Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A912FC73/0144CDF89F3411EC9CEBC670C4F9AE02/3E5F92FE9B9511EE85B0594FC4F9AE02.roa
File:                     3E5F92FE9B9511EE85B0594FC4F9AE02.roa (raw, json)
Hash identifier:          JgNVeLMwWNMEAUGVStdhbMRgpCSTBhvWxneciqw1MXU=
Subject key identifier:   B3:5F:AE:07:26:B0:25:32:D7:B0:92:38:36:6C:31:D2:15:3E:68:DF
Certificate issuer:       /CN=A912FC73/serialNumber=CEE41601EEA9F51B3525DA55DD4AC95CEFAF5ABC
Certificate serial:       02E2
Authority key identifier: CE:E4:16:01:EE:A9:F5:1B:35:25:DA:55:DD:4A:C9:5C:EF:AF:5A:BC
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/zuQWAe6p9Rs1JdpV3UrJXO-vWrw.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A912FC73/0144CDF89F3411EC9CEBC670C4F9AE02/3E5F92FE9B9511EE85B0594FC4F9AE02.roa
Signing time:             Fri 15 Dec 2023 22:25:51 +0000
ROA not before:           Fri 15 Dec 2023 22:25:51 +0000
ROA not after:            Mon 30 Dec 2024 00:00:00 +0000
asID:                     5650
IP address blocks:        113.20.40.0/22 maxlen: 22
                          113.20.48.0/22 maxlen: 22
                          113.20.52.0/22 maxlen: 22
                          113.20.56.0/22 maxlen: 22
                          113.20.60.0/22 maxlen: 22
                          223.29.128.0/22 maxlen: 22
                          223.29.132.0/22 maxlen: 22
                          223.29.136.0/22 maxlen: 22
                          223.29.140.0/22 maxlen: 22
                          223.29.144.0/22 maxlen: 22
                          223.29.148.0/22 maxlen: 22
                          223.29.152.0/22 maxlen: 22
                          223.29.156.0/22 maxlen: 22

Validation:               Failed, certificate revoked

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 738 (0x2e2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A912FC73/serialNumber=CEE41601EEA9F51B3525DA55DD4AC95CEFAF5ABC
        Validity
            Not Before: Dec 15 22:25:51 2023 GMT
            Not After : Dec 30 00:00:00 2024 GMT
        Subject: CN=657cd26e-7285
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:f5:e7:4e:d5:af:0e:9f:01:a1:38:0c:0f:11:
                    1a:cb:71:d8:a9:f2:6c:c6:83:ec:16:59:10:3a:c0:
                    f4:e7:8f:1d:af:75:4a:2a:2a:12:d4:ea:b4:54:d8:
                    5b:8b:a3:a5:60:36:56:53:83:b5:61:70:7a:76:85:
                    a3:d8:9f:6a:22:19:78:4d:8f:20:ed:3e:d0:ae:6a:
                    c1:59:41:d6:d0:f7:5f:82:c8:a8:be:fd:aa:8f:f9:
                    67:fe:2d:4b:1d:e0:d0:79:99:be:8f:44:c4:b1:f9:
                    b7:19:c6:e0:e1:f6:8c:51:5e:3a:be:32:c3:b5:d8:
                    9b:f6:1b:68:d3:06:a1:95:53:d3:cd:75:0b:c2:33:
                    0f:cd:ed:42:2c:fc:58:b4:ae:fe:e5:26:b2:79:fe:
                    45:a5:3c:1e:5d:4d:8d:5c:b7:5e:2a:ef:87:7b:37:
                    9a:47:64:68:2c:db:3e:5e:27:cd:11:c8:53:2c:bf:
                    af:1a:01:45:a3:46:ff:38:fd:d2:1c:d5:a9:86:bb:
                    b0:97:e9:ea:d8:4c:b9:03:5f:c9:9b:91:e0:13:9a:
                    36:7f:98:87:5e:6c:31:ac:6f:bb:38:9d:db:37:41:
                    2c:00:c6:27:f2:aa:f1:dc:f1:2b:66:c0:b0:99:34:
                    69:7b:06:97:7d:36:20:db:29:9e:36:09:5a:09:c7:
                    34:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:5F:AE:07:26:B0:25:32:D7:B0:92:38:36:6C:31:D2:15:3E:68:DF
            X509v3 Authority Key Identifier:
                keyid:CE:E4:16:01:EE:A9:F5:1B:35:25:DA:55:DD:4A:C9:5C:EF:AF:5A:BC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A912FC73/0144CDF89F3411EC9CEBC670C4F9AE02/zuQWAe6p9Rs1JdpV3UrJXO-vWrw.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/zuQWAe6p9Rs1JdpV3UrJXO-vWrw.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A912FC73/0144CDF89F3411EC9CEBC670C4F9AE02/3E5F92FE9B9511EE85B0594FC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  113.20.40.0/22
                  113.20.48.0/20
                  223.29.128.0/19

    Signature Algorithm: sha256WithRSAEncryption
         1b:8d:95:ea:bb:8f:0f:a3:a0:c8:13:a3:06:9f:46:f2:45:86:
         e3:86:d1:21:df:7b:05:b6:3d:29:49:26:c6:21:0a:80:03:d7:
         03:a5:2d:55:0c:e4:35:61:1d:c1:09:1f:4c:2f:12:77:eb:e9:
         2e:fa:a8:39:da:c8:56:f4:bd:05:ac:47:e8:f4:87:0d:60:9c:
         16:92:3e:63:11:67:86:8b:bc:b7:fb:2e:ec:99:e1:ca:e0:d9:
         70:c7:4b:f7:7d:3a:99:18:e6:ba:75:a8:ee:f0:59:fd:9b:ce:
         5d:74:78:8a:f1:dd:bf:69:25:f1:a8:75:54:e1:2f:80:77:81:
         02:a7:8f:ac:8f:74:98:38:d8:86:eb:a7:c2:bb:1d:7c:19:41:
         05:d9:c0:5e:8b:8c:39:03:ca:55:65:d5:f7:3b:92:a2:a7:4f:
         54:94:0a:5d:de:c0:04:3c:4f:17:8a:4e:89:a7:4e:4d:1e:81:
         9c:52:2e:6f:84:54:7b:b4:cb:24:9f:3d:b4:5e:68:32:6b:93:
         9f:ce:77:f3:a8:c1:ad:2e:28:a1:96:4a:8f:64:89:5f:9e:dc:
         c3:8d:72:f5:e9:16:a1:87:90:3d:a4:42:99:b1:a3:55:c3:24:
         3e:c8:51:72:6f:1e:08:74:cb:58:50:eb:86:38:59:34:27:0e:
         a5:98:aa:7f
-----BEGIN CERTIFICATE-----
MIIFfTCCBGWgAwIBAgICAuIwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MkZDNzMxMTAvBgNVBAUTKENFRTQxNjAxRUVBOUY1MUIzNTI1REE1NURENEFDOTVD
RUZBRjVBQkMwHhcNMjMxMjE1MjIyNTUxWhcNMjQxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTdjZDI2ZS03Mjg1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAt/XnTtWvDp8BoTgMDxEay3HYqfJsxoPsFlkQOsD0548dr3VKKioS1Oq0VNhb
i6OlYDZWU4O1YXB6doWj2J9qIhl4TY8g7T7QrmrBWUHW0Pdfgsiovv2qj/ln/i1L
HeDQeZm+j0TEsfm3Gcbg4faMUV46vjLDtdib9hto0wahlVPTzXULwjMPze1CLPxY
tK7+5Sayef5FpTweXU2NXLdeKu+HezeaR2RoLNs+XifNEchTLL+vGgFFo0b/OP3S
HNWphruwl+nq2Ey5A1/Jm5HgE5o2f5iHXmwxrG+7OJ3bN0EsAMYn8qrx3PErZsCw
mTRpewaXfTYg2ymeNglaCcc06wIDAQABo4ICoTCCAp0wHQYDVR0OBBYEFLNfrgcm
sCUy17CSODZsMdIVPmjfMB8GA1UdIwQYMBaAFM7kFgHuqfUbNSXaVd1KyVzvr1q8
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEyRkM3My8wMTQ0Q0RGODlG
MzQxMUVDOUNFQkM2NzBDNEY5QUUwMi96dVFXQWU2cDlSczFKZHBWM1VySlhPLXZX
cncuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3p1UVdBZTZwOVJzMUpkcFYzVXJKWE8tdldydy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MkZDNzMvMDE0NENERjg5RjM0MTFFQzlDRUJDNjcwQzRGOUFFMDIvM0U1RjkyRkU5
Qjk1MTFFRTg1QjA1OTRGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwKwYIKwYBBQUHAQcBAf8E
HDAaMBgEAgABMBIDBAJxFCgDBARxFDADBAXfHYAwDQYJKoZIhvcNAQELBQADggEB
ABuNleq7jw+joMgTowafRvJFhuOG0SHfewW2PSlJJsYhCoAD1wOlLVUM5DVhHcEJ
H0wvEnfr6S76qDnayFb0vQWsR+j0hw1gnBaSPmMRZ4aLvLf7LuyZ4crg2XDHS/d9
OpkY5rp1qO7wWf2bzl10eIrx3b9pJfGodVThL4B3gQKnj6yPdJg42Ibrp8K7HXwZ
QQXZwF6LjDkDylVl1fc7kqKnT1SUCl3ewAQ8TxeKTomnTk0egZxSLm+EVHu0yySf
PbReaDJrk5/Od/Oowa0uKKGWSo9kiV+e3MONcvXpFqGHkD2kQpmxo1XDJD7IUXJv
Hgh0y1hQ64Y4WTQnDqWYqn8=
-----END CERTIFICATE-----