Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91CB7AB/56786568400911EBA374225BC4F9AE02/E6C3CBE6FB8911EE88018176C4F9AE02.roa
File:                     E6C3CBE6FB8911EE88018176C4F9AE02.roa (raw, json)
Hash identifier:          y81+a80LNAvze8/VHo6OEeL8P3t5c15ZYH+1qigyKYA=
Subject key identifier:   61:3C:AE:72:35:46:AE:00:BF:36:F1:D3:C3:A7:E4:1A:F3:EA:BE:AF
Certificate issuer:       /CN=A91CB7AB/serialNumber=3DE9D3DFF6E048FD908146502E4F08E456F3D9BC
Certificate serial:       074C
Authority key identifier: 3D:E9:D3:DF:F6:E0:48:FD:90:81:46:50:2E:4F:08:E4:56:F3:D9:BC
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/PenT3_bgSP2QgUZQLk8I5Fbz2bw.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91CB7AB/56786568400911EBA374225BC4F9AE02/E6C3CBE6FB8911EE88018176C4F9AE02.roa
Signing time:             Tue 16 Apr 2024 00:40:20 +0000
ROA not before:           Tue 16 Apr 2024 00:40:20 +0000
ROA not after:            Mon 31 Mar 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        202.139.252.0/24 maxlen: 24
                          202.148.147.0/24 maxlen: 24
                          203.27.226.0/23 maxlen: 24

Validation:               Failed, certificate revoked on Thu 18 Apr 2024 10:21:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1868 (0x74c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91CB7AB/serialNumber=3DE9D3DFF6E048FD908146502E4F08E456F3D9BC
        Validity
            Not Before: Apr 16 00:40:20 2024 GMT
            Not After : Mar 31 00:00:00 2025 GMT
        Subject: CN=661dc8f3-ed4c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:c5:61:22:7b:de:8c:bd:44:c3:c9:f7:84:9f:
                    24:af:da:f7:f8:a8:ca:60:36:dc:5d:df:ff:dd:2e:
                    80:85:9b:9f:3e:b6:d3:e4:38:44:ba:2e:4f:82:22:
                    a0:ca:73:7a:61:a7:c1:ae:c8:14:96:1b:ab:4f:d7:
                    55:39:fc:4d:8d:78:b1:fb:22:80:af:04:7f:b0:2d:
                    a7:bc:67:26:b3:17:c5:c8:16:2e:30:94:e1:99:6b:
                    61:1a:7f:a2:68:c8:b4:bf:c8:08:a3:43:c6:1c:fc:
                    c4:0d:43:5f:b4:f1:85:79:a8:cd:cd:ba:b9:f8:c3:
                    7a:bb:e7:69:a8:0d:6c:f2:71:b3:09:5e:76:a2:1e:
                    83:ca:0d:b5:f3:df:db:c7:f8:79:00:a1:f6:3f:fe:
                    45:62:05:0b:4a:dc:9e:0f:92:dc:02:ae:01:60:ee:
                    a5:a4:f6:3d:b2:79:19:75:8c:c8:31:9e:5b:5f:54:
                    a4:2e:1e:d5:dd:0d:c0:92:cf:9c:71:1f:8f:a4:46:
                    90:81:af:dd:e5:28:3e:36:26:ae:5d:c6:00:f1:e5:
                    5a:87:9d:d8:f0:4a:86:c9:bd:ff:f8:36:79:6b:f4:
                    7f:29:68:30:ea:a1:64:56:01:12:e1:41:e2:6c:c9:
                    ef:d6:7b:52:2f:04:67:7a:2e:44:8b:7e:2f:af:db:
                    62:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:3C:AE:72:35:46:AE:00:BF:36:F1:D3:C3:A7:E4:1A:F3:EA:BE:AF
            X509v3 Authority Key Identifier:
                keyid:3D:E9:D3:DF:F6:E0:48:FD:90:81:46:50:2E:4F:08:E4:56:F3:D9:BC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91CB7AB/56786568400911EBA374225BC4F9AE02/PenT3_bgSP2QgUZQLk8I5Fbz2bw.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/PenT3_bgSP2QgUZQLk8I5Fbz2bw.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91CB7AB/56786568400911EBA374225BC4F9AE02/E6C3CBE6FB8911EE88018176C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.139.252.0/24
                  202.148.147.0/24
                  203.27.226.0/23

    Signature Algorithm: sha256WithRSAEncryption
         58:01:ed:21:39:88:e1:06:38:02:19:d9:27:1b:40:76:a4:fa:
         55:87:74:a9:69:95:6f:d3:1f:2a:ca:e3:17:e9:57:c0:f2:80:
         0c:68:9a:94:1c:54:29:28:d4:99:fa:99:5b:6b:ee:fc:e5:32:
         e7:3f:18:c1:5b:75:4e:b8:81:e4:a5:f0:fb:79:95:8f:1f:65:
         c7:d8:2f:6b:9b:e6:2a:b1:1a:43:cc:0c:01:f2:ac:5c:89:c1:
         09:39:e4:b0:27:f0:02:42:2b:52:f1:12:cf:5b:da:30:7f:a3:
         74:0e:67:4e:69:23:31:fb:d8:0a:fd:f2:21:a5:61:01:b2:7d:
         43:6f:aa:ce:38:05:39:86:a8:d0:57:04:1c:82:16:7d:19:69:
         25:76:a7:4f:82:b2:65:76:60:5f:9d:4c:68:b2:25:7b:06:19:
         50:a2:b9:1e:ab:47:d3:28:e1:58:9a:21:4b:b5:a4:34:69:d6:
         b2:d6:68:bf:c0:f8:e7:62:ab:de:6c:6a:60:1c:d2:b7:fc:30:
         48:4b:68:13:55:eb:94:f6:9b:be:7a:f4:f7:36:50:e6:35:d6:
         03:01:ca:1f:8d:55:ce:fa:e2:cc:17:66:b9:7b:cb:21:97:97:
         72:50:c6:5a:d4:49:a4:a5:b3:90:b4:06:5d:ee:f8:4c:66:78:
         79:bc:56:06
-----BEGIN CERTIFICATE-----
MIIFfTCCBGWgAwIBAgICB0wwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Q0I3QUIxMTAvBgNVBAUTKDNERTlEM0RGRjZFMDQ4RkQ5MDgxNDY1MDJFNEYwOEU0
NTZGM0Q5QkMwHhcNMjQwNDE2MDA0MDIwWhcNMjUwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjFkYzhmMy1lZDRjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAwcVhInvejL1Ew8n3hJ8kr9r3+KjKYDbcXd//3S6AhZufPrbT5DhEui5PgiKg
ynN6YafBrsgUlhurT9dVOfxNjXix+yKArwR/sC2nvGcmsxfFyBYuMJThmWthGn+i
aMi0v8gIo0PGHPzEDUNftPGFeajNzbq5+MN6u+dpqA1s8nGzCV52oh6Dyg2189/b
x/h5AKH2P/5FYgULStyeD5LcAq4BYO6lpPY9snkZdYzIMZ5bX1SkLh7V3Q3Aks+c
cR+PpEaQga/d5Sg+NiauXcYA8eVah53Y8EqGyb3/+DZ5a/R/KWgw6qFkVgES4UHi
bMnv1ntSLwRnei5Ei34vr9tipwIDAQABo4ICoTCCAp0wHQYDVR0OBBYEFGE8rnI1
Rq4Avzbx08On5Brz6r6vMB8GA1UdIwQYMBaAFD3p09/24Ej9kIFGUC5PCORW89m8
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDQjdBQi81Njc4NjU2ODQw
MDkxMUVCQTM3NDIyNUJDNEY5QUUwMi9QZW5UM19iZ1NQMlFnVVpRTGs4STVGYnoy
YncuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1BlblQzX2JnU1AyUWdVWlFMazhJNUZiejJidy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Q0I3QUIvNTY3ODY1Njg0MDA5MTFFQkEzNzQyMjVCQzRGOUFFMDIvRTZDM0NCRTZG
Qjg5MTFFRTg4MDE4MTc2QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwKwYIKwYBBQUHAQcBAf8E
HDAaMBgEAgABMBIDBADKi/wDBADKlJMDBAHLG+IwDQYJKoZIhvcNAQELBQADggEB
AFgB7SE5iOEGOAIZ2ScbQHak+lWHdKlplW/THyrK4xfpV8DygAxompQcVCko1Jn6
mVtr7vzlMuc/GMFbdU64geSl8Pt5lY8fZcfYL2ub5iqxGkPMDAHyrFyJwQk55LAn
8AJCK1LxEs9b2jB/o3QOZ05pIzH72Ar98iGlYQGyfUNvqs44BTmGqNBXBByCFn0Z
aSV2p0+CsmV2YF+dTGiyJXsGGVCiuR6rR9Mo4ViaIUu1pDRp1rLWaL/A+Odiq95s
amAc0rf8MEhLaBNV65T2m7569Pc2UOY11gMByh+NVc764swXZrl7yyGXl3JQxlrU
SaSls5C0Bl3u+ExmeHm8VgY=
-----END CERTIFICATE-----