Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/0AAAFDF0689311F0B3DD392AC4F9AE02.roa
File:                     0AAAFDF0689311F0B3DD392AC4F9AE02.roa (raw, json)
Hash identifier:          IzrlLOH8w5oVgm2xFIxOHSLDdcRbewh0wiowOsNOP24=
Subject key identifier:   2B:AE:E7:A8:A8:FA:98:09:09:06:36:E2:1B:0F:4E:59:4A:A5:BF:D3
Certificate issuer:       /CN=A915A0CD/serialNumber=38193720821E07D6918E3A79FBE0823C6732E264
Certificate serial:       0DB3
Authority key identifier: 38:19:37:20:82:1E:07:D6:91:8E:3A:79:FB:E0:82:3C:67:32:E2:64
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/OBk3IIIeB9aRjjp5--CCPGcy4mQ.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/0AAAFDF0689311F0B3DD392AC4F9AE02.roa
Signing time:             Thu 24 Jul 2025 13:35:20 +0000
ROA not before:           Thu 24 Jul 2025 13:35:20 +0000
ROA not after:            Wed 30 Sep 2026 00:00:00 +0000
asID:                     2914
IP address blocks:        111.92.131.0/24 maxlen: 24
                          111.92.133.0/24 maxlen: 24
                          111.92.134.0/24 maxlen: 24
                          111.92.139.0/24 maxlen: 24
                          111.92.142.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Tue 05 Aug 2025 17:56:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3507 (0xdb3)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A915A0CD, serialNumber=38193720821E07D6918E3A79FBE0823C6732E264
        Validity
            Not Before: Jul 24 13:35:20 2025 GMT
            Not After : Sep 30 00:00:00 2026 GMT
        Subject: CN=68823697-edb9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:42:9a:7b:1a:86:6a:56:e7:5c:37:74:5c:a0:
                    9a:67:4f:f9:3e:e2:ab:7e:52:a5:12:1b:6b:1e:a4:
                    ae:65:66:31:f1:64:76:d9:3d:88:c7:ee:d7:06:e3:
                    c9:c2:bc:8a:f3:2b:23:61:58:9f:a5:fe:67:37:f5:
                    9c:bb:d3:83:04:57:7d:00:07:e0:cb:74:98:00:5c:
                    96:fc:f3:5d:75:ef:15:2b:c1:36:36:ff:9d:51:e0:
                    ff:19:5c:e5:80:fe:50:bd:ab:4f:c9:44:57:bf:f3:
                    58:e4:4a:c0:13:99:5b:72:ce:ca:e0:52:6b:d5:80:
                    92:72:86:aa:be:83:b2:de:da:96:8e:e1:07:b4:dc:
                    ea:bc:20:0c:b2:d5:c4:90:3b:47:26:8e:b8:b8:7a:
                    02:0e:48:04:ee:34:58:fb:c3:99:d6:c7:15:04:48:
                    7e:02:10:ad:f9:86:46:7f:06:7a:78:8e:7f:9f:7e:
                    00:8a:43:2e:94:63:de:49:b8:12:75:66:aa:fc:60:
                    16:0f:da:37:43:99:84:8e:b9:7a:cb:89:6f:7c:92:
                    c0:b1:bf:90:10:48:e8:50:f5:9d:9a:59:16:d3:16:
                    3d:ce:ab:02:8d:92:da:9d:8b:16:c2:fc:2b:7a:b6:
                    87:08:7b:35:97:d4:2d:23:6b:cc:08:9a:21:90:10:
                    44:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:AE:E7:A8:A8:FA:98:09:09:06:36:E2:1B:0F:4E:59:4A:A5:BF:D3
            X509v3 Authority Key Identifier:
                keyid:38:19:37:20:82:1E:07:D6:91:8E:3A:79:FB:E0:82:3C:67:32:E2:64

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/OBk3IIIeB9aRjjp5--CCPGcy4mQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/OBk3IIIeB9aRjjp5--CCPGcy4mQ.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/0AAAFDF0689311F0B3DD392AC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  111.92.131.0/24
                  111.92.133.0-111.92.134.255
                  111.92.139.0/24
                  111.92.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         46:d8:9e:7d:f6:1f:aa:46:d0:c7:a6:49:24:67:41:66:5f:a5:
         45:83:17:2d:73:46:93:8c:2f:8f:03:a9:fa:2b:51:15:a6:50:
         d2:e7:f1:b0:27:62:84:68:de:f4:f4:1a:c7:9f:3c:a3:09:7d:
         cc:1f:5b:7d:8b:08:aa:cd:4f:f5:09:e4:67:06:2c:80:15:91:
         fd:c6:a7:78:4f:a3:53:0b:af:fc:46:d7:20:b4:8e:17:f6:2c:
         c0:d5:1f:fe:7c:b2:08:c5:ae:8d:cd:41:7b:71:87:ed:e1:0c:
         55:ec:f9:be:e7:1f:3b:49:b3:3e:2e:5f:66:7b:58:45:a5:07:
         97:56:1f:7b:56:8b:ca:91:10:06:69:2b:67:7b:be:c0:8c:ec:
         f2:31:bc:27:75:d4:df:15:ef:78:52:0e:b4:3b:81:6e:22:6c:
         a1:50:e4:6c:12:8f:c8:bd:50:43:ce:14:22:2a:75:5f:f8:f2:
         f6:0a:9e:b8:0e:50:25:e2:ee:ff:bd:b0:ed:4c:6d:04:85:3a:
         5a:32:e3:88:73:ff:0d:a4:b0:19:5b:3a:dd:2c:8e:d8:b1:e2:
         b2:61:85:45:fa:e9:27:7f:be:c2:57:21:aa:97:52:b8:ad:fb:
         0f:70:d6:b9:c5:8c:61:8b:93:36:21:ba:89:10:24:89:ba:44:
         e2:81:73:22
-----BEGIN CERTIFICATE-----
MIIFizCCBHOgAwIBAgICDbMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NUEwQ0QxMTAvBgNVBAUTKDM4MTkzNzIwODIxRTA3RDY5MThFM0E3OUZCRTA4MjND
NjczMkUyNjQwHhcNMjUwNzI0MTMzNTIwWhcNMjYwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODgyMzY5Ny1lZGI5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAo0KaexqGalbnXDd0XKCaZ0/5PuKrflKlEhtrHqSuZWYx8WR22T2Ix+7XBuPJ
wryK8ysjYVifpf5nN/Wcu9ODBFd9AAfgy3SYAFyW/PNdde8VK8E2Nv+dUeD/GVzl
gP5QvatPyURXv/NY5ErAE5lbcs7K4FJr1YCScoaqvoOy3tqWjuEHtNzqvCAMstXE
kDtHJo64uHoCDkgE7jRY+8OZ1scVBEh+AhCt+YZGfwZ6eI5/n34AikMulGPeSbgS
dWaq/GAWD9o3Q5mEjrl6y4lvfJLAsb+QEEjoUPWdmlkW0xY9zqsCjZLanYsWwvwr
eraHCHs1l9QtI2vMCJohkBBE3wIDAQABo4ICrzCCAqswHQYDVR0OBBYEFCuu56io
+pgJCQY24hsPTllKpb/TMB8GA1UdIwQYMBaAFDgZNyCCHgfWkY46efvggjxnMuJk
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1QTBDRC80NjcyM0YxRTg5
RUMxMUVBODFDMDRGMUVDNEY5QUUwMi9PQmszSUlJZUI5YVJqanA1LS1DQ1BHY3k0
bVEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL09CazNJSUllQjlhUmpqcDUtLUNDUEdjeTRtUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NUEwQ0QvNDY3MjNGMUU4OUVDMTFFQTgxQzA0RjFFQzRGOUFFMDIvMEFBQUZERjA2
ODkzMTFGMEIzREQzOTJBQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwOQYIKwYBBQUHAQcBAf8E
KjAoMCYEAgABMCADBABvXIMwDAMEAG9chQMEAG9chgMEAG9ciwMEAG9cjjANBgkq
hkiG9w0BAQsFAAOCAQEARtieffYfqkbQx6ZJJGdBZl+lRYMXLXNGk4wvjwOp+itR
FaZQ0ufxsCdihGje9PQax588owl9zB9bfYsIqs1P9QnkZwYsgBWR/caneE+jUwuv
/EbXILSOF/YswNUf/nyyCMWujc1Be3GH7eEMVez5vucfO0mzPi5fZntYRaUHl1Yf
e1aLypEQBmkrZ3u+wIzs8jG8J3XU3xXveFIOtDuBbiJsoVDkbBKPyL1QQ84UIip1
X/jy9gqeuA5QJeLu/72w7UxtBIU6WjLjiHP/DaSwGVs63SyO2LHismGFRfrpJ3++
wlchqpdSuK37D3DWucWMYYuTNiG6iRAkibpE4oFzIg==
-----END CERTIFICATE-----