Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9142DA4/8AD49F7EBAE811ECA82F141CC4F9AE02/37EAEB26134A11EF934E182DC4F9AE02.roa
File:                     37EAEB26134A11EF934E182DC4F9AE02.roa (raw, json)
Hash identifier:          PBxMgg1wYqDVD0exJ2mcYTdToQIT9bnbzL8ACbJWwPY=
Subject key identifier:   FB:B3:B7:69:0B:05:B0:3F:B1:03:C8:70:0B:1B:DA:3B:18:93:E8:A9
Certificate issuer:       /CN=A9142DA4/serialNumber=BB4C9665E75F9E19DAD46F8B609D3444FB68ED47
Certificate serial:       0293
Authority key identifier: BB:4C:96:65:E7:5F:9E:19:DA:D4:6F:8B:60:9D:34:44:FB:68:ED:47
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/u0yWZedfnhna1G-LYJ00RPto7Uc.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9142DA4/8AD49F7EBAE811ECA82F141CC4F9AE02/37EAEB26134A11EF934E182DC4F9AE02.roa
Signing time:             Thu 16 May 2024 06:06:02 +0000
ROA not before:           Thu 16 May 2024 06:06:02 +0000
ROA not after:            Thu 31 Oct 2024 00:00:00 +0000
asID:                     55872
IP address blocks:        115.187.96.0/19 maxlen: 19
                          115.187.96.0/23 maxlen: 23
                          115.187.100.0/22 maxlen: 22
                          115.187.104.0/21 maxlen: 21
                          115.187.112.0/20 maxlen: 20
                          118.82.128.0/17 maxlen: 17
                          118.82.128.0/18 maxlen: 18
                          118.82.136.0/21 maxlen: 21
                          118.82.144.0/20 maxlen: 20
                          118.82.160.0/20 maxlen: 20
                          118.82.176.0/21 maxlen: 21
                          118.82.184.0/22 maxlen: 22
                          118.82.188.0/23 maxlen: 23
                          118.82.192.0/18 maxlen: 18
                          118.82.192.0/21 maxlen: 21
                          118.82.200.0/21 maxlen: 21
                          118.82.208.0/21 maxlen: 21
                          118.82.216.0/21 maxlen: 21
                          118.82.232.0/21 maxlen: 21
                          118.82.240.0/21 maxlen: 21
                          119.235.32.0/21 maxlen: 21
                          202.65.162.0/23 maxlen: 23
                          202.65.164.0/22 maxlen: 22

Validation:               Failed, certificate revoked on Sun 19 May 2024 10:33:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 659 (0x293)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9142DA4/serialNumber=BB4C9665E75F9E19DAD46F8B609D3444FB68ED47
        Validity
            Not Before: May 16 06:06:02 2024 GMT
            Not After : Oct 31 00:00:00 2024 GMT
        Subject: CN=6645a24a-9f41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:ae:f6:86:95:be:f8:14:6c:57:63:d5:f6:93:
                    3c:18:51:50:d0:72:a6:7d:29:3b:b3:54:11:ee:5e:
                    dd:ca:de:00:70:fa:bf:cd:aa:ac:c7:ee:88:4c:49:
                    2c:cd:42:30:ab:ac:83:80:16:5b:22:b4:d2:e5:fc:
                    77:5d:2e:00:f1:32:93:c6:e7:3a:29:c6:d7:4a:27:
                    9c:79:8c:9d:bb:2d:81:6a:fb:06:d3:db:7a:bc:90:
                    c7:be:a5:bb:21:75:c6:e6:e1:a9:33:48:08:f8:95:
                    91:10:14:05:0d:75:50:15:e0:d1:62:fe:c1:49:97:
                    06:92:2f:ff:f4:3a:17:0b:6d:7f:88:92:d2:04:65:
                    e8:01:a5:59:2b:75:0b:31:e2:16:79:eb:73:a0:b9:
                    b5:4e:b4:20:12:91:88:fa:e5:89:1c:d0:a5:66:21:
                    8b:45:2b:d1:a4:62:89:60:5c:17:5d:eb:35:40:62:
                    b3:fb:01:7e:39:50:99:59:26:e2:04:e0:c7:00:65:
                    1b:ca:de:86:50:22:a3:c6:21:a1:f4:31:21:13:e9:
                    cd:10:d6:19:a5:b8:fd:d2:d9:a4:53:4a:15:01:cf:
                    ad:c7:c6:e1:2c:0e:01:fa:7d:8c:1c:07:f2:3f:50:
                    14:29:98:cc:6a:7f:a5:1d:81:f6:11:b5:cc:12:83:
                    e5:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:B3:B7:69:0B:05:B0:3F:B1:03:C8:70:0B:1B:DA:3B:18:93:E8:A9
            X509v3 Authority Key Identifier:
                keyid:BB:4C:96:65:E7:5F:9E:19:DA:D4:6F:8B:60:9D:34:44:FB:68:ED:47

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9142DA4/8AD49F7EBAE811ECA82F141CC4F9AE02/u0yWZedfnhna1G-LYJ00RPto7Uc.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/u0yWZedfnhna1G-LYJ00RPto7Uc.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9142DA4/8AD49F7EBAE811ECA82F141CC4F9AE02/37EAEB26134A11EF934E182DC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  115.187.96.0/19
                  118.82.128.0/17
                  119.235.32.0/21
                  202.65.162.0-202.65.167.255

    Signature Algorithm: sha256WithRSAEncryption
         73:8d:80:0b:a9:41:e3:b5:65:d8:f0:0b:4d:21:12:8a:d6:f2:
         9b:cd:c0:f0:01:15:51:af:e0:c7:18:24:d9:56:dc:2d:5e:71:
         c4:f0:fe:b6:27:e6:45:b4:0f:76:06:2e:57:6f:6e:e5:22:25:
         88:52:0c:4c:25:e3:cf:19:56:ee:28:de:88:6b:39:5a:2d:62:
         59:a5:ee:37:78:ab:96:a1:d7:10:91:eb:11:39:95:e9:d6:5c:
         13:3b:8b:78:7d:8c:d8:f4:11:3c:bb:24:44:dd:a7:b3:9b:e0:
         c0:51:bb:a5:27:05:73:e4:bc:6f:4c:53:2d:a9:b0:5b:c3:ac:
         55:b6:e3:78:f2:7c:fa:40:2e:a1:2c:49:69:c4:26:89:77:2b:
         40:8c:bd:bf:29:bd:b7:66:70:9a:5a:eb:fc:39:e6:21:77:51:
         a5:bb:8f:55:81:20:a0:28:f5:87:ae:b4:36:04:93:ec:e7:8f:
         3f:ae:30:e6:db:48:87:1a:ac:db:4d:19:43:dc:4d:e2:f4:8c:
         08:90:8f:bf:b3:38:ef:82:45:ba:86:ff:d1:0f:8d:d0:6e:15:
         b5:27:41:a8:8c:55:a1:43:f9:5c:87:3f:e8:c7:bf:9a:62:5c:
         31:fd:91:d2:9b:69:b3:7c:20:db:f6:39:9d:e0:7a:13:a3:3a:
         3e:40:85:bd
-----BEGIN CERTIFICATE-----
MIIFizCCBHOgAwIBAgICApMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDJEQTQxMTAvBgNVBAUTKEJCNEM5NjY1RTc1RjlFMTlEQUQ0NkY4QjYwOUQzNDQ0
RkI2OEVENDcwHhcNMjQwNTE2MDYwNjAyWhcNMjQxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjQ1YTI0YS05ZjQxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA3K72hpW++BRsV2PV9pM8GFFQ0HKmfSk7s1QR7l7dyt4AcPq/zaqsx+6ITEks
zUIwq6yDgBZbIrTS5fx3XS4A8TKTxuc6KcbXSieceYyduy2BavsG09t6vJDHvqW7
IXXG5uGpM0gI+JWREBQFDXVQFeDRYv7BSZcGki//9DoXC21/iJLSBGXoAaVZK3UL
MeIWeetzoLm1TrQgEpGI+uWJHNClZiGLRSvRpGKJYFwXXes1QGKz+wF+OVCZWSbi
BODHAGUbyt6GUCKjxiGh9DEhE+nNENYZpbj90tmkU0oVAc+tx8bhLA4B+n2MHAfy
P1AUKZjMan+lHYH2EbXMEoPl9wIDAQABo4ICrzCCAqswHQYDVR0OBBYEFPuzt2kL
BbA/sQPIcAsb2jsYk+ipMB8GA1UdIwQYMBaAFLtMlmXnX54Z2tRvi2CdNET7aO1H
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0MkRBNC84QUQ0OUY3RUJB
RTgxMUVDQTgyRjE0MUNDNEY5QUUwMi91MHlXWmVkZm5obmExRy1MWUowMFJQdG83
VWMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3UweVdaZWRmbmhuYTFHLUxZSjAwUlB0bzdVYy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDJEQTQvOEFENDlGN0VCQUU4MTFFQ0E4MkYxNDFDQzRGOUFFMDIvMzdFQUVCMjYx
MzRBMTFFRjkzNEUxODJEQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwOQYIKwYBBQUHAQcBAf8E
KjAoMCYEAgABMCADBAVzu2ADBAd2UoADBAN36yAwDAMEAcpBogMEA8pBoDANBgkq
hkiG9w0BAQsFAAOCAQEAc42AC6lB47Vl2PALTSESitbym83A8AEVUa/gxxgk2Vbc
LV5xxPD+tifmRbQPdgYuV29u5SIliFIMTCXjzxlW7ijeiGs5Wi1iWaXuN3irlqHX
EJHrETmV6dZcEzuLeH2M2PQRPLskRN2ns5vgwFG7pScFc+S8b0xTLamwW8OsVbbj
ePJ8+kAuoSxJacQmiXcrQIy9vym9t2Zwmlrr/DnmIXdRpbuPVYEgoCj1h660NgST
7OePP64w5ttIhxqs200ZQ9xN4vSMCJCPv7M474JFuob/0Q+N0G4VtSdBqIxVoUP5
XIc/6Me/mmJcMf2R0ptps3wg2/Y5neB6E6M6PkCFvQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:04:56 2024 by rpki-client on console-ams.rpki-client.org