Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91DF93A/F7DFA72EE5F311EAB3A91561C4F9AE02/D34001840A6C11EEA48F3036C4F9AE02.roa
File:                     D34001840A6C11EEA48F3036C4F9AE02.roa (raw, json)
Hash identifier:          jSRGZSP9yiZGzfNXpxQIbTUqCOwZg8sLLDl6uptDJSI=
Subject key identifier:   A7:99:78:35:D5:16:3A:57:D6:BF:92:23:CA:92:0A:2B:AF:73:E6:B8
Certificate issuer:       /CN=A91DF93A/serialNumber=7E244310D7A456EB127B926C42F26D79E9ACDB88
Certificate serial:       0733
Authority key identifier: 7E:24:43:10:D7:A4:56:EB:12:7B:92:6C:42:F2:6D:79:E9:AC:DB:88
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/fiRDENekVusSe5JsQvJteems24g.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91DF93A/F7DFA72EE5F311EAB3A91561C4F9AE02/D34001840A6C11EEA48F3036C4F9AE02.roa
Signing time:             Thu 07 Sep 2023 08:03:11 +0000
ROA not before:           Thu 07 Sep 2023 08:03:11 +0000
ROA not after:            Sat 31 Aug 2024 00:00:00 +0000
asID:                     212879
IP address blocks:        169.136.64.0/24 maxlen: 24
                          169.136.65.0/24 maxlen: 24
                          169.136.66.0/24 maxlen: 24
                          169.136.67.0/24 maxlen: 24
                          169.136.72.0/24 maxlen: 24
                          169.136.133.0/24 maxlen: 24
                          169.136.145.0/24 maxlen: 24
                          169.136.147.0/24 maxlen: 24
                          169.136.148.0/24 maxlen: 24
                          169.136.149.0/24 maxlen: 24
                          169.136.150.0/24 maxlen: 24
                          169.136.151.0/24 maxlen: 24
                          169.136.152.0/24 maxlen: 24
                          169.136.153.0/24 maxlen: 24
                          169.136.154.0/24 maxlen: 24
                          169.136.168.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 26 Apr 2024 10:14:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1843 (0x733)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91DF93A/serialNumber=7E244310D7A456EB127B926C42F26D79E9ACDB88
        Validity
            Not Before: Sep  7 08:03:11 2023 GMT
            Not After : Aug 31 00:00:00 2024 GMT
        Subject: CN=64f983bf-3dcf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:1b:40:0e:bf:fc:3f:71:32:d7:a2:3f:b8:d3:
                    b5:03:83:7a:9d:40:c1:e8:c2:2b:2c:cc:a5:97:40:
                    92:c7:4c:84:52:3c:35:ab:44:cd:48:8b:3b:ca:79:
                    71:4f:01:18:09:31:71:3c:b7:71:eb:90:22:b0:78:
                    b8:02:25:22:4d:8c:44:6e:9d:3a:e3:13:e5:0d:a9:
                    35:2b:db:71:58:37:36:d5:f8:cd:0b:63:2f:b3:aa:
                    4d:50:ea:05:cc:3f:e2:88:4c:d0:41:c6:e6:88:6d:
                    1d:8b:b3:fe:4c:2a:47:0d:fb:5c:26:cf:c2:f4:62:
                    eb:15:c2:6d:ed:67:89:96:76:9e:60:ec:fd:1d:37:
                    5c:98:fc:df:fc:62:8a:85:04:dd:1a:1a:bd:0e:c6:
                    73:75:e0:ec:03:ec:3c:9e:c3:5d:31:1a:58:67:1d:
                    ad:f4:26:d6:7a:c5:c6:99:2f:4d:1b:7c:42:fb:23:
                    24:40:9d:99:28:72:fc:25:17:d1:68:59:bf:8e:8f:
                    78:2b:95:1a:8a:13:52:5f:a7:21:eb:9c:72:99:76:
                    c5:3f:9e:01:0d:1f:f4:fc:13:ad:3a:5a:d4:0f:92:
                    c1:6a:7b:66:74:43:1d:e0:c8:66:e5:5a:07:d3:2d:
                    07:69:fc:51:e5:3b:a6:c0:4f:18:b8:11:a7:22:f0:
                    38:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:99:78:35:D5:16:3A:57:D6:BF:92:23:CA:92:0A:2B:AF:73:E6:B8
            X509v3 Authority Key Identifier:
                keyid:7E:24:43:10:D7:A4:56:EB:12:7B:92:6C:42:F2:6D:79:E9:AC:DB:88

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91DF93A/F7DFA72EE5F311EAB3A91561C4F9AE02/fiRDENekVusSe5JsQvJteems24g.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/fiRDENekVusSe5JsQvJteems24g.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91DF93A/F7DFA72EE5F311EAB3A91561C4F9AE02/D34001840A6C11EEA48F3036C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  169.136.64.0/22
                  169.136.72.0/24
                  169.136.133.0/24
                  169.136.145.0/24
                  169.136.147.0-169.136.154.255
                  169.136.168.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:07:7d:a5:10:ca:80:ae:f5:c8:92:ad:bd:99:ef:f0:04:78:
         6f:a3:37:96:32:53:05:e0:34:44:3b:32:ca:81:0e:b5:3d:29:
         99:d1:59:81:f9:80:01:c2:de:5b:89:d6:61:84:9a:b4:bd:f2:
         77:27:42:44:e5:b4:6f:45:71:4e:d6:1e:fe:af:5a:d9:b4:52:
         e5:50:9d:41:27:ce:51:b5:e2:d9:e8:ab:f7:57:29:af:06:fb:
         a1:1a:ea:c6:43:8c:dc:0f:ee:5e:fd:41:b4:f5:f6:ac:ef:30:
         db:10:f7:e7:a0:21:e8:c2:9d:10:f0:7d:53:61:29:c0:4b:bc:
         b0:0f:10:b6:50:5c:82:0f:d6:9d:51:26:cf:aa:6c:23:6d:0e:
         ea:88:74:7f:c9:51:8b:2e:60:c2:e3:d2:2a:47:85:14:b6:9d:
         52:c3:12:ee:af:7b:3f:70:fe:49:9e:51:76:f1:5c:6c:47:74:
         2e:c8:4e:bd:46:81:7f:31:9a:84:d5:b4:3c:a0:29:c1:b7:4d:
         ed:9e:f8:9d:7c:c1:63:f6:59:88:14:f1:1f:f1:81:1a:46:3e:
         c3:27:3e:8b:99:89:9b:9d:ce:82:ed:4f:de:a3:49:e2:b3:88:
         6e:d4:79:b4:8c:6e:84:f5:cf:4e:c9:37:d2:bc:e2:7c:23:db:
         a8:f8:fe:5d
-----BEGIN CERTIFICATE-----
MIIFlzCCBH+gAwIBAgICBzMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
REY5M0ExMTAvBgNVBAUTKDdFMjQ0MzEwRDdBNDU2RUIxMjdCOTI2QzQyRjI2RDc5
RTlBQ0RCODgwHhcNMjMwOTA3MDgwMzExWhcNMjQwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NGY5ODNiZi0zZGNmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAzxtADr/8P3Ey16I/uNO1A4N6nUDB6MIrLMyll0CSx0yEUjw1q0TNSIs7ynlx
TwEYCTFxPLdx65AisHi4AiUiTYxEbp064xPlDak1K9txWDc21fjNC2Mvs6pNUOoF
zD/iiEzQQcbmiG0di7P+TCpHDftcJs/C9GLrFcJt7WeJlnaeYOz9HTdcmPzf/GKK
hQTdGhq9DsZzdeDsA+w8nsNdMRpYZx2t9CbWesXGmS9NG3xC+yMkQJ2ZKHL8JRfR
aFm/jo94K5UaihNSX6ch65xymXbFP54BDR/0/BOtOlrUD5LBantmdEMd4Mhm5VoH
0y0HafxR5TumwE8YuBGnIvA4wQIDAQABo4ICuzCCArcwHQYDVR0OBBYEFKeZeDXV
FjpX1r+SI8qSCiuvc+a4MB8GA1UdIwQYMBaAFH4kQxDXpFbrEnuSbELybXnprNuI
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFERjkzQS9GN0RGQTcyRUU1
RjMxMUVBQjNBOTE1NjFDNEY5QUUwMi9maVJERU5la1Z1c1NlNUpzUXZKdGVlbXMy
NGcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL2ZpUkRFTmVrVnVzU2U1SnNRdkp0ZWVtczI0Zy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
REY5M0EvRjdERkE3MkVFNUYzMTFFQUIzQTkxNTYxQzRGOUFFMDIvRDM0MDAxODQw
QTZDMTFFRUE0OEYzMDM2QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwRQYIKwYBBQUHAQcBAf8E
NjA0MDIEAgABMCwDBAKpiEADBACpiEgDBACpiIUDBACpiJEwDAMEAKmIkwMEAKmI
mgMEAKmIqDANBgkqhkiG9w0BAQsFAAOCAQEAfgd9pRDKgK71yJKtvZnv8AR4b6M3
ljJTBeA0RDsyyoEOtT0pmdFZgfmAAcLeW4nWYYSatL3ydydCROW0b0VxTtYe/q9a
2bRS5VCdQSfOUbXi2eir91cprwb7oRrqxkOM3A/uXv1BtPX2rO8w2xD356Ah6MKd
EPB9U2EpwEu8sA8QtlBcgg/WnVEmz6psI20O6oh0f8lRiy5gwuPSKkeFFLadUsMS
7q97P3D+SZ5RdvFcbEd0LshOvUaBfzGahNW0PKApwbdN7Z74nXzBY/ZZiBTxH/GB
GkY+wyc+i5mJm53Ogu1P3qNJ4rOIbtR5tIxuhPXPTsk30rzifCPbqPj+XQ==
-----END CERTIFICATE-----