Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/21F8EA6C203B11F086579D0CC4F9AE02.roa
File:                     21F8EA6C203B11F086579D0CC4F9AE02.roa (raw, json)
Hash identifier:          7fQlRmdQFjDYx4MbhrXk5neeaonC8+Sq5lCTySoPykk=
Subject key identifier:   7B:AF:10:5B:34:22:3F:06:EB:0D:EA:2E:3C:8D:C2:EC:A4:D0:8A:F6
Certificate issuer:       /CN=A915A0CD/serialNumber=38193720821E07D6918E3A79FBE0823C6732E264
Certificate serial:       0D12
Authority key identifier: 38:19:37:20:82:1E:07:D6:91:8E:3A:79:FB:E0:82:3C:67:32:E2:64
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/OBk3IIIeB9aRjjp5--CCPGcy4mQ.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/21F8EA6C203B11F086579D0CC4F9AE02.roa
Signing time:             Wed 23 Apr 2025 12:04:40 +0000
ROA not before:           Wed 23 Apr 2025 12:04:40 +0000
ROA not after:            Tue 30 Sep 2025 00:00:00 +0000
asID:                     4766
IP address blocks:        111.92.133.0/24 maxlen: 24
                          111.92.134.0/24 maxlen: 24
                          111.92.139.0/24 maxlen: 24
                          111.92.142.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Wed 23 Apr 2025 12:08:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3346 (0xd12)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A915A0CD, serialNumber=38193720821E07D6918E3A79FBE0823C6732E264
        Validity
            Not Before: Apr 23 12:04:40 2025 GMT
            Not After : Sep 30 00:00:00 2025 GMT
        Subject: CN=6808d757-2b84
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:67:82:9c:50:f8:68:70:62:c9:72:14:32:c3:
                    f2:bf:3b:19:f2:18:56:86:2b:8f:20:b8:0f:b7:0b:
                    9a:e5:1d:cd:8a:0b:bc:a4:40:26:90:80:a4:15:27:
                    b9:42:fb:1c:7a:c4:a6:68:80:b3:90:f5:93:cd:1e:
                    81:9b:ba:7f:9b:7b:41:7e:76:13:fc:31:98:9e:8d:
                    c2:74:51:94:08:a9:73:e3:1e:25:b7:10:b3:2f:a0:
                    f3:2c:46:64:7d:63:aa:72:55:ad:45:06:37:05:f2:
                    3f:c7:6a:99:d6:75:ad:92:a8:48:8d:c4:a6:ad:ef:
                    5c:30:83:e3:a6:ca:0a:b3:e2:54:5f:d4:7f:db:3e:
                    3f:4a:fc:54:6a:88:ad:47:30:41:9a:85:2c:32:95:
                    28:87:b7:89:11:c9:85:fb:94:fa:7b:1f:41:d6:2f:
                    0d:2b:d8:1e:01:b6:d6:5e:66:b2:22:3b:60:93:5e:
                    8a:1e:11:3d:4e:2a:67:95:89:c8:de:df:02:57:1c:
                    fe:87:11:db:2e:4c:3e:88:37:26:b9:78:7e:58:2f:
                    da:42:54:eb:8b:7c:5b:b7:37:d3:85:09:84:84:23:
                    ae:13:cf:26:ed:19:b4:a1:87:92:85:59:63:d7:47:
                    a9:ee:bd:ab:7a:b5:e8:00:32:ce:ae:a6:0d:58:2c:
                    f5:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:AF:10:5B:34:22:3F:06:EB:0D:EA:2E:3C:8D:C2:EC:A4:D0:8A:F6
            X509v3 Authority Key Identifier:
                keyid:38:19:37:20:82:1E:07:D6:91:8E:3A:79:FB:E0:82:3C:67:32:E2:64

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/OBk3IIIeB9aRjjp5--CCPGcy4mQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/OBk3IIIeB9aRjjp5--CCPGcy4mQ.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/21F8EA6C203B11F086579D0CC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  111.92.133.0-111.92.134.255
                  111.92.139.0/24
                  111.92.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5d:af:b4:11:d3:6d:4b:0f:f0:29:ca:40:90:25:d7:8b:24:f7:
         f3:bd:54:ed:3c:aa:dc:c5:e2:b4:d2:78:a2:b7:93:8e:a6:a1:
         92:c4:6c:e4:08:55:30:eb:94:ff:4e:74:87:13:16:cd:31:41:
         b6:84:37:7f:ae:84:e5:c6:44:98:a9:0d:df:23:3c:76:d6:e6:
         93:fc:43:65:ef:83:59:39:9c:f6:67:83:bc:29:e4:49:86:c9:
         96:a8:98:0a:3c:66:ec:04:45:9a:58:61:ae:7a:d4:fe:0d:c0:
         f6:54:cd:49:90:f4:7a:fc:e9:ce:79:7e:8f:4b:fc:3a:e8:69:
         d5:14:2d:35:52:19:47:87:7d:92:8d:88:a3:45:d7:a0:c7:1a:
         32:97:65:4e:6a:8c:9a:f1:5c:e3:96:f6:90:f2:7c:4a:a1:29:
         72:6c:f4:58:1d:a8:0b:28:b7:1e:be:5a:90:d3:3e:28:e3:89:
         0d:f4:25:b0:d3:24:12:64:79:c5:fd:83:f3:4e:5d:c9:0c:0d:
         16:51:27:14:da:14:c1:ba:7c:bf:95:26:22:f8:00:cf:a2:f4:
         be:bc:98:e0:26:f0:39:0d:bc:0e:1d:d3:f1:3d:dd:11:48:9d:
         46:6b:f1:48:90:b6:7b:ca:46:5f:1a:11:66:dc:69:73:d6:91:
         c3:2b:6e:ee
-----BEGIN CERTIFICATE-----
MIIFhTCCBG2gAwIBAgICDRIwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NUEwQ0QxMTAvBgNVBAUTKDM4MTkzNzIwODIxRTA3RDY5MThFM0E3OUZCRTA4MjND
NjczMkUyNjQwHhcNMjUwNDIzMTIwNDQwWhcNMjUwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODA4ZDc1Ny0yYjg0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAvGeCnFD4aHBiyXIUMsPyvzsZ8hhWhiuPILgPtwua5R3Nigu8pEAmkICkFSe5
QvscesSmaICzkPWTzR6Bm7p/m3tBfnYT/DGYno3CdFGUCKlz4x4ltxCzL6DzLEZk
fWOqclWtRQY3BfI/x2qZ1nWtkqhIjcSmre9cMIPjpsoKs+JUX9R/2z4/SvxUaoit
RzBBmoUsMpUoh7eJEcmF+5T6ex9B1i8NK9geAbbWXmayIjtgk16KHhE9TipnlYnI
3t8CVxz+hxHbLkw+iDcmuXh+WC/aQlTri3xbtzfThQmEhCOuE88m7Rm0oYeShVlj
10ep7r2rerXoADLOrqYNWCz1aQIDAQABo4ICqTCCAqUwHQYDVR0OBBYEFHuvEFs0
Ij8G6w3qLjyNwuyk0Ir2MB8GA1UdIwQYMBaAFDgZNyCCHgfWkY46efvggjxnMuJk
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1QTBDRC80NjcyM0YxRTg5
RUMxMUVBODFDMDRGMUVDNEY5QUUwMi9PQmszSUlJZUI5YVJqanA1LS1DQ1BHY3k0
bVEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL09CazNJSUllQjlhUmpqcDUtLUNDUEdjeTRtUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NUEwQ0QvNDY3MjNGMUU4OUVDMTFFQTgxQzA0RjFFQzRGOUFFMDIvMjFGOEVBNkMy
MDNCMTFGMDg2NTc5RDBDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMwYIKwYBBQUHAQcBAf8E
JDAiMCAEAgABMBowDAMEAG9chQMEAG9chgMEAG9ciwMEAG9cjjANBgkqhkiG9w0B
AQsFAAOCAQEAXa+0EdNtSw/wKcpAkCXXiyT3871U7Tyq3MXitNJ4oreTjqahksRs
5AhVMOuU/050hxMWzTFBtoQ3f66E5cZEmKkN3yM8dtbmk/xDZe+DWTmc9meDvCnk
SYbJlqiYCjxm7ARFmlhhrnrU/g3A9lTNSZD0evzpznl+j0v8Ouhp1RQtNVIZR4d9
ko2Io0XXoMcaMpdlTmqMmvFc45b2kPJ8SqEpcmz0WB2oCyi3Hr5akNM+KOOJDfQl
sNMkEmR5xf2D805dyQwNFlEnFNoUwbp8v5UmIvgAz6L0vryY4CbwOQ28Dh3T8T3d
EUidRmvxSJC2e8pGXxoRZtxpc9aRwytu7g==
-----END CERTIFICATE-----