Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91EC9A5/0E82C2ECC4F011EA91DCDF77C4F9AE02/3F8885F6E3A511EFA18ECA74C4F9AE02.roa
File:                     3F8885F6E3A511EFA18ECA74C4F9AE02.roa (raw, json)
Hash identifier:          in7BXwEBZteFsHDe78GgyfyN6hM0sBCL/wpju2mRhqs=
Subject key identifier:   E2:70:92:EE:43:37:F7:3B:2A:48:57:B0:9B:E4:EC:74:84:A9:E2:60
Certificate issuer:       /CN=A91EC9A5/serialNumber=E83FCF4C6FC8D74F3B6AB425606E2BC7746D6640
Certificate serial:       0859
Authority key identifier: E8:3F:CF:4C:6F:C8:D7:4F:3B:6A:B4:25:60:6E:2B:C7:74:6D:66:40
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/6D_PTG_I1087arQlYG4rx3RtZkA.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91EC9A5/0E82C2ECC4F011EA91DCDF77C4F9AE02/3F8885F6E3A511EFA18ECA74C4F9AE02.roa
Signing time:             Wed 05 Feb 2025 09:40:35 +0000
ROA not before:           Wed 05 Feb 2025 09:40:35 +0000
ROA not after:            Thu 01 May 2025 00:00:00 +0000
asID:                     136246
IP address blocks:        14.128.12.0/24 maxlen: 24
                          14.128.13.0/24 maxlen: 24
                          14.128.14.0/24 maxlen: 24
                          14.128.15.0/24 maxlen: 24
                          103.84.172.0/24 maxlen: 24
                          103.84.173.0/24 maxlen: 24
                          103.84.174.0/24 maxlen: 24
                          103.84.175.0/24 maxlen: 24
                          2400:a2c0::/32 maxlen: 32
Validation:               Failed, certificate revoked on Wed 05 Feb 2025 16:37:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2137 (0x859)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91EC9A5
        Validity
            Not Before: Feb  5 09:40:35 2025 GMT
            Not After : May  1 00:00:00 2025 GMT
        Subject: CN=67a33212-0af1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:a5:5a:7b:51:7c:3b:3f:63:24:c2:9a:be:c6:
                    6f:2b:e4:81:0e:84:2f:96:ed:51:35:69:d6:dc:62:
                    6e:fe:11:b7:0b:5c:3c:ae:9c:69:a1:ad:c3:2e:39:
                    3c:4b:3c:ed:e1:8a:44:36:f3:ae:82:84:04:ee:88:
                    76:f9:cf:af:d1:79:26:29:a3:3b:4e:a2:16:d1:5a:
                    a6:66:3c:ce:7f:91:82:b5:60:a0:05:1f:99:d6:25:
                    24:d0:82:bf:ff:80:08:79:74:d7:2d:a5:4c:d5:1b:
                    f6:95:8c:90:60:9f:71:3d:69:a8:26:39:18:6d:d7:
                    87:9d:95:ba:6c:45:2a:69:d9:f5:68:44:b0:f1:d9:
                    4f:87:55:54:d0:12:8e:6e:08:d4:73:fd:ce:07:50:
                    93:8d:5b:8e:1b:a1:c6:a4:f4:8b:aa:31:b1:e0:86:
                    b7:e0:1c:fb:66:f0:12:f8:a6:7f:8c:e4:f4:d7:b7:
                    66:9d:56:8f:1e:b9:f7:d5:84:61:8a:0a:0d:0e:98:
                    3b:ed:ae:a3:3b:1c:07:d0:ee:c9:11:eb:93:2e:91:
                    b9:d1:67:4d:a9:2c:69:dd:82:25:8b:4b:af:20:14:
                    77:df:35:eb:2d:5f:9e:22:f1:15:4e:53:3b:62:f7:
                    bd:a3:7e:dc:f9:a5:00:22:09:13:3c:74:5b:c2:ab:
                    1f:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:70:92:EE:43:37:F7:3B:2A:48:57:B0:9B:E4:EC:74:84:A9:E2:60
            X509v3 Authority Key Identifier:
                keyid:E8:3F:CF:4C:6F:C8:D7:4F:3B:6A:B4:25:60:6E:2B:C7:74:6D:66:40

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91EC9A5/0E82C2ECC4F011EA91DCDF77C4F9AE02/6D_PTG_I1087arQlYG4rx3RtZkA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/6D_PTG_I1087arQlYG4rx3RtZkA.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91EC9A5/0E82C2ECC4F011EA91DCDF77C4F9AE02/3F8885F6E3A511EFA18ECA74C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  14.128.12.0/22
                  103.84.172.0/22
                IPv6:
                  2400:a2c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         5e:55:41:bd:97:84:fa:5d:a4:48:5b:b0:37:29:84:13:2e:4d:
         0f:8d:a8:8b:fd:62:b4:e1:ae:f1:fe:72:fd:a2:6a:3f:e8:8a:
         c4:9a:09:04:8b:22:15:ec:93:89:da:f7:d0:f8:79:e4:6b:4b:
         78:35:a4:0e:7c:d8:62:03:ee:3a:ff:79:0b:f3:54:83:b0:2d:
         c6:a0:b7:d3:af:72:26:6c:f6:30:da:f3:5e:56:6f:e5:df:2b:
         93:1a:8c:44:2e:f8:15:34:ca:68:5c:03:e9:c1:d9:ec:cd:63:
         4e:16:8a:bd:ef:68:bb:1e:87:82:6c:b3:27:34:08:1f:d0:67:
         c1:72:6b:79:3a:94:01:e6:2c:98:10:a4:93:de:e8:3c:fe:f2:
         ee:a5:4f:1d:a9:fd:bb:e2:92:62:1b:0a:e7:91:9a:ca:23:3b:
         37:52:86:37:9e:1d:0a:54:55:e6:95:0d:10:30:a2:28:c5:cc:
         63:06:2d:a3:3e:bd:01:51:a6:8c:2e:99:7b:d0:89:8f:54:7a:
         af:df:1b:02:01:e0:20:c1:ba:33:5b:d2:38:20:81:73:ce:e9:
         d7:55:ea:aa:20:ce:5a:9f:a0:06:26:a8:82:f3:3b:88:61:98:
         d0:92:83:53:cb:4a:9c:da:d6:c8:66:ac:02:8b:17:02:45:52:
         6f:4a:2d:5c
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgICCFkwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RUM5QTUxMTAvBgNVBAUTKEU4M0ZDRjRDNkZDOEQ3NEYzQjZBQjQyNTYwNkUyQkM3
NzQ2RDY2NDAwHhcNMjUwMjA1MDk0MDM1WhcNMjUwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02N2EzMzIxMi0wYWYxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAo6Vae1F8Oz9jJMKavsZvK+SBDoQvlu1RNWnW3GJu/hG3C1w8rpxpoa3DLjk8
Szzt4YpENvOugoQE7oh2+c+v0XkmKaM7TqIW0VqmZjzOf5GCtWCgBR+Z1iUk0IK/
/4AIeXTXLaVM1Rv2lYyQYJ9xPWmoJjkYbdeHnZW6bEUqadn1aESw8dlPh1VU0BKO
bgjUc/3OB1CTjVuOG6HGpPSLqjGx4Ia34Bz7ZvAS+KZ/jOT017dmnVaPHrn31YRh
igoNDpg77a6jOxwH0O7JEeuTLpG50WdNqSxp3YIli0uvIBR33zXrLV+eIvEVTlM7
Yve9o37c+aUAIgkTPHRbwqsfwwIDAQABo4ICqjCCAqYwHQYDVR0OBBYEFOJwku5D
N/c7KkhXsJvk7HSEqeJgMB8GA1UdIwQYMBaAFOg/z0xvyNdPO2q0JWBuK8d0bWZA
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFQzlBNS8wRTgyQzJFQ0M0
RjAxMUVBOTFEQ0RGNzdDNEY5QUUwMi82RF9QVEdfSTEwODdhclFsWUc0cngzUnRa
a0EuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzZEX1BUR19JMTA4N2FyUWxZRzRyeDNSdFprQS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RUM5QTUvMEU4MkMyRUNDNEYwMTFFQTkxRENERjc3QzRGOUFFMDIvM0Y4ODg1RjZF
M0E1MTFFRkExOEVDQTc0QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNAYIKwYBBQUHAQcBAf8E
JTAjMBIEAgABMAwDBAIOgAwDBAJnVKwwDQQCAAIwBwMFACQAosAwDQYJKoZIhvcN
AQELBQADggEBAF5VQb2XhPpdpEhbsDcphBMuTQ+NqIv9YrThrvH+cv2iaj/oisSa
CQSLIhXsk4na99D4eeRrS3g1pA582GID7jr/eQvzVIOwLcagt9OvciZs9jDa815W
b+XfK5MajEQu+BU0ymhcA+nB2ezNY04Wir3vaLseh4Jssyc0CB/QZ8Fya3k6lAHm
LJgQpJPe6Dz+8u6lTx2p/bvikmIbCueRmsojOzdShjeeHQpUVeaVDRAwoijFzGMG
LaM+vQFRpowumXvQiY9Ueq/fGwIB4CDBujNb0jgggXPO6ddV6qogzlqfoAYmqILz
O4hhmNCSg1PLSpza1shmrAKLFwJFUm9KLVw=
-----END CERTIFICATE-----