Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/CCC10E7449AE11EBBE264E87C4F9AE02.roa
File:                     CCC10E7449AE11EBBE264E87C4F9AE02.roa (raw, json)
Hash identifier:          w6J429tfTPYzxMOHpl1Wx4Z6MjXP+vAvOW/i3pXLYRU=
Subject key identifier:   CA:5E:95:9B:B4:44:07:7E:D6:67:76:F1:63:3F:9E:E9:94:F3:05:FB
Certificate issuer:       /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial:       6E8F
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/CCC10E7449AE11EBBE264E87C4F9AE02.roa
Signing time:             Wed 10 May 2023 16:34:36 +0000
ROA not before:           Wed 10 May 2023 16:34:36 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     141312
IP address blocks:        103.159.10.0/23 maxlen: 24
                          103.181.222.0/23 maxlen: 24
                          103.185.202.0/23 maxlen: 24
                          103.191.90.0/23 maxlen: 24
                          2400:cc20::/32 maxlen: 32
                          2400:cc20::/48 maxlen: 48
                          2400:cc20:1::/48 maxlen: 48
                          2400:cc20:2::/48 maxlen: 48
                          2400:cc20:3::/48 maxlen: 48
                          2400:cc20:4::/48 maxlen: 48
                          2400:cc20:5::/48 maxlen: 48
                          2400:cc20:6::/48 maxlen: 48
                          2400:cc20:7::/48 maxlen: 48
                          2400:cc20:8::/48 maxlen: 48
                          2400:cc20:9::/48 maxlen: 48
                          2400:cc20:a::/48 maxlen: 48

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 28303 (0x6e8f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
        Validity
            Not Before: May 10 16:34:36 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=645bc79c-463b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:a0:a6:09:4a:09:10:fa:a0:78:c3:c9:c6:9b:
                    9e:7f:8e:5e:84:8e:e3:08:81:b0:76:b2:7a:c9:fc:
                    75:00:84:5e:ca:49:fc:80:72:e9:01:9d:b0:b7:3e:
                    1b:c1:e6:b4:91:c6:6a:27:2e:69:47:1c:c3:47:0b:
                    e2:24:ca:cd:03:22:72:be:39:31:c1:07:0a:3d:ab:
                    77:5b:4a:3f:37:d8:4b:a6:64:db:82:5d:db:65:61:
                    30:05:93:7f:c0:36:a7:6a:4e:42:25:9c:56:ac:3d:
                    75:08:cf:a3:9d:00:b0:46:91:5e:94:90:55:55:c1:
                    a7:17:54:5c:03:f7:2d:95:5d:78:6e:a2:c5:56:26:
                    dc:f9:14:5a:cc:14:45:24:4d:8b:e0:07:d5:04:43:
                    19:d4:0b:cc:7b:f0:9c:8a:b5:5c:9a:e2:a1:eb:8b:
                    dd:37:dc:b9:5e:87:09:b7:7f:f4:16:13:67:14:b9:
                    d0:14:ec:e7:d4:ad:7a:c7:bf:ba:c7:5e:29:ea:f1:
                    16:40:06:d8:de:b0:af:ba:47:ed:8e:e3:ec:19:97:
                    4b:49:db:83:2a:d4:11:04:a1:7d:19:0c:5e:fd:c3:
                    f4:1a:d2:6d:9d:ea:33:12:43:85:07:23:eb:03:50:
                    f5:06:41:2f:d1:85:e4:bd:66:0c:ad:08:a9:26:83:
                    42:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:5E:95:9B:B4:44:07:7E:D6:67:76:F1:63:3F:9E:E9:94:F3:05:FB
            X509v3 Authority Key Identifier:
                keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/CCC10E7449AE11EBBE264E87C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.159.10.0/23
                  103.181.222.0/23
                  103.185.202.0/23
                  103.191.90.0/23
                IPv6:
                  2400:cc20::/32

    Signature Algorithm: sha256WithRSAEncryption
         69:bc:87:09:a1:34:cf:6b:ee:9b:15:c6:bb:c4:92:a5:19:c0:
         e6:12:63:c0:9f:de:ef:dd:4b:f1:74:5a:6e:87:3b:35:91:a3:
         e0:45:96:5e:ab:43:b6:74:e1:aa:b0:92:29:6a:14:0d:5e:84:
         f1:ce:7e:f5:46:6b:f7:ec:34:bc:63:3f:44:61:6a:d9:a5:01:
         fd:10:61:a6:c9:70:52:7b:34:55:35:2d:ae:15:68:f6:10:bb:
         dd:e2:00:63:1e:84:4a:25:a3:f4:85:74:99:d3:cc:a2:a6:ca:
         74:97:9a:cf:30:9d:a0:9e:05:15:56:7a:0d:b4:c5:2e:59:b2:
         e4:af:48:b7:40:8a:88:7f:7e:76:24:03:7d:74:d0:70:f2:4c:
         a3:35:ad:28:c3:7f:3a:fc:e1:7e:98:82:86:96:8a:c0:59:ec:
         94:30:11:ab:3c:b3:a8:65:c1:7d:dc:25:05:1a:2d:c4:3a:18:
         b4:67:09:81:b6:01:63:b1:7e:06:a7:28:3f:85:f4:88:e5:fb:
         3a:b1:d0:5c:a0:de:56:83:1e:22:d4:54:d1:54:fa:3b:23:16:
         93:7e:41:e0:fb:70:0e:39:4c:0a:0b:3a:73:94:dd:f9:f6:2a:
         98:90:c3:12:ae:19:ba:b5:24:63:e5:be:b6:cb:87:f1:32:96:
         7b:56:38:0d
-----BEGIN CERTIFICATE-----
MIIFkjCCBHqgAwIBAgICbo8wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OEVEQjIxMTAvBgNVBAUTKDI5NkVEQjY0RjNBRjZFOUQ5ODA5MzJFODE2Rjk1OTgz
RTNBQkM4MjMwHhcNMjMwNTEwMTYzNDM2WhcNMjQwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDViYzc5Yy00NjNiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAz6CmCUoJEPqgeMPJxpuef45ehI7jCIGwdrJ6yfx1AIReykn8gHLpAZ2wtz4b
wea0kcZqJy5pRxzDRwviJMrNAyJyvjkxwQcKPat3W0o/N9hLpmTbgl3bZWEwBZN/
wDanak5CJZxWrD11CM+jnQCwRpFelJBVVcGnF1RcA/ctlV14bqLFVibc+RRazBRF
JE2L4AfVBEMZ1AvMe/CcirVcmuKh64vdN9y5XocJt3/0FhNnFLnQFOzn1K16x7+6
x14p6vEWQAbY3rCvukftjuPsGZdLSduDKtQRBKF9GQxe/cP0GtJtneozEkOFByPr
A1D1BkEv0YXkvWYMrQipJoNCjwIDAQABo4ICtjCCArIwHQYDVR0OBBYEFMpelZu0
RAd+1md28WM/numU8wX7MB8GA1UdIwQYMBaAFClu22Tzr26dmAky6Bb5WYPjq8gj
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4RURCMi8yQTQzRTMwQzcw
RTkxMUUyQjM2RDRCNkIyOTc5QkIyMC9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5
Q00uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0tXN2JaUE92YnAyWUNUTG9GdmxaZy1PcnlDTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OEVEQjIvMkE0M0UzMEM3MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvQ0NDMTBFNzQ0
OUFFMTFFQkJFMjY0RTg3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwQAYIKwYBBQUHAQcBAf8E
MTAvMB4EAgABMBgDBAFnnwoDBAFntd4DBAFnucoDBAFnv1owDQQCAAIwBwMFACQA
zCAwDQYJKoZIhvcNAQELBQADggEBAGm8hwmhNM9r7psVxrvEkqUZwOYSY8Cf3u/d
S/F0Wm6HOzWRo+BFll6rQ7Z04aqwkilqFA1ehPHOfvVGa/fsNLxjP0RhatmlAf0Q
YabJcFJ7NFU1La4VaPYQu93iAGMehEolo/SFdJnTzKKmynSXms8wnaCeBRVWeg20
xS5ZsuSvSLdAioh/fnYkA3100HDyTKM1rSjDfzr84X6YgoaWisBZ7JQwEas8s6hl
wX3cJQUaLcQ6GLRnCYG2AWOxfganKD+F9Ijl+zqx0Fyg3laDHiLUVNFU+jsjFpN+
QeD7cA45TAoLOnOU3fn2KpiQwxKuGbq1JGPlvrbLh/EylntWOA0=
-----END CERTIFICATE-----