Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/A504ED22E3FD11EFA5735354C4F9AE02.roa
File:                     A504ED22E3FD11EFA5735354C4F9AE02.roa (raw, json)
Hash identifier:          n64H4xN02i18W5IGAnXXF2opgtDOgfnnXE8nK74N+gQ=
Subject key identifier:   01:B4:8B:53:30:43:D9:59:1A:C9:5E:55:D4:7A:66:F7:1D:05:5E:BE
Certificate issuer:       /CN=A915A0CD/serialNumber=38193720821E07D6918E3A79FBE0823C6732E264
Certificate serial:       0C55
Authority key identifier: 38:19:37:20:82:1E:07:D6:91:8E:3A:79:FB:E0:82:3C:67:32:E2:64
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/OBk3IIIeB9aRjjp5--CCPGcy4mQ.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/A504ED22E3FD11EFA5735354C4F9AE02.roa
Signing time:             Wed 05 Feb 2025 20:13:21 +0000
ROA not before:           Wed 05 Feb 2025 20:13:21 +0000
ROA not after:            Tue 30 Sep 2025 00:00:00 +0000
asID:                     208485
IP address blocks:        14.192.138.0/24 maxlen: 24
                          14.192.139.0/24 maxlen: 24
                          14.192.143.0/24 maxlen: 24
                          14.192.158.0/24 maxlen: 24
                          43.247.123.0/24 maxlen: 24
                          103.20.135.0/24 maxlen: 24
                          111.92.157.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Sun 09 Feb 2025 07:07:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3157 (0xc55)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A915A0CD
        Validity
            Not Before: Feb  5 20:13:21 2025 GMT
            Not After : Sep 30 00:00:00 2025 GMT
        Subject: CN=67a3c660-ca08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:5c:4a:5c:cb:a1:a8:cb:18:21:78:54:e7:a2:
                    9a:32:d0:17:60:4d:e9:63:09:b0:70:46:3b:43:a9:
                    ee:b3:fd:0a:e8:72:fe:51:c3:c3:1f:af:4e:2e:8c:
                    5b:a5:c0:e4:34:76:d1:e8:d3:74:d1:f3:e6:65:1d:
                    ce:b8:06:28:0e:1f:da:20:82:88:b1:f8:71:e2:ac:
                    68:09:24:f1:62:07:64:81:ee:b4:4a:2f:e6:50:2d:
                    0f:1e:d4:d3:6b:0f:48:a7:11:dd:96:8e:c2:b0:19:
                    db:64:7c:7f:cc:34:b3:df:a5:6c:95:e9:18:74:31:
                    aa:31:5e:4b:80:75:8a:a7:42:5c:ac:2b:93:02:d2:
                    6e:c9:6a:b3:3f:b5:fb:ec:90:4d:3f:4b:4e:9a:5e:
                    41:b9:e8:9b:f0:09:44:1f:b6:58:dc:1f:d0:ec:62:
                    80:68:1b:ad:81:b3:bb:b6:64:64:e8:dd:35:d9:d4:
                    5e:86:67:1e:26:db:fb:a5:2b:58:c1:01:2d:55:fc:
                    f6:07:13:b3:ac:98:27:69:35:77:d2:90:af:56:42:
                    8a:3d:f6:54:8a:cd:b1:8c:35:fc:ae:88:00:8f:05:
                    fa:7a:d4:85:3b:7a:3f:f3:8f:cf:5f:ed:25:d5:d1:
                    d9:3a:ce:a4:a4:b7:91:06:7e:59:5e:31:48:fd:d7:
                    50:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                01:B4:8B:53:30:43:D9:59:1A:C9:5E:55:D4:7A:66:F7:1D:05:5E:BE
            X509v3 Authority Key Identifier:
                keyid:38:19:37:20:82:1E:07:D6:91:8E:3A:79:FB:E0:82:3C:67:32:E2:64

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/OBk3IIIeB9aRjjp5--CCPGcy4mQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/OBk3IIIeB9aRjjp5--CCPGcy4mQ.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/A504ED22E3FD11EFA5735354C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  14.192.138.0/23
                  14.192.143.0/24
                  14.192.158.0/24
                  43.247.123.0/24
                  103.20.135.0/24
                  111.92.157.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:23:a5:86:66:cc:ed:e1:3f:6d:7e:4d:c3:76:17:0e:4f:03:
         61:97:01:a7:f8:79:c9:62:88:b3:c6:e5:4c:fe:8a:09:a8:4e:
         8c:24:be:44:9f:15:37:b5:3d:8e:81:e2:bc:78:66:d1:58:74:
         33:41:bf:26:23:7b:cc:64:05:aa:cd:02:59:28:f7:aa:25:cd:
         b5:18:13:f2:81:79:64:8a:f1:a0:04:80:17:ee:fd:88:7f:9b:
         11:53:7d:b3:c0:86:72:c9:8f:78:28:da:bf:ca:f8:07:98:36:
         20:36:d2:1e:f8:15:32:1c:74:44:d1:f8:f7:cf:e9:5a:2d:cb:
         d3:e0:54:65:e2:5e:24:f0:8b:ff:ef:93:5d:7f:d6:56:17:6f:
         34:71:51:43:12:5c:83:f8:44:02:da:d0:b0:cd:2a:39:02:78:
         9e:17:77:a2:5a:42:63:1f:59:36:03:ee:e5:0c:6a:d8:c1:2f:
         46:fb:8b:ea:a5:95:65:73:c7:23:5d:80:57:d4:c0:a7:6f:8e:
         4d:56:a5:20:dc:c3:13:c7:3f:5c:cb:31:47:c9:2f:b1:06:28:
         c1:e6:c3:2a:51:fa:8d:af:3b:e6:fc:82:04:35:cb:cd:d8:d7:
         b3:be:30:a7:9a:a6:68:12:93:20:1a:23:c5:cc:40:b2:ec:ec:
         08:4b:f2:d2
-----BEGIN CERTIFICATE-----
MIIFjzCCBHegAwIBAgICDFUwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NUEwQ0QxMTAvBgNVBAUTKDM4MTkzNzIwODIxRTA3RDY5MThFM0E3OUZCRTA4MjND
NjczMkUyNjQwHhcNMjUwMjA1MjAxMzIxWhcNMjUwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02N2EzYzY2MC1jYTA4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAxFxKXMuhqMsYIXhU56KaMtAXYE3pYwmwcEY7Q6nus/0K6HL+UcPDH69OLoxb
pcDkNHbR6NN00fPmZR3OuAYoDh/aIIKIsfhx4qxoCSTxYgdkge60Si/mUC0PHtTT
aw9IpxHdlo7CsBnbZHx/zDSz36VslekYdDGqMV5LgHWKp0JcrCuTAtJuyWqzP7X7
7JBNP0tOml5Bueib8AlEH7ZY3B/Q7GKAaButgbO7tmRk6N012dRehmceJtv7pStY
wQEtVfz2BxOzrJgnaTV30pCvVkKKPfZUis2xjDX8rogAjwX6etSFO3o/84/PX+0l
1dHZOs6kpLeRBn5ZXjFI/ddQawIDAQABo4ICszCCAq8wHQYDVR0OBBYEFAG0i1Mw
Q9lZGsleVdR6ZvcdBV6+MB8GA1UdIwQYMBaAFDgZNyCCHgfWkY46efvggjxnMuJk
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1QTBDRC80NjcyM0YxRTg5
RUMxMUVBODFDMDRGMUVDNEY5QUUwMi9PQmszSUlJZUI5YVJqanA1LS1DQ1BHY3k0
bVEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL09CazNJSUllQjlhUmpqcDUtLUNDUEdjeTRtUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NUEwQ0QvNDY3MjNGMUU4OUVDMTFFQTgxQzA0RjFFQzRGOUFFMDIvQTUwNEVEMjJF
M0ZEMTFFRkE1NzM1MzU0QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwPQYIKwYBBQUHAQcBAf8E
LjAsMCoEAgABMCQDBAEOwIoDBAAOwI8DBAAOwJ4DBAAr93sDBABnFIcDBABvXJ0w
DQYJKoZIhvcNAQELBQADggEBADAjpYZmzO3hP21+TcN2Fw5PA2GXAaf4ecliiLPG
5Uz+igmoTowkvkSfFTe1PY6B4rx4ZtFYdDNBvyYje8xkBarNAlko96olzbUYE/KB
eWSK8aAEgBfu/Yh/mxFTfbPAhnLJj3go2r/K+AeYNiA20h74FTIcdETR+PfP6Vot
y9PgVGXiXiTwi//vk11/1lYXbzRxUUMSXIP4RALa0LDNKjkCeJ4Xd6JaQmMfWTYD
7uUMatjBL0b7i+qllWVzxyNdgFfUwKdvjk1WpSDcwxPHP1zLMUfJL7EGKMHmwypR
+o2vO+b8ggQ1y83Y17O+MKeapmgSkyAaI8XMQLLs7AhL8tI=
-----END CERTIFICATE-----