Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A919A713/34994CB4E0DA11EC94C7E062C4F9AE02/4FCF4B668CB011F08598BF87C4F9AE02.roa
File:                     4FCF4B668CB011F08598BF87C4F9AE02.roa (raw, json)
Hash identifier:          mH8dCh/XxM4h95+F2lPh8lFYuatGzMzfRi/iulpxDPk=
Subject key identifier:   FE:1D:14:AF:3D:54:14:66:4D:47:91:FD:96:90:36:70:98:FF:4F:A3
Certificate issuer:       /CN=A919A713/serialNumber=24C8BBF930CD2D12399ABDF9C9CAB14B1CD79F6B
Certificate serial:       0352
Authority key identifier: 24:C8:BB:F9:30:CD:2D:12:39:9A:BD:F9:C9:CA:B1:4B:1C:D7:9F:6B
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/JMi7-TDNLRI5mr35ycqxSxzXn2s.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A919A713/34994CB4E0DA11EC94C7E062C4F9AE02/4FCF4B668CB011F08598BF87C4F9AE02.roa
Signing time:             Mon 08 Sep 2025 12:35:33 +0000
ROA not before:           Mon 08 Sep 2025 12:35:33 +0000
ROA not after:            Tue 31 Mar 2026 00:00:00 +0000
asID:                     34051
IP address blocks:        168.153.146.0/24 maxlen: 24
                          168.153.160.0/24 maxlen: 24
                          168.153.161.0/24 maxlen: 24
                          168.153.162.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Mon 08 Sep 2025 12:40:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 850 (0x352)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A919A713, serialNumber=24C8BBF930CD2D12399ABDF9C9CAB14B1CD79F6B
        Validity
            Not Before: Sep  8 12:35:33 2025 GMT
            Not After : Mar 31 00:00:00 2026 GMT
        Subject: CN=68becd95-9822
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:11:5c:df:34:46:52:e0:aa:60:13:d4:2a:c6:
                    02:80:ea:c4:bd:d4:d2:93:f2:28:10:03:9e:cf:0f:
                    c1:11:b9:6d:66:b6:8f:5e:e8:f2:da:7d:d6:98:0b:
                    cf:6c:5c:56:6a:62:84:8a:d4:e2:d1:82:ce:6d:1b:
                    2b:67:8f:58:a8:98:01:2f:84:0e:a7:92:3b:dc:49:
                    d0:35:8d:c0:e1:d3:50:ff:93:d4:3f:54:f5:4b:f4:
                    a5:01:ed:48:9f:65:3b:9a:e4:e0:c4:0a:4a:34:20:
                    d8:e5:37:76:86:83:3a:ad:0f:9f:f7:85:4c:61:91:
                    47:ee:b7:9b:bb:6b:28:d4:2c:3b:ff:cd:15:ee:f0:
                    ef:ce:fe:18:4e:b8:e4:da:eb:c2:69:77:ae:90:3a:
                    4c:f5:73:b2:dd:d5:63:2c:3b:d6:52:db:03:48:ce:
                    01:ec:66:26:e6:33:97:e4:28:f5:e1:01:ff:b2:04:
                    5f:08:4b:36:af:ec:60:2b:4a:fc:5f:2a:ad:9d:57:
                    92:c3:54:ec:50:ae:86:70:3a:c0:19:e8:e8:01:af:
                    39:57:f5:6c:ef:34:4d:10:80:aa:60:33:94:b2:95:
                    68:68:87:9a:48:7d:23:6b:d6:95:9c:44:a1:df:04:
                    54:c4:33:2a:f7:e4:fc:69:16:6c:b4:8a:16:a8:90:
                    f8:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:1D:14:AF:3D:54:14:66:4D:47:91:FD:96:90:36:70:98:FF:4F:A3
            X509v3 Authority Key Identifier:
                keyid:24:C8:BB:F9:30:CD:2D:12:39:9A:BD:F9:C9:CA:B1:4B:1C:D7:9F:6B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A919A713/34994CB4E0DA11EC94C7E062C4F9AE02/JMi7-TDNLRI5mr35ycqxSxzXn2s.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/JMi7-TDNLRI5mr35ycqxSxzXn2s.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A919A713/34994CB4E0DA11EC94C7E062C4F9AE02/4FCF4B668CB011F08598BF87C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  168.153.146.0/24
                  168.153.160.0-168.153.162.255

    Signature Algorithm: sha256WithRSAEncryption
         68:bd:fb:f5:4a:25:cb:73:a1:a8:de:7a:2a:2a:04:41:6a:0c:
         23:20:f9:41:18:4a:5a:56:63:82:3d:f0:81:70:2c:71:9e:54:
         5f:c8:41:19:fa:2c:4b:2c:52:b6:a1:ad:b1:33:1b:7f:1c:16:
         a2:0f:8b:32:5b:c6:c5:03:c9:5a:10:c1:bd:84:2c:60:0f:bb:
         35:71:c4:74:a2:40:0c:e8:96:85:51:69:5c:7b:c4:1b:78:46:
         74:63:9a:18:82:4a:2a:d0:15:62:13:a2:6d:fa:6a:69:32:7e:
         02:bf:84:27:13:2a:c1:fa:79:0c:68:ae:13:6c:48:d5:13:d3:
         f4:0a:37:7f:ec:0d:5d:75:8c:cc:f5:e0:06:7d:6b:b5:77:43:
         42:cb:86:06:d2:c4:d4:05:67:23:ef:d8:cb:88:e0:e9:34:e5:
         f5:85:2a:ed:c1:45:a5:8b:d2:a3:64:c5:1b:96:f4:c3:bb:56:
         15:61:ca:9c:4f:5d:06:13:05:70:9f:76:12:47:f0:cc:3b:02:
         30:2f:df:38:86:8c:b6:ee:20:54:df:b0:74:0e:6a:ad:77:98:
         cc:b0:c0:73:55:82:d5:e0:84:36:fc:01:47:e1:12:c5:0d:83:
         94:82:4d:5a:5b:9e:4d:8c:16:1e:5e:b2:c5:0d:4b:16:27:b6:
         9b:bc:d8:0a
-----BEGIN CERTIFICATE-----
MIIFfzCCBGegAwIBAgICA1IwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OUE3MTMxMTAvBgNVBAUTKDI0QzhCQkY5MzBDRDJEMTIzOTlBQkRGOUM5Q0FCMTRC
MUNENzlGNkIwHhcNMjUwOTA4MTIzNTMzWhcNMjYwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGJlY2Q5NS05ODIyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAxhFc3zRGUuCqYBPUKsYCgOrEvdTSk/IoEAOezw/BEbltZraPXujy2n3WmAvP
bFxWamKEitTi0YLObRsrZ49YqJgBL4QOp5I73EnQNY3A4dNQ/5PUP1T1S/SlAe1I
n2U7muTgxApKNCDY5Td2hoM6rQ+f94VMYZFH7rebu2so1Cw7/80V7vDvzv4YTrjk
2uvCaXeukDpM9XOy3dVjLDvWUtsDSM4B7GYm5jOX5Cj14QH/sgRfCEs2r+xgK0r8
XyqtnVeSw1TsUK6GcDrAGejoAa85V/Vs7zRNEICqYDOUspVoaIeaSH0ja9aVnESh
3wRUxDMq9+T8aRZstIoWqJD40wIDAQABo4ICozCCAp8wHQYDVR0OBBYEFP4dFK89
VBRmTUeR/ZaQNnCY/0+jMB8GA1UdIwQYMBaAFCTIu/kwzS0SOZq9+cnKsUsc159r
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5QTcxMy8zNDk5NENCNEUw
REExMUVDOTRDN0UwNjJDNEY5QUUwMi9KTWk3LVRETkxSSTVtcjM1eWNxeFN4elhu
MnMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL0pNaTctVEROTFJJNW1yMzV5Y3F4U3h6WG4ycy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OUE3MTMvMzQ5OTRDQjRFMERBMTFFQzk0QzdFMDYyQzRGOUFFMDIvNEZDRjRCNjY4
Q0IwMTFGMDg1OThCRjg3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLQYIKwYBBQUHAQcBAf8E
HjAcMBoEAgABMBQDBAComZIwDAMEBaiZoAMEAKiZojANBgkqhkiG9w0BAQsFAAOC
AQEAaL379Uoly3OhqN56KioEQWoMIyD5QRhKWlZjgj3wgXAscZ5UX8hBGfosSyxS
tqGtsTMbfxwWog+LMlvGxQPJWhDBvYQsYA+7NXHEdKJADOiWhVFpXHvEG3hGdGOa
GIJKKtAVYhOibfpqaTJ+Ar+EJxMqwfp5DGiuE2xI1RPT9Ao3f+wNXXWMzPXgBn1r
tXdDQsuGBtLE1AVnI+/Yy4jg6TTl9YUq7cFFpYvSo2TFG5b0w7tWFWHKnE9dBhMF
cJ92EkfwzDsCMC/fOIaMtu4gVN+wdA5qrXeYzLDAc1WC1eCENvwBR+ESxQ2DlIJN
WlueTYwWHl6yxQ1LFie2m7zYCg==
-----END CERTIFICATE-----