Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91C1DB8/16CBC054A11E11E89E636710C4F9AE02/58430A4AC07D11EE935D1F82C4F9AE02.roa
File:                     58430A4AC07D11EE935D1F82C4F9AE02.roa (raw, json)
Hash identifier:          v+rJEhA9LH1WHmAkaI0m5BcYyw0h/vFU9h+JuHMgeEc=
Subject key identifier:   82:7A:E7:8B:8E:F0:C4:AC:16:2D:72:01:0D:B8:E0:F1:DF:BF:1E:94
Certificate issuer:       /CN=A91C1DB8/serialNumber=C319AF7BB4F981611AD00C32F8A357DE6353DC36
Certificate serial:       129C
Authority key identifier: C3:19:AF:7B:B4:F9:81:61:1A:D0:0C:32:F8:A3:57:DE:63:53:DC:36
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/wxmve7T5gWEa0Awy-KNX3mNT3DY.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91C1DB8/16CBC054A11E11E89E636710C4F9AE02/58430A4AC07D11EE935D1F82C4F9AE02.roa
Signing time:             Wed 31 Jan 2024 21:11:48 +0000
ROA not before:           Wed 31 Jan 2024 21:11:48 +0000
ROA not after:            Mon 31 Mar 2025 00:00:00 +0000
asID:                     10204
IP address blocks:        103.229.32.0/24 maxlen: 24
                          103.229.33.0/24 maxlen: 24
                          103.229.34.0/24 maxlen: 24
                          103.229.35.0/24 maxlen: 24
                          203.115.192.0/18 maxlen: 18
                          203.115.192.0/19 maxlen: 24
                          203.115.224.0/19 maxlen: 23
                          203.115.224.0/20 maxlen: 24
                          203.115.240.0/23 maxlen: 24
                          203.115.242.0/24 maxlen: 24
                          203.115.244.0/22 maxlen: 24
                          203.115.248.0/21 maxlen: 24
                          2001:c18::/32 maxlen: 32

Validation:               Failed, certificate revoked on Mon 18 Mar 2024 05:35:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4764 (0x129c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91C1DB8/serialNumber=C319AF7BB4F981611AD00C32F8A357DE6353DC36
        Validity
            Not Before: Jan 31 21:11:48 2024 GMT
            Not After : Mar 31 00:00:00 2025 GMT
        Subject: CN=65bab794-f17f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:e3:c2:cd:eb:a6:16:29:ce:4c:b0:0f:7b:b5:
                    5b:23:ae:30:44:5b:73:44:f7:2e:8b:b7:64:ff:45:
                    e7:3f:f7:f9:a4:e9:37:8c:7b:43:ea:0e:75:0b:37:
                    ec:72:43:87:6b:ac:5d:c4:db:e2:dd:75:bc:3a:38:
                    04:eb:15:5a:f0:e1:f3:d5:ac:35:f4:72:a1:c5:7a:
                    32:46:78:dd:8d:7a:b2:67:2e:02:22:02:1d:dc:79:
                    89:65:c7:68:d1:c3:d5:4b:5e:bd:d0:22:c0:c9:58:
                    f9:16:54:4e:7f:00:3b:36:8f:ce:8a:69:43:a8:43:
                    fb:f2:bc:c2:2a:f5:8b:fa:4d:44:37:1b:e6:36:88:
                    db:87:88:fe:d1:88:c4:52:58:a4:b4:8e:56:df:be:
                    06:73:54:c5:b7:aa:8d:84:5b:c9:cb:fb:71:66:2d:
                    fd:55:b6:a7:0f:7a:1a:48:94:74:47:c0:08:3a:a3:
                    34:49:01:91:86:6c:78:76:5f:50:98:e0:52:63:f7:
                    53:0f:26:bd:3d:ee:d3:fc:1b:9d:0f:28:5e:2c:6c:
                    76:e6:49:77:21:e1:63:91:26:ff:27:d0:e8:8c:2e:
                    89:88:26:bd:97:0e:b2:c8:ba:ae:e8:da:54:27:2e:
                    14:d2:73:d2:ea:85:05:97:29:20:ea:66:35:2f:7c:
                    54:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                82:7A:E7:8B:8E:F0:C4:AC:16:2D:72:01:0D:B8:E0:F1:DF:BF:1E:94
            X509v3 Authority Key Identifier:
                keyid:C3:19:AF:7B:B4:F9:81:61:1A:D0:0C:32:F8:A3:57:DE:63:53:DC:36

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91C1DB8/16CBC054A11E11E89E636710C4F9AE02/wxmve7T5gWEa0Awy-KNX3mNT3DY.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/wxmve7T5gWEa0Awy-KNX3mNT3DY.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91C1DB8/16CBC054A11E11E89E636710C4F9AE02/58430A4AC07D11EE935D1F82C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.229.32.0/22
                  203.115.192.0/18
                IPv6:
                  2001:c18::/32

    Signature Algorithm: sha256WithRSAEncryption
         39:00:9c:ac:d6:be:0c:40:03:82:a6:94:47:18:a4:00:e6:d1:
         6d:f6:13:3d:83:44:d3:57:22:dc:49:7a:61:b0:0f:32:49:ad:
         57:08:a2:48:aa:92:0d:03:40:a3:63:6b:c7:b9:ea:21:b5:c7:
         3c:fb:e5:6a:2f:a9:ad:75:42:e9:82:04:50:75:2c:51:eb:f1:
         0c:53:9d:42:74:d5:46:f5:e7:84:8d:dd:6f:47:3f:fc:6a:1c:
         44:fb:c2:24:c1:c6:a5:1a:e6:e6:72:55:92:cf:90:bc:5c:b0:
         af:4f:c1:40:e0:b0:d4:fc:4a:b0:d0:a6:2b:03:02:bc:d9:33:
         aa:c4:0a:f9:38:78:e2:2a:58:a8:6b:a2:11:dd:6c:d9:0b:48:
         9d:c5:9b:34:2c:c4:60:f4:a6:6e:d0:eb:be:d3:c0:7a:63:b5:
         ee:92:34:a5:cc:de:d6:52:12:1b:a8:67:97:5b:5b:57:e3:f7:
         51:c0:28:00:f6:eb:af:3e:16:1a:4e:ef:13:76:e2:f0:01:81:
         4a:c2:cc:b3:00:d4:c1:77:eb:d7:dd:26:49:44:93:32:e5:73:
         7e:43:91:60:e9:c1:4a:f2:ad:e9:12:f9:a3:02:17:fa:72:de:
         a9:cc:6f:20:61:2f:d7:05:9d:37:e8:86:e3:c4:aa:52:2a:39:
         54:c9:72:b9
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgICEpwwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QzFEQjgxMTAvBgNVBAUTKEMzMTlBRjdCQjRGOTgxNjExQUQwMEMzMkY4QTM1N0RF
NjM1M0RDMzYwHhcNMjQwMTMxMjExMTQ4WhcNMjUwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWJhYjc5NC1mMTdmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAx+PCzeumFinOTLAPe7VbI64wRFtzRPcui7dk/0XnP/f5pOk3jHtD6g51Czfs
ckOHa6xdxNvi3XW8OjgE6xVa8OHz1aw19HKhxXoyRnjdjXqyZy4CIgId3HmJZcdo
0cPVS1690CLAyVj5FlROfwA7No/OimlDqEP78rzCKvWL+k1ENxvmNojbh4j+0YjE
UliktI5W374Gc1TFt6qNhFvJy/txZi39VbanD3oaSJR0R8AIOqM0SQGRhmx4dl9Q
mOBSY/dTDya9Pe7T/BudDyheLGx25kl3IeFjkSb/J9DojC6JiCa9lw6yyLqu6NpU
Jy4U0nPS6oUFlykg6mY1L3xUxQIDAQABo4ICqjCCAqYwHQYDVR0OBBYEFIJ654uO
8MSsFi1yAQ244PHfvx6UMB8GA1UdIwQYMBaAFMMZr3u0+YFhGtAMMvijV95jU9w2
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDMURCOC8xNkNCQzA1NEEx
MUUxMUU4OUU2MzY3MTBDNEY5QUUwMi93eG12ZTdUNWdXRWEwQXd5LUtOWDNtTlQz
RFkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3d4bXZlN1Q1Z1dFYTBBd3ktS05YM21OVDNEWS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QzFEQjgvMTZDQkMwNTRBMTFFMTFFODlFNjM2NzEwQzRGOUFFMDIvNTg0MzBBNEFD
MDdEMTFFRTkzNUQxRjgyQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNAYIKwYBBQUHAQcBAf8E
JTAjMBIEAgABMAwDBAJn5SADBAbLc8AwDQQCAAIwBwMFACABDBgwDQYJKoZIhvcN
AQELBQADggEBADkAnKzWvgxAA4KmlEcYpADm0W32Ez2DRNNXItxJemGwDzJJrVcI
okiqkg0DQKNja8e56iG1xzz75Wovqa11QumCBFB1LFHr8QxTnUJ01Ub154SN3W9H
P/xqHET7wiTBxqUa5uZyVZLPkLxcsK9PwUDgsNT8SrDQpisDArzZM6rECvk4eOIq
WKhrohHdbNkLSJ3FmzQsxGD0pm7Q677TwHpjte6SNKXM3tZSEhuoZ5dbW1fj91HA
KAD2668+FhpO7xN24vABgUrCzLMA1MF369fdJklEkzLlc35DkWDpwUryrekS+aMC
F/py3qnMbyBhL9cFnTfohuPEqlIqOVTJcrk=