Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/CC20B3A0872811EF9103B95AC4F9AE02.roa
File:                     CC20B3A0872811EF9103B95AC4F9AE02.roa (raw, json)
Hash identifier:          I1vuVxUsA/Q2J/8bEn2ItTXNUOpCa0L99lPKxovlCJs=
Subject key identifier:   7E:50:67:86:D8:3B:BF:8C:E0:C2:9D:75:27:6A:AD:C1:64:83:55:07
Certificate issuer:       /CN=A915A0CD/serialNumber=38193720821E07D6918E3A79FBE0823C6732E264
Certificate serial:       0B18
Authority key identifier: 38:19:37:20:82:1E:07:D6:91:8E:3A:79:FB:E0:82:3C:67:32:E2:64
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/OBk3IIIeB9aRjjp5--CCPGcy4mQ.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/CC20B3A0872811EF9103B95AC4F9AE02.roa
Signing time:             Thu 10 Oct 2024 16:57:57 +0000
ROA not before:           Thu 10 Oct 2024 16:57:57 +0000
ROA not after:            Tue 30 Sep 2025 00:00:00 +0000
asID:                     208485
IP address blocks:        14.192.137.0/24 maxlen: 24
                          14.192.138.0/24 maxlen: 24
                          14.192.139.0/24 maxlen: 24
                          14.192.143.0/24 maxlen: 24
                          14.192.145.0/24 maxlen: 24
                          14.192.146.0/24 maxlen: 24
                          14.192.158.0/24 maxlen: 24
                          14.192.159.0/24 maxlen: 24
                          43.247.120.0/24 maxlen: 24
                          43.247.123.0/24 maxlen: 24
                          103.20.132.0/24 maxlen: 24
                          103.20.133.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Fri 01 Nov 2024 21:51:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2840 (0xb18)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A915A0CD
        Validity
            Not Before: Oct 10 16:57:57 2024 GMT
            Not After : Sep 30 00:00:00 2025 GMT
        Subject: CN=67080794-fbd7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:dc:c6:05:17:c0:15:a7:ac:a4:d5:e0:69:44:
                    cb:18:8c:27:9a:b9:04:53:cc:02:94:d0:00:31:6f:
                    70:9b:9a:5d:9f:81:9d:81:33:7e:65:ef:f1:40:01:
                    8d:e0:47:61:c3:16:ca:8a:97:6e:9d:4e:f5:1a:d4:
                    c5:1f:ca:61:67:20:5b:86:0d:cf:de:90:7e:b3:99:
                    4d:7c:94:3e:da:e6:3f:33:b8:46:58:db:07:1c:f3:
                    58:2e:6e:83:11:15:b6:62:7e:c3:d5:37:67:30:5b:
                    71:96:d0:7c:2d:83:82:98:8b:b2:35:f1:37:a7:46:
                    b4:a8:dd:4f:8c:c6:9c:12:66:11:54:a4:77:d4:66:
                    4c:c3:6a:fb:97:a4:99:37:54:1c:9f:30:f7:ba:b8:
                    30:de:ea:7d:37:3d:bc:9d:41:5a:8b:1a:0c:b7:bd:
                    79:28:86:c3:51:a2:87:f2:6a:00:c5:97:7d:27:85:
                    88:cd:ea:fe:28:c3:f3:2f:a1:5d:c0:9c:33:f9:e3:
                    74:f3:27:bc:3a:99:2c:59:82:cd:1c:df:d0:6f:29:
                    21:33:dd:d9:01:b1:84:30:60:86:5c:6c:6d:7a:b0:
                    96:90:f9:e0:3d:8c:cf:3f:d9:9b:9f:30:f1:63:4c:
                    6a:66:ef:92:91:48:a4:df:35:30:47:a1:2a:8f:91:
                    73:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:50:67:86:D8:3B:BF:8C:E0:C2:9D:75:27:6A:AD:C1:64:83:55:07
            X509v3 Authority Key Identifier:
                keyid:38:19:37:20:82:1E:07:D6:91:8E:3A:79:FB:E0:82:3C:67:32:E2:64

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/OBk3IIIeB9aRjjp5--CCPGcy4mQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/OBk3IIIeB9aRjjp5--CCPGcy4mQ.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A915A0CD/46723F1E89EC11EA81C04F1EC4F9AE02/CC20B3A0872811EF9103B95AC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  14.192.137.0-14.192.139.255
                  14.192.143.0/24
                  14.192.145.0-14.192.146.255
                  14.192.158.0/23
                  43.247.120.0/24
                  43.247.123.0/24
                  103.20.132.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a0:91:90:16:7a:8b:8e:c9:66:e5:82:e7:00:0c:cb:ab:4b:86:
         41:89:93:03:56:69:1e:7c:2c:ed:a4:94:c5:f3:b9:cc:7e:d6:
         80:9e:96:21:4e:75:88:a9:32:85:52:a6:37:b8:51:07:14:b2:
         03:15:67:81:de:4b:ad:ef:e4:cf:b3:1d:52:69:6c:1c:cc:8e:
         fc:4a:03:ba:8c:dd:10:92:47:c9:1c:aa:34:fa:37:ef:1e:90:
         d1:72:06:92:e4:e1:3d:a4:a5:38:73:2b:dc:7c:d1:55:44:87:
         88:f0:69:8b:15:ba:d8:05:6a:51:6b:99:d3:b6:0d:68:8f:0d:
         d6:2b:ff:c2:d7:94:02:ef:6f:8d:ec:8d:d0:80:92:87:36:08:
         99:83:4e:85:5e:91:6e:dd:5f:1e:dd:9c:ca:c9:9b:0c:0d:b0:
         3a:a3:92:7a:2a:50:21:c9:f3:ed:fb:d9:9d:8b:50:df:6d:7b:
         42:a3:da:5f:79:bd:54:73:28:c8:64:09:d1:1c:d2:9d:20:fd:
         03:0c:5b:4e:ba:c8:93:5c:67:41:9e:a1:6d:7f:25:69:a6:ce:
         84:04:63:a9:99:07:ab:39:71:d0:05:22:a6:f3:de:14:98:eb:
         f0:29:7a:80:4c:b3:a9:c7:42:76:cf:c1:10:3c:3d:4e:5f:6f:
         93:c5:bb:1f
-----BEGIN CERTIFICATE-----
MIIFpTCCBI2gAwIBAgICCxgwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NUEwQ0QxMTAvBgNVBAUTKDM4MTkzNzIwODIxRTA3RDY5MThFM0E3OUZCRTA4MjND
NjczMkUyNjQwHhcNMjQxMDEwMTY1NzU3WhcNMjUwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzA4MDc5NC1mYmQ3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA3tzGBRfAFaespNXgaUTLGIwnmrkEU8wClNAAMW9wm5pdn4GdgTN+Ze/xQAGN
4EdhwxbKipdunU71GtTFH8phZyBbhg3P3pB+s5lNfJQ+2uY/M7hGWNsHHPNYLm6D
ERW2Yn7D1TdnMFtxltB8LYOCmIuyNfE3p0a0qN1PjMacEmYRVKR31GZMw2r7l6SZ
N1QcnzD3urgw3up9Nz28nUFaixoMt715KIbDUaKH8moAxZd9J4WIzer+KMPzL6Fd
wJwz+eN08ye8OpksWYLNHN/QbykhM93ZAbGEMGCGXGxterCWkPngPYzPP9mbnzDx
Y0xqZu+SkUik3zUwR6Eqj5Fz5wIDAQABo4ICyTCCAsUwHQYDVR0OBBYEFH5QZ4bY
O7+M4MKddSdqrcFkg1UHMB8GA1UdIwQYMBaAFDgZNyCCHgfWkY46efvggjxnMuJk
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1QTBDRC80NjcyM0YxRTg5
RUMxMUVBODFDMDRGMUVDNEY5QUUwMi9PQmszSUlJZUI5YVJqanA1LS1DQ1BHY3k0
bVEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL09CazNJSUllQjlhUmpqcDUtLUNDUEdjeTRtUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NUEwQ0QvNDY3MjNGMUU4OUVDMTFFQTgxQzA0RjFFQzRGOUFFMDIvQ0MyMEIzQTA4
NzI4MTFFRjkxMDNCOTVBQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwUwYIKwYBBQUHAQcBAf8E
RDBCMEAEAgABMDowDAMEAA7AiQMEAg7AiAMEAA7AjzAMAwQADsCRAwQADsCSAwQB
DsCeAwQAK/d4AwQAK/d7AwQBZxSEMA0GCSqGSIb3DQEBCwUAA4IBAQCgkZAWeouO
yWblgucADMurS4ZBiZMDVmkefCztpJTF87nMftaAnpYhTnWIqTKFUqY3uFEHFLID
FWeB3kut7+TPsx1SaWwczI78SgO6jN0QkkfJHKo0+jfvHpDRcgaS5OE9pKU4cyvc
fNFVRIeI8GmLFbrYBWpRa5nTtg1ojw3WK//C15QC72+N7I3QgJKHNgiZg06FXpFu
3V8e3ZzKyZsMDbA6o5J6KlAhyfPt+9mdi1DfbXtCo9pfeb1UcyjIZAnRHNKdIP0D
DFtOusiTXGdBnqFtfyVpps6EBGOpmQerOXHQBSKm894UmOvwKXqATLOpx0J2z8EQ
PD1OX2+Txbsf
-----END CERTIFICATE-----