Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91CE558/3DF14F08539411EABF6B4F5FC4F9AE02/3E72E29E848511EF8D38140CC4F9AE02.roa
File:                     3E72E29E848511EF8D38140CC4F9AE02.roa (raw, json)
Hash identifier:          yROZy/dYRnQzSnuPJqLiMqPVQJ+vJVhmqOWw2iaxD1c=
Subject key identifier:   DF:37:E9:B8:9A:BC:08:5E:3C:49:ED:EA:9A:65:E6:A5:8D:37:5F:A1
Certificate issuer:       /CN=A91CE558/serialNumber=B36B971724A3BABD890B754598933720F972FEAF
Certificate serial:       0AD2
Authority key identifier: B3:6B:97:17:24:A3:BA:BD:89:0B:75:45:98:93:37:20:F9:72:FE:AF
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/s2uXFySjur2JC3VFmJM3IPly_q8.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91CE558/3DF14F08539411EABF6B4F5FC4F9AE02/3E72E29E848511EF8D38140CC4F9AE02.roa
Signing time:             Mon 07 Oct 2024 08:22:09 +0000
ROA not before:           Mon 07 Oct 2024 08:22:09 +0000
ROA not after:            Tue 30 Sep 2025 00:00:00 +0000
asID:                     17819
IP address blocks:        101.97.33.0/24 maxlen: 24
                          101.97.38.0/24 maxlen: 24
                          202.177.208.0/22 maxlen: 22
                          202.177.208.0/24 maxlen: 24
                          202.177.216.0/24 maxlen: 24
                          2404:4f00::/32 maxlen: 32
                          2404:4f00::/33 maxlen: 33

Validation:               Failed, certificate revoked on Fri 18 Oct 2024 07:42:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2770 (0xad2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91CE558/serialNumber=B36B971724A3BABD890B754598933720F972FEAF
        Validity
            Not Before: Oct  7 08:22:09 2024 GMT
            Not After : Sep 30 00:00:00 2025 GMT
        Subject: CN=67039a30-7244
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:26:69:c3:7c:8d:a8:21:63:7a:76:23:69:87:
                    ac:fe:83:45:b6:b2:0f:bb:60:35:6f:3c:8a:d2:0b:
                    80:5e:8a:6c:33:75:55:7c:6e:e3:bc:a6:0c:f9:f5:
                    78:ed:4b:96:bd:1d:45:83:2d:d2:ee:eb:3c:69:9a:
                    04:41:3b:fb:2a:6a:1d:38:6c:e0:f0:82:d3:3d:f1:
                    f5:f0:92:c9:db:66:cc:ad:59:86:35:ad:41:83:9b:
                    2f:34:af:5f:45:4d:be:60:f4:c7:00:91:f9:65:66:
                    58:3c:54:67:c6:56:ab:66:ef:95:ce:bd:70:32:52:
                    cb:95:c4:1b:4e:1b:8e:da:55:03:c1:54:d3:be:e9:
                    04:fa:00:28:90:76:c2:4d:f7:33:3a:fc:15:4d:62:
                    3d:fb:28:9a:5c:94:c7:35:b0:e9:5f:dc:fd:6b:7b:
                    24:64:8c:46:7f:cc:80:1c:c2:fa:f9:cf:77:0f:0e:
                    97:91:e2:a0:2b:ff:d8:0a:ad:a3:91:8f:1b:24:85:
                    b5:2f:e6:9d:8a:58:b6:d8:ad:71:5f:e0:b9:88:67:
                    dd:b2:fa:6c:4d:2b:3a:f5:35:9f:c7:ab:9d:50:3d:
                    a9:96:b6:27:9f:3c:5f:be:bb:db:1f:e0:65:3b:8c:
                    ce:c9:45:07:48:21:dc:69:d9:b8:9f:f8:0d:bf:b7:
                    ca:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:37:E9:B8:9A:BC:08:5E:3C:49:ED:EA:9A:65:E6:A5:8D:37:5F:A1
            X509v3 Authority Key Identifier:
                keyid:B3:6B:97:17:24:A3:BA:BD:89:0B:75:45:98:93:37:20:F9:72:FE:AF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91CE558/3DF14F08539411EABF6B4F5FC4F9AE02/s2uXFySjur2JC3VFmJM3IPly_q8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/s2uXFySjur2JC3VFmJM3IPly_q8.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91CE558/3DF14F08539411EABF6B4F5FC4F9AE02/3E72E29E848511EF8D38140CC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  101.97.33.0/24
                  101.97.38.0/24
                  202.177.208.0/22
                  202.177.216.0/24
                IPv6:
                  2404:4f00::/32

    Signature Algorithm: sha256WithRSAEncryption
         ab:d0:2d:e5:08:5d:b7:c4:20:7b:b7:37:dd:cc:ca:d1:bb:31:
         d0:9c:6f:5f:75:f2:66:a6:5a:4b:a9:f1:56:c9:35:50:7e:47:
         ac:51:86:63:82:74:91:10:05:96:ee:1e:bd:93:5e:c8:ae:60:
         2c:1c:ce:2b:86:d9:32:db:a3:9a:2e:d9:e0:80:89:0c:cb:15:
         cc:81:e4:5a:bc:a3:7a:51:b3:ff:2c:90:b3:6d:8b:4e:91:f9:
         20:0c:76:19:2f:ac:d6:93:37:92:54:d8:41:fe:27:b4:7c:6b:
         c2:62:bc:59:2b:6c:89:0c:04:5f:48:31:48:5c:39:74:f9:55:
         cf:11:cd:74:a8:29:15:07:25:eb:8f:cc:98:a7:bd:67:61:c9:
         1b:4c:e6:f0:6e:8e:52:b0:21:29:70:f0:4f:fe:7d:3f:3c:c0:
         a9:12:26:97:a6:3b:b5:5c:98:53:93:17:96:ff:fe:29:31:24:
         ce:12:97:0a:8a:6a:8f:c1:53:01:fa:36:45:bf:8c:07:3f:a5:
         75:06:78:b9:08:13:c1:70:f5:8d:0f:f9:6b:fe:1e:0e:6e:02:
         f4:da:62:16:ba:ae:04:7e:d5:5f:7c:fe:55:bd:16:62:21:50:
         32:08:b7:bd:e5:e4:47:e7:d8:e6:a9:39:15:81:9d:7e:f1:52:
         25:c6:81:21
-----BEGIN CERTIFICATE-----
MIIFkjCCBHqgAwIBAgICCtIwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Q0U1NTgxMTAvBgNVBAUTKEIzNkI5NzE3MjRBM0JBQkQ4OTBCNzU0NTk4OTMzNzIw
Rjk3MkZFQUYwHhcNMjQxMDA3MDgyMjA5WhcNMjUwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzAzOWEzMC03MjQ0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAxCZpw3yNqCFjenYjaYes/oNFtrIPu2A1bzyK0guAXopsM3VVfG7jvKYM+fV4
7UuWvR1Fgy3S7us8aZoEQTv7KmodOGzg8ILTPfH18JLJ22bMrVmGNa1Bg5svNK9f
RU2+YPTHAJH5ZWZYPFRnxlarZu+Vzr1wMlLLlcQbThuO2lUDwVTTvukE+gAokHbC
TfczOvwVTWI9+yiaXJTHNbDpX9z9a3skZIxGf8yAHML6+c93Dw6XkeKgK//YCq2j
kY8bJIW1L+adili22K1xX+C5iGfdsvpsTSs69TWfx6udUD2plrYnnzxfvrvbH+Bl
O4zOyUUHSCHcadm4n/gNv7fKEwIDAQABo4ICtjCCArIwHQYDVR0OBBYEFN836bia
vAhePEnt6ppl5qWNN1+hMB8GA1UdIwQYMBaAFLNrlxcko7q9iQt1RZiTNyD5cv6v
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDRTU1OC8zREYxNEYwODUz
OTQxMUVBQkY2QjRGNUZDNEY5QUUwMi9zMnVYRnlTanVyMkpDM1ZGbUpNM0lQbHlf
cTguY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3MydVhGeVNqdXIySkMzVkZtSk0zSVBseV9xOC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Q0U1NTgvM0RGMTRGMDg1Mzk0MTFFQUJGNkI0RjVGQzRGOUFFMDIvM0U3MkUyOUU4
NDg1MTFFRjhEMzgxNDBDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwQAYIKwYBBQUHAQcBAf8E
MTAvMB4EAgABMBgDBABlYSEDBABlYSYDBALKsdADBADKsdgwDQQCAAIwBwMFACQE
TwAwDQYJKoZIhvcNAQELBQADggEBAKvQLeUIXbfEIHu3N93MytG7MdCcb1918mam
Wkup8VbJNVB+R6xRhmOCdJEQBZbuHr2TXsiuYCwcziuG2TLbo5ou2eCAiQzLFcyB
5Fq8o3pRs/8skLNti06R+SAMdhkvrNaTN5JU2EH+J7R8a8JivFkrbIkMBF9IMUhc
OXT5Vc8RzXSoKRUHJeuPzJinvWdhyRtM5vBujlKwISlw8E/+fT88wKkSJpemO7Vc
mFOTF5b//ikxJM4SlwqKao/BUwH6NkW/jAc/pXUGeLkIE8Fw9Y0P+Wv+Hg5uAvTa
Yha6rgR+1V98/lW9FmIhUDIIt73l5Efn2OapORWBnX7xUiXGgSE=
-----END CERTIFICATE-----