Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91C9945/BC00C8F2F09E11ECAEE73E19C4F9AE02/95F8FAF82D6611EDA13CDE35C4F9AE02.roa
File:                     95F8FAF82D6611EDA13CDE35C4F9AE02.roa (raw, json)
Hash identifier:          1xMEbqV8UMPAnVUVhGClgG2SsRF0Zf0cjjbHzCwlpZA=
Subject key identifier:   ED:BF:04:2B:E1:C2:0E:2F:B9:7E:6E:A9:D1:67:7D:1C:FD:1B:AA:C3
Certificate issuer:       /CN=A91C9945/serialNumber=868ECB6425DA83328892E57BB0DF644E1AEB73B3
Certificate serial:       022B
Authority key identifier: 86:8E:CB:64:25:DA:83:32:88:92:E5:7B:B0:DF:64:4E:1A:EB:73:B3
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ho7LZCXagzKIkuV7sN9kThrrc7M.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91C9945/BC00C8F2F09E11ECAEE73E19C4F9AE02/95F8FAF82D6611EDA13CDE35C4F9AE02.roa
Signing time:             Sat 11 May 2024 04:39:56 +0000
ROA not before:           Sat 11 May 2024 04:39:56 +0000
ROA not after:            Wed 30 Jul 2025 00:00:00 +0000
asID:                     9009
IP address blocks:        103.216.196.0/24 maxlen: 24
                          103.216.197.0/24 maxlen: 24
                          103.216.198.0/24 maxlen: 24
                          2404:f980:4::/48 maxlen: 48
                          2404:f980:5::/48 maxlen: 48

Validation:               Failed, certificate revoked on Thu 04 Jul 2024 13:51:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 555 (0x22b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91C9945/serialNumber=868ECB6425DA83328892E57BB0DF644E1AEB73B3
        Validity
            Not Before: May 11 04:39:56 2024 GMT
            Not After : Jul 30 00:00:00 2025 GMT
        Subject: CN=663ef69c-9667
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:1c:37:f1:1c:8d:d7:18:83:ff:68:b2:4f:bc:
                    23:d4:4c:7a:a4:11:67:8f:84:8e:5a:f8:26:00:2d:
                    96:0b:9f:4a:79:93:42:ec:03:0a:be:f3:ec:bd:28:
                    72:6e:db:0b:61:81:b4:a8:61:eb:71:23:91:0b:1f:
                    3d:c7:dd:b5:13:82:0c:7e:c2:89:b6:f2:8a:20:b1:
                    64:3b:c0:91:8c:3c:a9:c5:cc:b1:52:f0:37:b1:83:
                    a5:9b:ec:43:8c:66:6c:aa:a2:6c:05:82:2f:75:ac:
                    5a:db:9f:7d:d6:d5:bd:76:43:a7:fc:e4:90:ee:1e:
                    90:96:58:78:5a:cf:1f:ec:95:b9:a5:95:a4:d0:29:
                    97:b7:b7:c1:8d:1d:69:39:01:68:ea:9a:48:c4:22:
                    dd:b8:30:e0:5a:e3:2f:33:d1:ef:9a:be:b2:66:ad:
                    33:6f:05:73:5d:3b:3a:66:df:24:12:20:ef:5c:72:
                    03:05:25:d5:6a:e3:f2:98:ab:3c:6f:db:98:07:93:
                    33:28:12:3a:a8:6c:37:50:26:ab:3b:bf:26:5d:dc:
                    9f:14:12:5b:cd:d1:c5:98:7d:5a:94:ab:c2:b1:98:
                    8b:43:d4:8c:06:b4:06:12:c5:14:ab:79:9a:26:79:
                    fa:fe:29:77:ab:19:77:a1:f0:b9:bf:b2:f1:6e:0b:
                    f3:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                ED:BF:04:2B:E1:C2:0E:2F:B9:7E:6E:A9:D1:67:7D:1C:FD:1B:AA:C3
            X509v3 Authority Key Identifier:
                keyid:86:8E:CB:64:25:DA:83:32:88:92:E5:7B:B0:DF:64:4E:1A:EB:73:B3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91C9945/BC00C8F2F09E11ECAEE73E19C4F9AE02/ho7LZCXagzKIkuV7sN9kThrrc7M.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ho7LZCXagzKIkuV7sN9kThrrc7M.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91C9945/BC00C8F2F09E11ECAEE73E19C4F9AE02/95F8FAF82D6611EDA13CDE35C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.216.196.0-103.216.198.255
                IPv6:
                  2404:f980:4::/47

    Signature Algorithm: sha256WithRSAEncryption
         6f:db:b3:ab:58:4b:bb:6f:2d:30:8c:d2:b1:f6:32:26:b1:47:
         0b:64:b3:98:93:d4:6a:9e:05:58:65:33:25:55:d9:f4:7c:47:
         27:9f:52:26:17:cd:ed:35:db:7f:e0:d4:3c:3a:4f:d9:85:0f:
         ef:1a:ac:b5:b7:d8:cd:77:41:a7:db:2d:fa:66:9f:10:6e:90:
         12:b1:34:ec:f7:fe:f8:90:46:b4:48:3e:ad:a7:5d:4b:88:45:
         4c:a6:8e:26:ef:0d:1d:3c:25:42:8e:a4:31:4d:f8:b8:76:0a:
         fe:9b:dc:4a:4e:eb:2a:ff:60:21:7c:be:a1:7f:e9:c0:f0:ee:
         ea:e8:45:4e:23:ab:9a:ff:85:4a:d7:eb:fe:96:7f:4e:8e:12:
         a6:12:c0:66:1d:43:54:2f:9e:5a:b7:db:6d:5b:59:d0:ce:98:
         0c:a1:5b:9f:38:4f:a2:ea:8d:77:f1:bc:1f:f6:04:78:78:a0:
         54:1f:ac:76:83:de:0f:e5:be:ab:e4:5a:58:d3:f6:e8:86:e3:
         27:15:01:12:31:d8:74:6e:0f:4c:84:1f:81:a8:17:a1:d5:c6:
         70:f2:65:61:71:18:bc:05:50:26:79:08:00:5b:de:98:7b:2c:
         f4:35:b9:9b:e4:ff:fd:84:a9:3e:a4:06:ef:12:cc:35:4e:04:
         41:2b:6b:bd
-----BEGIN CERTIFICATE-----
MIIFijCCBHKgAwIBAgICAiswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Qzk5NDUxMTAvBgNVBAUTKDg2OEVDQjY0MjVEQTgzMzI4ODkyRTU3QkIwREY2NDRF
MUFFQjczQjMwHhcNMjQwNTExMDQzOTU2WhcNMjUwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjNlZjY5Yy05NjY3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAthw38RyN1xiD/2iyT7wj1Ex6pBFnj4SOWvgmAC2WC59KeZNC7AMKvvPsvShy
btsLYYG0qGHrcSORCx89x921E4IMfsKJtvKKILFkO8CRjDypxcyxUvA3sYOlm+xD
jGZsqqJsBYIvdaxa25991tW9dkOn/OSQ7h6Qllh4Ws8f7JW5pZWk0CmXt7fBjR1p
OQFo6ppIxCLduDDgWuMvM9Hvmr6yZq0zbwVzXTs6Zt8kEiDvXHIDBSXVauPymKs8
b9uYB5MzKBI6qGw3UCarO78mXdyfFBJbzdHFmH1alKvCsZiLQ9SMBrQGEsUUq3ma
Jnn6/il3qxl3ofC5v7LxbgvzkQIDAQABo4ICrjCCAqowHQYDVR0OBBYEFO2/BCvh
wg4vuX5uqdFnfRz9G6rDMB8GA1UdIwQYMBaAFIaOy2Ql2oMyiJLle7DfZE4a63Oz
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDOTk0NS9CQzAwQzhGMkYw
OUUxMUVDQUVFNzNFMTlDNEY5QUUwMi9obzdMWkNYYWd6S0lrdVY3c045a1RocnJj
N00uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2hvN0xaQ1hhZ3pLSWt1VjdzTjlrVGhycmM3TS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Qzk5NDUvQkMwMEM4RjJGMDlFMTFFQ0FFRTczRTE5QzRGOUFFMDIvOTVGOEZBRjgy
RDY2MTFFREExM0NERTM1QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwOAYIKwYBBQUHAQcBAf8E
KTAnMBQEAgABMA4wDAMEAmfYxAMEAGfYxjAPBAIAAjAJAwcBJAT5gAAEMA0GCSqG
SIb3DQEBCwUAA4IBAQBv27OrWEu7by0wjNKx9jImsUcLZLOYk9RqngVYZTMlVdn0
fEcnn1ImF83tNdt/4NQ8Ok/ZhQ/vGqy1t9jNd0Gn2y36Zp8QbpASsTTs9/74kEa0
SD6tp11LiEVMpo4m7w0dPCVCjqQxTfi4dgr+m9xKTusq/2AhfL6hf+nA8O7q6EVO
I6ua/4VK1+v+ln9OjhKmEsBmHUNUL55at9ttW1nQzpgMoVufOE+i6o138bwf9gR4
eKBUH6x2g94P5b6r5FpY0/bohuMnFQESMdh0bg9MhB+BqBeh1cZw8mVhcRi8BVAm
eQgAW96Yeyz0Nbmb5P/9hKk+pAbvEsw1TgRBK2u9
-----END CERTIFICATE-----