Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91E6134/5F9AA4BEC2A811EAA7918A2EC4F9AE02/C34735DA799311EF82DE441BC4F9AE02.roa
File:                     C34735DA799311EF82DE441BC4F9AE02.roa (raw, json)
Hash identifier:          u+qxFFc5vJcSbVBC+9am7V0Gs36YcFVNyRRYsOPbeIU=
Subject key identifier:   BB:B1:AF:BB:AC:3E:13:9D:89:1C:0B:26:39:E8:8E:DE:49:25:35:A2
Certificate issuer:       /CN=A91E6134/serialNumber=8308087911EA49E215DC4926B0226A521E5B39C4
Certificate serial:       167B
Authority key identifier: 83:08:08:79:11:EA:49:E2:15:DC:49:26:B0:22:6A:52:1E:5B:39:C4
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gwgIeRHqSeIV3EkmsCJqUh5bOcQ.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91E6134/5F9AA4BEC2A811EAA7918A2EC4F9AE02/C34735DA799311EF82DE441BC4F9AE02.roa
Signing time:             Wed 25 Sep 2024 10:15:56 +0000
ROA not before:           Wed 25 Sep 2024 10:15:56 +0000
ROA not after:            Wed 30 Jul 2025 00:00:00 +0000
asID:                     205220
IP address blocks:        115.167.116.0/22 maxlen: 24
                          115.167.120.0/22 maxlen: 24
                          175.110.88.0/22 maxlen: 24
                          175.110.107.0/24 maxlen: 24
                          175.110.109.0/24 maxlen: 24
                          175.110.110.0/24 maxlen: 24
                          175.110.111.0/24 maxlen: 24
                          202.92.18.0/24 maxlen: 24
                          202.92.20.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Mon 30 Sep 2024 09:35:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 5755 (0x167b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E6134, serialNumber=8308087911EA49E215DC4926B0226A521E5B39C4
        Validity
            Not Before: Sep 25 10:15:56 2024 GMT
            Not After : Jul 30 00:00:00 2025 GMT
        Subject: CN=66f3e2dc-8a5c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:50:e3:e7:e5:2a:54:11:26:1c:54:f6:0f:cf:
                    f7:3f:25:df:bf:2b:f2:d0:0c:a3:0a:27:c8:22:ad:
                    26:4b:fb:b0:a4:f7:5d:84:85:9b:a2:76:ef:ef:29:
                    2d:dd:8e:c3:0e:39:b8:6a:b0:0b:01:c6:a4:92:03:
                    32:26:29:e8:50:7d:f6:9b:01:87:a8:62:78:d8:a8:
                    f2:b1:b2:82:0e:c2:f7:d7:97:13:6c:ad:59:73:88:
                    26:e5:58:52:ad:85:55:29:58:d1:c6:89:87:dd:f8:
                    06:04:4f:1e:a1:19:0b:b6:64:6b:6d:57:a9:4e:85:
                    8a:24:dd:a3:56:0e:37:9f:c4:1b:b7:d6:5f:6c:50:
                    64:b7:f5:9a:eb:b2:df:f6:6e:77:ec:5f:33:36:c3:
                    81:a0:3e:67:bb:1d:1a:fc:71:d7:01:a8:72:5a:49:
                    5d:f1:97:5a:fd:a6:a4:dd:00:8f:53:f5:c1:47:15:
                    a7:c3:93:81:bc:4c:14:40:b7:2d:b3:82:29:dc:78:
                    43:80:99:6e:14:74:e9:8d:8d:6e:c9:b3:70:9b:ef:
                    f9:a9:ae:44:23:28:90:8f:85:e7:eb:0e:fb:d6:a4:
                    5b:ac:cc:f5:8a:7f:4d:88:26:fa:ca:1b:bc:6a:aa:
                    7b:a5:cd:0e:d5:ba:6f:b8:4d:60:b4:70:b1:1c:b0:
                    b5:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:B1:AF:BB:AC:3E:13:9D:89:1C:0B:26:39:E8:8E:DE:49:25:35:A2
            X509v3 Authority Key Identifier:
                keyid:83:08:08:79:11:EA:49:E2:15:DC:49:26:B0:22:6A:52:1E:5B:39:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91E6134/5F9AA4BEC2A811EAA7918A2EC4F9AE02/gwgIeRHqSeIV3EkmsCJqUh5bOcQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gwgIeRHqSeIV3EkmsCJqUh5bOcQ.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91E6134/5F9AA4BEC2A811EAA7918A2EC4F9AE02/C34735DA799311EF82DE441BC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  115.167.116.0-115.167.123.255
                  175.110.88.0/22
                  175.110.107.0/24
                  175.110.109.0-175.110.111.255
                  202.92.18.0/24
                  202.92.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b0:9b:ad:09:e7:a5:e1:f1:0a:62:40:c8:23:6a:45:fb:b5:69:
         dc:3d:5f:03:37:9d:3c:89:ec:15:d9:40:32:da:0d:7a:b6:11:
         99:74:b8:6d:df:d3:bc:60:7e:ef:51:dc:01:3e:2f:5c:b7:55:
         ad:c7:58:af:86:41:46:35:15:c2:80:3e:7d:28:9f:26:30:0d:
         60:b4:cd:2d:f9:31:8b:68:7d:db:25:77:de:b6:8a:2b:22:25:
         57:e9:b2:9a:5d:8b:0c:cd:3f:5d:13:a9:13:bf:07:b1:99:b4:
         ba:17:e1:86:1d:1f:6c:3e:1a:c7:17:a9:93:89:5f:c7:95:d3:
         51:2d:7f:a2:c6:18:61:31:02:61:42:46:d9:66:57:f0:bb:60:
         47:f5:ba:5f:bf:00:3f:0a:67:e7:8c:da:29:ab:ab:0f:41:ab:
         bb:2c:dd:ab:c8:40:49:f7:66:4f:0e:dc:8f:c9:8e:5c:4e:8f:
         a0:b2:e6:9b:88:43:2a:db:d2:b9:f6:30:5c:16:67:04:cf:47:
         20:2e:d4:77:b4:2e:38:6a:99:38:50:6d:ea:08:3f:60:8f:4b:
         76:f6:35:8a:38:99:24:6b:ff:44:ae:64:6b:aa:43:f9:fd:61:
         dc:d5:ef:47:14:55:f9:c7:0c:f5:e9:df:2e:91:b4:1c:b4:7b:
         17:64:67:2c
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgICFnswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RTYxMzQxMTAvBgNVBAUTKDgzMDgwODc5MTFFQTQ5RTIxNURDNDkyNkIwMjI2QTUy
MUU1QjM5QzQwHhcNMjQwOTI1MTAxNTU2WhcNMjUwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NmYzZTJkYy04YTVjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAqVDj5+UqVBEmHFT2D8/3PyXfvyvy0AyjCifIIq0mS/uwpPddhIWbonbv7ykt
3Y7DDjm4arALAcakkgMyJinoUH32mwGHqGJ42KjysbKCDsL315cTbK1Zc4gm5VhS
rYVVKVjRxomH3fgGBE8eoRkLtmRrbVepToWKJN2jVg43n8Qbt9ZfbFBkt/Wa67Lf
9m537F8zNsOBoD5nux0a/HHXAahyWkld8Zda/aak3QCPU/XBRxWnw5OBvEwUQLct
s4Ip3HhDgJluFHTpjY1uybNwm+/5qa5EIyiQj4Xn6w771qRbrMz1in9NiCb6yhu8
aqp7pc0O1bpvuE1gtHCxHLC1oQIDAQABo4ICwzCCAr8wHQYDVR0OBBYEFLuxr7us
PhOdiRwLJjnojt5JJTWiMB8GA1UdIwQYMBaAFIMICHkR6kniFdxJJrAialIeWznE
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFNjEzNC81RjlBQTRCRUMy
QTgxMUVBQTc5MThBMkVDNEY5QUUwMi9nd2dJZVJIcVNlSVYzRWttc0NKcVVoNWJP
Y1EuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2d3Z0llUkhxU2VJVjNFa21zQ0pxVWg1Yk9jUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RTYxMzQvNUY5QUE0QkVDMkE4MTFFQUE3OTE4QTJFQzRGOUFFMDIvQzM0NzM1REE3
OTkzMTFFRjgyREU0NDFCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwTQYIKwYBBQUHAQcBAf8E
PjA8MDoEAgABMDQwDAMEAnOndAMEAnOneAMEAq9uWAMEAK9uazAMAwQAr25tAwQE
r25gAwQAylwSAwQAylwUMA0GCSqGSIb3DQEBCwUAA4IBAQCwm60J56Xh8QpiQMgj
akX7tWncPV8DN508iewV2UAy2g16thGZdLht39O8YH7vUdwBPi9ct1Wtx1ivhkFG
NRXCgD59KJ8mMA1gtM0t+TGLaH3bJXfetoorIiVX6bKaXYsMzT9dE6kTvwexmbS6
F+GGHR9sPhrHF6mTiV/HldNRLX+ixhhhMQJhQkbZZlfwu2BH9bpfvwA/CmfnjNop
q6sPQau7LN2ryEBJ92ZPDtyPyY5cTo+gsuabiEMq29K59jBcFmcEz0cgLtR3tC44
apk4UG3qCD9gj0t29jWKOJkka/9ErmRrqkP5/WHc1e9HFFX5xwz16d8ukbQctHsX
ZGcs
-----END CERTIFICATE-----