Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/B768BE3AE17911EE9C447824C4F9AE02.roa
File:                     B768BE3AE17911EE9C447824C4F9AE02.roa (raw, json)
Hash identifier:          LqLuVuMeocoOxCoyLjrjJ1PxyEJRHZeUYb8nhuXafm8=
Subject key identifier:   0B:A5:13:61:F7:E8:49:D2:A1:D5:5A:52:B4:35:EA:64:57:A9:2A:32
Certificate issuer:       /CN=A915A0CD/serialNumber=38193720821E07D6918E3A79FBE0823C6732E264
Certificate serial:       093C
Authority key identifier: 38:19:37:20:82:1E:07:D6:91:8E:3A:79:FB:E0:82:3C:67:32:E2:64
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/OBk3IIIeB9aRjjp5--CCPGcy4mQ.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/B768BE3AE17911EE9C447824C4F9AE02.roa
Signing time:             Thu 28 Mar 2024 09:25:09 +0000
ROA not before:           Thu 28 Mar 2024 09:25:09 +0000
ROA not after:            Mon 30 Sep 2024 00:00:00 +0000
asID:                     150750
IP address blocks:        14.192.130.0/23 maxlen: 23
                          14.192.130.0/24 maxlen: 24
                          14.192.131.0/24 maxlen: 24
                          14.192.132.0/22 maxlen: 22
                          14.192.132.0/24 maxlen: 24
                          14.192.133.0/24 maxlen: 24
                          14.192.134.0/24 maxlen: 24
                          14.192.135.0/24 maxlen: 24
                          14.192.136.0/22 maxlen: 22
                          14.192.136.0/24 maxlen: 24
                          14.192.137.0/24 maxlen: 24
                          14.192.138.0/24 maxlen: 24
                          14.192.139.0/24 maxlen: 24
                          43.247.120.0/24 maxlen: 24
                          43.247.121.0/24 maxlen: 24
                          43.247.122.0/24 maxlen: 24
                          43.247.123.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 28 Mar 2024 10:56:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2364 (0x93c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A915A0CD/serialNumber=38193720821E07D6918E3A79FBE0823C6732E264
        Validity
            Not Before: Mar 28 09:25:09 2024 GMT
            Not After : Sep 30 00:00:00 2024 GMT
        Subject: CN=66053775-2613
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:61:d7:36:dd:39:a5:29:7e:f2:da:b1:d5:32:
                    7e:08:d5:c1:7f:6f:c9:d9:71:c1:b0:a1:7e:1e:08:
                    28:30:94:63:6d:9c:59:eb:ec:e7:07:2f:5a:d7:9a:
                    24:13:5f:7a:84:eb:aa:ff:5a:fa:51:86:7d:53:f1:
                    62:d7:2b:ea:76:31:09:89:51:07:7d:7a:90:fe:de:
                    ec:d9:48:08:a4:41:4e:6a:d1:07:af:26:56:e3:a5:
                    8e:d2:62:14:7d:8b:59:ff:da:02:85:00:7d:db:6d:
                    ad:4d:2c:c6:7c:6d:28:7d:85:eb:e0:40:36:e4:90:
                    ee:e6:3a:c4:57:df:3d:2c:f1:db:96:d7:87:18:7d:
                    47:95:7d:36:05:4c:6c:85:50:5f:e1:0b:01:e7:2f:
                    af:f2:cf:1f:ec:8a:94:8d:85:d9:97:5d:f8:b5:b3:
                    3e:4e:2b:95:06:c4:7a:de:85:e1:6c:0e:54:62:84:
                    fc:15:53:75:e6:56:1d:38:d6:8f:b6:7b:e2:53:af:
                    e5:e5:e4:82:45:57:7a:6e:26:80:2d:14:b9:ea:1f:
                    04:ac:51:04:ca:bc:c9:f0:cd:df:73:31:6a:7d:16:
                    b9:73:0d:df:c3:55:5b:18:0d:54:e0:00:b1:88:62:
                    6e:bb:9c:6c:ee:23:42:c3:13:e1:88:57:c2:ec:80:
                    33:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:A5:13:61:F7:E8:49:D2:A1:D5:5A:52:B4:35:EA:64:57:A9:2A:32
            X509v3 Authority Key Identifier:
                keyid:38:19:37:20:82:1E:07:D6:91:8E:3A:79:FB:E0:82:3C:67:32:E2:64

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/OBk3IIIeB9aRjjp5--CCPGcy4mQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/OBk3IIIeB9aRjjp5--CCPGcy4mQ.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/B768BE3AE17911EE9C447824C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  14.192.130.0-14.192.139.255
                  43.247.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0d:43:4c:a4:26:15:6f:94:8d:d5:7e:50:76:a4:94:d8:06:39:
         aa:1f:0f:bc:99:f0:00:bf:30:23:80:d0:d8:92:34:04:75:e4:
         b8:d9:3e:d6:bd:4b:aa:9d:2e:1f:f3:de:9b:d2:89:41:b0:64:
         31:33:33:e1:78:34:40:3a:a7:86:9c:5e:30:78:fa:50:51:46:
         7a:43:67:79:df:e2:8c:8d:32:cb:8d:b5:19:b5:2f:cb:b4:55:
         8e:17:cc:87:5f:75:8b:c9:cc:79:3a:13:82:c3:b8:98:02:df:
         61:f2:ae:bd:da:38:44:6b:1f:5d:61:97:94:fc:03:f3:dc:10:
         c1:ff:f6:51:73:fd:d4:94:11:b8:eb:c5:76:ec:04:27:50:16:
         ea:61:f7:31:fa:0e:5b:35:2e:44:55:40:74:ba:ec:87:a4:a6:
         be:91:b8:30:37:04:b9:8b:b4:be:49:b5:43:22:a6:b6:8f:d9:
         e9:f2:ff:be:3b:55:22:ed:5f:a9:69:f6:23:fa:3f:99:d9:5d:
         63:2f:03:0a:37:b3:8f:af:8d:93:16:e2:90:8a:84:0b:db:05:
         18:c1:81:24:f7:71:ed:0d:e4:e8:a4:e7:56:5b:bf:07:07:b6:
         5c:6b:16:d5:47:05:2a:95:35:bf:67:94:47:aa:4c:68:e3:31:
         27:92:b2:a9
-----BEGIN CERTIFICATE-----
MIIFfzCCBGegAwIBAgICCTwwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NUEwQ0QxMTAvBgNVBAUTKDM4MTkzNzIwODIxRTA3RDY5MThFM0E3OUZCRTA4MjND
NjczMkUyNjQwHhcNMjQwMzI4MDkyNTA5WhcNMjQwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjA1Mzc3NS0yNjEzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAv2HXNt05pSl+8tqx1TJ+CNXBf2/J2XHBsKF+HggoMJRjbZxZ6+znBy9a15ok
E196hOuq/1r6UYZ9U/Fi1yvqdjEJiVEHfXqQ/t7s2UgIpEFOatEHryZW46WO0mIU
fYtZ/9oChQB9222tTSzGfG0ofYXr4EA25JDu5jrEV989LPHblteHGH1HlX02BUxs
hVBf4QsB5y+v8s8f7IqUjYXZl134tbM+TiuVBsR63oXhbA5UYoT8FVN15lYdONaP
tnviU6/l5eSCRVd6biaALRS56h8ErFEEyrzJ8M3fczFqfRa5cw3fw1VbGA1U4ACx
iGJuu5xs7iNCwxPhiFfC7IAzmwIDAQABo4ICozCCAp8wHQYDVR0OBBYEFAulE2H3
6EnSodVaUrQ16mRXqSoyMB8GA1UdIwQYMBaAFDgZNyCCHgfWkY46efvggjxnMuJk
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1QTBDRC80NjcyM0YxRTg5
RUMxMUVBODFDMDRGMUVDNEY5QUUwMi9PQmszSUlJZUI5YVJqanA1LS1DQ1BHY3k0
bVEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL09CazNJSUllQjlhUmpqcDUtLUNDUEdjeTRtUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NUEwQ0QvNDY3MjNGMUU4OUVDMTFFQTgxQzA0RjFFQzRGOUFFMDIvQjc2OEJFM0FF
MTc5MTFFRTlDNDQ3ODI0QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLQYIKwYBBQUHAQcBAf8E
HjAcMBoEAgABMBQwDAMEAQ7AggMEAg7AiAMEAiv3eDANBgkqhkiG9w0BAQsFAAOC
AQEADUNMpCYVb5SN1X5QdqSU2AY5qh8PvJnwAL8wI4DQ2JI0BHXkuNk+1r1Lqp0u
H/Pem9KJQbBkMTMz4Xg0QDqnhpxeMHj6UFFGekNned/ijI0yy421GbUvy7RVjhfM
h191i8nMeToTgsO4mALfYfKuvdo4RGsfXWGXlPwD89wQwf/2UXP91JQRuOvFduwE
J1AW6mH3MfoOWzUuRFVAdLrsh6SmvpG4MDcEuYu0vkm1QyKmto/Z6fL/vjtVIu1f
qWn2I/o/mdldYy8DCjezj6+NkxbikIqEC9sFGMGBJPdx7Q3k6KTnVlu/Bwe2XGsW
1UcFKpU1v2eUR6pMaOMxJ5KyqQ==
-----END CERTIFICATE-----