Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91DEBE3/80AE10C6045011EABA82C415C4F9AE02/B0DBE16C42F311EDA8889068C4F9AE02.roa
File:                     B0DBE16C42F311EDA8889068C4F9AE02.roa (raw, json)
Hash identifier:          Z/s6q/iMwYY0ZB1A8qYbLGa8Dj5yGakcVdZ5mJJ6U94=
Subject key identifier:   67:76:40:74:E9:F8:6D:47:30:90:B4:64:F6:DB:B8:29:D3:73:DD:8B
Certificate issuer:       /CN=A91DEBE3/serialNumber=DE50542BEA108201A772C00BC9F251AD17FA96CD
Certificate serial:       0B23
Authority key identifier: DE:50:54:2B:EA:10:82:01:A7:72:C0:0B:C9:F2:51:AD:17:FA:96:CD
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/3lBUK-oQggGncsALyfJRrRf6ls0.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91DEBE3/80AE10C6045011EABA82C415C4F9AE02/B0DBE16C42F311EDA8889068C4F9AE02.roa
Signing time:             Tue 06 Jun 2023 20:30:59 +0000
ROA not before:           Tue 06 Jun 2023 20:30:59 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     4864
IP address blocks:        103.214.80.0/24 maxlen: 24
                          103.214.81.0/24 maxlen: 24
                          144.48.87.0/24 maxlen: 24
                          2404:d580::/32 maxlen: 32
                          2404:d580::/48 maxlen: 48
                          2404:d580::/120 maxlen: 120
                          2404:d580:1::/48 maxlen: 48
                          2404:d580:2::/48 maxlen: 48
                          2404:d580:3::/48 maxlen: 48
                          2404:d580:4::/48 maxlen: 48

Validation:               Failed, certificate revoked on Mon 26 Jun 2023 09:53:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2851 (0xb23)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91DEBE3/serialNumber=DE50542BEA108201A772C00BC9F251AD17FA96CD
        Validity
            Not Before: Jun  6 20:30:59 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=647f9782-00e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:89:53:b1:99:6a:71:5b:52:a3:7b:9b:bb:bb:
                    e9:35:20:4c:c6:7a:f4:61:22:68:7e:78:1d:90:80:
                    06:b7:ce:47:83:7b:3d:68:6d:39:7e:4d:b4:50:55:
                    a8:6e:6e:d2:fd:1b:ca:61:18:d9:7a:e8:29:74:9c:
                    e3:89:ff:c2:58:1b:e7:ee:0f:28:d0:1a:c9:1d:a7:
                    86:7d:8a:61:61:fa:ec:c1:44:6a:21:94:3d:11:62:
                    5a:cc:3a:67:c8:61:0c:0b:e0:2d:73:50:5e:ee:70:
                    0a:e2:85:13:d7:37:da:24:c5:d3:4a:26:47:f6:23:
                    56:11:b3:ce:6d:d2:a3:af:79:88:a1:36:1f:73:e2:
                    de:26:77:5b:93:5d:b8:7e:54:19:1d:cc:64:a7:df:
                    ca:f5:7d:cc:cc:f2:4c:5d:7e:fa:23:c5:cf:5e:a5:
                    1d:5a:30:36:7c:aa:34:25:25:6b:19:f2:09:a5:7d:
                    1f:7d:7a:18:78:59:cc:13:2e:3e:64:5e:61:ea:fe:
                    c2:33:34:71:b1:a7:2b:62:01:bd:2e:de:b3:58:e4:
                    b7:83:02:a6:6e:d7:99:9e:30:8a:9a:29:cb:5e:9f:
                    a7:43:fe:f0:3f:7e:91:10:eb:9d:62:df:ed:f0:8b:
                    00:4c:bd:f4:0f:34:20:32:b2:0f:18:3c:f6:00:2e:
                    57:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                67:76:40:74:E9:F8:6D:47:30:90:B4:64:F6:DB:B8:29:D3:73:DD:8B
            X509v3 Authority Key Identifier:
                keyid:DE:50:54:2B:EA:10:82:01:A7:72:C0:0B:C9:F2:51:AD:17:FA:96:CD

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91DEBE3/80AE10C6045011EABA82C415C4F9AE02/3lBUK-oQggGncsALyfJRrRf6ls0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/3lBUK-oQggGncsALyfJRrRf6ls0.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91DEBE3/80AE10C6045011EABA82C415C4F9AE02/B0DBE16C42F311EDA8889068C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.214.80.0/23
                  144.48.87.0/24
                IPv6:
                  2404:d580::/32

    Signature Algorithm: sha256WithRSAEncryption
         21:ac:42:0d:f6:7f:86:6a:b7:b9:fc:24:66:28:42:2b:33:df:
         a4:41:4b:72:b8:36:37:c6:6b:ae:5d:28:c5:61:7f:6b:cf:3c:
         a5:6d:d9:3f:20:58:e9:8e:5d:6b:0c:e0:f4:b1:32:b7:ca:36:
         81:03:b5:be:ee:02:de:b0:8d:7e:a0:b0:af:fd:be:a2:4b:1b:
         91:0e:8a:fe:6a:1a:20:16:a1:34:45:4e:78:76:6b:e5:65:da:
         64:2c:48:42:70:da:18:44:10:0b:5d:8e:f8:0d:b8:f7:70:f1:
         fd:47:fa:71:d3:05:98:b3:62:9e:2f:46:d6:2f:60:a7:cb:39:
         c3:64:b7:cf:5f:aa:86:1a:b7:7a:0f:49:1e:53:67:14:d4:65:
         a3:ee:b6:f5:da:b4:a7:ee:6d:45:ee:5c:e1:31:a5:3b:ae:72:
         19:c1:f4:bc:50:c3:80:fb:49:e7:74:e0:5b:65:e9:3a:50:9c:
         0d:37:01:ac:7b:b1:58:86:e6:e4:31:72:de:a3:da:a9:2a:c1:
         73:05:fc:85:83:63:b7:df:29:4b:ab:22:b5:49:82:ab:fa:19:
         99:45:4e:92:a6:2e:1f:18:e6:82:da:1a:1c:b5:b6:f1:42:d2:
         6f:c6:92:db:41:fb:6b:62:c0:3f:f6:53:a3:f3:67:ab:f1:7a:
         7b:07:90:71
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgICCyMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
REVCRTMxMTAvBgNVBAUTKERFNTA1NDJCRUExMDgyMDFBNzcyQzAwQkM5RjI1MUFE
MTdGQTk2Q0QwHhcNMjMwNjA2MjAzMDU5WhcNMjQwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDdmOTc4Mi0wMGU3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAu4lTsZlqcVtSo3ubu7vpNSBMxnr0YSJofngdkIAGt85Hg3s9aG05fk20UFWo
bm7S/RvKYRjZeugpdJzjif/CWBvn7g8o0BrJHaeGfYphYfrswURqIZQ9EWJazDpn
yGEMC+Atc1Be7nAK4oUT1zfaJMXTSiZH9iNWEbPObdKjr3mIoTYfc+LeJndbk124
flQZHcxkp9/K9X3MzPJMXX76I8XPXqUdWjA2fKo0JSVrGfIJpX0ffXoYeFnMEy4+
ZF5h6v7CMzRxsacrYgG9Lt6zWOS3gwKmbteZnjCKminLXp+nQ/7wP36REOudYt/t
8IsATL30DzQgMrIPGDz2AC5XWQIDAQABo4ICqjCCAqYwHQYDVR0OBBYEFGd2QHTp
+G1HMJC0ZPbbuCnTc92LMB8GA1UdIwQYMBaAFN5QVCvqEIIBp3LAC8nyUa0X+pbN
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFERUJFMy84MEFFMTBDNjA0
NTAxMUVBQkE4MkM0MTVDNEY5QUUwMi8zbEJVSy1vUWdnR25jc0FMeWZKUnJSZjZs
czAuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzNsQlVLLW9RZ2dHbmNzQUx5ZkpSclJmNmxzMC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
REVCRTMvODBBRTEwQzYwNDUwMTFFQUJBODJDNDE1QzRGOUFFMDIvQjBEQkUxNkM0
MkYzMTFFREE4ODg5MDY4QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNAYIKwYBBQUHAQcBAf8E
JTAjMBIEAgABMAwDBAFn1lADBACQMFcwDQQCAAIwBwMFACQE1YAwDQYJKoZIhvcN
AQELBQADggEBACGsQg32f4Zqt7n8JGYoQisz36RBS3K4NjfGa65dKMVhf2vPPKVt
2T8gWOmOXWsM4PSxMrfKNoEDtb7uAt6wjX6gsK/9vqJLG5EOiv5qGiAWoTRFTnh2
a+Vl2mQsSEJw2hhEEAtdjvgNuPdw8f1H+nHTBZizYp4vRtYvYKfLOcNkt89fqoYa
t3oPSR5TZxTUZaPutvXatKfubUXuXOExpTuuchnB9LxQw4D7Sed04Ftl6TpQnA03
Aax7sViG5uQxct6j2qkqwXMF/IWDY7ffKUurIrVJgqv6GZlFTpKmLh8Y5oLaGhy1
tvFC0m/GkttB+2tiwD/2U6PzZ6vxensHkHE=
-----END CERTIFICATE-----