Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91E6134/5F9AA4BEC2A811EAA7918A2EC4F9AE02/A2518D2E06D611EF8B873C2FC4F9AE02.roa
File:                     A2518D2E06D611EF8B873C2FC4F9AE02.roa (raw, json)
Hash identifier:          OU3QJbnqlzLjxWe/3L/s9DYQjcvsnElES9mR8jls58I=
Subject key identifier:   CF:2A:97:78:B8:64:0F:C3:CC:B7:AA:8C:E9:BE:79:C9:21:56:FD:E5
Certificate issuer:       /CN=A91E6134/serialNumber=8308087911EA49E215DC4926B0226A521E5B39C4
Certificate serial:       1161
Authority key identifier: 83:08:08:79:11:EA:49:E2:15:DC:49:26:B0:22:6A:52:1E:5B:39:C4
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gwgIeRHqSeIV3EkmsCJqUh5bOcQ.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91E6134/5F9AA4BEC2A811EAA7918A2EC4F9AE02/A2518D2E06D611EF8B873C2FC4F9AE02.roa
Signing time:             Thu 02 May 2024 09:56:34 +0000
ROA not before:           Thu 02 May 2024 09:56:34 +0000
ROA not after:            Tue 30 Jul 2024 00:00:00 +0000
asID:                     136030
IP address blocks:        103.151.26.0/24 maxlen: 24
                          113.203.241.0/24 maxlen: 24
                          115.167.50.0/24 maxlen: 24
                          115.167.64.0/24 maxlen: 24
                          115.167.65.0/24 maxlen: 24
                          115.167.67.0/24 maxlen: 24
                          115.167.76.0/24 maxlen: 24
                          115.167.124.0/24 maxlen: 24
                          115.167.125.0/24 maxlen: 24
                          223.29.225.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 06 May 2024 11:08:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4449 (0x1161)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E6134/serialNumber=8308087911EA49E215DC4926B0226A521E5B39C4
        Validity
            Not Before: May  2 09:56:34 2024 GMT
            Not After : Jul 30 00:00:00 2024 GMT
        Subject: CN=66336352-5acd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:aa:c0:37:bd:5f:1a:17:ca:ed:0c:c8:00:ee:
                    2d:03:62:e1:4f:d9:92:19:6e:f3:1c:29:c6:b4:52:
                    71:92:9f:e8:29:3c:d0:2a:1b:8d:f3:ae:ba:df:46:
                    00:7d:ce:64:d8:ca:e3:24:19:61:0a:1e:b1:0e:1c:
                    a1:d9:cb:70:31:8a:56:d4:da:2f:3c:52:29:6f:56:
                    11:c7:97:d8:89:04:6c:80:86:95:f9:27:04:25:98:
                    8f:50:ac:eb:ed:db:ed:5d:70:f4:eb:bf:b2:e1:f8:
                    e8:02:bc:68:f5:2f:03:be:a8:17:2b:d1:c2:3b:a6:
                    c6:cb:d0:01:b6:48:41:a5:3c:65:35:61:f8:d2:a3:
                    80:63:da:41:02:34:aa:a9:1a:22:b9:49:c1:8e:63:
                    f5:2b:c5:17:45:d6:b0:0e:b5:53:a5:97:22:e5:7c:
                    c8:6e:87:11:8d:66:6e:6d:54:87:6a:7c:9c:45:8b:
                    2b:75:39:03:aa:c6:4a:c7:77:f6:6b:41:04:dd:de:
                    a1:d9:9d:30:84:34:0e:11:c9:d1:2d:a5:ca:f6:22:
                    c8:c3:0b:36:73:50:55:58:71:1c:b9:a0:3a:dd:db:
                    e7:7b:6a:43:6b:45:64:fe:47:55:45:7e:35:bf:4b:
                    2b:88:7f:c1:c5:91:57:ea:df:33:25:df:3f:c0:1f:
                    6b:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:2A:97:78:B8:64:0F:C3:CC:B7:AA:8C:E9:BE:79:C9:21:56:FD:E5
            X509v3 Authority Key Identifier:
                keyid:83:08:08:79:11:EA:49:E2:15:DC:49:26:B0:22:6A:52:1E:5B:39:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91E6134/5F9AA4BEC2A811EAA7918A2EC4F9AE02/gwgIeRHqSeIV3EkmsCJqUh5bOcQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gwgIeRHqSeIV3EkmsCJqUh5bOcQ.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91E6134/5F9AA4BEC2A811EAA7918A2EC4F9AE02/A2518D2E06D611EF8B873C2FC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.151.26.0/24
                  113.203.241.0/24
                  115.167.50.0/24
                  115.167.64.0/23
                  115.167.67.0/24
                  115.167.76.0/24
                  115.167.124.0/23
                  223.29.225.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:f8:93:d1:b8:60:79:61:fa:94:12:2c:e5:6c:83:f0:d1:d6:
         d5:fa:f4:af:be:0e:e9:5c:70:91:39:2d:ee:64:40:fb:ff:3c:
         70:4d:01:83:0d:da:fa:70:51:cd:9b:bc:d6:61:6f:7e:39:ba:
         fb:b8:c9:6a:6c:65:20:43:e4:19:42:dd:13:05:06:1e:d6:9a:
         38:30:25:19:81:c3:5e:23:ce:5e:19:bc:53:8a:b6:28:51:67:
         fb:43:df:e4:55:d1:de:8e:cd:d7:37:84:1c:97:af:7f:48:c6:
         a4:64:23:88:fd:b2:72:5e:17:53:6d:ed:ea:e2:28:c4:98:43:
         c8:c4:ed:73:a1:52:39:71:01:44:7a:3a:f1:c2:ff:da:3d:70:
         c7:3b:03:28:a6:eb:18:a3:2a:89:7f:84:7a:e9:bd:b5:f2:1a:
         d9:88:8e:3a:dc:99:d3:8f:98:2d:bd:0b:0a:02:02:a5:b7:2e:
         43:91:26:01:d7:4b:96:68:29:ae:81:d0:2f:f1:1b:04:3a:1b:
         52:37:d0:ea:58:2c:7e:10:0f:f7:4d:da:87:dc:5c:f2:54:1b:
         95:7c:aa:1c:81:20:ba:77:16:ae:03:7e:74:e5:63:96:fc:0f:
         41:fd:a2:cc:c2:9d:3f:b9:92:10:23:c2:92:83:f1:10:47:59:
         43:ff:3b:2f
-----BEGIN CERTIFICATE-----
MIIFmzCCBIOgAwIBAgICEWEwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RTYxMzQxMTAvBgNVBAUTKDgzMDgwODc5MTFFQTQ5RTIxNURDNDkyNkIwMjI2QTUy
MUU1QjM5QzQwHhcNMjQwNTAyMDk1NjM0WhcNMjQwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjMzNjM1Mi01YWNkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAx6rAN71fGhfK7QzIAO4tA2LhT9mSGW7zHCnGtFJxkp/oKTzQKhuN866630YA
fc5k2MrjJBlhCh6xDhyh2ctwMYpW1NovPFIpb1YRx5fYiQRsgIaV+ScEJZiPUKzr
7dvtXXD067+y4fjoArxo9S8DvqgXK9HCO6bGy9ABtkhBpTxlNWH40qOAY9pBAjSq
qRoiuUnBjmP1K8UXRdawDrVTpZci5XzIbocRjWZubVSHanycRYsrdTkDqsZKx3f2
a0EE3d6h2Z0whDQOEcnRLaXK9iLIwws2c1BVWHEcuaA63dvne2pDa0Vk/kdVRX41
v0sriH/BxZFX6t8zJd8/wB9rYQIDAQABo4ICvzCCArswHQYDVR0OBBYEFM8ql3i4
ZA/DzLeqjOm+eckhVv3lMB8GA1UdIwQYMBaAFIMICHkR6kniFdxJJrAialIeWznE
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFNjEzNC81RjlBQTRCRUMy
QTgxMUVBQTc5MThBMkVDNEY5QUUwMi9nd2dJZVJIcVNlSVYzRWttc0NKcVVoNWJP
Y1EuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2d3Z0llUkhxU2VJVjNFa21zQ0pxVWg1Yk9jUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RTYxMzQvNUY5QUE0QkVDMkE4MTFFQUE3OTE4QTJFQzRGOUFFMDIvQTI1MThEMkUw
NkQ2MTFFRjhCODczQzJGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwSQYIKwYBBQUHAQcBAf8E
OjA4MDYEAgABMDADBABnlxoDBABxy/EDBABzpzIDBAFzp0ADBABzp0MDBABzp0wD
BAFzp3wDBADfHeEwDQYJKoZIhvcNAQELBQADggEBABH4k9G4YHlh+pQSLOVsg/DR
1tX69K++DulccJE5Le5kQPv/PHBNAYMN2vpwUc2bvNZhb345uvu4yWpsZSBD5BlC
3RMFBh7WmjgwJRmBw14jzl4ZvFOKtihRZ/tD3+RV0d6Ozdc3hByXr39IxqRkI4j9
snJeF1Nt7eriKMSYQ8jE7XOhUjlxAUR6OvHC/9o9cMc7Ayim6xijKol/hHrpvbXy
GtmIjjrcmdOPmC29CwoCAqW3LkORJgHXS5ZoKa6B0C/xGwQ6G1I30OpYLH4QD/dN
2ofcXPJUG5V8qhyBILp3Fq4DfnTlY5b8D0H9oszCnT+5khAjwpKD8RBHWUP/Oy8=
-----END CERTIFICATE-----