Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/46B350DC6A2311EF9272A174C4F9AE02.roa
File:                     46B350DC6A2311EF9272A174C4F9AE02.roa (raw, json)
Hash identifier:          b9akLa507AuHL1eX4vUpAq5EFsSUaplLDj4AMRzZ87Q=
Subject key identifier:   BB:26:90:E4:12:99:9A:01:24:ED:CC:AF:6D:A9:4B:93:2F:66:3F:85
Certificate issuer:       /CN=A915A0CD/serialNumber=38193720821E07D6918E3A79FBE0823C6732E264
Certificate serial:       0ABF
Authority key identifier: 38:19:37:20:82:1E:07:D6:91:8E:3A:79:FB:E0:82:3C:67:32:E2:64
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/OBk3IIIeB9aRjjp5--CCPGcy4mQ.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/46B350DC6A2311EF9272A174C4F9AE02.roa
Signing time:             Sun 22 Sep 2024 11:52:37 +0000
ROA not before:           Sun 22 Sep 2024 11:52:37 +0000
ROA not after:            Tue 30 Sep 2025 00:00:00 +0000
asID:                     43260
IP address blocks:        14.192.130.0/24 maxlen: 24
                          14.192.132.0/24 maxlen: 24
                          14.192.133.0/24 maxlen: 24
                          14.192.151.0/24 maxlen: 24
                          14.192.152.0/24 maxlen: 24
                          14.192.153.0/24 maxlen: 24
                          14.192.156.0/24 maxlen: 24
                          14.192.157.0/24 maxlen: 24
                          14.192.158.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Sat 28 Sep 2024 08:20:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2751 (0xabf)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A915A0CD
        Validity
            Not Before: Sep 22 11:52:37 2024 GMT
            Not After : Sep 30 00:00:00 2025 GMT
        Subject: CN=66f00505-1b95
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:3e:39:14:23:76:18:4a:63:b1:52:aa:74:e4:
                    b4:03:12:75:62:91:fd:dc:d4:63:38:23:4a:93:b2:
                    03:a3:c7:10:31:c3:85:4e:78:02:f9:31:8f:b9:14:
                    00:d4:85:56:b1:52:64:ec:9a:f4:3a:d8:82:44:b4:
                    c6:fb:32:41:42:87:8e:eb:9b:f1:84:6b:41:63:e2:
                    6b:8e:e5:00:22:b8:99:04:5d:40:59:94:c0:84:4f:
                    5c:d6:f6:33:71:33:28:5d:ab:0d:71:ad:73:0d:8e:
                    09:63:37:ad:97:24:0f:9d:31:1b:fa:8a:2d:8b:c0:
                    27:e4:12:26:5a:02:71:d6:82:cf:1a:0e:98:f7:7f:
                    99:b4:4c:f5:a7:3e:ef:89:1a:a1:13:26:50:bd:1e:
                    aa:94:aa:bc:7d:2d:91:d0:55:23:d5:09:11:ee:42:
                    bd:12:35:24:52:f0:34:b1:51:ec:ea:2b:ed:be:16:
                    15:07:39:07:49:b8:b3:fe:a8:1a:93:56:79:82:40:
                    e2:11:df:04:86:d8:0f:72:d6:bd:7a:9b:e3:2e:d1:
                    8a:91:d9:50:3b:ec:57:44:fb:0f:08:e4:ca:c9:9d:
                    da:53:a9:06:73:34:f4:e4:e6:db:0a:3f:ef:fb:09:
                    54:ec:da:4f:ee:55:cd:c0:87:9c:ac:1b:31:86:76:
                    ef:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:26:90:E4:12:99:9A:01:24:ED:CC:AF:6D:A9:4B:93:2F:66:3F:85
            X509v3 Authority Key Identifier:
                keyid:38:19:37:20:82:1E:07:D6:91:8E:3A:79:FB:E0:82:3C:67:32:E2:64

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/OBk3IIIeB9aRjjp5--CCPGcy4mQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/OBk3IIIeB9aRjjp5--CCPGcy4mQ.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/46B350DC6A2311EF9272A174C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  14.192.130.0/24
                  14.192.132.0/23
                  14.192.151.0-14.192.153.255
                  14.192.156.0-14.192.158.255

    Signature Algorithm: sha256WithRSAEncryption
         47:f7:a5:b2:c5:59:c5:26:c3:2d:56:fc:b9:a9:78:d5:ce:86:
         60:11:41:93:2f:5d:da:7a:07:48:09:5f:7c:cf:73:9b:c1:e4:
         bd:fe:de:cc:13:b8:1b:13:19:8d:dd:d7:1d:b3:eb:5a:d0:e6:
         2d:98:42:93:6a:9d:96:f9:32:50:40:67:52:33:9c:25:86:6b:
         01:5b:75:2e:a6:e7:1d:7e:0a:93:02:b5:4c:84:93:b0:6d:2c:
         0a:f3:66:a9:fb:2c:a3:26:df:32:62:73:48:7a:5b:c4:17:f4:
         6d:55:8e:50:02:08:36:47:65:4e:7b:10:ca:8c:dd:ee:5a:aa:
         40:a3:73:d1:38:13:01:cb:ea:bf:20:95:db:06:ec:2e:73:3c:
         1a:8e:88:39:a9:ae:10:f2:65:15:0f:8c:7f:58:1e:9c:39:f2:
         46:b8:02:ad:90:d3:cd:67:a6:b9:52:0d:3f:18:65:66:d8:e9:
         27:54:dc:da:79:0b:89:9d:d2:4c:1b:48:fb:32:b9:0c:a1:32:
         f8:dc:c6:29:d8:34:b6:e9:57:db:ca:7b:9f:2a:a5:91:f2:b3:
         81:8e:43:07:72:1b:f9:92:25:58:cb:76:20:49:1f:58:41:b6:
         f7:e6:ef:ea:6a:c5:02:f1:cb:46:22:54:13:1e:a7:1c:c2:d9:
         e7:37:e4:fd
-----BEGIN CERTIFICATE-----
MIIFkzCCBHugAwIBAgICCr8wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NUEwQ0QxMTAvBgNVBAUTKDM4MTkzNzIwODIxRTA3RDY5MThFM0E3OUZCRTA4MjND
NjczMkUyNjQwHhcNMjQwOTIyMTE1MjM3WhcNMjUwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NmYwMDUwNS0xYjk1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAzz45FCN2GEpjsVKqdOS0AxJ1YpH93NRjOCNKk7IDo8cQMcOFTngC+TGPuRQA
1IVWsVJk7Jr0OtiCRLTG+zJBQoeO65vxhGtBY+JrjuUAIriZBF1AWZTAhE9c1vYz
cTMoXasNca1zDY4JYzetlyQPnTEb+ooti8An5BImWgJx1oLPGg6Y93+ZtEz1pz7v
iRqhEyZQvR6qlKq8fS2R0FUj1QkR7kK9EjUkUvA0sVHs6ivtvhYVBzkHSbiz/qga
k1Z5gkDiEd8EhtgPcta9epvjLtGKkdlQO+xXRPsPCOTKyZ3aU6kGczT05ObbCj/v
+wlU7NpP7lXNwIecrBsxhnbvJwIDAQABo4ICtzCCArMwHQYDVR0OBBYEFLsmkOQS
mZoBJO3Mr22pS5MvZj+FMB8GA1UdIwQYMBaAFDgZNyCCHgfWkY46efvggjxnMuJk
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1QTBDRC80NjcyM0YxRTg5
RUMxMUVBODFDMDRGMUVDNEY5QUUwMi9PQmszSUlJZUI5YVJqanA1LS1DQ1BHY3k0
bVEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL09CazNJSUllQjlhUmpqcDUtLUNDUEdjeTRtUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NUEwQ0QvNDY3MjNGMUU4OUVDMTFFQTgxQzA0RjFFQzRGOUFFMDIvNDZCMzUwREM2
QTIzMTFFRjkyNzJBMTc0QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwQQYIKwYBBQUHAQcBAf8E
MjAwMC4EAgABMCgDBAAOwIIDBAEOwIQwDAMEAA7AlwMEAQ7AmDAMAwQCDsCcAwQA
DsCeMA0GCSqGSIb3DQEBCwUAA4IBAQBH96WyxVnFJsMtVvy5qXjVzoZgEUGTL13a
egdICV98z3ObweS9/t7ME7gbExmN3dcds+ta0OYtmEKTap2W+TJQQGdSM5wlhmsB
W3UupucdfgqTArVMhJOwbSwK82ap+yyjJt8yYnNIelvEF/RtVY5QAgg2R2VOexDK
jN3uWqpAo3PROBMBy+q/IJXbBuwuczwajog5qa4Q8mUVD4x/WB6cOfJGuAKtkNPN
Z6a5Ug0/GGVm2OknVNzaeQuJndJMG0j7MrkMoTL43MYp2DS26VfbynufKqWR8rOB
jkMHchv5kiVYy3YgSR9YQbb35u/qasUC8ctGIlQTHqccwtnnN+T9
-----END CERTIFICATE-----