Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9128992/FADBC56C87A111E5AEB47F4DC4F9AE02/3FDC5DFEF42011E98CE43179C4F9AE02.roa
File:                     3FDC5DFEF42011E98CE43179C4F9AE02.roa (raw, json)
Hash identifier:          huC5Yeke3dIwskqCPrq2YN2aGfdbywZxUdnF7OG37wY=
Subject key identifier:   1E:7A:D9:4D:E4:86:E1:EB:89:F1:99:C7:74:49:7A:3F:8A:9A:E1:11
Certificate issuer:       /CN=A9128992/serialNumber=79014A5F07319F0460FCD04FC4AAABCCE09ED344
Certificate serial:       22B2
Authority key identifier: 79:01:4A:5F:07:31:9F:04:60:FC:D0:4F:C4:AA:AB:CC:E0:9E:D3:44
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/eQFKXwcxnwRg_NBPxKqrzOCe00Q.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9128992/FADBC56C87A111E5AEB47F4DC4F9AE02/3FDC5DFEF42011E98CE43179C4F9AE02.roa
Signing time:             Mon 26 Aug 2024 16:23:07 +0000
ROA not before:           Mon 26 Aug 2024 16:23:07 +0000
ROA not after:            Fri 31 Oct 2025 00:00:00 +0000
asID:                     45282
IP address blocks:        123.176.56.0/22 maxlen: 22
                          123.176.56.0/24 maxlen: 24
                          123.176.57.0/24 maxlen: 24
                          123.176.58.0/24 maxlen: 24
                          123.176.59.0/24 maxlen: 24
                          202.129.192.0/22 maxlen: 22
                          202.129.192.0/24 maxlen: 24
                          202.129.193.0/24 maxlen: 24
                          202.129.194.0/24 maxlen: 24
                          202.129.195.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 09 Sep 2024 10:33:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 8882 (0x22b2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9128992/serialNumber=79014A5F07319F0460FCD04FC4AAABCCE09ED344
        Validity
            Not Before: Aug 26 16:23:07 2024 GMT
            Not After : Oct 31 00:00:00 2025 GMT
        Subject: CN=66ccabeb-4e6d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:ab:f5:07:2a:6e:0b:f9:72:de:f4:d1:79:93:
                    5d:7e:b8:36:35:69:1b:46:68:ec:45:2d:37:67:76:
                    df:25:f7:04:60:92:0d:6d:b4:28:6d:43:a7:13:8c:
                    a3:47:d4:69:14:bf:86:4c:b3:3e:a6:01:ce:7d:90:
                    eb:81:07:37:fc:1d:fc:d2:8e:12:87:a6:44:6f:37:
                    01:38:85:ae:01:03:ad:c9:84:ca:cf:cc:c8:aa:9b:
                    32:be:31:be:f1:cb:73:66:25:3e:ef:88:57:4d:e5:
                    87:b8:64:32:44:f1:a0:41:6f:3b:0d:b0:99:14:64:
                    a7:70:11:9e:fe:64:9a:bc:b1:df:c5:7a:a0:d5:1e:
                    1a:15:6b:76:9f:98:a2:fe:ef:68:b5:8c:0e:66:b5:
                    4f:13:82:a7:54:7a:3d:e5:39:a7:ed:3d:73:c3:20:
                    78:16:bf:3e:0e:0f:0d:f3:db:33:a8:1b:58:f3:16:
                    b9:f3:cd:99:fe:f0:cb:44:dc:df:a2:a0:01:61:95:
                    1a:4f:98:25:09:34:a8:8d:43:e4:11:5c:0c:48:be:
                    b1:87:3d:b3:e7:e5:a2:00:81:aa:dc:2e:47:9f:0d:
                    cb:48:75:b9:66:fa:15:05:a5:84:1f:af:f3:e8:f4:
                    81:f5:55:78:ab:e8:c9:eb:fa:d8:39:ef:96:a6:c9:
                    a1:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:7A:D9:4D:E4:86:E1:EB:89:F1:99:C7:74:49:7A:3F:8A:9A:E1:11
            X509v3 Authority Key Identifier:
                keyid:79:01:4A:5F:07:31:9F:04:60:FC:D0:4F:C4:AA:AB:CC:E0:9E:D3:44

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9128992/FADBC56C87A111E5AEB47F4DC4F9AE02/eQFKXwcxnwRg_NBPxKqrzOCe00Q.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/eQFKXwcxnwRg_NBPxKqrzOCe00Q.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9128992/FADBC56C87A111E5AEB47F4DC4F9AE02/3FDC5DFEF42011E98CE43179C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  123.176.56.0/22
                  202.129.192.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9d:3c:a0:60:7b:71:a0:6e:68:70:de:41:e4:d6:8b:6b:fa:63:
         a1:74:e2:a7:c8:a1:6a:a2:2a:0c:b2:45:7b:ad:38:86:af:1f:
         e7:ab:b3:7b:3c:2b:a1:88:2f:94:ea:db:80:80:24:e2:e8:f7:
         80:8b:61:5e:1a:7a:b8:77:b2:d7:3b:a0:90:98:d3:54:f3:2d:
         a7:d6:c1:26:2c:02:8e:5b:5c:5a:31:a4:a4:7b:e2:a4:8b:17:
         a3:dd:57:33:ad:52:2b:e4:6b:3d:03:6c:59:8d:ea:46:43:6a:
         ec:5a:e0:f6:56:6b:73:ad:6c:30:12:ae:da:c0:95:20:52:4f:
         5b:93:1d:3a:10:d5:ef:c1:30:a0:3c:88:d9:d0:77:94:36:de:
         e3:fe:68:88:46:b6:1f:2e:26:74:9d:fa:7f:e3:73:4f:fc:db:
         fc:38:38:72:b7:74:24:d2:08:d7:c0:19:11:b8:ac:00:83:7a:
         79:47:f6:59:49:87:4c:9c:f5:05:8d:48:f4:81:37:4b:a8:aa:
         4d:b3:04:2b:80:f5:cf:58:e3:11:59:9c:5d:8d:31:4a:7a:73:
         bc:1a:7b:c3:c2:c8:12:0b:4b:39:8d:1f:81:78:b8:4f:1a:12:
         2d:ba:bf:ec:7b:4c:6b:0a:ba:7d:09:25:5e:da:f5:50:a7:14:
         0d:4c:81:2e
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICIrIwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Mjg5OTIxMTAvBgNVBAUTKDc5MDE0QTVGMDczMTlGMDQ2MEZDRDA0RkM0QUFBQkND
RTA5RUQzNDQwHhcNMjQwODI2MTYyMzA3WhcNMjUxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NmNjYWJlYi00ZTZkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA26v1BypuC/ly3vTReZNdfrg2NWkbRmjsRS03Z3bfJfcEYJINbbQobUOnE4yj
R9RpFL+GTLM+pgHOfZDrgQc3/B380o4Sh6ZEbzcBOIWuAQOtyYTKz8zIqpsyvjG+
8ctzZiU+74hXTeWHuGQyRPGgQW87DbCZFGSncBGe/mSavLHfxXqg1R4aFWt2n5ii
/u9otYwOZrVPE4KnVHo95Tmn7T1zwyB4Fr8+Dg8N89szqBtY8xa5882Z/vDLRNzf
oqABYZUaT5glCTSojUPkEVwMSL6xhz2z5+WiAIGq3C5Hnw3LSHW5ZvoVBaWEH6/z
6PSB9VV4q+jJ6/rYOe+WpsmhCwIDAQABo4ICmzCCApcwHQYDVR0OBBYEFB562U3k
huHrifGZx3RJej+KmuERMB8GA1UdIwQYMBaAFHkBSl8HMZ8EYPzQT8Sqq8zgntNE
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEyODk5Mi9GQURCQzU2Qzg3
QTExMUU1QUVCNDdGNERDNEY5QUUwMi9lUUZLWHdjeG53UmdfTkJQeEtxcnpPQ2Uw
MFEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2VRRktYd2N4bndSZ19OQlB4S3Fyek9DZTAwUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Mjg5OTIvRkFEQkM1NkM4N0ExMTFFNUFFQjQ3RjREQzRGOUFFMDIvM0ZEQzVERkVG
NDIwMTFFOThDRTQzMTc5QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBAJ7sDgDBALKgcAwDQYJKoZIhvcNAQELBQADggEBAJ08oGB7
caBuaHDeQeTWi2v6Y6F04qfIoWqiKgyyRXutOIavH+ers3s8K6GIL5Tq24CAJOLo
94CLYV4aerh3stc7oJCY01TzLafWwSYsAo5bXFoxpKR74qSLF6PdVzOtUivkaz0D
bFmN6kZDauxa4PZWa3OtbDASrtrAlSBST1uTHToQ1e/BMKA8iNnQd5Q23uP+aIhG
th8uJnSd+n/jc0/82/w4OHK3dCTSCNfAGRG4rACDenlH9llJh0yc9QWNSPSBN0uo
qk2zBCuA9c9Y4xFZnF2NMUp6c7wae8PCyBILSzmNH4F4uE8aEi26v+x7TGsKun0J
JV7a9VCnFA1MgS4=
-----END CERTIFICATE-----