Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A915ADC4/61415F58A9F711EE8EB48D22C4F9AE02/3B4D888AB0B911EE8F42AB13C4F9AE02.roa
File:                     3B4D888AB0B911EE8F42AB13C4F9AE02.roa (raw, json)
Hash identifier:          YNdCSRIaDs7yPoerhJdIEsoyy4LAkHBfR3vWZ6EaIHw=
Subject key identifier:   AE:EE:C8:A0:5F:C9:2D:3E:B6:FA:22:82:96:3C:09:8F:04:2B:43:3A
Certificate issuer:       /CN=A915ADC4/serialNumber=1DD1CBBC5DF5BDFABBB3ADAF12B00256B7F18D12
Certificate serial:       37
Authority key identifier: 1D:D1:CB:BC:5D:F5:BD:FA:BB:B3:AD:AF:12:B0:02:56:B7:F1:8D:12
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/HdHLvF31vfq7s62vErACVrfxjRI.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A915ADC4/61415F58A9F711EE8EB48D22C4F9AE02/3B4D888AB0B911EE8F42AB13C4F9AE02.roa
Signing time:             Thu 14 Mar 2024 12:36:15 +0000
ROA not before:           Thu 14 Mar 2024 12:36:15 +0000
ROA not after:            Thu 01 May 2025 00:00:00 +0000
asID:                     152300
IP address blocks:        2401:72a0::/32 maxlen: 40
                          2402:ca40:1000::/36 maxlen: 36
                          2402:ca40:2000::/36 maxlen: 36
                          2402:ca40:3000::/36 maxlen: 36
                          2402:ca40:4000::/36 maxlen: 36
                          2402:ca40:5000::/36 maxlen: 36
                          2402:ca40:6000::/36 maxlen: 36
                          2402:ca40:7000::/36 maxlen: 36
                          2402:ca40:8000::/36 maxlen: 36
                          2402:ca40:9000::/36 maxlen: 36
                          2402:ca40:a000::/36 maxlen: 36
                          2402:ca40:b000::/36 maxlen: 36
                          2402:ca40:c000::/36 maxlen: 36
                          2402:ca40:d000::/36 maxlen: 36
                          2402:ca40:e000::/36 maxlen: 36
                          2402:ca40:f000::/36 maxlen: 36

Validation:               Failed, certificate revoked on Thu 14 Mar 2024 18:21:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 55 (0x37)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A915ADC4/serialNumber=1DD1CBBC5DF5BDFABBB3ADAF12B00256B7F18D12
        Validity
            Not Before: Mar 14 12:36:15 2024 GMT
            Not After : May  1 00:00:00 2025 GMT
        Subject: CN=65f2ef3f-3ea0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:25:e3:2c:e4:86:15:da:8e:67:9c:37:76:26:
                    b2:0b:a4:8f:1c:61:c7:9a:1a:de:b8:f1:0b:d9:4a:
                    6c:57:0d:3f:f8:cc:9f:6f:3b:a1:c8:e2:f6:23:6d:
                    80:fb:58:34:57:c6:11:86:e1:91:c1:70:0e:4f:53:
                    b1:88:0e:89:fb:f7:17:03:93:5b:92:28:10:c2:6e:
                    17:5b:b3:9d:2c:d0:57:bd:7a:96:eb:f5:fe:bd:49:
                    c0:e8:f3:e2:67:be:f9:46:ca:51:f5:ec:d2:d4:fe:
                    f1:48:af:25:9c:43:67:0f:2d:a0:f0:c6:ee:fe:b2:
                    61:4c:33:40:cd:5b:01:74:af:fe:bc:d5:d7:d1:e5:
                    a8:84:1d:69:1c:f0:b8:6a:ef:81:3e:b9:45:13:6e:
                    7e:06:7a:ba:e9:c6:26:b0:2a:98:a5:0a:f3:6e:d1:
                    52:5e:75:78:e7:35:71:88:08:f9:ea:43:8a:75:87:
                    ae:2d:cc:4c:7a:98:ff:da:d1:99:2a:d8:ca:60:92:
                    9b:b3:b5:92:80:37:b7:ee:08:1d:6e:dc:bf:fb:1b:
                    81:44:ea:bf:dd:83:50:4e:b5:f8:be:3e:e7:3d:f6:
                    35:f0:58:be:70:18:ed:7c:03:9c:a0:4a:f3:51:4c:
                    c4:57:7d:5f:e6:a3:c9:bb:03:60:c3:89:c5:fa:e1:
                    b5:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:EE:C8:A0:5F:C9:2D:3E:B6:FA:22:82:96:3C:09:8F:04:2B:43:3A
            X509v3 Authority Key Identifier:
                keyid:1D:D1:CB:BC:5D:F5:BD:FA:BB:B3:AD:AF:12:B0:02:56:B7:F1:8D:12

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A915ADC4/61415F58A9F711EE8EB48D22C4F9AE02/HdHLvF31vfq7s62vErACVrfxjRI.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/HdHLvF31vfq7s62vErACVrfxjRI.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A915ADC4/61415F58A9F711EE8EB48D22C4F9AE02/3B4D888AB0B911EE8F42AB13C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2401:72a0::/32
                  2402:ca40:1000::-2402:ca40:ffff:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         89:97:66:76:10:69:7f:bd:97:11:00:55:9a:81:6d:4d:fe:ec:
         dc:0d:3d:94:a9:2d:da:dc:7b:a7:e9:04:d4:d3:4c:e3:85:d9:
         75:c0:b8:9c:7a:ee:b3:4f:90:77:c3:68:17:9b:94:66:0c:1a:
         9c:39:d7:2b:70:0d:ba:18:6e:16:93:45:fa:67:e5:62:d9:6a:
         00:ff:10:8c:49:15:48:f7:46:03:1a:89:d8:87:84:50:ea:5b:
         f8:52:55:6c:56:56:11:ee:b7:3e:e3:66:4f:a3:a9:14:93:73:
         76:da:77:37:63:4d:63:9b:fa:9a:1a:43:71:1a:c9:92:0a:eb:
         f1:bc:0d:ec:24:fd:42:d3:a7:e5:3a:ef:f5:d4:2b:40:ef:09:
         92:ce:e9:4a:85:a4:fd:4e:e9:6a:81:39:d1:59:c8:e1:41:37:
         6d:c0:d7:af:4a:fc:43:05:1c:71:a8:be:74:70:aa:87:83:c3:
         53:3a:02:fa:c6:0b:08:4c:1c:ba:cb:7b:f6:9c:54:78:26:be:
         58:88:71:84:38:85:26:55:55:53:8c:c0:c1:e0:f5:6b:3c:01:
         85:dd:42:59:e7:b6:b2:5c:50:7e:89:27:51:74:0e:f8:a1:9b:
         27:85:b7:c6:06:e1:80:a9:16:0e:2b:c1:ca:2a:ef:50:e9:75:
         7f:bf:e8:1d
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgIBNzANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTE1
QURDNDExMC8GA1UEBRMoMUREMUNCQkM1REY1QkRGQUJCQjNBREFGMTJCMDAyNTZC
N0YxOEQxMjAeFw0yNDAzMTQxMjM2MTVaFw0yNTA1MDEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY1ZjJlZjNmLTNlYTAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDBJeMs5IYV2o5nnDd2JrILpI8cYceaGt648QvZSmxXDT/4zJ9vO6HI4vYjbYD7
WDRXxhGG4ZHBcA5PU7GIDon79xcDk1uSKBDCbhdbs50s0Fe9epbr9f69ScDo8+Jn
vvlGylH17NLU/vFIryWcQ2cPLaDwxu7+smFMM0DNWwF0r/681dfR5aiEHWkc8Lhq
74E+uUUTbn4GerrpxiawKpilCvNu0VJedXjnNXGICPnqQ4p1h64tzEx6mP/a0Zkq
2MpgkpuztZKAN7fuCB1u3L/7G4FE6r/dg1BOtfi+Puc99jXwWL5wGO18A5ygSvNR
TMRXfV/mo8m7A2DDicX64bUpAgMBAAGjggKnMIICozAdBgNVHQ4EFgQUru7IoF/J
LT62+iKCljwJjwQrQzowHwYDVR0jBBgwFoAUHdHLvF31vfq7s62vErACVrfxjRIw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTVBREM0LzYxNDE1RjU4QTlG
NzExRUU4RUI0OEQyMkM0RjlBRTAyL0hkSEx2RjMxdmZxN3M2MnZFckFDVnJmeGpS
SS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvSGRITHZGMzF2ZnE3czYydkVyQUNWcmZ4alJJLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1
QURDNC82MTQxNUY1OEE5RjcxMUVFOEVCNDhEMjJDNEY5QUUwMi8zQjREODg4QUIw
QjkxMUVFOEY0MkFCMTNDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAxBggrBgEFBQcBBwEB/wQi
MCAwHgQCAAIwGAMFACQBcqAwDwMGBCQCykAQAwUAJALKQDANBgkqhkiG9w0BAQsF
AAOCAQEAiZdmdhBpf72XEQBVmoFtTf7s3A09lKkt2tx7p+kE1NNM44XZdcC4nHru
s0+Qd8NoF5uUZgwanDnXK3ANuhhuFpNF+mflYtlqAP8QjEkVSPdGAxqJ2IeEUOpb
+FJVbFZWEe63PuNmT6OpFJNzdtp3N2NNY5v6mhpDcRrJkgrr8bwN7CT9QtOn5Trv
9dQrQO8Jks7pSoWk/U7paoE50VnI4UE3bcDXr0r8QwUccai+dHCqh4PDUzoC+sYL
CEwcust79pxUeCa+WIhxhDiFJlVVU4zAweD1azwBhd1CWee2slxQfoknUXQO+KGb
J4W3xgbhgKkWDivByirvUOl1f7/oHQ==
-----END CERTIFICATE-----