Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91A6943/B71811688D5111EAB8B26384C4F9AE02/9B9AC2A8C13E11EEB9516A42C4F9AE02.roa
File:                     9B9AC2A8C13E11EEB9516A42C4F9AE02.roa (raw, json)
Hash identifier:          CezvByuI9fuDLTAuU90UuPiJxCR9cXyqHd9dka+mV5g=
Subject key identifier:   59:65:4A:B4:12:DE:3F:85:53:DB:DB:A5:C0:1A:FB:44:47:9A:30:BD
Certificate issuer:       /CN=A91A6943/serialNumber=0AB99F52C9AD9BE0B9C04470CFB1B6C2360FD0F5
Certificate serial:       08D2
Authority key identifier: 0A:B9:9F:52:C9:AD:9B:E0:B9:C0:44:70:CF:B1:B6:C2:36:0F:D0:F5
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/CrmfUsmtm-C5wERwz7G2wjYP0PU.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91A6943/B71811688D5111EAB8B26384C4F9AE02/9B9AC2A8C13E11EEB9516A42C4F9AE02.roa
Signing time:             Thu 22 Feb 2024 17:00:36 +0000
ROA not before:           Thu 22 Feb 2024 17:00:36 +0000
ROA not after:            Mon 30 Dec 2024 00:00:00 +0000
asID:                     133141
IP address blocks:        103.74.20.0/24 maxlen: 24
                          103.74.21.0/24 maxlen: 24
                          103.74.22.0/24 maxlen: 24
                          103.74.23.0/24 maxlen: 24
                          103.235.76.0/24 maxlen: 24
                          103.235.77.0/24 maxlen: 24
                          103.235.78.0/24 maxlen: 24
                          103.235.79.0/24 maxlen: 24
                          2407:1ec0::/32 maxlen: 32

Validation:               Failed, certificate revoked on Wed 20 Mar 2024 21:34:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2258 (0x8d2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91A6943/serialNumber=0AB99F52C9AD9BE0B9C04470CFB1B6C2360FD0F5
        Validity
            Not Before: Feb 22 17:00:36 2024 GMT
            Not After : Dec 30 00:00:00 2024 GMT
        Subject: CN=65d77db4-cd25
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:ab:91:21:77:a5:52:24:13:c7:d0:ea:31:e4:
                    31:94:27:e5:fd:a1:68:68:e5:34:22:55:24:d1:60:
                    4a:27:69:a0:fe:5b:9a:f1:e0:89:01:e8:c9:c3:dd:
                    66:47:0f:63:31:c6:e9:49:e8:a5:c8:ec:e9:a5:4a:
                    7f:56:fb:89:71:28:5b:09:c8:fe:51:7e:e4:26:36:
                    62:a6:54:9e:e5:d0:6b:cf:eb:6b:3f:af:19:ff:41:
                    f7:f5:0c:f6:0e:14:c5:98:6b:58:89:15:bd:fa:bb:
                    b3:25:13:46:1c:1a:90:af:87:ef:c8:06:f4:03:86:
                    2d:5d:cc:8b:5d:8e:a2:cf:a2:61:6d:33:a7:20:29:
                    66:7b:82:16:1d:fe:74:ea:e1:e1:89:43:78:d1:e2:
                    63:eb:e5:2e:1f:da:46:52:98:03:80:b3:46:da:16:
                    c2:0a:cc:e9:2d:2e:9d:86:fc:b5:5d:6f:94:95:8d:
                    a0:11:9c:b8:76:92:9b:96:67:c3:79:ab:5c:e6:1c:
                    04:23:ad:12:ea:03:bc:0f:26:ef:2b:d5:75:40:c5:
                    f3:bb:30:6d:4d:7c:f8:8c:95:11:87:1c:f7:14:bc:
                    15:ed:09:de:9a:d3:e6:6d:f2:a0:37:79:66:e1:d6:
                    e5:28:94:a9:68:52:4c:d7:a3:b1:9f:87:59:e9:c7:
                    e1:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                59:65:4A:B4:12:DE:3F:85:53:DB:DB:A5:C0:1A:FB:44:47:9A:30:BD
            X509v3 Authority Key Identifier:
                keyid:0A:B9:9F:52:C9:AD:9B:E0:B9:C0:44:70:CF:B1:B6:C2:36:0F:D0:F5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91A6943/B71811688D5111EAB8B26384C4F9AE02/CrmfUsmtm-C5wERwz7G2wjYP0PU.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/CrmfUsmtm-C5wERwz7G2wjYP0PU.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A6943/B71811688D5111EAB8B26384C4F9AE02/9B9AC2A8C13E11EEB9516A42C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.74.20.0/22
                  103.235.76.0/22
                IPv6:
                  2407:1ec0::/32

    Signature Algorithm: sha256WithRSAEncryption
         6c:a9:1f:7a:72:1c:48:54:fa:70:45:60:2c:a2:1c:e8:f2:5c:
         70:96:13:e3:73:ab:5d:e6:58:5b:fc:ac:7d:45:cc:1a:15:7d:
         b2:2e:e9:02:0f:12:30:61:cd:57:d0:e8:51:eb:0c:2c:c0:c2:
         d4:1d:d2:00:94:c0:de:3c:4a:1d:e0:41:23:93:7f:07:5e:bb:
         02:64:9c:1a:9b:4f:82:21:be:62:69:fc:10:5f:5f:5b:67:18:
         b7:0d:16:a8:cf:02:c0:f4:55:af:a6:4a:a6:a0:35:a5:ac:f5:
         c9:c3:92:a2:56:e0:2e:de:05:0b:7f:8a:25:c2:74:77:a9:e4:
         62:17:93:65:12:13:98:d2:f7:88:a3:06:94:49:2a:3b:25:e3:
         e0:db:47:18:0f:30:67:8c:b4:c7:35:78:51:05:9d:bc:b6:c3:
         5d:a6:ff:2a:48:14:1c:60:f1:43:a2:8f:e6:45:cf:79:81:2f:
         15:ad:3d:c9:ec:2f:5a:3e:1a:d8:5f:e7:33:84:68:c9:94:a9:
         57:a6:50:57:af:85:7c:08:fd:a2:4b:c0:3e:52:54:bb:6e:7a:
         13:75:07:26:6a:46:e3:d1:67:c0:53:72:cd:65:07:1c:d2:aa:
         0e:88:5e:22:20:08:41:f0:e6:96:49:43:c0:41:56:08:03:e8:
         36:da:e9:da
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgICCNIwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTY5NDMxMTAvBgNVBAUTKDBBQjk5RjUyQzlBRDlCRTBCOUMwNDQ3MENGQjFCNkMy
MzYwRkQwRjUwHhcNMjQwMjIyMTcwMDM2WhcNMjQxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWQ3N2RiNC1jZDI1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAvquRIXelUiQTx9DqMeQxlCfl/aFoaOU0IlUk0WBKJ2mg/lua8eCJAejJw91m
Rw9jMcbpSeilyOzppUp/VvuJcShbCcj+UX7kJjZiplSe5dBrz+trP68Z/0H39Qz2
DhTFmGtYiRW9+ruzJRNGHBqQr4fvyAb0A4YtXcyLXY6iz6JhbTOnIClme4IWHf50
6uHhiUN40eJj6+UuH9pGUpgDgLNG2hbCCszpLS6dhvy1XW+UlY2gEZy4dpKblmfD
eatc5hwEI60S6gO8DybvK9V1QMXzuzBtTXz4jJURhxz3FLwV7QnemtPmbfKgN3lm
4dblKJSpaFJM16Oxn4dZ6cfh/QIDAQABo4ICqjCCAqYwHQYDVR0OBBYEFFllSrQS
3j+FU9vbpcAa+0RHmjC9MB8GA1UdIwQYMBaAFAq5n1LJrZvgucBEcM+xtsI2D9D1
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBNjk0My9CNzE4MTE2ODhE
NTExMUVBQjhCMjYzODRDNEY5QUUwMi9Dcm1mVXNtdG0tQzV3RVJ3ejdHMndqWVAw
UFUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0NybWZVc210bS1DNXdFUnd6N0cyd2pZUDBQVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTY5NDMvQjcxODExNjg4RDUxMTFFQUI4QjI2Mzg0QzRGOUFFMDIvOUI5QUMyQThD
MTNFMTFFRUI5NTE2QTQyQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNAYIKwYBBQUHAQcBAf8E
JTAjMBIEAgABMAwDBAJnShQDBAJn60wwDQQCAAIwBwMFACQHHsAwDQYJKoZIhvcN
AQELBQADggEBAGypH3pyHEhU+nBFYCyiHOjyXHCWE+Nzq13mWFv8rH1FzBoVfbIu
6QIPEjBhzVfQ6FHrDCzAwtQd0gCUwN48Sh3gQSOTfwdeuwJknBqbT4IhvmJp/BBf
X1tnGLcNFqjPAsD0Va+mSqagNaWs9cnDkqJW4C7eBQt/iiXCdHep5GIXk2USE5jS
94ijBpRJKjsl4+DbRxgPMGeMtMc1eFEFnby2w12m/ypIFBxg8UOij+ZFz3mBLxWt
PcnsL1o+Gthf5zOEaMmUqVemUFevhXwI/aJLwD5SVLtuehN1ByZqRuPRZ8BTcs1l
BxzSqg6IXiIgCEHw5pZJQ8BBVggD6Dba6do=
-----END CERTIFICATE-----