Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91DF93A/F7DFA72EE5F311EAB3A91561C4F9AE02/D013B21003B511EFBD5E3963C4F9AE02.roa
File:                     D013B21003B511EFBD5E3963C4F9AE02.roa (raw, json)
Hash identifier:          yDILdephjggJ1GZkG2WwtYfx+Tp37mtgwx6nsRjuTvY=
Subject key identifier:   BE:73:43:AE:25:9C:5B:FE:28:4D:04:4A:B5:61:87:4C:B3:F4:05:AE
Certificate issuer:       /CN=A91DF93A/serialNumber=7E244310D7A456EB127B926C42F26D79E9ACDB88
Certificate serial:       07E1
Authority key identifier: 7E:24:43:10:D7:A4:56:EB:12:7B:92:6C:42:F2:6D:79:E9:AC:DB:88
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/fiRDENekVusSe5JsQvJteems24g.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91DF93A/F7DFA72EE5F311EAB3A91561C4F9AE02/D013B21003B511EFBD5E3963C4F9AE02.roa
Signing time:             Tue 28 May 2024 23:03:07 +0000
ROA not before:           Tue 28 May 2024 23:03:07 +0000
ROA not after:            Sun 31 Aug 2025 00:00:00 +0000
asID:                     212879
IP address blocks:        169.136.64.0/24 maxlen: 24
                          169.136.65.0/24 maxlen: 24
                          169.136.66.0/24 maxlen: 24
                          169.136.67.0/24 maxlen: 24
                          169.136.72.0/24 maxlen: 24
                          169.136.133.0/24 maxlen: 24
                          169.136.145.0/24 maxlen: 24
                          169.136.147.0/24 maxlen: 24
                          169.136.148.0/24 maxlen: 24
                          169.136.149.0/24 maxlen: 24
                          169.136.150.0/24 maxlen: 24
                          169.136.151.0/24 maxlen: 24
                          169.136.154.0/24 maxlen: 24
                          169.136.168.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 20 Sep 2024 04:18:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2017 (0x7e1)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91DF93A/serialNumber=7E244310D7A456EB127B926C42F26D79E9ACDB88
        Validity
            Not Before: May 28 23:03:07 2024 GMT
            Not After : Aug 31 00:00:00 2025 GMT
        Subject: CN=665662ab-465b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:e4:8a:7c:86:74:db:50:1b:2c:29:f0:99:ad:
                    d5:fb:32:40:ff:d1:e8:4b:24:97:82:99:a5:16:6e:
                    55:24:58:e3:92:49:ab:e7:e4:df:c5:eb:4c:4c:1e:
                    43:95:58:b8:5d:ef:0a:ed:00:01:d4:01:28:cd:71:
                    e0:e5:6d:a1:11:ae:92:a9:f3:dc:32:e6:9d:81:a8:
                    72:c0:86:36:23:3a:68:eb:51:fb:07:c8:4f:5c:4f:
                    ab:e2:dc:10:cf:3c:c8:14:7b:06:3f:8d:5d:08:08:
                    b7:12:74:c1:dd:2c:0a:5b:a6:17:25:b0:47:86:71:
                    7d:f2:0e:f0:94:e7:4a:13:83:6a:79:8a:2a:91:ce:
                    76:ae:f5:9c:7f:ef:23:e2:6c:90:c7:73:ae:d2:49:
                    ff:20:94:d1:4c:06:5d:8b:5e:5e:bb:25:0b:2f:5e:
                    5c:8e:65:ed:a8:29:8d:d8:3c:21:2b:ec:b1:43:47:
                    ba:20:f4:78:10:64:99:2a:d2:d7:69:b1:1a:ad:e0:
                    f6:c6:95:71:09:21:59:11:26:02:37:dc:bc:89:6d:
                    2b:d0:1f:59:45:c1:03:f3:5b:df:43:53:cf:05:d3:
                    b8:94:63:60:c2:0b:dd:33:b4:49:0e:d7:1a:a5:6b:
                    04:28:b3:34:72:fa:15:dc:dd:bb:6e:65:a7:fe:be:
                    d0:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:73:43:AE:25:9C:5B:FE:28:4D:04:4A:B5:61:87:4C:B3:F4:05:AE
            X509v3 Authority Key Identifier:
                keyid:7E:24:43:10:D7:A4:56:EB:12:7B:92:6C:42:F2:6D:79:E9:AC:DB:88

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91DF93A/F7DFA72EE5F311EAB3A91561C4F9AE02/fiRDENekVusSe5JsQvJteems24g.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/fiRDENekVusSe5JsQvJteems24g.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91DF93A/F7DFA72EE5F311EAB3A91561C4F9AE02/D013B21003B511EFBD5E3963C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  169.136.64.0/22
                  169.136.72.0/24
                  169.136.133.0/24
                  169.136.145.0/24
                  169.136.147.0-169.136.151.255
                  169.136.154.0/24
                  169.136.168.0/24

    Signature Algorithm: sha256WithRSAEncryption
         84:d9:a1:a8:3b:c0:9b:03:a6:7d:fe:15:a1:73:b2:cb:65:7a:
         05:de:21:2f:52:0f:94:90:2c:89:67:c3:5c:97:2f:13:6c:47:
         30:0a:b1:5b:fb:dc:cb:82:03:e1:30:a1:97:03:86:92:0a:58:
         a8:37:17:ea:00:8a:ab:2e:28:75:3c:12:a6:ad:8b:ae:a2:ec:
         ad:d6:ab:41:db:9b:9c:70:28:ca:22:63:67:f2:a6:12:35:a5:
         4d:25:0f:a7:70:50:34:da:c4:cd:54:08:e2:eb:43:3c:a5:f3:
         fe:ca:8c:5d:04:81:43:6c:05:7c:bf:61:48:0e:bd:85:69:8d:
         42:69:d3:44:64:4e:f8:2f:b3:95:97:a2:4a:0d:0b:e3:5b:7c:
         4e:b6:fb:65:d5:a5:c7:db:96:40:fe:db:d9:91:b2:1f:ba:2c:
         63:8e:5f:9b:da:1c:b1:a5:65:96:96:ca:ad:8a:dc:74:86:e0:
         79:00:c4:83:2d:dc:c5:51:25:a2:7a:0e:7c:ed:fe:07:0c:d1:
         a1:14:e3:19:a6:ec:aa:de:c1:53:10:53:c6:67:43:75:48:6d:
         2c:77:07:c6:d2:a5:2a:0e:ec:eb:3e:90:75:aa:14:4b:fc:12:
         72:49:66:d9:22:ff:45:4f:29:7f:f1:ef:de:48:d1:88:fa:3e:
         6d:b9:dc:fa
-----BEGIN CERTIFICATE-----
MIIFnTCCBIWgAwIBAgICB+EwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
REY5M0ExMTAvBgNVBAUTKDdFMjQ0MzEwRDdBNDU2RUIxMjdCOTI2QzQyRjI2RDc5
RTlBQ0RCODgwHhcNMjQwNTI4MjMwMzA3WhcNMjUwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjU2NjJhYi00NjViMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAw+SKfIZ021AbLCnwma3V+zJA/9HoSySXgpmlFm5VJFjjkkmr5+TfxetMTB5D
lVi4Xe8K7QAB1AEozXHg5W2hEa6SqfPcMuadgahywIY2Izpo61H7B8hPXE+r4twQ
zzzIFHsGP41dCAi3EnTB3SwKW6YXJbBHhnF98g7wlOdKE4NqeYoqkc52rvWcf+8j
4myQx3Ou0kn/IJTRTAZdi15euyULL15cjmXtqCmN2DwhK+yxQ0e6IPR4EGSZKtLX
abEareD2xpVxCSFZESYCN9y8iW0r0B9ZRcED81vfQ1PPBdO4lGNgwgvdM7RJDtca
pWsEKLM0cvoV3N27bmWn/r7QIQIDAQABo4ICwTCCAr0wHQYDVR0OBBYEFL5zQ64l
nFv+KE0ESrVhh0yz9AWuMB8GA1UdIwQYMBaAFH4kQxDXpFbrEnuSbELybXnprNuI
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFERjkzQS9GN0RGQTcyRUU1
RjMxMUVBQjNBOTE1NjFDNEY5QUUwMi9maVJERU5la1Z1c1NlNUpzUXZKdGVlbXMy
NGcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL2ZpUkRFTmVrVnVzU2U1SnNRdkp0ZWVtczI0Zy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
REY5M0EvRjdERkE3MkVFNUYzMTFFQUIzQTkxNTYxQzRGOUFFMDIvRDAxM0IyMTAw
M0I1MTFFRkJENUUzOTYzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwSwYIKwYBBQUHAQcBAf8E
PDA6MDgEAgABMDIDBAKpiEADBACpiEgDBACpiIUDBACpiJEwDAMEAKmIkwMEA6mI
kAMEAKmImgMEAKmIqDANBgkqhkiG9w0BAQsFAAOCAQEAhNmhqDvAmwOmff4VoXOy
y2V6Bd4hL1IPlJAsiWfDXJcvE2xHMAqxW/vcy4ID4TChlwOGkgpYqDcX6gCKqy4o
dTwSpq2LrqLsrdarQdubnHAoyiJjZ/KmEjWlTSUPp3BQNNrEzVQI4utDPKXz/sqM
XQSBQ2wFfL9hSA69hWmNQmnTRGRO+C+zlZeiSg0L41t8Trb7ZdWlx9uWQP7b2ZGy
H7osY45fm9ocsaVllpbKrYrcdIbgeQDEgy3cxVElonoOfO3+BwzRoRTjGabsqt7B
UxBTxmdDdUhtLHcHxtKlKg7s6z6QdaoUS/wScklm2SL/RU8pf/Hv3kjRiPo+bbnc
+g==
-----END CERTIFICATE-----