Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91DF93A/F7DFA72EE5F311EAB3A91561C4F9AE02/6C2EEA38770711EFBA70CE36C4F9AE02.roa
File:                     6C2EEA38770711EFBA70CE36C4F9AE02.roa (raw, json)
Hash identifier:          a2TgUtqrBtAoIGa1Q/95HK++JAf/3/1NoRvb7SuzDHI=
Subject key identifier:   7F:6D:92:6E:CA:60:ED:13:A2:8B:15:F7:66:8F:6F:D2:79:87:A4:24
Certificate issuer:       /CN=A91DF93A/serialNumber=7E244310D7A456EB127B926C42F26D79E9ACDB88
Certificate serial:       081F
Authority key identifier: 7E:24:43:10:D7:A4:56:EB:12:7B:92:6C:42:F2:6D:79:E9:AC:DB:88
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/fiRDENekVusSe5JsQvJteems24g.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91DF93A/F7DFA72EE5F311EAB3A91561C4F9AE02/6C2EEA38770711EFBA70CE36C4F9AE02.roa
Signing time:             Fri 20 Sep 2024 04:18:44 +0000
ROA not before:           Fri 20 Sep 2024 04:18:44 +0000
ROA not after:            Sun 31 Aug 2025 00:00:00 +0000
asID:                     212879
IP address blocks:        169.136.64.0/24 maxlen: 24
                          169.136.65.0/24 maxlen: 24
                          169.136.66.0/24 maxlen: 24
                          169.136.67.0/24 maxlen: 24
                          169.136.72.0/24 maxlen: 24
                          169.136.133.0/24 maxlen: 24
                          169.136.145.0/24 maxlen: 24
                          169.136.147.0/24 maxlen: 24
                          169.136.154.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 18 Nov 2024 10:13:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2079 (0x81f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91DF93A/serialNumber=7E244310D7A456EB127B926C42F26D79E9ACDB88
        Validity
            Not Before: Sep 20 04:18:44 2024 GMT
            Not After : Aug 31 00:00:00 2025 GMT
        Subject: CN=66ecf7a3-e3f2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:eb:79:33:94:8a:f4:fc:49:3a:f3:53:e7:d8:
                    9d:71:08:ef:cb:47:f3:a2:72:0d:84:49:4e:94:69:
                    1d:3d:60:95:f5:53:21:a2:60:97:54:30:0b:63:df:
                    a5:fb:12:fc:d5:ee:48:95:55:17:f5:a8:c8:16:0d:
                    9c:ac:99:73:11:72:a8:92:8b:22:ed:f7:93:1c:1f:
                    95:36:7e:68:f0:43:ff:c9:ec:fd:54:ef:94:aa:73:
                    9e:62:6e:b2:0b:a7:73:eb:a3:eb:5e:08:60:ff:0e:
                    6c:ba:09:32:b6:1c:c3:bd:22:9b:18:cd:e9:6d:03:
                    63:d6:5b:1c:28:14:23:86:c1:9e:bd:c8:b6:66:ec:
                    aa:35:22:8c:1e:25:83:a2:cf:1f:7e:09:1a:84:94:
                    e0:0e:6d:9f:3a:84:64:aa:f8:e7:a4:73:b6:6d:a9:
                    9d:0b:07:26:af:7c:c5:03:41:46:08:2e:75:38:7f:
                    46:70:b1:e3:83:5b:f4:69:e4:d7:fb:a7:5a:0b:b1:
                    c7:57:a1:e3:a9:a9:6b:7a:5a:f5:1f:ea:9d:26:74:
                    a6:2e:75:90:46:a4:c5:3f:d1:2f:cd:20:72:3d:81:
                    af:de:b1:bd:bc:e8:c6:77:7d:fc:bd:cf:82:e9:97:
                    2a:3a:c2:b9:65:ac:3d:4f:f8:1e:8a:a4:d0:ad:b7:
                    85:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:6D:92:6E:CA:60:ED:13:A2:8B:15:F7:66:8F:6F:D2:79:87:A4:24
            X509v3 Authority Key Identifier:
                keyid:7E:24:43:10:D7:A4:56:EB:12:7B:92:6C:42:F2:6D:79:E9:AC:DB:88

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91DF93A/F7DFA72EE5F311EAB3A91561C4F9AE02/fiRDENekVusSe5JsQvJteems24g.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/fiRDENekVusSe5JsQvJteems24g.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91DF93A/F7DFA72EE5F311EAB3A91561C4F9AE02/6C2EEA38770711EFBA70CE36C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  169.136.64.0/22
                  169.136.72.0/24
                  169.136.133.0/24
                  169.136.145.0/24
                  169.136.147.0/24
                  169.136.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         47:12:fc:0d:29:9b:fb:ba:ee:e1:75:02:6f:c7:34:a3:82:8b:
         9b:ff:b9:ab:8e:b5:bc:e3:61:b8:44:d1:93:be:d8:f6:2c:ea:
         56:8d:63:e1:a0:12:1e:7b:2e:f0:bd:c3:7d:3b:30:34:f7:30:
         ba:c8:d3:1e:ff:e8:d2:7a:be:2a:c2:9c:46:89:2d:f2:77:30:
         89:9a:42:75:87:8c:0c:f4:be:a4:c7:9f:b1:32:ff:50:10:13:
         95:7c:c7:9b:f8:e2:5f:e0:ce:f9:60:0f:43:20:a4:8f:9d:f7:
         e0:e7:b3:55:a2:6a:b9:89:51:c3:4b:07:27:6f:e2:6d:81:50:
         b4:12:1c:21:f2:54:77:bc:c8:8e:85:4d:d6:62:a1:2d:92:60:
         b5:c7:36:49:af:dd:8b:eb:93:1c:a0:bb:80:7b:e5:e1:1d:53:
         16:99:2d:75:8a:24:5e:fa:4e:67:9e:6a:7e:06:68:66:26:05:
         a5:f8:e6:5d:83:8a:1b:cf:f6:13:0c:7e:66:89:ae:4f:c2:06:
         a7:3c:2a:81:40:d8:4d:35:bf:1f:eb:9d:9f:5c:d1:a5:0b:ac:
         bc:13:b9:da:16:fc:5a:df:92:d8:2e:3d:34:47:dc:19:0a:50:
         0c:c3:55:6f:43:10:35:68:7c:c4:0b:f6:93:6a:0d:b0:46:39:
         9f:99:30:78
-----BEGIN CERTIFICATE-----
MIIFjzCCBHegAwIBAgICCB8wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
REY5M0ExMTAvBgNVBAUTKDdFMjQ0MzEwRDdBNDU2RUIxMjdCOTI2QzQyRjI2RDc5
RTlBQ0RCODgwHhcNMjQwOTIwMDQxODQ0WhcNMjUwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NmVjZjdhMy1lM2YyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAset5M5SK9PxJOvNT59idcQjvy0fzonINhElOlGkdPWCV9VMhomCXVDALY9+l
+xL81e5IlVUX9ajIFg2crJlzEXKokosi7feTHB+VNn5o8EP/yez9VO+UqnOeYm6y
C6dz66PrXghg/w5sugkythzDvSKbGM3pbQNj1lscKBQjhsGevci2ZuyqNSKMHiWD
os8ffgkahJTgDm2fOoRkqvjnpHO2bamdCwcmr3zFA0FGCC51OH9GcLHjg1v0aeTX
+6daC7HHV6Hjqalrelr1H+qdJnSmLnWQRqTFP9EvzSByPYGv3rG9vOjGd338vc+C
6ZcqOsK5Zaw9T/geiqTQrbeFkwIDAQABo4ICszCCAq8wHQYDVR0OBBYEFH9tkm7K
YO0ToosV92aPb9J5h6QkMB8GA1UdIwQYMBaAFH4kQxDXpFbrEnuSbELybXnprNuI
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFERjkzQS9GN0RGQTcyRUU1
RjMxMUVBQjNBOTE1NjFDNEY5QUUwMi9maVJERU5la1Z1c1NlNUpzUXZKdGVlbXMy
NGcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL2ZpUkRFTmVrVnVzU2U1SnNRdkp0ZWVtczI0Zy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
REY5M0EvRjdERkE3MkVFNUYzMTFFQUIzQTkxNTYxQzRGOUFFMDIvNkMyRUVBMzg3
NzA3MTFFRkJBNzBDRTM2QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwPQYIKwYBBQUHAQcBAf8E
LjAsMCoEAgABMCQDBAKpiEADBACpiEgDBACpiIUDBACpiJEDBACpiJMDBACpiJow
DQYJKoZIhvcNAQELBQADggEBAEcS/A0pm/u67uF1Am/HNKOCi5v/uauOtbzjYbhE
0ZO+2PYs6laNY+GgEh57LvC9w307MDT3MLrI0x7/6NJ6virCnEaJLfJ3MImaQnWH
jAz0vqTHn7Ey/1AQE5V8x5v44l/gzvlgD0MgpI+d9+Dns1WiarmJUcNLBydv4m2B
ULQSHCHyVHe8yI6FTdZioS2SYLXHNkmv3Yvrkxygu4B75eEdUxaZLXWKJF76Tmee
an4GaGYmBaX45l2DihvP9hMMfmaJrk/CBqc8KoFA2E01vx/rnZ9c0aULrLwTudoW
/FrfktguPTRH3BkKUAzDVW9DEDVofMQL9pNqDbBGOZ+ZMHg=
-----END CERTIFICATE-----