Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/8AFA91307D7211EFB8CFBA31C4F9AE02.roa
File:                     8AFA91307D7211EFB8CFBA31C4F9AE02.roa (raw, json)
Hash identifier:          sHb0mKH9cEROIYmddlxRtWTnfpCz7dwLcp0pYU5YJHk=
Subject key identifier:   9D:C4:E8:55:07:51:9D:89:83:AA:11:45:AC:C0:C1:B2:70:20:00:A8
Certificate issuer:       /CN=A915A0CD/serialNumber=38193720821E07D6918E3A79FBE0823C6732E264
Certificate serial:       0AD3
Authority key identifier: 38:19:37:20:82:1E:07:D6:91:8E:3A:79:FB:E0:82:3C:67:32:E2:64
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/OBk3IIIeB9aRjjp5--CCPGcy4mQ.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/8AFA91307D7211EFB8CFBA31C4F9AE02.roa
Signing time:             Sat 28 Sep 2024 08:20:38 +0000
ROA not before:           Sat 28 Sep 2024 08:20:38 +0000
ROA not after:            Tue 30 Sep 2025 00:00:00 +0000
asID:                     43260
IP address blocks:        14.192.130.0/24 maxlen: 24
                          14.192.132.0/24 maxlen: 24
                          14.192.151.0/24 maxlen: 24
                          14.192.152.0/24 maxlen: 24
                          14.192.158.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Sun 29 Sep 2024 08:01:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2771 (0xad3)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A915A0CD
        Validity
            Not Before: Sep 28 08:20:38 2024 GMT
            Not After : Sep 30 00:00:00 2025 GMT
        Subject: CN=66f7bc56-a93e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:6b:8e:a7:24:3d:f1:47:8b:7a:e6:81:90:c5:
                    77:f7:52:4c:cb:3f:a7:92:5c:de:ae:c3:80:ef:43:
                    de:c7:55:ab:a7:ea:b1:7a:5a:38:6a:0f:a3:48:3f:
                    0b:c0:4b:29:90:21:8d:d4:50:b6:6d:ff:b9:11:bf:
                    64:28:0e:10:d6:67:d2:37:6a:5b:a2:2c:78:39:41:
                    87:3d:ca:a2:e9:ec:7d:6a:05:d8:56:81:74:3b:5f:
                    01:60:e4:5c:62:6c:a6:0b:5a:0b:5f:3c:dd:a8:fc:
                    37:b5:37:ba:55:a0:ac:26:cb:f6:7f:c1:76:7d:26:
                    d3:be:5a:0e:6a:92:c9:7e:ee:4d:d4:51:8d:e0:64:
                    2a:5b:70:95:2e:e9:2e:53:d9:31:16:8f:66:80:8a:
                    e8:82:b2:f4:a7:bb:03:63:82:87:49:61:c8:73:77:
                    ff:6b:d7:1e:53:f5:53:2e:5e:50:1b:b7:f2:18:2c:
                    bb:1f:d2:04:ce:cc:ce:9a:8d:b4:58:4c:e4:33:9e:
                    0b:f2:34:cc:43:e8:8d:b7:0a:96:48:cd:0c:ef:5a:
                    74:c1:8d:e4:b4:dd:f3:cd:fc:39:a0:50:89:74:1a:
                    ab:8d:f3:fb:96:35:b2:5c:1d:91:ff:88:fe:07:f5:
                    f3:c9:3f:cc:b2:cc:4b:43:73:d3:1e:09:e8:9e:19:
                    d0:05
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:C4:E8:55:07:51:9D:89:83:AA:11:45:AC:C0:C1:B2:70:20:00:A8
            X509v3 Authority Key Identifier:
                keyid:38:19:37:20:82:1E:07:D6:91:8E:3A:79:FB:E0:82:3C:67:32:E2:64

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/OBk3IIIeB9aRjjp5--CCPGcy4mQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/OBk3IIIeB9aRjjp5--CCPGcy4mQ.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/8AFA91307D7211EFB8CFBA31C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  14.192.130.0/24
                  14.192.132.0/24
                  14.192.151.0-14.192.152.255
                  14.192.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:aa:fe:40:99:7c:09:41:cb:7f:39:46:95:72:19:55:8c:df:
         5c:b8:36:09:48:93:09:b3:56:e4:db:ba:ee:68:0d:c5:69:1e:
         c6:23:e5:ef:19:7e:bb:8b:47:1a:72:91:1f:0c:31:7e:91:0f:
         fc:55:98:98:21:ec:c0:5c:2b:57:90:5a:78:e2:69:24:71:5a:
         57:4b:b2:e6:fb:9f:f3:58:38:f9:7d:49:e1:af:05:19:6d:d6:
         bd:90:48:89:6f:cb:56:5b:16:70:36:fb:37:81:c2:08:5c:6b:
         ec:7c:38:fe:79:92:a9:1c:58:83:34:38:39:fb:b8:a9:f6:05:
         d9:d5:f9:be:f2:e5:ed:28:8d:e4:68:c8:cf:4e:0e:47:3d:e5:
         c0:fa:0d:f7:4b:30:c0:6f:fe:36:16:64:63:dd:8f:12:12:73:
         6e:32:e9:31:fb:d2:93:73:73:43:26:b4:29:21:7b:a4:87:e8:
         3a:23:6a:70:6c:a0:81:41:b5:38:4f:d9:48:de:27:fa:2b:41:
         12:65:6a:f5:41:6d:c3:7f:b1:9f:6c:3c:a5:ef:1e:f2:ef:51:
         75:ae:d1:1f:46:5d:c4:46:fe:b6:6b:7d:c7:72:84:9e:5f:10:
         7d:23:19:18:31:56:67:a1:fa:ec:6b:15:6a:f9:6a:d4:57:4d:
         36:cd:d1:96
-----BEGIN CERTIFICATE-----
MIIFizCCBHOgAwIBAgICCtMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NUEwQ0QxMTAvBgNVBAUTKDM4MTkzNzIwODIxRTA3RDY5MThFM0E3OUZCRTA4MjND
NjczMkUyNjQwHhcNMjQwOTI4MDgyMDM4WhcNMjUwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NmY3YmM1Ni1hOTNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA32uOpyQ98UeLeuaBkMV391JMyz+nklzersOA70Pex1Wrp+qxelo4ag+jSD8L
wEspkCGN1FC2bf+5Eb9kKA4Q1mfSN2pboix4OUGHPcqi6ex9agXYVoF0O18BYORc
YmymC1oLXzzdqPw3tTe6VaCsJsv2f8F2fSbTvloOapLJfu5N1FGN4GQqW3CVLuku
U9kxFo9mgIrogrL0p7sDY4KHSWHIc3f/a9ceU/VTLl5QG7fyGCy7H9IEzszOmo20
WEzkM54L8jTMQ+iNtwqWSM0M71p0wY3ktN3zzfw5oFCJdBqrjfP7ljWyXB2R/4j+
B/XzyT/MssxLQ3PTHgnonhnQBQIDAQABo4ICrzCCAqswHQYDVR0OBBYEFJ3E6FUH
UZ2Jg6oRRazAwbJwIACoMB8GA1UdIwQYMBaAFDgZNyCCHgfWkY46efvggjxnMuJk
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1QTBDRC80NjcyM0YxRTg5
RUMxMUVBODFDMDRGMUVDNEY5QUUwMi9PQmszSUlJZUI5YVJqanA1LS1DQ1BHY3k0
bVEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL09CazNJSUllQjlhUmpqcDUtLUNDUEdjeTRtUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NUEwQ0QvNDY3MjNGMUU4OUVDMTFFQTgxQzA0RjFFQzRGOUFFMDIvOEFGQTkxMzA3
RDcyMTFFRkI4Q0ZCQTMxQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwOQYIKwYBBQUHAQcBAf8E
KjAoMCYEAgABMCADBAAOwIIDBAAOwIQwDAMEAA7AlwMEAA7AmAMEAA7AnjANBgkq
hkiG9w0BAQsFAAOCAQEAMar+QJl8CUHLfzlGlXIZVYzfXLg2CUiTCbNW5Nu67mgN
xWkexiPl7xl+u4tHGnKRHwwxfpEP/FWYmCHswFwrV5BaeOJpJHFaV0uy5vuf81g4
+X1J4a8FGW3WvZBIiW/LVlsWcDb7N4HCCFxr7Hw4/nmSqRxYgzQ4Ofu4qfYF2dX5
vvLl7SiN5GjIz04ORz3lwPoN90swwG/+NhZkY92PEhJzbjLpMfvSk3NzQya0KSF7
pIfoOiNqcGyggUG1OE/ZSN4n+itBEmVq9UFtw3+xn2w8pe8e8u9Rda7RH0ZdxEb+
tmt9x3KEnl8QfSMZGDFWZ6H67GsVavlq1FdNNs3Rlg==
-----END CERTIFICATE-----