Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/96A61C18989B11EF8318373AC4F9AE02.roa
File:                     96A61C18989B11EF8318373AC4F9AE02.roa (raw, json)
Hash identifier:          dRm6mLGxalQLNxYjjmUFwTxA8SVUGwUmbavPOhdRCj8=
Subject key identifier:   1E:28:4C:AD:90:50:EE:29:88:39:D2:97:5D:45:C0:7D:3C:E4:A4:77
Certificate issuer:       /CN=A915A0CD/serialNumber=38193720821E07D6918E3A79FBE0823C6732E264
Certificate serial:       0B6A
Authority key identifier: 38:19:37:20:82:1E:07:D6:91:8E:3A:79:FB:E0:82:3C:67:32:E2:64
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/OBk3IIIeB9aRjjp5--CCPGcy4mQ.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/96A61C18989B11EF8318373AC4F9AE02.roa
Signing time:             Fri 08 Nov 2024 13:22:11 +0000
ROA not before:           Fri 08 Nov 2024 13:22:11 +0000
ROA not after:            Tue 30 Sep 2025 00:00:00 +0000
asID:                     43260
IP address blocks:        14.192.130.0/24 maxlen: 24
                          14.192.132.0/24 maxlen: 24
                          14.192.151.0/24 maxlen: 24
                          14.192.152.0/24 maxlen: 24
                          103.20.134.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Thu 14 Nov 2024 09:24:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2922 (0xb6a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A915A0CD
        Validity
            Not Before: Nov  8 13:22:11 2024 GMT
            Not After : Sep 30 00:00:00 2025 GMT
        Subject: CN=672e1083-9a18
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:43:e3:de:2b:ab:42:97:98:c5:56:43:c5:9e:
                    a1:2f:f2:15:02:e3:34:84:54:11:42:5f:4b:7a:e5:
                    67:26:f0:fd:3d:08:d5:02:e2:a1:e4:ce:e3:29:72:
                    a6:a6:fb:da:b1:37:ec:72:52:c6:d4:a6:80:3e:08:
                    22:c8:1e:24:b9:f9:2b:3a:f3:ef:07:23:20:42:e3:
                    81:8a:b6:81:f1:37:00:00:07:03:93:91:02:de:9f:
                    68:7c:73:a0:7d:1d:db:b5:f4:e0:73:8a:8c:08:70:
                    c2:a3:e7:f6:8f:9c:c4:78:88:4e:3f:a1:e5:bf:19:
                    b0:bf:b8:b8:55:b2:32:78:f0:aa:b9:a7:c5:29:9d:
                    c4:75:51:47:6a:c9:63:47:e7:3f:89:2f:22:ae:0f:
                    26:29:2b:34:e9:4c:fc:1b:d2:b9:0d:79:66:ee:d4:
                    a9:c9:07:af:79:91:a7:8e:4d:90:38:0c:5d:e2:17:
                    8b:bd:58:55:bc:25:86:f7:9f:b1:3b:f5:90:ac:8b:
                    4f:17:9b:a2:74:46:3c:55:f5:95:b7:ae:66:97:f1:
                    78:76:76:77:5b:3e:22:9f:a1:f4:8f:5a:36:5e:a9:
                    8f:29:e2:1e:6d:5d:9f:00:bb:67:51:4a:00:51:3a:
                    41:38:44:b3:b4:4a:19:7b:18:16:a7:4d:f7:d5:4f:
                    1b:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:28:4C:AD:90:50:EE:29:88:39:D2:97:5D:45:C0:7D:3C:E4:A4:77
            X509v3 Authority Key Identifier:
                keyid:38:19:37:20:82:1E:07:D6:91:8E:3A:79:FB:E0:82:3C:67:32:E2:64

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/OBk3IIIeB9aRjjp5--CCPGcy4mQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/OBk3IIIeB9aRjjp5--CCPGcy4mQ.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/96A61C18989B11EF8318373AC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  14.192.130.0/24
                  14.192.132.0/24
                  14.192.151.0-14.192.152.255
                  103.20.134.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6d:c4:83:48:45:40:44:db:4f:6f:62:e8:39:a0:fd:a6:a4:8a:
         06:6b:dd:8e:1d:16:0b:cd:db:34:a0:45:1d:57:4a:c7:72:38:
         a0:ee:c8:ec:fc:10:75:ec:4a:38:54:d6:be:3b:03:49:2d:3d:
         a2:65:ec:e4:64:a9:20:84:95:f4:6b:c0:93:b5:4f:c3:b1:55:
         68:af:31:12:61:d7:07:4a:69:5b:04:a0:88:49:2f:52:4a:58:
         43:8e:ed:13:88:bc:0b:e0:99:3c:97:92:9b:64:0d:d0:97:94:
         ff:cb:0d:6b:d9:b9:f6:fc:50:93:90:21:e1:7a:1b:a0:ff:82:
         d6:cf:c2:6d:6b:a7:d0:ca:81:bd:09:5d:2e:4d:b3:db:40:05:
         22:a3:1f:02:f9:6a:3f:cb:f7:c3:6d:47:aa:fe:b9:05:3d:56:
         04:59:a4:50:30:c7:93:65:d3:cf:e9:7f:99:fb:11:6f:8a:d5:
         fc:ac:26:c6:2f:63:42:5b:11:f6:95:44:d3:0f:24:7e:c9:f1:
         3c:df:04:af:e0:e7:20:55:f9:3d:cb:96:a9:1c:be:5f:4c:0a:
         77:1c:5f:b6:ff:86:31:87:28:40:90:e1:40:2d:1a:c4:6d:84:
         e9:07:5b:93:b5:02:bf:bf:80:31:08:73:de:77:19:8f:22:ab:
         22:3b:94:b2
-----BEGIN CERTIFICATE-----
MIIFizCCBHOgAwIBAgICC2owDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NUEwQ0QxMTAvBgNVBAUTKDM4MTkzNzIwODIxRTA3RDY5MThFM0E3OUZCRTA4MjND
NjczMkUyNjQwHhcNMjQxMTA4MTMyMjExWhcNMjUwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzJlMTA4My05YTE4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAwUPj3iurQpeYxVZDxZ6hL/IVAuM0hFQRQl9LeuVnJvD9PQjVAuKh5M7jKXKm
pvvasTfsclLG1KaAPggiyB4kufkrOvPvByMgQuOBiraB8TcAAAcDk5EC3p9ofHOg
fR3btfTgc4qMCHDCo+f2j5zEeIhOP6Hlvxmwv7i4VbIyePCquafFKZ3EdVFHaslj
R+c/iS8irg8mKSs06Uz8G9K5DXlm7tSpyQeveZGnjk2QOAxd4heLvVhVvCWG95+x
O/WQrItPF5uidEY8VfWVt65ml/F4dnZ3Wz4in6H0j1o2XqmPKeIebV2fALtnUUoA
UTpBOESztEoZexgWp0331U8bewIDAQABo4ICrzCCAqswHQYDVR0OBBYEFB4oTK2Q
UO4piDnSl11FwH085KR3MB8GA1UdIwQYMBaAFDgZNyCCHgfWkY46efvggjxnMuJk
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1QTBDRC80NjcyM0YxRTg5
RUMxMUVBODFDMDRGMUVDNEY5QUUwMi9PQmszSUlJZUI5YVJqanA1LS1DQ1BHY3k0
bVEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL09CazNJSUllQjlhUmpqcDUtLUNDUEdjeTRtUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NUEwQ0QvNDY3MjNGMUU4OUVDMTFFQTgxQzA0RjFFQzRGOUFFMDIvOTZBNjFDMTg5
ODlCMTFFRjgzMTgzNzNBQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwOQYIKwYBBQUHAQcBAf8E
KjAoMCYEAgABMCADBAAOwIIDBAAOwIQwDAMEAA7AlwMEAA7AmAMEAGcUhjANBgkq
hkiG9w0BAQsFAAOCAQEAbcSDSEVARNtPb2LoOaD9pqSKBmvdjh0WC83bNKBFHVdK
x3I4oO7I7PwQdexKOFTWvjsDSS09omXs5GSpIISV9GvAk7VPw7FVaK8xEmHXB0pp
WwSgiEkvUkpYQ47tE4i8C+CZPJeSm2QN0JeU/8sNa9m59vxQk5Ah4XoboP+C1s/C
bWun0MqBvQldLk2z20AFIqMfAvlqP8v3w21Hqv65BT1WBFmkUDDHk2XTz+l/mfsR
b4rV/Kwmxi9jQlsR9pVE0w8kfsnxPN8Er+DnIFX5PcuWqRy+X0wKdxxftv+GMYco
QJDhQC0axG2E6Qdbk7UCv7+AMQhz3ncZjyKrIjuUsg==
-----END CERTIFICATE-----