Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A917452D/AA42171E276811ED9A221730C4F9AE02/3AE1938828FB11ED8256DF33C4F9AE02.roa
File:                     3AE1938828FB11ED8256DF33C4F9AE02.roa (raw, json)
Hash identifier:          RPyLF2+niMSa7CfUtFxmkOy4nVfqPS4DYLz8xOzkTNo=
Subject key identifier:   2D:D8:B2:FE:D9:CE:48:47:EA:E5:D4:09:1F:E4:8C:23:E8:15:48:F0
Certificate issuer:       /CN=A917452D/serialNumber=E4AE80372A867987BB2A0ABBE110AB804370D5E3
Certificate serial:       013E
Authority key identifier: E4:AE:80:37:2A:86:79:87:BB:2A:0A:BB:E1:10:AB:80:43:70:D5:E3
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/5K6ANyqGeYe7Kgq74RCrgENw1eM.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A917452D/AA42171E276811ED9A221730C4F9AE02/3AE1938828FB11ED8256DF33C4F9AE02.roa
Signing time:             Wed 03 Jan 2024 04:45:30 +0000
ROA not before:           Wed 03 Jan 2024 04:45:30 +0000
ROA not after:            Sun 02 Mar 2025 00:00:00 +0000
asID:                     3758
IP address blocks:        202.166.0.0/17 maxlen: 17
                          202.166.0.0/19 maxlen: 19
                          202.166.1.0/24 maxlen: 24
                          202.166.32.0/19 maxlen: 19
                          202.166.64.0/18 maxlen: 18
                          202.166.123.0/24 maxlen: 24
                          202.166.128.0/19 maxlen: 19
                          2400:d800::/30 maxlen: 30
                          2400:d800::/31 maxlen: 31
                          2400:d800::/32 maxlen: 32
                          2400:d801::/32 maxlen: 32
                          2400:d802::/31 maxlen: 31
                          2400:d802::/32 maxlen: 32
                          2400:d803::/32 maxlen: 32

Validation:               Failed, certificate revoked on Fri 23 Feb 2024 05:46:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 318 (0x13e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A917452D/serialNumber=E4AE80372A867987BB2A0ABBE110AB804370D5E3
        Validity
            Not Before: Jan  3 04:45:30 2024 GMT
            Not After : Mar  2 00:00:00 2025 GMT
        Subject: CN=6594e669-bfd5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:67:31:a1:16:d9:d8:29:83:ec:27:c1:29:24:
                    82:d3:05:b1:06:58:d0:45:67:7c:ec:70:5b:82:74:
                    69:51:d0:29:c2:ec:9e:01:fc:bb:cc:aa:4d:d2:2b:
                    6c:3f:71:5c:8b:78:e6:82:cb:e2:73:0b:b1:92:e1:
                    f8:ac:75:df:cf:4d:a3:6c:da:69:93:30:79:be:dc:
                    6d:3e:19:95:a5:2c:af:1d:04:c0:79:a8:31:5d:5d:
                    25:99:32:cb:4f:1c:c3:cf:1b:a0:1a:03:78:19:a7:
                    08:be:c2:ce:44:a7:89:07:b3:f1:4b:16:e2:88:4d:
                    f5:b2:3d:f3:65:63:a8:da:ce:eb:21:25:3b:bc:cf:
                    05:56:9f:ac:bb:3e:82:fb:a1:7d:d4:34:1c:47:44:
                    a4:c6:08:6c:4e:fb:b6:2b:80:00:84:3b:87:3a:b8:
                    af:b3:00:f7:50:38:05:46:1e:86:7b:f3:e1:60:a9:
                    e5:34:a3:e6:bc:e3:af:54:5a:23:fa:45:b9:9c:5f:
                    ce:fc:45:35:00:c9:bd:e0:64:c8:46:38:f4:aa:1f:
                    35:2c:fd:bc:3d:34:69:9a:18:dd:5f:3a:a5:98:13:
                    17:fc:ef:77:e3:f4:c2:8a:c4:dc:8a:65:60:cb:86:
                    be:b0:cd:50:09:d2:dd:8e:4f:c4:3a:85:bb:4a:37:
                    bf:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:D8:B2:FE:D9:CE:48:47:EA:E5:D4:09:1F:E4:8C:23:E8:15:48:F0
            X509v3 Authority Key Identifier:
                keyid:E4:AE:80:37:2A:86:79:87:BB:2A:0A:BB:E1:10:AB:80:43:70:D5:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A917452D/AA42171E276811ED9A221730C4F9AE02/5K6ANyqGeYe7Kgq74RCrgENw1eM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/5K6ANyqGeYe7Kgq74RCrgENw1eM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A917452D/AA42171E276811ED9A221730C4F9AE02/3AE1938828FB11ED8256DF33C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.166.0.0-202.166.159.255
                IPv6:
                  2400:d800::/30

    Signature Algorithm: sha256WithRSAEncryption
         cf:08:1b:5b:c3:0c:77:72:ab:5e:ac:4e:a1:96:4b:73:09:44:
         5a:da:24:7d:59:f0:a1:73:3c:fe:9a:c9:31:3d:93:94:6e:4e:
         07:6b:9e:2a:64:cf:ad:94:10:cd:6b:71:3a:11:ba:df:ed:ce:
         e9:9d:75:61:da:86:04:f8:98:e1:6c:ec:e2:13:bc:c2:98:8c:
         a7:aa:73:bd:60:7c:02:e2:01:f0:0c:05:60:f6:1b:0b:24:83:
         25:06:24:77:b6:27:5d:63:29:b8:03:54:89:ec:05:32:8a:d1:
         67:30:16:b3:5a:d2:ee:68:32:b6:4b:e3:34:da:b5:fc:e6:18:
         f7:89:75:99:a2:5b:aa:2a:96:fc:c5:d4:ca:24:24:df:9e:1f:
         97:49:78:c5:26:cf:06:6e:30:74:04:de:74:68:67:fd:70:49:
         be:51:82:c7:8c:ba:3c:18:57:ec:8d:66:4a:c0:79:fd:e7:e4:
         f8:72:16:9a:da:32:33:e3:2c:53:44:bb:e8:5e:b1:71:ec:66:
         b5:a3:29:e5:20:57:0e:0e:8a:fe:32:8a:7f:57:fd:2e:0f:1b:
         0d:e7:e7:09:e6:2f:44:e8:34:e0:41:2c:82:07:e7:76:49:44:
         0e:5f:a1:d1:cb:eb:c2:03:50:d7:1a:5d:69:da:b8:f5:1d:0f:
         84:9a:e4:ec
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgICAT4wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NzQ1MkQxMTAvBgNVBAUTKEU0QUU4MDM3MkE4Njc5ODdCQjJBMEFCQkUxMTBBQjgw
NDM3MEQ1RTMwHhcNMjQwMTAzMDQ0NTMwWhcNMjUwMzAyMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTk0ZTY2OS1iZmQ1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA2mcxoRbZ2CmD7CfBKSSC0wWxBljQRWd87HBbgnRpUdApwuyeAfy7zKpN0its
P3Fci3jmgsvicwuxkuH4rHXfz02jbNppkzB5vtxtPhmVpSyvHQTAeagxXV0lmTLL
TxzDzxugGgN4GacIvsLORKeJB7PxSxbiiE31sj3zZWOo2s7rISU7vM8FVp+suz6C
+6F91DQcR0SkxghsTvu2K4AAhDuHOrivswD3UDgFRh6Ge/PhYKnlNKPmvOOvVFoj
+kW5nF/O/EU1AMm94GTIRjj0qh81LP28PTRpmhjdXzqlmBMX/O934/TCisTcimVg
y4a+sM1QCdLdjk/EOoW7Sje/hQIDAQABo4ICqzCCAqcwHQYDVR0OBBYEFC3Ysv7Z
zkhH6uXUCR/kjCPoFUjwMB8GA1UdIwQYMBaAFOSugDcqhnmHuyoKu+EQq4BDcNXj
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3NDUyRC9BQTQyMTcxRTI3
NjgxMUVEOUEyMjE3MzBDNEY5QUUwMi81SzZBTnlxR2VZZTdLZ3E3NFJDcmdFTncx
ZU0uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzVLNkFOeXFHZVllN0tncTc0UkNyZ0VOdzFlTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NzQ1MkQvQUE0MjE3MUUyNzY4MTFFRDlBMjIxNzMwQzRGOUFFMDIvM0FFMTkzODgy
OEZCMTFFRDgyNTZERjMzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNQYIKwYBBQUHAQcBAf8E
JjAkMBMEAgABMA0wCwMDAcqmAwQFyqaAMA0EAgACMAcDBQIkANgAMA0GCSqGSIb3
DQEBCwUAA4IBAQDPCBtbwwx3cqterE6hlktzCURa2iR9WfChczz+mskxPZOUbk4H
a54qZM+tlBDNa3E6Ebrf7c7pnXVh2oYE+JjhbOziE7zCmIynqnO9YHwC4gHwDAVg
9hsLJIMlBiR3tiddYym4A1SJ7AUyitFnMBazWtLuaDK2S+M02rX85hj3iXWZoluq
Kpb8xdTKJCTfnh+XSXjFJs8GbjB0BN50aGf9cEm+UYLHjLo8GFfsjWZKwHn95+T4
chaa2jIz4yxTRLvoXrFx7Ga1oynlIFcODor+Mop/V/0uDxsN5+cJ5i9E6DTgQSyC
B+d2SUQOX6HRy+vCA1DXGl1p2rj1HQ+EmuTs
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:21 2024 by rpki-client on console-ams.rpki-client.org