Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/7791F830AE3711EB951B2711C4F9AE02.roa
File:                     7791F830AE3711EB951B2711C4F9AE02.roa (raw, json)
Hash identifier:          Leyqp0oieFe41dFc2QIus+jrovCD1mbYgWrupAnFoRU=
Subject key identifier:   D4:D3:C0:77:6B:15:51:5B:64:05:F7:42:54:68:A2:98:6B:E8:83:93
Certificate issuer:       /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial:       6AE7
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/7791F830AE3711EB951B2711C4F9AE02.roa
Signing time:             Wed 10 May 2023 16:17:03 +0000
ROA not before:           Wed 10 May 2023 16:17:03 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     134014
IP address blocks:        45.126.168.0/22 maxlen: 24
                          103.59.200.0/22 maxlen: 24
                          103.66.232.0/22 maxlen: 24
                          103.137.94.0/24 maxlen: 24
                          103.185.178.0/24 maxlen: 24
                          103.185.236.0/23 maxlen: 24
                          103.198.100.0/22 maxlen: 24
                          182.54.148.0/22 maxlen: 24
                          2001:df0:99c0::/48 maxlen: 48
                          2402:fbc0::/32 maxlen: 48

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 27367 (0x6ae7)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
        Validity
            Not Before: May 10 16:17:03 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=645bc37f-e1d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:bc:dc:60:e0:a9:70:46:4d:3d:42:6b:da:90:
                    a5:bf:c7:13:1b:6d:e2:8c:0c:7f:ea:a0:d4:21:7f:
                    a0:74:77:79:7e:78:e9:fc:32:5a:19:14:7c:e8:25:
                    07:80:d6:31:ea:ef:cb:58:51:e8:2f:21:3b:51:e0:
                    02:1c:92:03:e9:ab:32:aa:18:40:e9:24:bb:b1:db:
                    65:77:ff:88:2e:dd:45:25:24:30:aa:47:85:fe:5b:
                    34:29:2a:e7:81:f9:8f:17:03:26:dd:2d:5d:11:89:
                    28:54:23:2b:90:06:15:a9:aa:0c:07:18:12:67:ba:
                    0c:28:c4:c9:9b:84:7e:75:a3:7d:62:b0:f4:27:94:
                    7a:5c:b7:3c:9d:41:33:f0:07:03:e1:04:82:e2:cb:
                    39:4f:f1:0b:02:b0:fa:5a:77:10:df:b3:ed:ee:e5:
                    49:b7:b6:d8:4d:02:00:90:29:9d:4f:86:a2:90:83:
                    1f:01:b7:bb:09:65:23:48:13:10:e6:a1:de:86:77:
                    48:2f:27:85:8c:da:2a:bd:3e:28:b9:d3:fe:27:bd:
                    dd:9a:7c:01:95:76:fd:55:c6:e9:42:c8:75:ff:92:
                    b6:34:70:14:77:14:77:84:73:f2:e0:48:0d:dd:f0:
                    92:36:92:29:19:15:50:9b:57:a0:ca:42:40:18:0a:
                    a1:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:D3:C0:77:6B:15:51:5B:64:05:F7:42:54:68:A2:98:6B:E8:83:93
            X509v3 Authority Key Identifier:
                keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/7791F830AE3711EB951B2711C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.126.168.0/22
                  103.59.200.0/22
                  103.66.232.0/22
                  103.137.94.0/24
                  103.185.178.0/24
                  103.185.236.0/23
                  103.198.100.0/22
                  182.54.148.0/22
                IPv6:
                  2001:df0:99c0::/48
                  2402:fbc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         ac:cb:47:a7:a3:39:0e:53:d3:0c:2e:ad:1a:c6:54:1d:e1:82:
         01:53:a5:b7:5e:06:3c:6b:28:52:e0:ce:ea:30:22:60:8d:02:
         f2:9e:2e:c1:b2:b0:8f:0c:5c:27:45:17:ee:34:6a:5e:a4:0f:
         0d:cb:27:01:da:b4:b2:5e:25:26:4e:b9:42:2c:28:6b:e2:b7:
         bb:b7:81:6b:71:52:7b:dc:69:b7:db:1c:7f:95:1f:73:d3:01:
         36:c6:af:de:e4:c6:75:36:dd:8e:0d:1d:00:0b:b0:48:e4:b0:
         58:45:0f:d1:47:29:9a:15:7e:87:ba:0b:9a:34:f1:86:fd:23:
         1b:3b:71:09:5d:54:65:ae:18:96:53:19:f4:1e:f9:7c:c0:e2:
         12:9e:05:80:d0:89:6f:1c:55:03:38:d8:1c:fd:cd:0b:81:6e:
         65:04:8a:b7:c3:54:26:f1:14:fe:6a:94:1a:08:1e:2a:e2:c1:
         15:e3:13:95:22:58:a6:c4:7e:e5:ab:99:09:3a:99:96:4c:09:
         30:40:94:80:74:b2:b6:7e:a8:e8:39:a6:da:f6:d0:e3:61:04:
         8a:bf:44:13:0f:58:8d:2e:ad:43:b5:d2:d2:27:a1:34:89:05:
         80:75:92:11:d9:7b:4a:fa:a1:66:b5:d0:87:6d:30:e3:55:d3:
         3f:03:42:9f
-----BEGIN CERTIFICATE-----
MIIFszCCBJugAwIBAgICaucwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OEVEQjIxMTAvBgNVBAUTKDI5NkVEQjY0RjNBRjZFOUQ5ODA5MzJFODE2Rjk1OTgz
RTNBQkM4MjMwHhcNMjMwNTEwMTYxNzAzWhcNMjQwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDViYzM3Zi1lMWQyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAvLzcYOCpcEZNPUJr2pClv8cTG23ijAx/6qDUIX+gdHd5fnjp/DJaGRR86CUH
gNYx6u/LWFHoLyE7UeACHJID6asyqhhA6SS7sdtld/+ILt1FJSQwqkeF/ls0KSrn
gfmPFwMm3S1dEYkoVCMrkAYVqaoMBxgSZ7oMKMTJm4R+daN9YrD0J5R6XLc8nUEz
8AcD4QSC4ss5T/ELArD6WncQ37Pt7uVJt7bYTQIAkCmdT4aikIMfAbe7CWUjSBMQ
5qHehndILyeFjNoqvT4oudP+J73dmnwBlXb9VcbpQsh1/5K2NHAUdxR3hHPy4EgN
3fCSNpIpGRVQm1egykJAGAqh8wIDAQABo4IC1zCCAtMwHQYDVR0OBBYEFNTTwHdr
FVFbZAX3QlRoophr6IOTMB8GA1UdIwQYMBaAFClu22Tzr26dmAky6Bb5WYPjq8gj
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4RURCMi8yQTQzRTMwQzcw
RTkxMUUyQjM2RDRCNkIyOTc5QkIyMC9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5
Q00uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0tXN2JaUE92YnAyWUNUTG9GdmxaZy1PcnlDTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OEVEQjIvMkE0M0UzMEM3MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvNzc5MUY4MzBB
RTM3MTFFQjk1MUIyNzExQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwYQYIKwYBBQUHAQcBAf8E
UjBQMDYEAgABMDADBAItfqgDBAJnO8gDBAJnQugDBABniV4DBABnubIDBAFnuewD
BAJnxmQDBAK2NpQwFgQCAAIwEAMHACABDfCZwAMFACQC+8AwDQYJKoZIhvcNAQEL
BQADggEBAKzLR6ejOQ5T0wwurRrGVB3hggFTpbdeBjxrKFLgzuowImCNAvKeLsGy
sI8MXCdFF+40al6kDw3LJwHatLJeJSZOuUIsKGvit7u3gWtxUnvcabfbHH+VH3PT
ATbGr97kxnU23Y4NHQALsEjksFhFD9FHKZoVfoe6C5o08Yb9Ixs7cQldVGWuGJZT
GfQe+XzA4hKeBYDQiW8cVQM42Bz9zQuBbmUEirfDVCbxFP5qlBoIHiriwRXjE5Ui
WKbEfuWrmQk6mZZMCTBAlIB0srZ+qOg5ptr20ONhBIq/RBMPWI0urUO10tInoTSJ
BYB1khHZe0r6oWa10IdtMONV0z8DQp8=
-----END CERTIFICATE-----