Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/6F00EB8E989B11EF9873063AC4F9AE02.roa
File:                     6F00EB8E989B11EF9873063AC4F9AE02.roa (raw, json)
Hash identifier:          Myu/AgALoB27VeE+Mq9cNt6wEWNVN/f0OE+pgdABZbk=
Subject key identifier:   D8:59:46:43:83:76:82:7B:B1:CE:A7:3F:CC:06:17:6F:F8:15:54:80
Certificate issuer:       /CN=A915A0CD/serialNumber=38193720821E07D6918E3A79FBE0823C6732E264
Certificate serial:       0B65
Authority key identifier: 38:19:37:20:82:1E:07:D6:91:8E:3A:79:FB:E0:82:3C:67:32:E2:64
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/OBk3IIIeB9aRjjp5--CCPGcy4mQ.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/6F00EB8E989B11EF9873063AC4F9AE02.roa
Signing time:             Wed 06 Nov 2024 21:05:54 +0000
ROA not before:           Wed 06 Nov 2024 21:05:54 +0000
ROA not after:            Tue 30 Sep 2025 00:00:00 +0000
asID:                     208485
IP address blocks:        14.192.136.0/24 maxlen: 24
                          14.192.137.0/24 maxlen: 24
                          14.192.138.0/24 maxlen: 24
                          14.192.139.0/24 maxlen: 24
                          14.192.143.0/24 maxlen: 24
                          14.192.145.0/24 maxlen: 24
                          14.192.146.0/24 maxlen: 24
                          14.192.158.0/24 maxlen: 24
                          14.192.159.0/24 maxlen: 24
                          43.247.120.0/24 maxlen: 24
                          43.247.123.0/24 maxlen: 24
                          103.20.132.0/24 maxlen: 24
                          103.20.133.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Thu 14 Nov 2024 09:28:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2917 (0xb65)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A915A0CD
        Validity
            Not Before: Nov  6 21:05:54 2024 GMT
            Not After : Sep 30 00:00:00 2025 GMT
        Subject: CN=672bda32-dc39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a6:4f:a7:72:7f:04:2f:da:13:a4:8c:58:7e:c5:
                    a4:d3:33:13:3e:41:c6:2e:70:1f:6c:62:fc:71:da:
                    d3:d1:67:41:44:3e:33:2d:87:62:a1:d6:9b:39:da:
                    2d:8d:20:d6:23:f9:dd:7e:a5:f5:0a:f0:b7:ed:c2:
                    96:fc:04:f3:86:fc:91:b2:b2:fb:bb:4a:4c:04:6d:
                    5f:f3:61:b6:70:48:57:27:17:8c:75:8a:89:5d:c1:
                    c2:5f:07:73:fb:33:47:e4:03:2d:4a:8a:6c:6c:d0:
                    04:5f:34:5b:48:ad:a3:dc:7d:2c:75:39:e9:f7:5c:
                    dc:32:c5:f0:a5:31:b5:23:1e:a0:07:5a:8d:30:0d:
                    f0:3f:89:67:b3:7d:7f:b8:56:49:a9:36:0f:20:44:
                    35:cb:36:db:bd:81:c5:af:60:10:97:a0:27:61:89:
                    24:35:dd:ef:05:18:cd:a4:ff:b3:f1:93:59:6b:ee:
                    1a:da:21:0b:15:cb:b5:a9:f1:b6:92:df:99:82:60:
                    6c:10:ab:75:84:25:02:ed:06:3b:aa:14:16:bc:93:
                    c6:61:49:9d:4a:d0:88:6a:b5:e6:6d:6e:42:07:40:
                    92:31:90:a8:e6:9a:4c:46:cf:3f:d9:21:16:68:3a:
                    bd:2c:1e:81:f4:ca:06:bf:4b:22:06:b1:00:58:2d:
                    57:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:59:46:43:83:76:82:7B:B1:CE:A7:3F:CC:06:17:6F:F8:15:54:80
            X509v3 Authority Key Identifier:
                keyid:38:19:37:20:82:1E:07:D6:91:8E:3A:79:FB:E0:82:3C:67:32:E2:64

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/OBk3IIIeB9aRjjp5--CCPGcy4mQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/OBk3IIIeB9aRjjp5--CCPGcy4mQ.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/6F00EB8E989B11EF9873063AC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  14.192.136.0/22
                  14.192.143.0/24
                  14.192.145.0-14.192.146.255
                  14.192.158.0/23
                  43.247.120.0/24
                  43.247.123.0/24
                  103.20.132.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4a:ad:7a:11:bc:8b:c8:3f:3b:f1:8d:7c:08:70:ec:5b:ca:03:
         da:ed:a0:c9:2c:e8:77:1c:00:9d:fb:ed:3e:2a:4c:ba:b9:12:
         e2:36:e1:f7:67:b9:ec:82:90:31:37:0b:ed:15:2b:15:f4:98:
         57:43:64:bc:88:68:13:28:74:7c:fb:ec:b4:a8:d9:90:43:fd:
         17:83:70:95:98:8b:34:11:58:12:6b:46:8e:c7:b1:3f:0f:73:
         ce:3a:52:e1:9d:c5:b5:98:5d:bd:d1:a6:c0:28:08:95:bc:74:
         a2:79:36:85:2b:05:ac:02:0a:c7:60:bc:e9:4a:2d:3a:f7:2a:
         64:67:97:45:d3:a9:06:ea:2f:9f:7d:17:b0:b9:bb:4d:17:47:
         80:7b:2e:88:25:46:54:f1:6a:c5:be:6b:e4:d0:e6:c8:f9:30:
         ef:b0:c6:8a:6d:82:ed:a7:ff:f4:ba:a7:66:aa:b4:df:eb:b0:
         0d:9b:a7:83:d7:de:03:db:c1:53:46:59:b7:3e:57:90:8d:40:
         9f:e9:88:a8:d3:9c:c6:0a:37:8d:da:6a:a9:5e:6f:fa:84:6b:
         2a:da:f5:dd:96:0a:56:ed:36:8f:5f:8a:60:70:e1:6e:c4:15:
         fe:8e:88:a1:2c:96:de:f1:3c:fe:c0:a6:82:8b:94:00:a9:99:
         dc:8c:79:7c
-----BEGIN CERTIFICATE-----
MIIFnTCCBIWgAwIBAgICC2UwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NUEwQ0QxMTAvBgNVBAUTKDM4MTkzNzIwODIxRTA3RDY5MThFM0E3OUZCRTA4MjND
NjczMkUyNjQwHhcNMjQxMTA2MjEwNTU0WhcNMjUwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzJiZGEzMi1kYzM5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEApk+ncn8EL9oTpIxYfsWk0zMTPkHGLnAfbGL8cdrT0WdBRD4zLYdiodabOdot
jSDWI/ndfqX1CvC37cKW/ATzhvyRsrL7u0pMBG1f82G2cEhXJxeMdYqJXcHCXwdz
+zNH5AMtSopsbNAEXzRbSK2j3H0sdTnp91zcMsXwpTG1Ix6gB1qNMA3wP4lns31/
uFZJqTYPIEQ1yzbbvYHFr2AQl6AnYYkkNd3vBRjNpP+z8ZNZa+4a2iELFcu1qfG2
kt+ZgmBsEKt1hCUC7QY7qhQWvJPGYUmdStCIarXmbW5CB0CSMZCo5ppMRs8/2SEW
aDq9LB6B9MoGv0siBrEAWC1XlwIDAQABo4ICwTCCAr0wHQYDVR0OBBYEFNhZRkOD
doJ7sc6nP8wGF2/4FVSAMB8GA1UdIwQYMBaAFDgZNyCCHgfWkY46efvggjxnMuJk
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1QTBDRC80NjcyM0YxRTg5
RUMxMUVBODFDMDRGMUVDNEY5QUUwMi9PQmszSUlJZUI5YVJqanA1LS1DQ1BHY3k0
bVEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL09CazNJSUllQjlhUmpqcDUtLUNDUEdjeTRtUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NUEwQ0QvNDY3MjNGMUU4OUVDMTFFQTgxQzA0RjFFQzRGOUFFMDIvNkYwMEVCOEU5
ODlCMTFFRjk4NzMwNjNBQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwSwYIKwYBBQUHAQcBAf8E
PDA6MDgEAgABMDIDBAIOwIgDBAAOwI8wDAMEAA7AkQMEAA7AkgMEAQ7AngMEACv3
eAMEACv3ewMEAWcUhDANBgkqhkiG9w0BAQsFAAOCAQEASq16EbyLyD878Y18CHDs
W8oD2u2gySzodxwAnfvtPipMurkS4jbh92e57IKQMTcL7RUrFfSYV0NkvIhoEyh0
fPvstKjZkEP9F4NwlZiLNBFYEmtGjsexPw9zzjpS4Z3FtZhdvdGmwCgIlbx0onk2
hSsFrAIKx2C86UotOvcqZGeXRdOpBuovn30XsLm7TRdHgHsuiCVGVPFqxb5r5NDm
yPkw77DGim2C7af/9LqnZqq03+uwDZung9feA9vBU0ZZtz5XkI1An+mIqNOcxgo3
jdpqqV5v+oRrKtr13ZYKVu02j1+KYHDhbsQV/o6IoSyW3vE8/sCmgouUAKmZ3Ix5
fA==
-----END CERTIFICATE-----