Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A919D64D/D9333FE41D6E11E2A85080B008B02CD2/214131EE0F3711EF9336A344C4F9AE02.roa
File:                     214131EE0F3711EF9336A344C4F9AE02.roa (raw, json)
Hash identifier:          hqvsDWKtE5p6CXxx4I6H8StqOBtrov4UVqcIFKnMfW8=
Subject key identifier:   47:CB:B1:FC:F8:7E:B4:33:B6:F0:BB:C1:13:4B:7A:E6:D0:86:F1:C1
Certificate issuer:       /CN=A919D64D/serialNumber=C4220F50355647B7C80B2CE8BC7126AAC2E22D37
Certificate serial:       343A
Authority key identifier: C4:22:0F:50:35:56:47:B7:C8:0B:2C:E8:BC:71:26:AA:C2:E2:2D:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xCIPUDVWR7fICyzovHEmqsLiLTc.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A919D64D/D9333FE41D6E11E2A85080B008B02CD2/214131EE0F3711EF9336A344C4F9AE02.roa
Signing time:             Sun 20 Oct 2024 14:30:12 +0000
ROA not before:           Sun 20 Oct 2024 14:30:11 +0000
ROA not after:            Mon 01 Dec 2025 00:00:00 +0000
asID:                     136030
IP address blocks:        103.255.150.0/24 maxlen: 24
                          103.255.151.0/24 maxlen: 24
                          180.149.214.0/24 maxlen: 24
                          180.149.215.0/24 maxlen: 24
                          180.149.216.0/24 maxlen: 24
                          180.149.217.0/24 maxlen: 24
                          180.149.218.0/24 maxlen: 24
                          180.149.219.0/24 maxlen: 24
                          180.149.220.0/24 maxlen: 24
                          180.149.221.0/24 maxlen: 24
                          180.149.222.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 12 Nov 2024 15:44:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 13370 (0x343a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A919D64D/serialNumber=C4220F50355647B7C80B2CE8BC7126AAC2E22D37
        Validity
            Not Before: Oct 20 14:30:11 2024 GMT
            Not After : Dec  1 00:00:00 2025 GMT
        Subject: CN=671513f3-40ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:db:63:fa:e2:3f:d2:c0:46:c9:71:fc:5e:a7:
                    ac:44:15:45:15:36:05:31:93:e3:27:31:7d:af:b1:
                    e6:87:2c:ae:ea:03:45:0e:13:5f:a5:28:d5:9c:ce:
                    9c:cd:e7:34:4c:28:c2:82:2e:04:bd:54:19:b8:30:
                    05:2c:f4:cf:94:a7:3a:17:99:16:18:d9:cb:bf:e2:
                    fd:f0:ec:ca:84:d3:13:39:d1:de:55:b1:de:08:d1:
                    67:df:36:3b:dd:50:8a:28:4c:f5:02:cb:f8:22:c1:
                    84:15:06:9e:db:9d:d5:37:27:ac:b5:85:1b:7a:83:
                    ac:b2:51:a3:77:7b:56:37:92:e2:5e:70:25:cb:21:
                    98:a5:6b:95:31:aa:89:25:db:5a:b6:3c:f1:4f:d0:
                    57:07:35:a7:48:68:dc:ea:f8:ec:19:1e:73:69:71:
                    bb:e8:b8:32:f0:ac:79:5a:52:49:f7:16:11:ca:d9:
                    39:65:fc:07:34:46:0f:ca:f1:d0:dc:27:c6:cd:f5:
                    a7:68:cb:fa:6d:56:15:87:86:a9:1c:1c:96:41:57:
                    35:48:6a:78:47:7f:1f:39:78:92:dd:f7:46:33:ba:
                    90:3f:b9:98:b3:93:52:76:5f:df:ae:91:fd:9f:b1:
                    7d:95:e5:dd:f5:ca:5b:6d:bd:c6:6c:ba:d0:3b:05:
                    ae:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:CB:B1:FC:F8:7E:B4:33:B6:F0:BB:C1:13:4B:7A:E6:D0:86:F1:C1
            X509v3 Authority Key Identifier:
                keyid:C4:22:0F:50:35:56:47:B7:C8:0B:2C:E8:BC:71:26:AA:C2:E2:2D:37

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A919D64D/D9333FE41D6E11E2A85080B008B02CD2/xCIPUDVWR7fICyzovHEmqsLiLTc.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xCIPUDVWR7fICyzovHEmqsLiLTc.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A919D64D/D9333FE41D6E11E2A85080B008B02CD2/214131EE0F3711EF9336A344C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.255.150.0/23
                  180.149.214.0-180.149.222.255

    Signature Algorithm: sha256WithRSAEncryption
         4b:d0:ca:a7:90:fe:df:59:cd:8b:56:f9:a5:c0:88:de:ad:4d:
         bd:a5:b2:36:ca:73:2c:e9:d6:b2:da:7e:9f:c4:4c:a0:82:f0:
         28:95:ec:11:7f:b9:72:a6:14:a8:87:bf:a7:0f:3a:80:1a:36:
         37:dc:68:3e:65:97:90:97:08:af:41:dc:6b:b4:66:2a:42:b4:
         0f:df:1b:f5:61:56:13:a7:30:54:c1:64:b5:e6:c1:36:e1:29:
         6e:32:fc:80:0d:b9:20:f9:fd:45:6c:73:c6:e8:5a:fe:31:52:
         e6:6f:b7:1f:e5:ca:bd:8e:2e:a3:6c:b2:7f:a5:b2:c6:85:51:
         15:7a:9a:81:0b:b6:18:b2:0e:4b:49:b5:f2:f0:1c:2f:0b:d1:
         34:38:7b:bc:32:8f:ea:38:b0:ee:fe:19:83:f5:9f:57:72:75:
         2f:91:b3:4b:d6:67:c6:44:b1:3b:f9:1e:65:87:09:99:8c:45:
         85:d2:fb:3e:a0:3c:8b:9a:2d:2c:a8:ca:b5:d7:54:d5:c0:08:
         2f:fa:43:53:cd:95:3c:f0:ba:bb:72:42:cb:17:70:e6:b2:3d:
         d5:ac:0c:13:c0:a6:a6:e3:19:c3:b8:db:b3:77:ca:46:71:17:
         df:1c:20:04:70:3a:b7:62:ba:5c:fe:bf:66:68:59:64:99:d3:
         8c:5e:bf:11
-----BEGIN CERTIFICATE-----
MIIFfzCCBGegAwIBAgICNDowDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OUQ2NEQxMTAvBgNVBAUTKEM0MjIwRjUwMzU1NjQ3QjdDODBCMkNFOEJDNzEyNkFB
QzJFMjJEMzcwHhcNMjQxMDIwMTQzMDExWhcNMjUxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzE1MTNmMy00MGJhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAyNtj+uI/0sBGyXH8XqesRBVFFTYFMZPjJzF9r7Hmhyyu6gNFDhNfpSjVnM6c
zec0TCjCgi4EvVQZuDAFLPTPlKc6F5kWGNnLv+L98OzKhNMTOdHeVbHeCNFn3zY7
3VCKKEz1Asv4IsGEFQae253VNyestYUbeoOsslGjd3tWN5LiXnAlyyGYpWuVMaqJ
JdtatjzxT9BXBzWnSGjc6vjsGR5zaXG76Lgy8Kx5WlJJ9xYRytk5ZfwHNEYPyvHQ
3CfGzfWnaMv6bVYVh4apHByWQVc1SGp4R38fOXiS3fdGM7qQP7mYs5NSdl/frpH9
n7F9leXd9cpbbb3GbLrQOwWu5QIDAQABo4ICozCCAp8wHQYDVR0OBBYEFEfLsfz4
frQztvC7wRNLeubQhvHBMB8GA1UdIwQYMBaAFMQiD1A1Vke3yAss6LxxJqrC4i03
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5RDY0RC9EOTMzM0ZFNDFE
NkUxMUUyQTg1MDgwQjAwOEIwMkNEMi94Q0lQVURWV1I3ZklDeXpvdkhFbXFzTGlM
VGMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3hDSVBVRFZXUjdmSUN5em92SEVtcXNMaUxUYy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OUQ2NEQvRDkzMzNGRTQxRDZFMTFFMkE4NTA4MEIwMDhCMDJDRDIvMjE0MTMxRUUw
RjM3MTFFRjkzMzZBMzQ0QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLQYIKwYBBQUHAQcBAf8E
HjAcMBoEAgABMBQDBAFn/5YwDAMEAbSV1gMEALSV3jANBgkqhkiG9w0BAQsFAAOC
AQEAS9DKp5D+31nNi1b5pcCI3q1NvaWyNspzLOnWstp+n8RMoILwKJXsEX+5cqYU
qIe/pw86gBo2N9xoPmWXkJcIr0Hca7RmKkK0D98b9WFWE6cwVMFktebBNuEpbjL8
gA25IPn9RWxzxuha/jFS5m+3H+XKvY4uo2yyf6WyxoVRFXqagQu2GLIOS0m18vAc
LwvRNDh7vDKP6jiw7v4Zg/WfV3J1L5GzS9ZnxkSxO/keZYcJmYxFhdL7PqA8i5ot
LKjKtddU1cAIL/pDU82VPPC6u3JCyxdw5rI91awME8CmpuMZw7jbs3fKRnEX3xwg
BHA6t2K6XP6/ZmhZZJnTjF6/EQ==
-----END CERTIFICATE-----