Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91CB7AB/56786568400911EBA374225BC4F9AE02/39FC9C9AE4F911EEA9F9CA4BC4F9AE02.roa
File:                     39FC9C9AE4F911EEA9F9CA4BC4F9AE02.roa (raw, json)
Hash identifier:          jEeorARAxrOadb7ItxkqLKbl9okbJNSrNoJuDE8UmE4=
Subject key identifier:   16:92:83:2C:1A:67:5F:B9:21:74:18:A3:05:21:B4:14:8A:6F:79:CF
Certificate issuer:       /CN=A91CB7AB/serialNumber=3DE9D3DFF6E048FD908146502E4F08E456F3D9BC
Certificate serial:       0736
Authority key identifier: 3D:E9:D3:DF:F6:E0:48:FD:90:81:46:50:2E:4F:08:E4:56:F3:D9:BC
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/PenT3_bgSP2QgUZQLk8I5Fbz2bw.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91CB7AB/56786568400911EBA374225BC4F9AE02/39FC9C9AE4F911EEA9F9CA4BC4F9AE02.roa
Signing time:             Mon 18 Mar 2024 07:29:17 +0000
ROA not before:           Mon 18 Mar 2024 07:29:17 +0000
ROA not after:            Mon 31 Mar 2025 00:00:00 +0000
asID:                     5065
IP address blocks:        202.139.244.0/22 maxlen: 24
                          203.147.224.0/23 maxlen: 24
                          203.147.232.0/23 maxlen: 24
                          203.147.234.0/23 maxlen: 24
                          203.147.238.0/23 maxlen: 24
                          210.247.128.0/21 maxlen: 24
                          210.247.160.0/21 maxlen: 24
                          210.247.208.0/22 maxlen: 24

Validation:               Failed, certificate revoked on Wed 03 Apr 2024 23:15:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1846 (0x736)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91CB7AB/serialNumber=3DE9D3DFF6E048FD908146502E4F08E456F3D9BC
        Validity
            Not Before: Mar 18 07:29:17 2024 GMT
            Not After : Mar 31 00:00:00 2025 GMT
        Subject: CN=65f7ed4c-741a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:d1:4b:82:8d:1e:5c:d2:de:74:9c:24:36:a3:
                    4e:f0:5d:28:6c:37:4e:d1:aa:e9:ee:37:1c:8a:c5:
                    19:04:ef:1d:7c:f7:8a:57:ca:59:e9:52:33:74:ba:
                    df:ff:9c:a1:78:a0:21:97:75:76:5f:38:9b:4f:1e:
                    4f:46:3c:4b:6f:af:06:76:52:71:53:85:08:29:76:
                    c1:d2:36:76:6f:4f:39:fb:ad:9d:de:03:4b:f8:a3:
                    ef:c4:ae:c7:4f:f2:0b:46:be:d7:87:ea:db:55:cd:
                    35:46:92:25:5a:72:be:8b:95:6e:b4:4f:95:0e:e9:
                    cb:0e:cd:54:d6:2d:96:44:f3:5d:0b:75:f9:11:40:
                    5a:a4:0d:da:2b:e5:a6:d0:89:c2:19:0e:e5:81:30:
                    78:71:a0:1e:98:cf:de:7d:3d:26:33:67:6b:77:f2:
                    53:83:68:4e:89:c8:c8:cc:9a:31:4c:94:61:c9:d0:
                    de:db:af:fb:35:dd:bc:9f:0a:1d:8c:d1:06:1b:f8:
                    f1:65:ee:50:ea:28:eb:b3:8d:7e:da:70:f9:72:ca:
                    f3:98:9c:4e:bc:d1:71:a6:c2:9a:7e:ef:02:2e:fa:
                    c1:d3:39:98:a5:0b:18:b3:ba:45:38:f4:ba:0f:79:
                    a9:ea:1c:2d:7f:01:ec:3a:4e:e1:cd:63:5a:83:8b:
                    3b:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:92:83:2C:1A:67:5F:B9:21:74:18:A3:05:21:B4:14:8A:6F:79:CF
            X509v3 Authority Key Identifier:
                keyid:3D:E9:D3:DF:F6:E0:48:FD:90:81:46:50:2E:4F:08:E4:56:F3:D9:BC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91CB7AB/56786568400911EBA374225BC4F9AE02/PenT3_bgSP2QgUZQLk8I5Fbz2bw.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/PenT3_bgSP2QgUZQLk8I5Fbz2bw.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91CB7AB/56786568400911EBA374225BC4F9AE02/39FC9C9AE4F911EEA9F9CA4BC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.139.244.0/22
                  203.147.224.0/23
                  203.147.232.0/22
                  203.147.238.0/23
                  210.247.128.0/21
                  210.247.160.0/21
                  210.247.208.0/22

    Signature Algorithm: sha256WithRSAEncryption
         d3:db:20:57:4b:c2:77:19:ba:15:1a:e4:e0:bd:fa:8f:cb:98:
         d1:ea:5a:98:3e:54:c2:aa:10:e5:9c:ee:a7:39:76:85:4a:02:
         af:8a:43:8f:22:dd:ee:dc:3a:a3:e3:88:cf:ee:3b:5e:ed:0f:
         17:6f:fe:10:04:bf:77:6b:8e:28:ed:65:fa:f5:c3:f7:f1:60:
         b6:b5:24:ef:bd:65:f1:9b:af:9b:45:7f:40:a7:1c:5a:fc:be:
         0b:26:a1:65:f6:c0:72:90:6f:66:99:3b:16:91:14:eb:6b:4d:
         f4:5b:91:bc:25:80:72:c0:08:1e:33:a1:72:11:f4:b9:7e:7c:
         f0:2e:49:cf:a4:b9:19:71:6c:85:d6:c8:32:25:e3:74:45:a1:
         c3:78:ba:f7:0e:60:e7:0a:10:02:b8:ba:5e:7b:5d:86:59:ce:
         24:00:aa:cd:f7:1e:2d:fc:80:1f:94:45:3a:bd:bb:cf:00:52:
         3d:1d:f7:a7:0f:37:88:8c:3a:9b:c1:f3:a7:70:4e:9b:5e:5e:
         0e:f0:5d:69:de:e5:17:3c:41:25:d5:af:78:a4:69:ca:83:31:
         45:3c:64:80:bb:6c:39:63:d4:d6:a9:e2:65:92:d0:da:3b:a7:
         d5:52:27:7d:1b:83:4c:1c:c0:e9:a0:4a:5c:a7:c4:fa:ca:39:
         6a:60:87:75
-----BEGIN CERTIFICATE-----
MIIFlTCCBH2gAwIBAgICBzYwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Q0I3QUIxMTAvBgNVBAUTKDNERTlEM0RGRjZFMDQ4RkQ5MDgxNDY1MDJFNEYwOEU0
NTZGM0Q5QkMwHhcNMjQwMzE4MDcyOTE3WhcNMjUwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWY3ZWQ0Yy03NDFhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA49FLgo0eXNLedJwkNqNO8F0obDdO0arp7jccisUZBO8dfPeKV8pZ6VIzdLrf
/5yheKAhl3V2XzibTx5PRjxLb68GdlJxU4UIKXbB0jZ2b085+62d3gNL+KPvxK7H
T/ILRr7Xh+rbVc01RpIlWnK+i5VutE+VDunLDs1U1i2WRPNdC3X5EUBapA3aK+Wm
0InCGQ7lgTB4caAemM/efT0mM2drd/JTg2hOicjIzJoxTJRhydDe26/7Nd28nwod
jNEGG/jxZe5Q6ijrs41+2nD5csrzmJxOvNFxpsKafu8CLvrB0zmYpQsYs7pFOPS6
D3mp6hwtfwHsOk7hzWNag4s7zQIDAQABo4ICuTCCArUwHQYDVR0OBBYEFBaSgywa
Z1+5IXQYowUhtBSKb3nPMB8GA1UdIwQYMBaAFD3p09/24Ej9kIFGUC5PCORW89m8
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDQjdBQi81Njc4NjU2ODQw
MDkxMUVCQTM3NDIyNUJDNEY5QUUwMi9QZW5UM19iZ1NQMlFnVVpRTGs4STVGYnoy
YncuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1BlblQzX2JnU1AyUWdVWlFMazhJNUZiejJidy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Q0I3QUIvNTY3ODY1Njg0MDA5MTFFQkEzNzQyMjVCQzRGOUFFMDIvMzlGQzlDOUFF
NEY5MTFFRUE5RjlDQTRCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwQwYIKwYBBQUHAQcBAf8E
NDAyMDAEAgABMCoDBALKi/QDBAHLk+ADBALLk+gDBAHLk+4DBAPS94ADBAPS96AD
BALS99AwDQYJKoZIhvcNAQELBQADggEBANPbIFdLwncZuhUa5OC9+o/LmNHqWpg+
VMKqEOWc7qc5doVKAq+KQ48i3e7cOqPjiM/uO17tDxdv/hAEv3drjijtZfr1w/fx
YLa1JO+9ZfGbr5tFf0CnHFr8vgsmoWX2wHKQb2aZOxaRFOtrTfRbkbwlgHLACB4z
oXIR9Ll+fPAuSc+kuRlxbIXWyDIl43RFocN4uvcOYOcKEAK4ul57XYZZziQAqs33
Hi38gB+URTq9u88AUj0d96cPN4iMOpvB86dwTpteXg7wXWne5Rc8QSXVr3ikacqD
MUU8ZIC7bDlj1Nap4mWS0No7p9VSJ30bg0wcwOmgSlynxPrKOWpgh3U=
-----END CERTIFICATE-----