Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91EBB5B/29DE748A419E11EAB866E77AC4F9AE02/20E6F554419F11EA8B12587CC4F9AE02.roa
File:                     20E6F554419F11EA8B12587CC4F9AE02.roa (raw, json)
Hash identifier:          qEXJzs2VpuoelXuDvqQdLaogju6jdjACZydD3tEz/xE=
Subject key identifier:   23:A4:74:9F:83:A4:F1:14:EF:5A:B7:F2:33:EA:58:6C:BA:52:A5:F3
Certificate issuer:       /CN=A91EBB5B/serialNumber=95C13A3CC7EC270B7E5F19F3CD4F3B50DFDF62E4
Certificate serial:       0A5D
Authority key identifier: 95:C1:3A:3C:C7:EC:27:0B:7E:5F:19:F3:CD:4F:3B:50:DF:DF:62:E4
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/lcE6PMfsJwt-XxnzzU87UN_fYuQ.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91EBB5B/29DE748A419E11EAB866E77AC4F9AE02/20E6F554419F11EA8B12587CC4F9AE02.roa
Signing time:             Sun 02 Jun 2024 21:06:05 +0000
ROA not before:           Sun 02 Jun 2024 21:06:05 +0000
ROA not after:            Sun 31 Aug 2025 00:00:00 +0000
asID:                     9311
IP address blocks:        45.126.85.0/24 maxlen: 24
                          45.126.87.0/24 maxlen: 24
                          103.18.229.0/24 maxlen: 24
                          103.18.231.0/24 maxlen: 24
                          103.231.37.0/24 maxlen: 24
                          103.231.39.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 12 Sep 2024 05:22:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2653 (0xa5d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91EBB5B/serialNumber=95C13A3CC7EC270B7E5F19F3CD4F3B50DFDF62E4
        Validity
            Not Before: Jun  2 21:06:05 2024 GMT
            Not After : Aug 31 00:00:00 2025 GMT
        Subject: CN=665cdebd-8dcc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:21:c2:54:4d:5f:db:a9:1d:dc:a2:34:a7:dd:
                    74:29:ab:83:69:41:cc:a6:05:37:b9:ed:30:07:3a:
                    e7:b7:b5:a3:bc:05:dd:60:fc:52:c1:fd:25:2f:7a:
                    be:13:69:9b:bd:63:44:c2:26:91:89:92:39:4e:70:
                    4f:8c:15:58:51:a0:67:74:03:c0:ac:72:e0:0e:3d:
                    cc:68:eb:61:53:9e:6b:10:78:ce:8c:21:59:fc:0a:
                    87:06:ff:94:39:24:2c:6c:bc:0f:dc:b1:72:34:03:
                    8a:c3:68:19:b5:03:42:8e:96:3c:10:42:b0:5e:42:
                    c3:9a:00:af:1e:2a:47:44:c2:89:97:2e:13:d9:c9:
                    28:ee:91:76:00:c1:9c:af:23:98:e3:0b:2b:c8:d4:
                    a7:60:3a:4d:7b:fa:cd:2a:8d:c1:54:21:ec:af:d6:
                    4a:d3:f3:6c:89:27:ad:43:55:e5:70:51:32:34:eb:
                    9d:99:4a:87:72:41:1e:72:5d:62:27:16:62:de:3a:
                    8b:6a:0a:b0:be:c7:ab:75:be:8b:94:9f:60:14:85:
                    1d:bd:88:a8:7a:28:b5:79:46:fe:da:21:16:c5:ad:
                    0a:e2:36:74:67:d1:42:28:ef:38:b7:4b:a1:ca:67:
                    ab:71:b3:4e:8e:c6:0c:86:cb:5f:1e:6b:39:ec:ed:
                    bb:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:A4:74:9F:83:A4:F1:14:EF:5A:B7:F2:33:EA:58:6C:BA:52:A5:F3
            X509v3 Authority Key Identifier:
                keyid:95:C1:3A:3C:C7:EC:27:0B:7E:5F:19:F3:CD:4F:3B:50:DF:DF:62:E4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91EBB5B/29DE748A419E11EAB866E77AC4F9AE02/lcE6PMfsJwt-XxnzzU87UN_fYuQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/lcE6PMfsJwt-XxnzzU87UN_fYuQ.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91EBB5B/29DE748A419E11EAB866E77AC4F9AE02/20E6F554419F11EA8B12587CC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.126.85.0/24
                  45.126.87.0/24
                  103.18.229.0/24
                  103.18.231.0/24
                  103.231.37.0/24
                  103.231.39.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:98:49:31:04:0f:98:9c:ea:e7:11:ed:d7:ec:3f:ae:91:7d:
         d8:92:2c:7e:39:a7:09:88:6e:2e:d5:b1:0b:ae:34:1c:34:d2:
         b5:c3:0b:5e:6e:d7:31:cc:1e:23:de:81:c7:44:d9:d0:7d:d9:
         82:9d:db:16:e0:16:0e:ac:43:20:b8:d0:4f:a4:58:59:4a:fb:
         0b:ad:79:dd:10:e2:85:2b:93:ca:40:ce:bf:1e:cc:16:d5:23:
         5b:79:a7:c5:2e:55:c8:ed:41:21:f7:5b:3d:ab:c9:f3:bf:01:
         eb:26:37:95:d5:c2:bb:e0:6c:fc:85:56:4d:9d:40:e4:bf:b0:
         93:a5:4a:59:7d:79:18:d5:b2:1e:7f:01:cb:9e:81:7e:5b:8f:
         03:1a:47:dd:46:f3:0c:f4:46:8b:9f:35:8a:9d:bf:9e:eb:39:
         34:4e:28:25:12:ca:4c:e5:7f:d6:f8:55:9f:af:67:03:74:97:
         41:4a:ef:30:a5:09:ab:46:85:11:df:c1:ff:da:5f:2f:30:58:
         8c:01:e3:d8:88:1a:e0:6b:e9:c7:f6:88:94:ba:70:b5:08:05:
         95:19:ba:99:21:e8:d3:2a:9e:19:7e:a1:02:d5:58:00:ad:5d:
         a9:f2:15:28:ef:1a:85:08:eb:18:da:34:30:54:4e:0c:03:cf:
         fb:24:9e:f8
-----BEGIN CERTIFICATE-----
MIIFjzCCBHegAwIBAgICCl0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RUJCNUIxMTAvBgNVBAUTKDk1QzEzQTNDQzdFQzI3MEI3RTVGMTlGM0NENEYzQjUw
REZERjYyRTQwHhcNMjQwNjAyMjEwNjA1WhcNMjUwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjVjZGViZC04ZGNjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAviHCVE1f26kd3KI0p910KauDaUHMpgU3ue0wBzrnt7WjvAXdYPxSwf0lL3q+
E2mbvWNEwiaRiZI5TnBPjBVYUaBndAPArHLgDj3MaOthU55rEHjOjCFZ/AqHBv+U
OSQsbLwP3LFyNAOKw2gZtQNCjpY8EEKwXkLDmgCvHipHRMKJly4T2cko7pF2AMGc
ryOY4wsryNSnYDpNe/rNKo3BVCHsr9ZK0/NsiSetQ1XlcFEyNOudmUqHckEecl1i
JxZi3jqLagqwvserdb6LlJ9gFIUdvYioeii1eUb+2iEWxa0K4jZ0Z9FCKO84t0uh
ymercbNOjsYMhstfHms57O27QwIDAQABo4ICszCCAq8wHQYDVR0OBBYEFCOkdJ+D
pPEU71q38jPqWGy6UqXzMB8GA1UdIwQYMBaAFJXBOjzH7CcLfl8Z881PO1Df32Lk
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFQkI1Qi8yOURFNzQ4QTQx
OUUxMUVBQjg2NkU3N0FDNEY5QUUwMi9sY0U2UE1mc0p3dC1YeG56elU4N1VOX2ZZ
dVEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2xjRTZQTWZzSnd0LVh4bnp6VTg3VU5fZll1US5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RUJCNUIvMjlERTc0OEE0MTlFMTFFQUI4NjZFNzdBQzRGOUFFMDIvMjBFNkY1NTQ0
MTlGMTFFQThCMTI1ODdDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwPQYIKwYBBQUHAQcBAf8E
LjAsMCoEAgABMCQDBAAtflUDBAAtflcDBABnEuUDBABnEucDBABn5yUDBABn5ycw
DQYJKoZIhvcNAQELBQADggEBAH6YSTEED5ic6ucR7dfsP66RfdiSLH45pwmIbi7V
sQuuNBw00rXDC15u1zHMHiPegcdE2dB92YKd2xbgFg6sQyC40E+kWFlK+wuted0Q
4oUrk8pAzr8ezBbVI1t5p8UuVcjtQSH3Wz2ryfO/AesmN5XVwrvgbPyFVk2dQOS/
sJOlSll9eRjVsh5/AcuegX5bjwMaR91G8wz0RoufNYqdv57rOTROKCUSykzlf9b4
VZ+vZwN0l0FK7zClCatGhRHfwf/aXy8wWIwB49iIGuBr6cf2iJS6cLUIBZUZupkh
6NMqnhl+oQLVWACtXanyFSjvGoUI6xjaNDBUTgwDz/sknvg=
-----END CERTIFICATE-----