Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91CB7AB/56786568400911EBA374225BC4F9AE02/0CCB8FEE9A4C11EE807F8412C4F9AE02.roa
File:                     0CCB8FEE9A4C11EE807F8412C4F9AE02.roa (raw, json)
Hash identifier:          w/Fx0LA2jD2lIVd3yxZPQuiMhTH+jOJGowIPLJUdVPI=
Subject key identifier:   2A:5D:AA:95:9B:2A:08:10:A7:3F:30:D3:E5:39:04:00:C6:E6:93:4D
Certificate issuer:       /CN=A91CB7AB/serialNumber=3DE9D3DFF6E048FD908146502E4F08E456F3D9BC
Certificate serial:       06E1
Authority key identifier: 3D:E9:D3:DF:F6:E0:48:FD:90:81:46:50:2E:4F:08:E4:56:F3:D9:BC
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/PenT3_bgSP2QgUZQLk8I5Fbz2bw.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91CB7AB/56786568400911EBA374225BC4F9AE02/0CCB8FEE9A4C11EE807F8412C4F9AE02.roa
Signing time:             Thu 14 Dec 2023 06:43:12 +0000
ROA not before:           Thu 14 Dec 2023 06:43:12 +0000
ROA not after:            Sun 31 Mar 2024 00:00:00 +0000
asID:                     14618
IP address blocks:        202.139.236.0/22 maxlen: 24
                          202.139.252.0/24 maxlen: 24
                          202.148.147.0/24 maxlen: 24
                          203.27.226.0/23 maxlen: 24
                          210.247.144.0/20 maxlen: 24
                          210.247.238.0/23 maxlen: 23

Validation:               Failed, certificate revoked on Sun 11 Feb 2024 23:31:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1761 (0x6e1)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91CB7AB/serialNumber=3DE9D3DFF6E048FD908146502E4F08E456F3D9BC
        Validity
            Not Before: Dec 14 06:43:12 2023 GMT
            Not After : Mar 31 00:00:00 2024 GMT
        Subject: CN=657aa400-39b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:5e:96:4d:45:9e:d9:95:45:32:7f:ef:d5:2e:
                    6f:a9:ff:d5:0d:76:a9:7d:f7:5d:40:5c:6d:a5:f3:
                    c1:cc:a5:9a:fd:56:bb:c4:2d:c6:cb:05:b3:60:f9:
                    13:5c:37:c7:e5:5c:6e:f6:9e:d7:b5:00:a4:23:9f:
                    c1:78:5d:bd:b6:d2:4f:57:d1:3a:8e:d7:f4:52:69:
                    1a:7f:fc:03:09:59:1e:de:fc:a4:7e:a1:ed:c0:3f:
                    57:ae:ee:f5:2a:10:6a:98:cc:1f:05:bf:87:57:87:
                    74:85:e3:c0:88:2f:aa:5c:e0:9c:d1:f3:14:64:f9:
                    1a:fb:82:34:cd:81:19:7c:20:9d:0b:0f:86:49:8b:
                    44:dd:6e:6b:20:2f:ec:a5:52:93:9c:2c:2f:a6:6d:
                    25:05:eb:c2:0c:98:24:ef:1b:47:2c:eb:de:9d:f0:
                    bc:97:85:9f:55:95:88:03:4c:27:a3:7b:6b:3f:b6:
                    89:9d:5a:7e:53:70:7c:95:1e:3e:68:03:14:40:e2:
                    92:1a:18:2e:b9:67:44:70:dd:6c:44:aa:dd:67:d0:
                    c9:1c:74:7e:e7:42:ec:1a:84:fd:cb:34:fe:ba:a1:
                    6f:ab:aa:8e:60:da:55:ad:0d:b4:d8:93:4f:00:9d:
                    86:3d:1e:f9:eb:8c:18:9a:88:7c:9a:27:4b:72:03:
                    d5:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:5D:AA:95:9B:2A:08:10:A7:3F:30:D3:E5:39:04:00:C6:E6:93:4D
            X509v3 Authority Key Identifier:
                keyid:3D:E9:D3:DF:F6:E0:48:FD:90:81:46:50:2E:4F:08:E4:56:F3:D9:BC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91CB7AB/56786568400911EBA374225BC4F9AE02/PenT3_bgSP2QgUZQLk8I5Fbz2bw.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/PenT3_bgSP2QgUZQLk8I5Fbz2bw.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91CB7AB/56786568400911EBA374225BC4F9AE02/0CCB8FEE9A4C11EE807F8412C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.139.236.0/22
                  202.139.252.0/24
                  202.148.147.0/24
                  203.27.226.0/23
                  210.247.144.0/20
                  210.247.238.0/23

    Signature Algorithm: sha256WithRSAEncryption
         c9:b5:68:d8:8a:c8:ac:de:36:49:4b:dd:7e:60:80:a1:3a:71:
         ff:9c:21:86:88:02:b3:bc:8c:7c:fa:81:71:5c:d0:1b:5a:09:
         ed:ad:b7:e0:55:4b:68:42:1e:c5:87:f3:97:b0:cd:7c:4b:08:
         2a:00:53:6c:51:e5:18:23:1a:a5:d8:b3:78:1c:a2:57:c2:e2:
         80:5f:07:bf:ed:0a:0e:19:6d:62:78:73:f1:13:07:83:50:32:
         ea:e4:b2:ec:d7:8b:8f:39:0d:19:3d:f7:2d:31:5e:9c:db:2b:
         44:7d:f8:c2:f8:6a:c0:79:51:71:e3:6b:5d:bc:85:31:b2:62:
         37:23:3a:8e:5a:b9:09:51:21:5e:35:85:28:f2:73:be:9c:65:
         76:44:15:b3:37:4d:b1:04:0a:2b:70:27:ce:58:00:fc:1c:40:
         e7:b8:99:25:da:cd:a8:cb:29:8f:cb:eb:4a:3d:bd:d7:8d:14:
         9d:2e:c5:e8:58:a2:6e:77:bf:52:d1:ba:32:76:fc:2b:e7:a2:
         9f:5d:41:23:d7:d8:bd:36:9b:27:45:66:e4:3a:e3:f0:26:30:
         84:6d:8b:c6:72:a9:b6:7f:22:38:8a:64:fa:38:b7:a5:f8:01:
         b8:b7:4d:56:e1:b8:52:c6:78:d7:94:7b:26:72:52:32:41:69:
         7c:24:47:3b
-----BEGIN CERTIFICATE-----
MIIFjzCCBHegAwIBAgICBuEwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Q0I3QUIxMTAvBgNVBAUTKDNERTlEM0RGRjZFMDQ4RkQ5MDgxNDY1MDJFNEYwOEU0
NTZGM0Q5QkMwHhcNMjMxMjE0MDY0MzEyWhcNMjQwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTdhYTQwMC0zOWIwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAyV6WTUWe2ZVFMn/v1S5vqf/VDXapffddQFxtpfPBzKWa/Va7xC3GywWzYPkT
XDfH5Vxu9p7XtQCkI5/BeF29ttJPV9E6jtf0Umkaf/wDCVke3vykfqHtwD9Xru71
KhBqmMwfBb+HV4d0hePAiC+qXOCc0fMUZPka+4I0zYEZfCCdCw+GSYtE3W5rIC/s
pVKTnCwvpm0lBevCDJgk7xtHLOvenfC8l4WfVZWIA0wno3trP7aJnVp+U3B8lR4+
aAMUQOKSGhguuWdEcN1sRKrdZ9DJHHR+50LsGoT9yzT+uqFvq6qOYNpVrQ202JNP
AJ2GPR7564wYmoh8midLcgPVeQIDAQABo4ICszCCAq8wHQYDVR0OBBYEFCpdqpWb
KggQpz8w0+U5BADG5pNNMB8GA1UdIwQYMBaAFD3p09/24Ej9kIFGUC5PCORW89m8
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDQjdBQi81Njc4NjU2ODQw
MDkxMUVCQTM3NDIyNUJDNEY5QUUwMi9QZW5UM19iZ1NQMlFnVVpRTGs4STVGYnoy
YncuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1BlblQzX2JnU1AyUWdVWlFMazhJNUZiejJidy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Q0I3QUIvNTY3ODY1Njg0MDA5MTFFQkEzNzQyMjVCQzRGOUFFMDIvMENDQjhGRUU5
QTRDMTFFRTgwN0Y4NDEyQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwPQYIKwYBBQUHAQcBAf8E
LjAsMCoEAgABMCQDBALKi+wDBADKi/wDBADKlJMDBAHLG+IDBATS95ADBAHS9+4w
DQYJKoZIhvcNAQELBQADggEBAMm1aNiKyKzeNklL3X5ggKE6cf+cIYaIArO8jHz6
gXFc0BtaCe2tt+BVS2hCHsWH85ewzXxLCCoAU2xR5RgjGqXYs3gcolfC4oBfB7/t
Cg4ZbWJ4c/ETB4NQMurksuzXi485DRk99y0xXpzbK0R9+ML4asB5UXHja128hTGy
YjcjOo5auQlRIV41hSjyc76cZXZEFbM3TbEECitwJ85YAPwcQOe4mSXazajLKY/L
60o9vdeNFJ0uxehYom53v1LRujJ2/Cvnop9dQSPX2L02mydFZuQ64/AmMIRti8Zy
qbZ/IjiKZPo4t6X4Abi3TVbhuFLGeNeUeyZyUjJBaXwkRzs=
-----END CERTIFICATE-----