Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91151C9/C300C2CEC6FA11E7AAABCC0BC4F9AE02/5B0DB65CEFD111EE92D9454EC4F9AE02.roa
File:                     5B0DB65CEFD111EE92D9454EC4F9AE02.roa (raw, json)
Hash identifier:          76S4aRaU2ID0XEuOdvsRZUSO3+93Lw6OX8h1XQVhKbA=
Subject key identifier:   7C:10:17:C2:FB:9D:92:0C:63:C6:20:EF:1E:48:64:14:AC:D6:21:41
Certificate issuer:       /CN=A91151C9/serialNumber=875F40021C6D43B04EFE894A7FC15CC4F6ED89BA
Certificate serial:       16FE
Authority key identifier: 87:5F:40:02:1C:6D:43:B0:4E:FE:89:4A:7F:C1:5C:C4:F6:ED:89:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/h19AAhxtQ7BO_olKf8FcxPbtibo.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91151C9/C300C2CEC6FA11E7AAABCC0BC4F9AE02/5B0DB65CEFD111EE92D9454EC4F9AE02.roa
Signing time:             Fri 19 Apr 2024 08:02:30 +0000
ROA not before:           Fri 19 Apr 2024 08:02:29 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     64096
IP address blocks:        43.228.180.0/22 maxlen: 22
                          43.228.180.0/24 maxlen: 24
                          43.228.181.0/24 maxlen: 24
                          43.228.182.0/23 maxlen: 24
                          103.47.200.0/22 maxlen: 24
                          103.212.56.0/22 maxlen: 22
                          103.212.56.0/24 maxlen: 24
                          103.212.57.0/24 maxlen: 24
                          103.212.58.0/23 maxlen: 24
                          116.206.0.0/22 maxlen: 22
                          116.206.0.0/24 maxlen: 24
                          116.206.3.0/24 maxlen: 24
                          2404:ff80::/32 maxlen: 32
                          2404:ff80:100::/48 maxlen: 48
                          2404:ff80:c000::/34 maxlen: 34
                          2404:ff80:ffe0::/44 maxlen: 48
                          2404:ff80:fff0::/44 maxlen: 48

Validation:               Failed, certificate revoked on Tue 09 Jul 2024 06:08:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 5886 (0x16fe)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91151C9/serialNumber=875F40021C6D43B04EFE894A7FC15CC4F6ED89BA
        Validity
            Not Before: Apr 19 08:02:29 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=66222515-29bd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:ae:d0:a4:81:38:14:69:4a:45:00:a6:c8:0d:
                    5f:e1:6b:bb:b9:36:83:b4:30:25:a0:74:fb:61:fe:
                    20:cb:26:29:9a:17:24:6d:d1:ef:0d:c2:8e:34:38:
                    49:a5:55:94:55:b0:ab:87:cb:49:6c:39:ea:ee:41:
                    cf:ac:fe:50:06:00:89:3d:cb:d9:0c:f4:44:bd:dc:
                    0f:c1:80:7c:4b:09:70:0f:b5:59:7d:55:8d:0a:b3:
                    5f:e9:bb:fb:ac:0d:44:a6:9b:02:40:e8:87:89:a9:
                    07:0b:e4:4c:7d:20:71:3d:0e:b6:21:9b:7b:e1:42:
                    fb:ab:c8:8e:63:48:c3:ce:35:68:85:f8:be:f5:af:
                    d4:48:54:67:e0:fe:cb:62:d9:86:eb:d6:9b:02:3b:
                    20:99:87:68:34:84:4e:d3:f7:63:38:dd:f6:ca:88:
                    b7:af:60:93:be:2a:fa:7c:b3:eb:d0:8c:e9:f6:8f:
                    4f:57:45:2d:5b:95:05:da:05:dd:a7:b7:1f:77:e2:
                    1b:6a:64:e7:09:ae:ef:cc:e7:d2:da:71:7f:48:82:
                    45:49:2e:e0:17:4b:62:65:5a:69:b9:ef:21:1d:4d:
                    07:8c:92:f4:3c:3f:e5:47:0d:2c:eb:47:92:d2:22:
                    9c:05:ca:be:65:76:2a:04:6d:86:2f:f3:f5:fb:a5:
                    5f:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:10:17:C2:FB:9D:92:0C:63:C6:20:EF:1E:48:64:14:AC:D6:21:41
            X509v3 Authority Key Identifier:
                keyid:87:5F:40:02:1C:6D:43:B0:4E:FE:89:4A:7F:C1:5C:C4:F6:ED:89:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91151C9/C300C2CEC6FA11E7AAABCC0BC4F9AE02/h19AAhxtQ7BO_olKf8FcxPbtibo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/h19AAhxtQ7BO_olKf8FcxPbtibo.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91151C9/C300C2CEC6FA11E7AAABCC0BC4F9AE02/5B0DB65CEFD111EE92D9454EC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.228.180.0/22
                  103.47.200.0/22
                  103.212.56.0/22
                  116.206.0.0/22
                IPv6:
                  2404:ff80::/32

    Signature Algorithm: sha256WithRSAEncryption
         29:71:2f:76:bd:ab:a0:02:7c:0b:21:45:54:10:d7:9b:de:f0:
         44:87:42:1b:02:49:b1:52:f4:74:75:3e:18:d5:5e:61:c1:3b:
         f3:97:2f:2e:4c:fb:5d:38:b6:2c:34:ac:9a:2b:03:98:bd:7f:
         28:67:a9:b0:ee:ca:9d:05:43:ca:e1:78:dd:02:8e:5b:c5:d5:
         03:d6:dd:78:ac:18:40:81:28:da:ca:fa:fc:5c:4f:09:30:a4:
         68:05:f2:61:45:bb:e9:3b:8f:d4:0d:f5:9e:24:21:55:d3:cb:
         b5:e3:0e:48:8f:30:33:93:d4:95:89:9e:28:81:b6:4b:6b:d6:
         9a:ce:a5:d0:34:a3:c7:c6:8c:9d:1e:ad:d2:12:94:00:5f:26:
         a8:af:98:f7:67:0d:c0:a6:43:ea:1a:bf:dd:fc:28:36:42:9a:
         96:65:79:aa:06:14:9f:a5:28:4e:6a:e4:99:89:5a:14:98:93:
         44:0c:24:d4:56:3e:29:0d:6b:b1:90:61:a4:05:fc:b9:38:de:
         30:49:da:ed:d0:ce:2c:b5:94:bb:aa:66:05:41:09:8b:90:5f:
         6b:75:bb:e9:10:d9:50:4c:76:96:c1:dc:4e:a0:f0:f4:dd:e6:
         cd:91:14:93:5d:38:ec:eb:93:61:b2:4b:17:6c:e6:b2:af:ad:
         ea:18:19:cf
-----BEGIN CERTIFICATE-----
MIIFkjCCBHqgAwIBAgICFv4wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MTUxQzkxMTAvBgNVBAUTKDg3NUY0MDAyMUM2RDQzQjA0RUZFODk0QTdGQzE1Q0M0
RjZFRDg5QkEwHhcNMjQwNDE5MDgwMjI5WhcNMjUwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjIyMjUxNS0yOWJkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA767QpIE4FGlKRQCmyA1f4Wu7uTaDtDAloHT7Yf4gyyYpmhckbdHvDcKONDhJ
pVWUVbCrh8tJbDnq7kHPrP5QBgCJPcvZDPREvdwPwYB8SwlwD7VZfVWNCrNf6bv7
rA1EppsCQOiHiakHC+RMfSBxPQ62IZt74UL7q8iOY0jDzjVohfi+9a/USFRn4P7L
YtmG69abAjsgmYdoNIRO0/djON32yoi3r2CTvir6fLPr0Izp9o9PV0UtW5UF2gXd
p7cfd+IbamTnCa7vzOfS2nF/SIJFSS7gF0tiZVppue8hHU0HjJL0PD/lRw0s60eS
0iKcBcq+ZXYqBG2GL/P1+6Vf0wIDAQABo4ICtjCCArIwHQYDVR0OBBYEFHwQF8L7
nZIMY8Yg7x5IZBSs1iFBMB8GA1UdIwQYMBaAFIdfQAIcbUOwTv6JSn/BXMT27Ym6
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTExNTFDOS9DMzAwQzJDRUM2
RkExMUU3QUFBQkNDMEJDNEY5QUUwMi9oMTlBQWh4dFE3Qk9fb2xLZjhGY3hQYnRp
Ym8uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2gxOUFBaHh0UTdCT19vbEtmOEZjeFBidGliby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MTUxQzkvQzMwMEMyQ0VDNkZBMTFFN0FBQUJDQzBCQzRGOUFFMDIvNUIwREI2NUNF
RkQxMTFFRTkyRDk0NTRFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwQAYIKwYBBQUHAQcBAf8E
MTAvMB4EAgABMBgDBAIr5LQDBAJnL8gDBAJn1DgDBAJ0zgAwDQQCAAIwBwMFACQE
/4AwDQYJKoZIhvcNAQELBQADggEBAClxL3a9q6ACfAshRVQQ15ve8ESHQhsCSbFS
9HR1PhjVXmHBO/OXLy5M+104tiw0rJorA5i9fyhnqbDuyp0FQ8rheN0CjlvF1QPW
3XisGECBKNrK+vxcTwkwpGgF8mFFu+k7j9QN9Z4kIVXTy7XjDkiPMDOT1JWJniiB
tktr1prOpdA0o8fGjJ0erdISlABfJqivmPdnDcCmQ+oav938KDZCmpZleaoGFJ+l
KE5q5JmJWhSYk0QMJNRWPikNa7GQYaQF/Lk43jBJ2u3Qziy1lLuqZgVBCYuQX2t1
u+kQ2VBMdpbB3E6g8PTd5s2RFJNdOOzrk2GySxds5rKvreoYGc8=
-----END CERTIFICATE-----
Generated at Tue Jul 9 06:56:01 2024 by rpki-client on console-ams.rpki-client.org