Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/0F128D3A7E3911EF90F1AB18C4F9AE02.roa
File:                     0F128D3A7E3911EF90F1AB18C4F9AE02.roa (raw, json)
Hash identifier:          7lb1BlraPJVfOqsRQltzAyfOzFrOWnQfFqT0pZ3VFn4=
Subject key identifier:   5D:EB:36:2A:B4:2C:04:EC:D8:1F:0D:F0:B9:1E:43:75:B0:37:94:C1
Certificate issuer:       /CN=A915A0CD/serialNumber=38193720821E07D6918E3A79FBE0823C6732E264
Certificate serial:       0B00
Authority key identifier: 38:19:37:20:82:1E:07:D6:91:8E:3A:79:FB:E0:82:3C:67:32:E2:64
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/OBk3IIIeB9aRjjp5--CCPGcy4mQ.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/0F128D3A7E3911EF90F1AB18C4F9AE02.roa
Signing time:             Wed 02 Oct 2024 18:00:08 +0000
ROA not before:           Wed 02 Oct 2024 18:00:08 +0000
ROA not after:            Tue 30 Sep 2025 00:00:00 +0000
asID:                     43260
IP address blocks:        14.192.130.0/24 maxlen: 24
                          14.192.132.0/24 maxlen: 24
                          14.192.151.0/24 maxlen: 24
                          14.192.152.0/24 maxlen: 24
                          14.192.153.0/24 maxlen: 24
                          14.192.156.0/24 maxlen: 24
                          14.192.157.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Fri 01 Nov 2024 21:52:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2816 (0xb00)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A915A0CD
        Validity
            Not Before: Oct  2 18:00:08 2024 GMT
            Not After : Sep 30 00:00:00 2025 GMT
        Subject: CN=66fd8a27-298a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:08:e7:28:2d:6f:ca:16:25:96:6a:e6:22:4c:
                    03:84:d4:5e:3f:47:10:ab:06:e4:88:36:63:55:16:
                    24:70:ea:cf:80:cb:20:38:2e:b1:8a:a4:01:1b:80:
                    57:97:1e:04:6d:22:fa:20:42:da:82:92:52:94:98:
                    20:a9:7b:34:64:0c:17:7f:eb:ed:17:59:45:66:af:
                    89:6b:e0:4b:2d:38:42:8f:20:1c:8a:f8:05:cb:0e:
                    a8:83:95:85:1d:91:d0:1b:61:67:6d:7e:09:c3:60:
                    99:f8:0d:cb:4e:1b:ef:02:fe:c2:80:55:72:fd:e5:
                    da:f4:01:28:0f:34:50:2b:fd:78:f2:66:5b:4e:06:
                    62:a8:73:23:73:33:6e:67:93:e8:c3:9e:72:96:db:
                    88:51:e3:0e:87:29:84:d8:63:9c:6b:c4:b2:e7:15:
                    5c:bf:ff:e3:0d:92:c9:62:e1:40:a9:47:9d:70:d6:
                    b1:ce:dc:af:f9:01:d4:9d:01:17:e1:a3:9d:43:f4:
                    45:bd:39:5b:6b:cb:4b:5b:43:f4:15:ae:25:a7:c1:
                    6b:94:86:70:a4:84:47:07:24:9b:58:9f:8d:08:93:
                    40:78:fc:04:a9:88:43:1d:9b:e6:1e:38:15:e9:c5:
                    4b:32:18:e9:f6:13:de:48:1a:88:e8:1b:c7:7a:72:
                    97:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:EB:36:2A:B4:2C:04:EC:D8:1F:0D:F0:B9:1E:43:75:B0:37:94:C1
            X509v3 Authority Key Identifier:
                keyid:38:19:37:20:82:1E:07:D6:91:8E:3A:79:FB:E0:82:3C:67:32:E2:64

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/OBk3IIIeB9aRjjp5--CCPGcy4mQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/OBk3IIIeB9aRjjp5--CCPGcy4mQ.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/0F128D3A7E3911EF90F1AB18C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  14.192.130.0/24
                  14.192.132.0/24
                  14.192.151.0-14.192.153.255
                  14.192.156.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1d:d3:77:c4:6d:ae:84:9a:8f:ea:71:3d:1a:80:c1:f1:0e:9b:
         22:8d:bb:b6:b0:04:16:8c:d3:9f:d0:ef:f0:57:25:bb:5e:4b:
         54:14:94:7e:4b:9b:b7:d5:3f:4b:0c:2f:9d:66:ae:6b:e6:91:
         0f:0b:58:8a:65:06:ca:4e:23:aa:d6:84:0a:20:1e:a2:75:70:
         5b:c7:93:71:e2:8c:ef:49:b1:57:86:32:36:25:e5:dd:57:d4:
         c5:e5:91:cb:41:91:5e:cd:af:af:cf:77:cb:a3:72:97:df:c5:
         d9:84:0f:25:d1:14:8b:10:43:61:05:b4:99:61:e5:0c:16:aa:
         90:64:e8:92:3d:00:80:0c:f7:6d:9b:d0:82:ef:81:9c:ed:2b:
         2a:96:7c:2d:8b:9b:24:ec:7b:28:f8:d2:16:fd:50:30:61:15:
         32:42:12:d1:e4:05:71:a4:dc:43:24:ec:a4:e4:b5:8f:83:74:
         1e:74:dc:e8:e7:1a:b2:4a:4e:79:9d:2c:78:fc:70:f7:c5:e4:
         2d:6d:5d:3b:37:53:b5:8d:bd:99:7c:3d:92:98:d8:4a:a2:be:
         e0:5a:5e:b4:b9:71:15:97:10:a4:65:61:ed:fa:39:c0:6a:15:
         cb:be:50:cd:a9:5c:fa:65:f1:67:ce:76:be:24:46:ac:20:e3:
         de:aa:69:ba
-----BEGIN CERTIFICATE-----
MIIFizCCBHOgAwIBAgICCwAwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NUEwQ0QxMTAvBgNVBAUTKDM4MTkzNzIwODIxRTA3RDY5MThFM0E3OUZCRTA4MjND
NjczMkUyNjQwHhcNMjQxMDAyMTgwMDA4WhcNMjUwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NmZkOGEyNy0yOThhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAtQjnKC1vyhYllmrmIkwDhNReP0cQqwbkiDZjVRYkcOrPgMsgOC6xiqQBG4BX
lx4EbSL6IELagpJSlJggqXs0ZAwXf+vtF1lFZq+Ja+BLLThCjyAcivgFyw6og5WF
HZHQG2FnbX4Jw2CZ+A3LThvvAv7CgFVy/eXa9AEoDzRQK/148mZbTgZiqHMjczNu
Z5Pow55yltuIUeMOhymE2GOca8Sy5xVcv//jDZLJYuFAqUedcNaxztyv+QHUnQEX
4aOdQ/RFvTlba8tLW0P0Fa4lp8FrlIZwpIRHBySbWJ+NCJNAePwEqYhDHZvmHjgV
6cVLMhjp9hPeSBqI6BvHenKXCQIDAQABo4ICrzCCAqswHQYDVR0OBBYEFF3rNiq0
LATs2B8N8LkeQ3WwN5TBMB8GA1UdIwQYMBaAFDgZNyCCHgfWkY46efvggjxnMuJk
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1QTBDRC80NjcyM0YxRTg5
RUMxMUVBODFDMDRGMUVDNEY5QUUwMi9PQmszSUlJZUI5YVJqanA1LS1DQ1BHY3k0
bVEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL09CazNJSUllQjlhUmpqcDUtLUNDUEdjeTRtUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NUEwQ0QvNDY3MjNGMUU4OUVDMTFFQTgxQzA0RjFFQzRGOUFFMDIvMEYxMjhEM0E3
RTM5MTFFRjkwRjFBQjE4QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwOQYIKwYBBQUHAQcBAf8E
KjAoMCYEAgABMCADBAAOwIIDBAAOwIQwDAMEAA7AlwMEAQ7AmAMEAQ7AnDANBgkq
hkiG9w0BAQsFAAOCAQEAHdN3xG2uhJqP6nE9GoDB8Q6bIo27trAEFozTn9Dv8Fcl
u15LVBSUfkubt9U/SwwvnWaua+aRDwtYimUGyk4jqtaECiAeonVwW8eTceKM70mx
V4YyNiXl3VfUxeWRy0GRXs2vr893y6Nyl9/F2YQPJdEUixBDYQW0mWHlDBaqkGTo
kj0AgAz3bZvQgu+BnO0rKpZ8LYubJOx7KPjSFv1QMGEVMkIS0eQFcaTcQyTspOS1
j4N0HnTc6OcaskpOeZ0sePxw98XkLW1dOzdTtY29mXw9kpjYSqK+4FpetLlxFZcQ
pGVh7fo5wGoVy75Qzalc+mXxZ852viRGrCDj3qppug==
-----END CERTIFICATE-----