Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A916701E/785D7ED21C0811EA8576B151C4F9AE02/B8CED4300DCF11EFAB827A69C4F9AE02.roa
File:                     B8CED4300DCF11EFAB827A69C4F9AE02.roa (raw, json)
Hash identifier:          ynaUuKRJ96/74tPClkiWEWCO0OXwZDvMMDEuBRATlRM=
Subject key identifier:   D9:2E:FC:A4:C5:B5:C0:2D:66:80:C4:32:C9:22:5A:E1:8D:D7:16:4C
Certificate issuer:       /CN=A916701E/serialNumber=50DE1C60733EA2B8B76E840360918E1F25C46E43
Certificate serial:       0B13
Authority key identifier: 50:DE:1C:60:73:3E:A2:B8:B7:6E:84:03:60:91:8E:1F:25:C4:6E:43
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/UN4cYHM-ori3boQDYJGOHyXEbkM.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A916701E/785D7ED21C0811EA8576B151C4F9AE02/B8CED4300DCF11EFAB827A69C4F9AE02.roa
Signing time:             Thu 09 May 2024 06:45:28 +0000
ROA not before:           Thu 09 May 2024 06:45:28 +0000
ROA not after:            Sun 02 Mar 2025 00:00:00 +0000
asID:                     58504
IP address blocks:        103.28.84.0/22 maxlen: 22
                          103.28.84.0/24 maxlen: 24
                          103.28.85.0/24 maxlen: 24
                          103.28.86.0/24 maxlen: 24
                          103.28.87.0/24 maxlen: 24
                          150.107.204.0/22 maxlen: 22
                          150.107.204.0/24 maxlen: 24
                          150.107.205.0/24 maxlen: 24
                          150.107.206.0/24 maxlen: 24
                          150.107.207.0/24 maxlen: 24
                          2406:b700::/32 maxlen: 48

Validation:               Failed, certificate revoked on Thu 09 May 2024 07:39:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2835 (0xb13)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A916701E/serialNumber=50DE1C60733EA2B8B76E840360918E1F25C46E43
        Validity
            Not Before: May  9 06:45:28 2024 GMT
            Not After : Mar  2 00:00:00 2025 GMT
        Subject: CN=663c7108-a6f0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:b2:6c:44:61:38:b5:e3:e1:fd:2b:cf:8c:64:
                    60:5a:c6:51:ca:1e:5c:f1:d7:10:6f:6c:b9:a0:63:
                    a7:ba:a7:89:50:b0:8d:40:e6:5a:5f:61:88:66:db:
                    fe:0c:2c:2f:bc:ab:0b:14:4e:21:76:f1:6e:24:b3:
                    ba:54:9f:0f:bb:a3:ca:48:61:f1:17:5e:73:e6:60:
                    48:2e:bf:7f:b2:09:0b:82:8f:73:57:05:bb:8b:fb:
                    80:62:e6:25:68:dd:1e:15:37:c1:83:47:13:ba:8b:
                    2a:0d:96:77:d0:41:ba:c4:d9:12:28:60:91:98:bc:
                    b4:6d:a3:62:b3:43:27:49:82:05:57:5c:8b:96:42:
                    53:18:4a:3a:9e:1c:b7:0c:24:6c:c3:e0:dd:39:34:
                    91:1a:28:6d:b7:3c:f4:15:c9:53:6c:06:d1:38:e9:
                    0b:85:95:96:9d:f2:4a:69:d6:6d:57:2a:fd:6a:61:
                    80:38:16:bb:29:63:08:ad:16:31:fb:cb:70:b5:c4:
                    a0:1f:c1:18:87:fc:93:68:13:cb:c5:ec:7d:ca:c8:
                    b1:f9:47:54:9e:09:4e:0e:61:ca:8f:42:fe:a2:74:
                    3c:5f:3d:fa:40:bb:74:8f:64:cf:5f:34:b6:b1:c4:
                    42:c7:4a:fa:c5:13:3d:f2:e0:df:9d:bc:86:2e:d5:
                    07:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:2E:FC:A4:C5:B5:C0:2D:66:80:C4:32:C9:22:5A:E1:8D:D7:16:4C
            X509v3 Authority Key Identifier:
                keyid:50:DE:1C:60:73:3E:A2:B8:B7:6E:84:03:60:91:8E:1F:25:C4:6E:43

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A916701E/785D7ED21C0811EA8576B151C4F9AE02/UN4cYHM-ori3boQDYJGOHyXEbkM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/UN4cYHM-ori3boQDYJGOHyXEbkM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A916701E/785D7ED21C0811EA8576B151C4F9AE02/B8CED4300DCF11EFAB827A69C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.28.84.0/22
                  150.107.204.0/22
                IPv6:
                  2406:b700::/32

    Signature Algorithm: sha256WithRSAEncryption
         7e:d2:fd:5b:f2:e0:7e:f0:18:f9:c6:43:6d:83:26:86:4e:29:
         da:fb:ac:2b:77:62:8e:b8:ff:22:f5:a7:c5:c5:33:7a:c7:be:
         9d:86:88:ad:ef:66:fd:0e:e1:41:6d:b0:24:95:a9:c9:94:ae:
         44:7e:ec:cd:d3:ef:d5:d1:9e:e6:3a:e4:5a:63:56:6f:94:f3:
         f6:33:c0:ef:1c:f2:de:71:6e:80:27:f8:35:13:c2:6c:8f:a3:
         b8:c6:02:ae:80:49:61:f7:eb:45:f7:0b:9c:25:6a:d8:f5:0f:
         aa:73:c0:72:c3:6d:44:20:9e:d8:c4:2d:40:18:88:c2:74:67:
         fb:1a:cb:f8:11:df:0c:3d:ca:cd:17:1a:26:ca:23:91:cf:d4:
         11:e8:6c:60:da:66:2e:81:e9:82:bc:e1:9d:2f:b2:91:32:28:
         ca:72:1b:fd:2e:0d:eb:31:f1:6d:c6:77:56:99:ca:3f:c3:af:
         a1:b5:a2:a7:b6:dd:e0:a3:90:3b:aa:8e:00:57:f5:1e:52:8e:
         a8:a0:b6:60:bf:ab:51:35:ea:ad:22:da:b5:f5:7d:b9:1e:8b:
         51:af:07:39:c0:c0:f7:18:a6:c0:84:7a:e1:ea:4d:86:cf:ca:
         b9:97:67:15:b8:82:93:f5:02:7f:12:ea:03:d6:57:16:54:fe:
         c0:bd:49:08
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgICCxMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NjcwMUUxMTAvBgNVBAUTKDUwREUxQzYwNzMzRUEyQjhCNzZFODQwMzYwOTE4RTFG
MjVDNDZFNDMwHhcNMjQwNTA5MDY0NTI4WhcNMjUwMzAyMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjNjNzEwOC1hNmYwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA8bJsRGE4tePh/SvPjGRgWsZRyh5c8dcQb2y5oGOnuqeJULCNQOZaX2GIZtv+
DCwvvKsLFE4hdvFuJLO6VJ8Pu6PKSGHxF15z5mBILr9/sgkLgo9zVwW7i/uAYuYl
aN0eFTfBg0cTuosqDZZ30EG6xNkSKGCRmLy0baNis0MnSYIFV1yLlkJTGEo6nhy3
DCRsw+DdOTSRGihttzz0FclTbAbROOkLhZWWnfJKadZtVyr9amGAOBa7KWMIrRYx
+8twtcSgH8EYh/yTaBPLxex9ysix+UdUnglODmHKj0L+onQ8Xz36QLt0j2TPXzS2
scRCx0r6xRM98uDfnbyGLtUHTQIDAQABo4ICqjCCAqYwHQYDVR0OBBYEFNku/KTF
tcAtZoDEMskiWuGN1xZMMB8GA1UdIwQYMBaAFFDeHGBzPqK4t26EA2CRjh8lxG5D
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE2NzAxRS83ODVEN0VEMjFD
MDgxMUVBODU3NkIxNTFDNEY5QUUwMi9VTjRjWUhNLW9yaTNib1FEWUpHT0h5WEVi
a00uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1VONGNZSE0tb3JpM2JvUURZSkdPSHlYRWJrTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NjcwMUUvNzg1RDdFRDIxQzA4MTFFQTg1NzZCMTUxQzRGOUFFMDIvQjhDRUQ0MzAw
RENGMTFFRkFCODI3QTY5QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNAYIKwYBBQUHAQcBAf8E
JTAjMBIEAgABMAwDBAJnHFQDBAKWa8wwDQQCAAIwBwMFACQGtwAwDQYJKoZIhvcN
AQELBQADggEBAH7S/Vvy4H7wGPnGQ22DJoZOKdr7rCt3Yo64/yL1p8XFM3rHvp2G
iK3vZv0O4UFtsCSVqcmUrkR+7M3T79XRnuY65FpjVm+U8/YzwO8c8t5xboAn+DUT
wmyPo7jGAq6ASWH360X3C5wlatj1D6pzwHLDbUQgntjELUAYiMJ0Z/say/gR3ww9
ys0XGibKI5HP1BHobGDaZi6B6YK84Z0vspEyKMpyG/0uDesx8W3Gd1aZyj/Dr6G1
oqe23eCjkDuqjgBX9R5SjqigtmC/q1E16q0i2rX1fbkei1GvBznAwPcYpsCEeuHq
TYbPyrmXZxW4gpP1An8S6gPWVxZU/sC9SQg=
-----END CERTIFICATE-----