Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/237527D219E911F0A9998561C4F9AE02.roa
File:                     237527D219E911F0A9998561C4F9AE02.roa (raw, json)
Hash identifier:          gOPjAtTJeIKGjxQNR/5RIGjn5xFdTs0eDietLghhFms=
Subject key identifier:   31:2E:AF:2B:48:98:AA:F6:EB:30:DE:79:B1:E6:C0:2E:BB:0D:F4:8A
Certificate issuer:       /CN=A915A0CD/serialNumber=38193720821E07D6918E3A79FBE0823C6732E264
Certificate serial:       0D06
Authority key identifier: 38:19:37:20:82:1E:07:D6:91:8E:3A:79:FB:E0:82:3C:67:32:E2:64
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/OBk3IIIeB9aRjjp5--CCPGcy4mQ.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/237527D219E911F0A9998561C4F9AE02.roa
Signing time:             Tue 15 Apr 2025 11:02:36 +0000
ROA not before:           Tue 15 Apr 2025 11:02:36 +0000
ROA not after:            Tue 30 Sep 2025 00:00:00 +0000
asID:                     2914
IP address blocks:        111.92.131.0/24 maxlen: 24
                          111.92.133.0/24 maxlen: 24
                          111.92.134.0/24 maxlen: 24
                          111.92.139.0/24 maxlen: 24
                          111.92.142.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Wed 23 Apr 2025 12:04:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3334 (0xd06)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A915A0CD, serialNumber=38193720821E07D6918E3A79FBE0823C6732E264
        Validity
            Not Before: Apr 15 11:02:36 2025 GMT
            Not After : Sep 30 00:00:00 2025 GMT
        Subject: CN=67fe3ccc-aead
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:7c:13:16:96:69:11:53:f2:1a:27:3f:8a:c8:
                    3b:54:43:0b:13:4f:71:7e:bc:12:53:e3:0f:3e:41:
                    c1:46:5d:60:ed:55:77:cc:bd:61:3f:a9:d1:9e:1a:
                    cb:a6:6a:80:2f:3c:7c:3c:67:a5:da:51:ae:33:c0:
                    43:4d:6d:d4:23:02:71:3c:95:05:cc:d3:20:a0:d4:
                    a6:ff:90:35:ce:32:1a:38:d6:8f:ed:7c:e8:62:3a:
                    73:d4:c5:26:b9:1e:14:72:a7:94:ed:fc:eb:c0:1a:
                    ba:27:0c:28:3d:33:32:c8:2e:33:6d:97:74:50:0b:
                    e2:76:8c:2d:e6:8f:a5:36:97:76:b1:c6:f5:ec:d8:
                    35:58:2c:86:e7:9f:18:1a:cc:7b:c6:4b:cd:dd:56:
                    92:bc:89:ce:2e:14:8f:8e:00:7b:3d:85:c7:6f:86:
                    cd:a9:dc:cd:fb:ea:fe:94:a0:49:da:7f:38:ba:c8:
                    5a:af:7f:88:52:ef:07:2c:9b:b6:a9:ab:89:75:3e:
                    40:07:a4:f2:c0:0f:53:18:82:3d:cb:7d:33:91:7e:
                    88:08:47:93:74:ad:f1:d7:50:74:1b:08:aa:f4:d0:
                    bd:3d:74:09:78:01:59:6f:a9:72:ee:0e:82:9c:67:
                    2f:ed:58:50:ab:ee:25:3d:52:42:35:4f:15:2c:a6:
                    a4:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:2E:AF:2B:48:98:AA:F6:EB:30:DE:79:B1:E6:C0:2E:BB:0D:F4:8A
            X509v3 Authority Key Identifier:
                keyid:38:19:37:20:82:1E:07:D6:91:8E:3A:79:FB:E0:82:3C:67:32:E2:64

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/OBk3IIIeB9aRjjp5--CCPGcy4mQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/OBk3IIIeB9aRjjp5--CCPGcy4mQ.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/237527D219E911F0A9998561C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  111.92.131.0/24
                  111.92.133.0-111.92.134.255
                  111.92.139.0/24
                  111.92.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1d:64:a8:59:c1:b8:39:77:cd:8f:38:fd:10:8d:af:c9:cd:d0:
         6d:4b:b2:b2:9b:22:6f:fb:e9:b1:f7:81:32:e5:6a:c7:6c:04:
         41:fa:ad:2b:2b:16:0b:80:44:17:a6:fb:a7:2d:23:bd:8a:0e:
         1a:46:57:1a:c6:36:92:24:0e:92:47:43:94:8f:db:fa:f1:ff:
         71:58:30:84:9b:80:21:31:d5:4a:d3:19:84:f0:11:6c:da:40:
         30:ec:f0:20:6e:31:16:af:7b:d7:13:2d:a9:b1:19:32:85:09:
         3c:c1:06:4a:b5:4d:bd:97:63:c2:e0:00:8c:97:80:b3:23:c0:
         53:e6:4f:94:29:d1:9d:40:49:3d:b9:ab:a8:f2:22:8c:c1:c2:
         60:cd:73:b7:50:da:b2:ba:64:64:4e:64:93:bd:ac:44:4b:cc:
         3d:21:6e:cd:6b:63:8e:11:ba:bb:b5:1e:0a:94:54:f1:aa:1c:
         31:21:b5:6f:0f:50:74:e7:5b:32:a9:28:0c:11:ad:8d:06:3f:
         9d:6d:19:de:ac:a6:e2:67:0a:dc:15:ed:ec:81:f6:61:fa:79:
         03:8b:70:b5:cf:8a:64:06:7c:48:63:59:02:6b:46:e2:d8:3d:
         67:fd:b3:27:67:e1:03:58:37:13:75:a0:5c:19:7a:45:8f:8e:
         c7:63:48:d6
-----BEGIN CERTIFICATE-----
MIIFizCCBHOgAwIBAgICDQYwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NUEwQ0QxMTAvBgNVBAUTKDM4MTkzNzIwODIxRTA3RDY5MThFM0E3OUZCRTA4MjND
NjczMkUyNjQwHhcNMjUwNDE1MTEwMjM2WhcNMjUwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02N2ZlM2NjYy1hZWFkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAuHwTFpZpEVPyGic/isg7VEMLE09xfrwSU+MPPkHBRl1g7VV3zL1hP6nRnhrL
pmqALzx8PGel2lGuM8BDTW3UIwJxPJUFzNMgoNSm/5A1zjIaONaP7XzoYjpz1MUm
uR4UcqeU7fzrwBq6JwwoPTMyyC4zbZd0UAvidowt5o+lNpd2scb17Ng1WCyG558Y
Gsx7xkvN3VaSvInOLhSPjgB7PYXHb4bNqdzN++r+lKBJ2n84ushar3+IUu8HLJu2
qauJdT5AB6TywA9TGII9y30zkX6ICEeTdK3x11B0Gwiq9NC9PXQJeAFZb6ly7g6C
nGcv7VhQq+4lPVJCNU8VLKakDwIDAQABo4ICrzCCAqswHQYDVR0OBBYEFDEurytI
mKr26zDeebHmwC67DfSKMB8GA1UdIwQYMBaAFDgZNyCCHgfWkY46efvggjxnMuJk
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1QTBDRC80NjcyM0YxRTg5
RUMxMUVBODFDMDRGMUVDNEY5QUUwMi9PQmszSUlJZUI5YVJqanA1LS1DQ1BHY3k0
bVEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL09CazNJSUllQjlhUmpqcDUtLUNDUEdjeTRtUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NUEwQ0QvNDY3MjNGMUU4OUVDMTFFQTgxQzA0RjFFQzRGOUFFMDIvMjM3NTI3RDIx
OUU5MTFGMEE5OTk4NTYxQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwOQYIKwYBBQUHAQcBAf8E
KjAoMCYEAgABMCADBABvXIMwDAMEAG9chQMEAG9chgMEAG9ciwMEAG9cjjANBgkq
hkiG9w0BAQsFAAOCAQEAHWSoWcG4OXfNjzj9EI2vyc3QbUuyspsib/vpsfeBMuVq
x2wEQfqtKysWC4BEF6b7py0jvYoOGkZXGsY2kiQOkkdDlI/b+vH/cVgwhJuAITHV
StMZhPARbNpAMOzwIG4xFq971xMtqbEZMoUJPMEGSrVNvZdjwuAAjJeAsyPAU+ZP
lCnRnUBJPbmrqPIijMHCYM1zt1DasrpkZE5kk72sREvMPSFuzWtjjhG6u7UeCpRU
8aocMSG1bw9QdOdbMqkoDBGtjQY/nW0Z3qym4mcK3BXt7IH2Yfp5A4twtc+KZAZ8
SGNZAmtG4tg9Z/2zJ2fhA1g3E3WgXBl6RY+Ox2NI1g==
-----END CERTIFICATE-----