Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A919D64D/D9333FE41D6E11E2A85080B008B02CD2/8DE8F28ABA6911EBBC30DD84C4F9AE02.roa
File:                     8DE8F28ABA6911EBBC30DD84C4F9AE02.roa (raw, json)
Hash identifier:          iEUPOBY5VjiiZliLoyOc38pebbcum+9Rn91ph5QRWME=
Subject key identifier:   9F:93:F9:50:66:54:CE:80:0A:9C:74:84:86:97:FD:B2:C1:5D:DC:EC
Certificate issuer:       /CN=A919D64D/serialNumber=C4220F50355647B7C80B2CE8BC7126AAC2E22D37
Certificate serial:       32EF
Authority key identifier: C4:22:0F:50:35:56:47:B7:C8:0B:2C:E8:BC:71:26:AA:C2:E2:2D:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xCIPUDVWR7fICyzovHEmqsLiLTc.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A919D64D/D9333FE41D6E11E2A85080B008B02CD2/8DE8F28ABA6911EBBC30DD84C4F9AE02.roa
Signing time:             Fri 10 Mar 2023 17:20:08 +0000
ROA not before:           Fri 10 Mar 2023 17:20:08 +0000
ROA not after:            Fri 01 Dec 2023 00:00:00 +0000
asID:                     9937
IP address blocks:        103.255.148.0/22 maxlen: 22
                          103.255.148.0/24 maxlen: 24
                          103.255.149.0/24 maxlen: 24
                          180.149.208.0/20 maxlen: 20
                          180.149.208.0/24 maxlen: 24
                          180.149.209.0/24 maxlen: 24
                          180.149.210.0/24 maxlen: 24
                          180.149.211.0/24 maxlen: 24
                          180.149.212.0/24 maxlen: 24
                          180.149.213.0/24 maxlen: 24
                          180.149.220.0/24 maxlen: 24
                          180.149.221.0/24 maxlen: 24
                          180.149.222.0/24 maxlen: 24
                          180.149.223.0/24 maxlen: 24
                          182.255.48.0/22 maxlen: 22

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 13039 (0x32ef)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A919D64D/serialNumber=C4220F50355647B7C80B2CE8BC7126AAC2E22D37
        Validity
            Not Before: Mar 10 17:20:08 2023 GMT
            Not After : Dec  1 00:00:00 2023 GMT
        Subject: CN=640b66c8-220c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:09:6b:41:a8:bc:a8:e3:cb:ab:a1:7f:b4:16:
                    2c:53:d8:76:fd:0c:5f:55:8b:ce:6f:ae:8b:b6:f5:
                    23:39:d8:bf:2a:0f:5b:c9:cd:10:17:d4:e5:6a:4c:
                    21:3c:7d:2d:ee:c3:ae:3e:bf:3c:81:b9:b8:9a:88:
                    ed:5a:b9:d3:3e:d3:77:79:49:e5:d2:4b:06:0a:54:
                    0b:8d:f9:bb:06:c3:46:6c:c9:43:c4:39:42:c1:70:
                    57:96:81:1b:69:2e:a9:87:a7:27:2c:6f:06:35:fc:
                    e4:56:0d:ab:3e:eb:7b:c0:1b:81:7b:11:55:33:07:
                    16:4d:55:f6:18:61:52:dc:37:a0:6f:5d:68:49:09:
                    3b:70:9f:1e:db:74:82:e2:49:a7:6c:a7:51:d4:ae:
                    47:6a:00:07:74:07:42:9e:1d:a1:7a:c5:13:b4:2f:
                    bd:36:42:b7:90:f4:2f:62:86:08:d0:bf:d5:ee:2f:
                    2a:1c:c6:0d:dd:20:ca:a9:2a:d3:55:21:9f:fe:b7:
                    e5:5e:4a:ce:81:f8:a1:ac:60:dd:67:56:e8:e6:0a:
                    27:c8:41:86:69:0e:07:e0:6e:dc:2d:4a:7b:a6:31:
                    71:88:23:20:5a:03:de:5b:82:a3:ac:56:9b:ec:16:
                    79:6d:fa:1b:4a:44:07:5a:4d:be:8b:6e:fc:eb:4a:
                    d4:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:93:F9:50:66:54:CE:80:0A:9C:74:84:86:97:FD:B2:C1:5D:DC:EC
            X509v3 Authority Key Identifier:
                keyid:C4:22:0F:50:35:56:47:B7:C8:0B:2C:E8:BC:71:26:AA:C2:E2:2D:37

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A919D64D/D9333FE41D6E11E2A85080B008B02CD2/xCIPUDVWR7fICyzovHEmqsLiLTc.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xCIPUDVWR7fICyzovHEmqsLiLTc.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A919D64D/D9333FE41D6E11E2A85080B008B02CD2/8DE8F28ABA6911EBBC30DD84C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.255.148.0/22
                  180.149.208.0/20
                  182.255.48.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8c:2f:c6:59:b4:f3:2b:56:fe:11:3c:15:53:e3:76:fa:57:18:
         b6:30:eb:6a:54:51:c8:c8:84:7a:0f:a9:4f:a9:59:aa:c5:40:
         cd:5e:40:6f:0c:84:29:99:51:d5:4f:d9:c2:ad:e6:da:da:b4:
         5e:0b:e7:ff:4a:24:51:e9:5d:d2:74:fb:73:1b:ca:7d:16:07:
         4d:23:43:db:99:b6:b8:1b:03:77:c8:2c:b4:b9:3c:2f:03:d3:
         9f:0a:4a:94:d6:30:32:96:06:78:88:cd:b7:53:54:67:24:b9:
         34:34:ff:21:7e:d9:54:28:d1:13:d6:26:91:76:6a:e7:8d:a2:
         86:ae:aa:3d:55:88:52:b0:09:e7:9a:a3:65:0f:ce:3e:9e:d7:
         1d:05:fb:28:d9:66:ac:36:5e:17:75:b0:20:51:59:79:55:85:
         2b:15:9f:7e:55:fd:3d:79:65:b3:39:c2:43:91:05:c4:7f:1f:
         fb:1b:30:8d:e5:bc:e9:4b:c8:af:e5:74:76:a3:6f:33:5f:bf:
         c8:7d:41:20:7b:8a:4d:72:6c:e5:04:a0:89:d4:16:15:47:5b:
         41:12:41:a3:9c:ea:65:7f:16:ce:37:f5:89:da:03:7c:86:2b:
         2a:9f:7b:4a:a2:06:7e:52:c5:40:99:ba:0b:48:02:02:42:7d:
         d9:a9:15:57
-----BEGIN CERTIFICATE-----
MIIFfTCCBGWgAwIBAgICMu8wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OUQ2NEQxMTAvBgNVBAUTKEM0MjIwRjUwMzU1NjQ3QjdDODBCMkNFOEJDNzEyNkFB
QzJFMjJEMzcwHhcNMjMwMzEwMTcyMDA4WhcNMjMxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDBiNjZjOC0yMjBjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAuAlrQai8qOPLq6F/tBYsU9h2/QxfVYvOb66LtvUjOdi/Kg9byc0QF9Tlakwh
PH0t7sOuPr88gbm4mojtWrnTPtN3eUnl0ksGClQLjfm7BsNGbMlDxDlCwXBXloEb
aS6ph6cnLG8GNfzkVg2rPut7wBuBexFVMwcWTVX2GGFS3Degb11oSQk7cJ8e23SC
4kmnbKdR1K5HagAHdAdCnh2hesUTtC+9NkK3kPQvYoYI0L/V7i8qHMYN3SDKqSrT
VSGf/rflXkrOgfihrGDdZ1bo5gonyEGGaQ4H4G7cLUp7pjFxiCMgWgPeW4KjrFab
7BZ5bfobSkQHWk2+i27860rU2wIDAQABo4ICoTCCAp0wHQYDVR0OBBYEFJ+T+VBm
VM6ACpx0hIaX/bLBXdzsMB8GA1UdIwQYMBaAFMQiD1A1Vke3yAss6LxxJqrC4i03
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5RDY0RC9EOTMzM0ZFNDFE
NkUxMUUyQTg1MDgwQjAwOEIwMkNEMi94Q0lQVURWV1I3ZklDeXpvdkhFbXFzTGlM
VGMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3hDSVBVRFZXUjdmSUN5em92SEVtcXNMaUxUYy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OUQ2NEQvRDkzMzNGRTQxRDZFMTFFMkE4NTA4MEIwMDhCMDJDRDIvOERFOEYyOEFC
QTY5MTFFQkJDMzBERDg0QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwKwYIKwYBBQUHAQcBAf8E
HDAaMBgEAgABMBIDBAJn/5QDBAS0ldADBAK2/zAwDQYJKoZIhvcNAQELBQADggEB
AIwvxlm08ytW/hE8FVPjdvpXGLYw62pUUcjIhHoPqU+pWarFQM1eQG8MhCmZUdVP
2cKt5tratF4L5/9KJFHpXdJ0+3Mbyn0WB00jQ9uZtrgbA3fILLS5PC8D058KSpTW
MDKWBniIzbdTVGckuTQ0/yF+2VQo0RPWJpF2aueNooauqj1ViFKwCeeao2UPzj6e
1x0F+yjZZqw2Xhd1sCBRWXlVhSsVn35V/T15ZbM5wkORBcR/H/sbMI3lvOlLyK/l
dHajbzNfv8h9QSB7ik1ybOUEoInUFhVHW0ESQaOc6mV/Fs439YnaA3yGKyqfe0qi
Bn5SxUCZugtIAgJCfdmpFVc=
-----END CERTIFICATE-----