Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91E6134/5F9AA4BEC2A811EAA7918A2EC4F9AE02/31937450D7E411EF9CB39217C4F9AE02.roa
File:                     31937450D7E411EF9CB39217C4F9AE02.roa (raw, json)
Hash identifier:          N8rmKYi4klqeXQN9/eBuMKXHTdRRFIsLlPqqiysfOeo=
Subject key identifier:   DC:18:97:70:12:55:59:92:E6:D6:F6:6F:D5:EE:F7:8F:62:FB:80:94
Certificate issuer:       /CN=A91E6134/serialNumber=8308087911EA49E215DC4926B0226A521E5B39C4
Certificate serial:       21F8
Authority key identifier: 83:08:08:79:11:EA:49:E2:15:DC:49:26:B0:22:6A:52:1E:5B:39:C4
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gwgIeRHqSeIV3EkmsCJqUh5bOcQ.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91E6134/5F9AA4BEC2A811EAA7918A2EC4F9AE02/31937450D7E411EF9CB39217C4F9AE02.roa
Signing time:             Wed 22 Jan 2025 14:31:39 +0000
ROA not before:           Wed 22 Jan 2025 14:31:39 +0000
ROA not after:            Wed 30 Jul 2025 00:00:00 +0000
asID:                     329007
IP address blocks:        43.226.224.0/24 maxlen: 24
                          113.203.231.0/24 maxlen: 24
                          113.203.233.0/24 maxlen: 24
                          113.203.245.0/24 maxlen: 24
                          115.167.101.0/24 maxlen: 24
                          115.167.103.0/24 maxlen: 24
                          115.167.117.0/24 maxlen: 24
                          175.110.80.0/24 maxlen: 24
                          175.110.81.0/24 maxlen: 24
                          175.110.82.0/24 maxlen: 24
                          175.110.83.0/24 maxlen: 24
                          223.29.225.0/24 maxlen: 24
                          223.29.226.0/24 maxlen: 24
Validation:               Failed, certificate revoked on Mon 27 Jan 2025 10:44:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 8696 (0x21f8)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E6134, serialNumber=8308087911EA49E215DC4926B0226A521E5B39C4
        Validity
            Not Before: Jan 22 14:31:39 2025 GMT
            Not After : Jul 30 00:00:00 2025 GMT
        Subject: CN=6791014b-3bf8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:65:7c:92:a9:db:10:d6:d0:c0:d1:e6:3b:32:
                    dc:1f:4b:3a:57:13:41:16:2e:76:81:80:cc:3f:fb:
                    fc:08:41:41:dc:77:06:a2:25:5b:ca:f4:9e:cb:02:
                    7c:79:d4:4d:5e:7e:62:40:30:af:25:b1:7a:d5:ea:
                    d7:e1:1c:15:ef:6b:18:b2:41:8b:64:1e:08:88:0c:
                    04:fb:49:7c:d3:b6:d3:b9:71:87:55:19:d3:6a:bb:
                    42:98:37:37:8c:b2:1d:09:7c:44:4f:0c:8a:03:67:
                    67:ed:ad:4d:99:46:33:a4:24:c7:a7:4a:9d:3e:c8:
                    27:e5:16:d6:dc:c8:b0:24:d2:3f:a3:d8:9f:e7:f3:
                    4f:01:29:00:8c:26:9a:16:28:5a:f2:13:38:88:6f:
                    0e:16:cf:b7:7b:77:9a:a6:b9:86:1d:8c:a2:7d:18:
                    bb:cb:37:2f:f1:6a:20:3a:98:2e:66:94:31:91:b5:
                    fa:d5:93:3f:55:a0:e6:22:66:7e:94:c3:7d:15:bd:
                    81:d8:80:36:16:2c:af:6a:d7:71:f9:eb:fd:cb:77:
                    01:04:81:b1:02:f1:f2:89:cd:d4:3d:eb:de:6c:25:
                    7a:f4:f0:ce:e5:ee:e5:b0:b8:a3:f9:9f:17:b1:bd:
                    36:66:cd:47:af:9b:7b:c1:bd:3f:0a:7f:8a:cf:b5:
                    9e:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DC:18:97:70:12:55:59:92:E6:D6:F6:6F:D5:EE:F7:8F:62:FB:80:94
            X509v3 Authority Key Identifier:
                keyid:83:08:08:79:11:EA:49:E2:15:DC:49:26:B0:22:6A:52:1E:5B:39:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91E6134/5F9AA4BEC2A811EAA7918A2EC4F9AE02/gwgIeRHqSeIV3EkmsCJqUh5bOcQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gwgIeRHqSeIV3EkmsCJqUh5bOcQ.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91E6134/5F9AA4BEC2A811EAA7918A2EC4F9AE02/31937450D7E411EF9CB39217C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.226.224.0/24
                  113.203.231.0/24
                  113.203.233.0/24
                  113.203.245.0/24
                  115.167.101.0/24
                  115.167.103.0/24
                  115.167.117.0/24
                  175.110.80.0/22
                  223.29.225.0-223.29.226.255

    Signature Algorithm: sha256WithRSAEncryption
         06:97:2d:bf:a2:fd:2d:76:cb:f3:5c:ce:92:ca:f5:81:d3:03:
         06:e0:35:24:3d:27:d7:20:51:36:8d:34:5e:78:13:e7:32:63:
         0a:b2:60:74:45:a5:1a:87:4a:68:09:ae:c2:b7:5a:90:b8:f8:
         d0:be:26:c7:0c:db:36:7b:c7:52:70:31:3c:f5:69:77:b4:ce:
         da:3b:bd:10:93:ea:61:08:bb:ca:de:7f:d3:74:42:c4:04:89:
         e3:fc:78:88:65:86:4e:e4:c9:4c:2a:b3:ea:37:4b:cc:b1:83:
         25:cf:85:91:9a:8f:f1:d8:b7:23:07:59:a9:23:bf:53:10:ef:
         ec:b4:f3:46:14:bf:06:80:85:9d:71:f1:1d:41:08:97:7c:b5:
         c1:7a:c7:b1:d6:1e:1d:20:50:1d:35:c1:5b:7c:73:b6:63:e3:
         c8:b0:2b:03:32:2e:10:9b:b3:92:46:da:62:4e:2b:38:b9:ea:
         05:39:1c:84:6b:e5:5d:27:c0:af:58:09:bd:be:b0:59:a4:f2:
         f0:4e:d1:cc:1a:79:8b:a9:82:10:04:c0:4f:d5:dc:ac:ad:e5:
         4e:5d:73:bb:e1:c4:0a:62:11:a2:a4:ce:a4:65:6a:bb:5d:06:
         20:77:b7:af:b6:d1:38:19:13:e4:e1:6f:6e:5b:51:67:8f:03:
         67:66:ec:6a
-----BEGIN CERTIFICATE-----
MIIFqTCCBJGgAwIBAgICIfgwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RTYxMzQxMTAvBgNVBAUTKDgzMDgwODc5MTFFQTQ5RTIxNURDNDkyNkIwMjI2QTUy
MUU1QjM5QzQwHhcNMjUwMTIyMTQzMTM5WhcNMjUwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzkxMDE0Yi0zYmY4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEApWV8kqnbENbQwNHmOzLcH0s6VxNBFi52gYDMP/v8CEFB3HcGoiVbyvSeywJ8
edRNXn5iQDCvJbF61erX4RwV72sYskGLZB4IiAwE+0l807bTuXGHVRnTartCmDc3
jLIdCXxETwyKA2dn7a1NmUYzpCTHp0qdPsgn5RbW3MiwJNI/o9if5/NPASkAjCaa
Fiha8hM4iG8OFs+3e3eaprmGHYyifRi7yzcv8WogOpguZpQxkbX61ZM/VaDmImZ+
lMN9Fb2B2IA2Fiyvatdx+ev9y3cBBIGxAvHyic3UPevebCV69PDO5e7lsLij+Z8X
sb02Zs1Hr5t7wb0/Cn+Kz7We1QIDAQABo4ICzTCCAskwHQYDVR0OBBYEFNwYl3AS
VVmS5tb2b9Xu949i+4CUMB8GA1UdIwQYMBaAFIMICHkR6kniFdxJJrAialIeWznE
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFNjEzNC81RjlBQTRCRUMy
QTgxMUVBQTc5MThBMkVDNEY5QUUwMi9nd2dJZVJIcVNlSVYzRWttc0NKcVVoNWJP
Y1EuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2d3Z0llUkhxU2VJVjNFa21zQ0pxVWg1Yk9jUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RTYxMzQvNUY5QUE0QkVDMkE4MTFFQUE3OTE4QTJFQzRGOUFFMDIvMzE5Mzc0NTBE
N0U0MTFFRjlDQjM5MjE3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwVwYIKwYBBQUHAQcBAf8E
SDBGMEQEAgABMD4DBAAr4uADBABxy+cDBABxy+kDBABxy/UDBABzp2UDBABzp2cD
BABzp3UDBAKvblAwDAMEAN8d4QMEAN8d4jANBgkqhkiG9w0BAQsFAAOCAQEABpct
v6L9LXbL81zOksr1gdMDBuA1JD0n1yBRNo00XngT5zJjCrJgdEWlGodKaAmuwrda
kLj40L4mxwzbNnvHUnAxPPVpd7TO2ju9EJPqYQi7yt5/03RCxASJ4/x4iGWGTuTJ
TCqz6jdLzLGDJc+FkZqP8di3IwdZqSO/UxDv7LTzRhS/BoCFnXHxHUEIl3y1wXrH
sdYeHSBQHTXBW3xztmPjyLArAzIuEJuzkkbaYk4rOLnqBTkchGvlXSfAr1gJvb6w
WaTy8E7RzBp5i6mCEATAT9XcrK3lTl1zu+HECmIRoqTOpGVqu10GIHe3r7bROBkT
5OFvbltRZ48DZ2bsag==
-----END CERTIFICATE-----