Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91E6134/57B3E0BCC2A811EAA7918A2EC4F9AE02/60952C4CA7DF11EFA3290D17C4F9AE02.roa
File:                     60952C4CA7DF11EFA3290D17C4F9AE02.roa (raw, json)
Hash identifier:          zo8mrjrC+IrGdk7OdAINqiI24r3JQb0BZyR1EADNgso=
Subject key identifier:   DE:19:7A:9F:C6:77:2A:BD:AB:80:D2:8B:4C:2B:BA:13:B0:5C:88:F0
Certificate issuer:       /CN=A91E6134/serialNumber=9A73F1A919FBF46C872E38805B1650B5F88276D3
Certificate serial:       0C25
Authority key identifier: 9A:73:F1:A9:19:FB:F4:6C:87:2E:38:80:5B:16:50:B5:F8:82:76:D3
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/mnPxqRn79GyHLjiAWxZQtfiCdtM.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91E6134/57B3E0BCC2A811EAA7918A2EC4F9AE02/60952C4CA7DF11EFA3290D17C4F9AE02.roa
Signing time:             Thu 21 Nov 2024 08:05:31 +0000
ROA not before:           Thu 21 Nov 2024 08:05:31 +0000
ROA not after:            Wed 30 Jul 2025 00:00:00 +0000
asID:                     138241
IP address blocks:        139.190.0.0/19 maxlen: 24
                          139.190.56.0/22 maxlen: 22
                          139.190.124.0/24 maxlen: 24
                          139.190.125.0/24 maxlen: 24
                          139.190.126.0/24 maxlen: 24
                          139.190.127.0/24 maxlen: 24
                          139.190.235.0/24 maxlen: 24
                          139.190.238.0/24 maxlen: 24
                          139.190.239.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Thu 21 Nov 2024 12:23:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3109 (0xc25)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E6134
        Validity
            Not Before: Nov 21 08:05:31 2024 GMT
            Not After : Jul 30 00:00:00 2025 GMT
        Subject: CN=673ee9cb-550d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:74:aa:c5:38:d9:af:92:e5:e7:39:71:cf:54:
                    2b:2b:d9:49:a7:80:5b:d7:bd:e5:cb:17:4e:29:04:
                    ec:37:f5:0d:43:28:a2:07:76:b0:83:e5:da:a1:3f:
                    54:52:bb:c5:a6:5e:45:a9:0a:cf:f7:a0:73:aa:ae:
                    39:df:f5:a0:11:48:75:a4:90:0d:36:06:81:33:83:
                    76:87:a2:5e:b3:02:78:cc:2b:c2:94:38:db:e0:3e:
                    d1:4d:a3:7a:9e:d8:4e:5d:10:97:3a:7d:12:67:53:
                    d7:8b:36:a3:a0:2f:27:1c:df:15:a6:81:3d:ab:58:
                    2a:e8:f6:f0:35:0d:e8:5a:de:4c:05:75:95:1b:df:
                    f3:43:bc:79:c1:2b:45:4c:33:0b:12:45:f5:29:a4:
                    d2:7b:71:75:5d:52:19:44:27:7c:e2:d8:30:82:51:
                    95:86:e9:45:37:c3:27:f0:a7:41:ff:c6:48:09:00:
                    f7:9c:43:e5:39:c1:09:f1:14:7e:b1:a2:70:59:aa:
                    38:90:58:0f:c1:9c:a7:04:5a:a5:38:de:6c:bf:f7:
                    3e:53:d4:21:95:36:06:b2:fb:fe:ce:cb:74:cf:71:
                    c8:a0:64:c9:c8:52:40:f3:31:fd:3d:f1:28:75:3f:
                    c4:39:eb:00:be:4c:b7:1c:9c:4b:8e:07:4e:f2:e2:
                    09:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DE:19:7A:9F:C6:77:2A:BD:AB:80:D2:8B:4C:2B:BA:13:B0:5C:88:F0
            X509v3 Authority Key Identifier:
                keyid:9A:73:F1:A9:19:FB:F4:6C:87:2E:38:80:5B:16:50:B5:F8:82:76:D3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91E6134/57B3E0BCC2A811EAA7918A2EC4F9AE02/mnPxqRn79GyHLjiAWxZQtfiCdtM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/mnPxqRn79GyHLjiAWxZQtfiCdtM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91E6134/57B3E0BCC2A811EAA7918A2EC4F9AE02/60952C4CA7DF11EFA3290D17C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  139.190.0.0/19
                  139.190.56.0/22
                  139.190.124.0/22
                  139.190.235.0/24
                  139.190.238.0/23

    Signature Algorithm: sha256WithRSAEncryption
         84:e6:fc:c1:3e:ec:46:f6:21:fb:93:7e:dd:37:74:be:0c:a5:
         90:e3:55:55:bf:90:3c:9e:d0:8a:06:24:33:5f:46:8f:6c:db:
         70:13:dc:42:9e:62:85:38:9d:56:f4:b2:88:86:89:17:d2:4d:
         da:2b:42:c6:a8:51:f6:4e:1e:36:5e:e9:60:87:9b:9c:d7:9d:
         d6:31:03:6d:16:99:81:44:cc:61:77:5e:ac:09:79:39:82:f7:
         c1:4a:c0:54:c9:e0:d2:0e:48:bb:32:22:99:91:b5:90:97:99:
         72:92:00:bd:4c:8f:c3:13:ec:ba:e1:3b:39:9e:30:1c:b8:bb:
         f6:2e:c5:1d:dc:79:2f:96:12:a6:b2:1c:2b:cd:b6:7c:31:cd:
         84:13:1b:c3:bb:19:b3:47:8d:f2:7b:f0:67:f6:7a:8b:e3:69:
         30:fb:c6:61:ea:ca:10:0a:9d:e8:e8:ba:2d:e7:bf:aa:be:05:
         a6:5f:7d:98:a4:df:d1:bb:89:29:8b:6f:1f:1a:ba:c3:df:b2:
         b2:a8:10:0f:6b:47:9e:37:a2:4d:37:74:5c:54:ef:f6:86:8b:
         bc:68:2f:2b:5d:03:24:31:20:b4:c7:72:84:6d:00:e3:5f:12:
         95:11:57:0b:3e:bc:5f:8b:d0:d7:ce:02:6d:e6:ce:b4:8b:4e:
         23:39:6e:1a
-----BEGIN CERTIFICATE-----
MIIFiTCCBHGgAwIBAgICDCUwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RTYxMzQxMTAvBgNVBAUTKDlBNzNGMUE5MTlGQkY0NkM4NzJFMzg4MDVCMTY1MEI1
Rjg4Mjc2RDMwHhcNMjQxMTIxMDgwNTMxWhcNMjUwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzNlZTljYi01NTBkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAuXSqxTjZr5Ll5zlxz1QrK9lJp4Bb173lyxdOKQTsN/UNQyiiB3awg+XaoT9U
UrvFpl5FqQrP96Bzqq453/WgEUh1pJANNgaBM4N2h6JeswJ4zCvClDjb4D7RTaN6
nthOXRCXOn0SZ1PXizajoC8nHN8VpoE9q1gq6PbwNQ3oWt5MBXWVG9/zQ7x5wStF
TDMLEkX1KaTSe3F1XVIZRCd84tgwglGVhulFN8Mn8KdB/8ZICQD3nEPlOcEJ8RR+
saJwWao4kFgPwZynBFqlON5sv/c+U9QhlTYGsvv+zst0z3HIoGTJyFJA8zH9PfEo
dT/EOesAvky3HJxLjgdO8uIJjQIDAQABo4ICrTCCAqkwHQYDVR0OBBYEFN4Zep/G
dyq9q4DSi0wruhOwXIjwMB8GA1UdIwQYMBaAFJpz8akZ+/Rshy44gFsWULX4gnbT
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFNjEzNC81N0IzRTBCQ0My
QTgxMUVBQTc5MThBMkVDNEY5QUUwMi9tblB4cVJuNzlHeUhMamlBV3haUXRmaUNk
dE0uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL21uUHhxUm43OUd5SExqaUFXeFpRdGZpQ2R0TS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RTYxMzQvNTdCM0UwQkNDMkE4MTFFQUE3OTE4QTJFQzRGOUFFMDIvNjA5NTJDNENB
N0RGMTFFRkEzMjkwRDE3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNwYIKwYBBQUHAQcBAf8E
KDAmMCQEAgABMB4DBAWLvgADBAKLvjgDBAKLvnwDBACLvusDBAGLvu4wDQYJKoZI
hvcNAQELBQADggEBAITm/ME+7Eb2IfuTft03dL4MpZDjVVW/kDye0IoGJDNfRo9s
23AT3EKeYoU4nVb0soiGiRfSTdorQsaoUfZOHjZe6WCHm5zXndYxA20WmYFEzGF3
XqwJeTmC98FKwFTJ4NIOSLsyIpmRtZCXmXKSAL1Mj8MT7LrhOzmeMBy4u/YuxR3c
eS+WEqayHCvNtnwxzYQTG8O7GbNHjfJ78Gf2eovjaTD7xmHqyhAKnejoui3nv6q+
BaZffZik39G7iSmLbx8ausPfsrKoEA9rR543ok03dFxU7/aGi7xoLytdAyQxILTH
coRtAONfEpURVws+vF+L0NfOAm3mzrSLTiM5bho=
-----END CERTIFICATE-----