA0+gli66yXLiRNBLq826XIRStNCpDVHd3vOXrMJ5wR+3qfM4
4j76YzYFzwVjVxZVhcPDXLjiDChHR9t71Oy1N/XLMketpCr7IzDJjZjEhOQSlTTq
SHiMd67uku0dImJQpKE+IqBP5v0HnFaq7HE2vz1CTlF7/CoSIKXPiHwfO8JVqKiI
ET/jgTPcwnlO/Zaf0aGoR+7+7wIDAQABo4ICvTCCArkwHQYDVR0OBBYEFNRLlEM/
lwr4lmC0qPDwnx8AcwfUMB8GA1UdIwQYMBaAFMTU+w/wJ3lunaoXt1VR/Qt38Zgv
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE2RUI5NC9FM0NDMjVEODgx
MUUxMUVDOTIwMjU1NTFDNEY5QUUwMi94TlQ3RF9BbmVXNmRxaGUzVlZIOUMzZnht
QzguY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3hOVDdEX0FuZVc2ZHFoZTNWVkg5QzNmeG1DOC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NkVCOTQvRTNDQzI1RDg4MTFFMTFFQzkyMDI1NTUxQzRGOUFFMDIvMUUyRkNENjg4
MTIxMTFFQ0E3QUU1NTVBQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwRwYIKwYBBQUHAQcBAf8E
ODA2MCQEAgABMB4DBAEtcEgDBAIt+JgDBAJnFLQDBAJn2XADBAJn9ywwDgQCAAIw
CAMGBCQFaQDwMA0GCSqGSIb3DQEBCwUAA4IBAQCc4Jpscq0KlEbeQfRFv89Ce0st
1sybn2mGREJoZbor22DK3SznpmzxEXhDxwcVyeSYtOMifutqkhK255MD+viNdFRK
C5pGhRASQpxJxwU0AhnHV+TlvK0Pq41xpo+LnzTCM95xelf0aFat7HN0aA/oNUXu
hjDjSay7aQtarnq5UUVpt05RIak3wVRRgHj6vN8qqt7Kn3qlZks9OejtvruXpfCl
L5aO0Xsq4qq9C8pAvUu6v1QDy0bOynk6DHzkBrPH6cJ0n8jxs/TjUG1KeFZ1+6dp
GbLp9rDTEHgh/ZeFZ5cToOduv156FlK6jXMy2oWvnsIdscZMuBJmRAVLSr1A
-----END CERTIFICATE-----