Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9132B4D/C199E006B20511EBAEAE9F10C4F9AE02/DDCCFA34426211EE90EC8E0FC4F9AE02.roa
File:                     DDCCFA34426211EE90EC8E0FC4F9AE02.roa (raw, json)
Hash identifier:          CTtJsMU++gXDmwVpCoTutBIznaM0X+7pbBan8NAkCVM=
Subject key identifier:   80:F9:D0:81:B4:66:28:20:11:75:D1:65:80:19:1D:59:76:64:DA:43
Certificate issuer:       /CN=A9132B4D/serialNumber=23F5D93A82E7D7840679B1C64DA37C37CFFE77EF
Certificate serial:       054B
Authority key identifier: 23:F5:D9:3A:82:E7:D7:84:06:79:B1:C6:4D:A3:7C:37:CF:FE:77:EF
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/I_XZOoLn14QGebHGTaN8N8_-d-8.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9132B4D/C199E006B20511EBAEAE9F10C4F9AE02/DDCCFA34426211EE90EC8E0FC4F9AE02.roa
Signing time:             Wed 27 Dec 2023 07:16:41 +0000
ROA not before:           Wed 27 Dec 2023 07:16:41 +0000
ROA not after:            Tue 30 Jul 2024 00:00:00 +0000
asID:                     9231
IP address blocks:        58.82.192.0/19 maxlen: 24
                          58.82.224.0/19 maxlen: 24
                          103.15.84.0/22 maxlen: 24
                          161.81.0.0/16 maxlen: 24
                          182.239.72.0/21 maxlen: 24
                          182.239.80.0/20 maxlen: 24
                          182.239.104.0/21 maxlen: 24
                          182.239.112.0/20 maxlen: 24
                          203.142.97.0/24 maxlen: 24
                          203.142.98.0/24 maxlen: 24
                          203.142.99.0/24 maxlen: 24
                          203.142.127.0/24 maxlen: 24
                          223.122.0.0/18 maxlen: 24
                          223.122.64.0/18 maxlen: 24
                          223.122.128.0/17 maxlen: 24
                          2401:3000::/36 maxlen: 36

Validation:               Failed, certificate revoked on Mon 29 Jan 2024 02:18:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1355 (0x54b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9132B4D/serialNumber=23F5D93A82E7D7840679B1C64DA37C37CFFE77EF
        Validity
            Not Before: Dec 27 07:16:41 2023 GMT
            Not After : Jul 30 00:00:00 2024 GMT
        Subject: CN=658bcf59-565e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:21:f4:45:33:ad:de:98:ab:84:f2:91:a7:6b:
                    d6:3f:e3:d9:c9:25:74:0a:9c:07:8f:93:c9:87:05:
                    ce:f3:2f:46:f8:93:84:2f:aa:6d:89:64:4c:02:fd:
                    9d:87:19:54:aa:24:fd:d9:2b:ce:cf:8a:1d:fb:01:
                    c3:22:54:fb:ae:91:d5:94:56:53:ed:0c:bb:98:94:
                    a4:c0:b8:ec:22:fc:9a:30:65:a2:a1:86:ae:c4:fb:
                    a4:26:30:fd:24:d9:8a:c7:84:b2:a8:88:e4:6d:70:
                    2c:6e:e7:7f:1c:ed:95:0f:6a:25:d4:ca:b2:47:b6:
                    41:b0:18:fb:53:d5:fb:47:66:40:ab:6c:94:e4:1c:
                    9b:f2:25:08:ab:01:f6:b9:6f:f3:b5:58:77:76:a2:
                    3c:10:2c:79:d9:b0:30:fa:42:d5:cf:94:85:23:e5:
                    6e:03:3f:31:f1:35:20:89:41:81:42:43:5b:da:c6:
                    d6:89:ef:a5:a7:4e:9b:61:51:bf:7a:5b:31:8d:cd:
                    77:c7:c5:fe:3b:49:bb:49:93:31:7e:e6:4e:7d:33:
                    69:a6:45:5a:2b:7d:49:16:6d:8b:44:ce:e7:e5:bd:
                    1a:87:58:97:e4:6d:d8:68:d8:bf:de:22:86:05:17:
                    b3:f4:44:68:c5:6d:a6:12:6f:7e:6c:6c:d5:d8:4f:
                    a7:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:F9:D0:81:B4:66:28:20:11:75:D1:65:80:19:1D:59:76:64:DA:43
            X509v3 Authority Key Identifier:
                keyid:23:F5:D9:3A:82:E7:D7:84:06:79:B1:C6:4D:A3:7C:37:CF:FE:77:EF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9132B4D/C199E006B20511EBAEAE9F10C4F9AE02/I_XZOoLn14QGebHGTaN8N8_-d-8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/I_XZOoLn14QGebHGTaN8N8_-d-8.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9132B4D/C199E006B20511EBAEAE9F10C4F9AE02/DDCCFA34426211EE90EC8E0FC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  58.82.192.0/18
                  103.15.84.0/22
                  161.81.0.0/16
                  182.239.72.0-182.239.95.255
                  182.239.104.0-182.239.127.255
                  203.142.97.0-203.142.99.255
                  203.142.127.0/24
                  223.122.0.0/16
                IPv6:
                  2401:3000::/36

    Signature Algorithm: sha256WithRSAEncryption
         04:91:dd:10:28:40:85:fa:71:ce:b1:35:03:1f:4c:8f:b9:41:
         88:d3:ce:13:72:ac:87:2d:5f:98:06:68:a8:02:da:9d:aa:8a:
         cd:22:ea:fb:1e:cb:09:87:91:06:01:84:a1:20:af:8a:8a:a0:
         d0:5b:62:49:25:00:d6:f4:6e:27:14:30:4e:29:8c:e4:19:a1:
         f2:4f:68:21:2f:77:6f:7a:88:92:4b:45:92:35:08:01:7b:8c:
         37:3d:af:ef:47:4e:a3:e3:41:6d:a7:6b:b3:7b:9c:0a:61:69:
         36:55:23:a9:b3:37:e9:80:2f:db:19:e5:ed:b2:84:79:b5:26:
         e1:89:fc:1a:52:3a:99:99:83:a2:61:47:e1:7d:4c:d4:9b:48:
         26:99:53:dc:c0:50:70:2b:10:91:4c:0d:ce:75:36:bf:20:5d:
         49:69:3e:34:09:ac:92:e5:2b:2a:bf:86:b0:6c:15:b9:63:68:
         f0:63:04:bf:b7:55:62:2c:6a:59:46:46:ff:34:60:c3:7f:91:
         29:3e:3f:6e:11:59:01:e0:f1:53:f2:f2:d6:62:35:3c:02:66:
         1c:90:f8:22:ec:2c:19:ac:0e:97:ee:4e:bd:a9:9e:da:ad:87:
         81:4d:db:6f:c8:0b:4a:e6:14:c4:ea:ce:69:2c:15:33:dc:3e:
         ed:ac:8e:5e
-----BEGIN CERTIFICATE-----
MIIFwTCCBKmgAwIBAgICBUswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MzJCNEQxMTAvBgNVBAUTKDIzRjVEOTNBODJFN0Q3ODQwNjc5QjFDNjREQTM3QzM3
Q0ZGRTc3RUYwHhcNMjMxMjI3MDcxNjQxWhcNMjQwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NThiY2Y1OS01NjVlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAxiH0RTOt3pirhPKRp2vWP+PZySV0CpwHj5PJhwXO8y9G+JOEL6ptiWRMAv2d
hxlUqiT92SvOz4od+wHDIlT7rpHVlFZT7Qy7mJSkwLjsIvyaMGWioYauxPukJjD9
JNmKx4SyqIjkbXAsbud/HO2VD2ol1MqyR7ZBsBj7U9X7R2ZAq2yU5Byb8iUIqwH2
uW/ztVh3dqI8ECx52bAw+kLVz5SFI+VuAz8x8TUgiUGBQkNb2sbWie+lp06bYVG/
elsxjc13x8X+O0m7SZMxfuZOfTNppkVaK31JFm2LRM7n5b0ah1iX5G3YaNi/3iKG
BRez9ERoxW2mEm9+bGzV2E+nTwIDAQABo4IC5TCCAuEwHQYDVR0OBBYEFID50IG0
ZiggEXXRZYAZHVl2ZNpDMB8GA1UdIwQYMBaAFCP12TqC59eEBnmxxk2jfDfP/nfv
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEzMkI0RC9DMTk5RTAwNkIy
MDUxMUVCQUVBRTlGMTBDNEY5QUUwMi9JX1haT29MbjE0UUdlYkhHVGFOOE44Xy1k
LTguY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0lfWFpPb0xuMTRRR2ViSEdUYU44TjhfLWQtOC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MzJCNEQvQzE5OUUwMDZCMjA1MTFFQkFFQUU5RjEwQzRGOUFFMDIvRERDQ0ZBMzQ0
MjYyMTFFRTkwRUM4RTBGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwbwYIKwYBBQUHAQcBAf8E
YDBeMEwEAgABMEYDBAY6UsADBAJnD1QDAwChUTAMAwQDtu9IAwQFtu9AMAwDBAO2
72gDBAe27wAwDAMEAMuOYQMEAsuOYAMEAMuOfwMDAN96MA4EAgACMAgDBgQkATAA
ADANBgkqhkiG9w0BAQsFAAOCAQEABJHdEChAhfpxzrE1Ax9Mj7lBiNPOE3Kshy1f
mAZoqALanaqKzSLq+x7LCYeRBgGEoSCvioqg0FtiSSUA1vRuJxQwTimM5Bmh8k9o
IS93b3qIkktFkjUIAXuMNz2v70dOo+NBbadrs3ucCmFpNlUjqbM36YAv2xnl7bKE
ebUm4Yn8GlI6mZmDomFH4X1M1JtIJplT3MBQcCsQkUwNznU2vyBdSWk+NAmskuUr
Kr+GsGwVuWNo8GMEv7dVYixqWUZG/zRgw3+RKT4/bhFZAeDxU/Ly1mI1PAJmHJD4
IuwsGawOl+5Ovame2q2HgU3bb8gLSuYUxOrOaSwVM9w+7ayOXg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:50:58 2024 by rpki-client on console-fra.rpki-client.org