Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91E57DC/35F798661F0111E9B1AA9436C4F9AE02/EF6DE9F418E211EFB9C7193EC4F9AE02.roa
File:                     EF6DE9F418E211EFB9C7193EC4F9AE02.roa (raw, json)
Hash identifier:          iDC29mWJFzxxUIhU568fEnjOtUVenuLZPo0a9tcebpw=
Subject key identifier:   B1:0A:1B:AA:06:CD:C6:C5:94:C9:BA:A6:63:AB:5B:A9:CC:8B:3A:16
Certificate issuer:       /CN=A91E57DC/serialNumber=22B1A7175E75FFD847391F2C2E9665E4EEE1B742
Certificate serial:       10A3
Authority key identifier: 22:B1:A7:17:5E:75:FF:D8:47:39:1F:2C:2E:96:65:E4:EE:E1:B7:42
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/IrGnF151_9hHOR8sLpZl5O7ht0I.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91E57DC/35F798661F0111E9B1AA9436C4F9AE02/EF6DE9F418E211EFB9C7193EC4F9AE02.roa
Signing time:             Mon 18 Nov 2024 11:11:55 +0000
ROA not before:           Mon 18 Nov 2024 11:11:55 +0000
ROA not after:            Wed 28 May 2025 00:00:00 +0000
asID:                     136406
IP address blocks:        103.86.192.0/22 maxlen: 22
                          103.86.193.0/24 maxlen: 24
                          103.86.194.0/24 maxlen: 24
                          103.86.195.0/24 maxlen: 24
                          220.152.114.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 19 Nov 2024 13:31:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4259 (0x10a3)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E57DC/serialNumber=22B1A7175E75FFD847391F2C2E9665E4EEE1B742
        Validity
            Not Before: Nov 18 11:11:55 2024 GMT
            Not After : May 28 00:00:00 2025 GMT
        Subject: CN=673b20fb-2109
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:d7:50:1a:02:14:f1:0f:58:9a:89:1b:16:82:
                    25:32:e5:d9:d1:85:5e:f6:92:50:7b:9b:66:5e:5d:
                    10:ec:ba:05:d7:a4:33:34:4c:c0:80:42:eb:b9:44:
                    bf:06:4f:35:a3:61:f1:5d:ae:16:dd:3c:5e:c0:53:
                    71:d8:45:5b:65:f2:6f:6c:0a:92:eb:b3:70:b4:93:
                    71:2d:eb:5c:b2:11:ed:e3:d3:57:6c:06:89:73:f2:
                    94:84:eb:b4:27:58:d8:2d:52:ba:92:50:f1:85:83:
                    a7:53:75:6d:68:55:55:29:4f:8f:b2:ac:56:bc:1c:
                    09:8e:f6:f0:7e:54:cf:81:dd:dc:78:f8:7f:19:2d:
                    09:09:a5:54:2f:86:b5:93:87:91:05:b4:3b:a5:f5:
                    50:85:83:55:24:45:4a:a3:06:c2:4c:2c:f9:e6:41:
                    1d:27:67:67:74:c2:1b:f7:70:8a:74:0b:a7:b2:28:
                    9e:9b:d3:2c:b0:ac:dd:77:eb:54:88:2f:cc:28:4c:
                    9b:e0:d2:c3:d6:c6:6b:4c:f7:ea:64:b1:33:c4:70:
                    5c:20:d1:2e:34:d5:88:55:f5:ec:94:e0:90:83:47:
                    80:21:dd:1c:db:c0:3f:7c:78:66:f9:db:37:3a:64:
                    9c:4d:a5:f5:95:4a:cf:eb:69:a0:a6:04:68:4e:aa:
                    b7:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:0A:1B:AA:06:CD:C6:C5:94:C9:BA:A6:63:AB:5B:A9:CC:8B:3A:16
            X509v3 Authority Key Identifier:
                keyid:22:B1:A7:17:5E:75:FF:D8:47:39:1F:2C:2E:96:65:E4:EE:E1:B7:42

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91E57DC/35F798661F0111E9B1AA9436C4F9AE02/IrGnF151_9hHOR8sLpZl5O7ht0I.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/IrGnF151_9hHOR8sLpZl5O7ht0I.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91E57DC/35F798661F0111E9B1AA9436C4F9AE02/EF6DE9F418E211EFB9C7193EC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.86.192.0/22
                  220.152.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9e:06:b4:13:7e:0f:e9:f9:e1:06:07:66:b8:5d:93:ce:a0:d1:
         4d:ff:20:0e:0c:55:02:e4:3a:61:f7:53:c9:b8:bc:d2:bf:a9:
         21:a5:72:77:da:61:ba:8a:34:15:8c:62:c7:30:fc:80:c6:6e:
         b8:d6:ed:bd:ea:d1:f4:84:3c:b6:a7:57:3b:d8:00:47:e6:1b:
         42:b0:dc:e9:50:f4:30:b7:37:96:87:3e:99:69:cf:eb:14:f1:
         13:74:33:81:a9:56:06:d6:8d:63:e7:2d:dd:81:18:2d:04:92:
         c2:19:bf:02:8a:4c:91:93:c2:35:41:22:fe:2b:e1:4b:b1:25:
         06:1d:16:e4:11:b7:61:9e:a7:de:97:52:62:fb:86:c7:b6:a0:
         4c:f7:1e:15:cb:f5:8d:21:85:4e:45:e0:19:7d:97:76:54:e7:
         39:2c:2f:b6:d0:b8:d7:4f:3f:30:b5:c9:0c:dd:39:76:a1:39:
         0b:69:80:5b:66:b9:8a:ec:4c:2d:f2:50:3e:92:1a:16:d3:f9:
         85:d3:71:f3:fa:2d:3a:06:39:e9:4d:c8:f1:a2:09:a7:35:8b:
         c3:e9:03:22:44:65:4c:02:0b:34:40:bd:b3:ed:b1:c8:25:84:
         61:45:62:b0:a7:36:17:ed:46:70:fc:5d:31:fb:17:b9:87:89:
         52:e3:76:2c
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICEKMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RTU3REMxMTAvBgNVBAUTKDIyQjFBNzE3NUU3NUZGRDg0NzM5MUYyQzJFOTY2NUU0
RUVFMUI3NDIwHhcNMjQxMTE4MTExMTU1WhcNMjUwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02NzNiMjBmYi0yMTA5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAstdQGgIU8Q9YmokbFoIlMuXZ0YVe9pJQe5tmXl0Q7LoF16QzNEzAgELruUS/
Bk81o2HxXa4W3TxewFNx2EVbZfJvbAqS67NwtJNxLetcshHt49NXbAaJc/KUhOu0
J1jYLVK6klDxhYOnU3VtaFVVKU+PsqxWvBwJjvbwflTPgd3cePh/GS0JCaVUL4a1
k4eRBbQ7pfVQhYNVJEVKowbCTCz55kEdJ2dndMIb93CKdAunsiiem9MssKzdd+tU
iC/MKEyb4NLD1sZrTPfqZLEzxHBcINEuNNWIVfXslOCQg0eAId0c28A/fHhm+ds3
OmScTaX1lUrP62mgpgRoTqq3oQIDAQABo4ICmzCCApcwHQYDVR0OBBYEFLEKG6oG
zcbFlMm6pmOrW6nMizoWMB8GA1UdIwQYMBaAFCKxpxdedf/YRzkfLC6WZeTu4bdC
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFNTdEQy8zNUY3OTg2NjFG
MDExMUU5QjFBQTk0MzZDNEY5QUUwMi9JckduRjE1MV85aEhPUjhzTHBabDVPN2h0
MEkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0lyR25GMTUxXzloSE9SOHNMcFpsNU83aHQwSS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RTU3REMvMzVGNzk4NjYxRjAxMTFFOUIxQUE5NDM2QzRGOUFFMDIvRUY2REU5RjQx
OEUyMTFFRkI5QzcxOTNFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBAJnVsADBADcmHIwDQYJKoZIhvcNAQELBQADggEBAJ4GtBN+
D+n54QYHZrhdk86g0U3/IA4MVQLkOmH3U8m4vNK/qSGlcnfaYbqKNBWMYscw/IDG
brjW7b3q0fSEPLanVzvYAEfmG0Kw3OlQ9DC3N5aHPplpz+sU8RN0M4GpVgbWjWPn
Ld2BGC0EksIZvwKKTJGTwjVBIv4r4UuxJQYdFuQRt2Gep96XUmL7hse2oEz3HhXL
9Y0hhU5F4Bl9l3ZU5zksL7bQuNdPPzC1yQzdOXahOQtpgFtmuYrsTC3yUD6SGhbT
+YXTcfP6LToGOelNyPGiCac1i8PpAyJEZUwCCzRAvbPtscglhGFFYrCnNhftRnD8
XTH7F7mHiVLjdiw=
-----END CERTIFICATE-----