Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A917BEA7/044F6448116811EEAC63C234C4F9AE02/D28C695E26B811EEB136CF1CC4F9AE02.roa
File:                     D28C695E26B811EEB136CF1CC4F9AE02.roa (raw, json)
Hash identifier:          TQ9rigQ0SxZI7ZrVyIT1olaPnpbL1RxlJJXnR/t3D1w=
Subject key identifier:   D2:4E:96:68:69:F3:53:C4:73:0F:9C:C6:BE:67:CD:7D:A8:CD:79:E5
Certificate issuer:       /CN=A917BEA7/serialNumber=0B8D638FFD38B1F77E48E1BB5DF29929CE7D78B5
Certificate serial:       41
Authority key identifier: 0B:8D:63:8F:FD:38:B1:F7:7E:48:E1:BB:5D:F2:99:29:CE:7D:78:B5
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/C41jj_04sfd-SOG7XfKZKc59eLU.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A917BEA7/044F6448116811EEAC63C234C4F9AE02/D28C695E26B811EEB136CF1CC4F9AE02.roa
Signing time:             Thu 28 Sep 2023 17:22:15 +0000
ROA not before:           Thu 28 Sep 2023 17:22:15 +0000
ROA not after:            Mon 30 Sep 2024 00:00:00 +0000
asID:                     151419
IP address blocks:        103.158.116.0/24 maxlen: 24
                          2401:e60:1::/48 maxlen: 48
                          2401:e60:2::/48 maxlen: 48

Validation:               Failed, certificate revoked on Fri 03 Nov 2023 05:44:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 65 (0x41)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A917BEA7/serialNumber=0B8D638FFD38B1F77E48E1BB5DF29929CE7D78B5
        Validity
            Not Before: Sep 28 17:22:15 2023 GMT
            Not After : Sep 30 00:00:00 2024 GMT
        Subject: CN=6515b646-91b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:6a:47:46:43:d0:38:02:69:48:57:3e:ed:66:
                    ef:c9:d4:30:fe:73:42:64:18:69:4b:de:ec:ee:45:
                    97:b1:74:b3:56:69:8f:fe:ea:96:51:04:69:09:92:
                    83:47:cb:5e:df:16:30:23:38:64:a6:70:c6:27:20:
                    a9:08:e8:db:47:39:44:19:38:54:a2:b4:92:dd:72:
                    e0:ea:1c:59:e0:fc:8f:31:70:30:3d:c0:9a:9a:8b:
                    d1:0a:77:3d:a7:b1:6e:26:9e:c0:b7:b8:66:9b:36:
                    47:cb:3a:10:4d:15:64:34:bc:fb:f3:ff:83:99:cc:
                    71:85:92:12:92:08:4e:8b:57:42:5e:14:c7:67:9a:
                    cd:1b:5b:8a:12:b7:cb:a3:a4:0f:38:b8:0d:a7:50:
                    a5:95:17:fa:32:3c:17:ec:29:81:52:37:47:52:72:
                    3b:72:87:dc:2a:c1:9c:ee:07:e3:19:1b:37:bc:13:
                    46:d5:81:1a:f4:78:20:fb:36:3a:18:65:81:b6:ea:
                    b8:52:b6:d7:de:a0:1b:83:f0:15:9d:27:a8:86:1c:
                    6b:55:1f:bf:5e:a9:a5:62:e7:76:af:c6:ec:b9:9a:
                    ca:07:a2:76:49:3c:d7:4b:b2:45:3e:f7:8a:82:83:
                    c0:1f:55:f5:19:42:fc:1f:b3:95:b7:80:8f:75:fc:
                    2b:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:4E:96:68:69:F3:53:C4:73:0F:9C:C6:BE:67:CD:7D:A8:CD:79:E5
            X509v3 Authority Key Identifier:
                keyid:0B:8D:63:8F:FD:38:B1:F7:7E:48:E1:BB:5D:F2:99:29:CE:7D:78:B5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A917BEA7/044F6448116811EEAC63C234C4F9AE02/C41jj_04sfd-SOG7XfKZKc59eLU.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/C41jj_04sfd-SOG7XfKZKc59eLU.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A917BEA7/044F6448116811EEAC63C234C4F9AE02/D28C695E26B811EEB136CF1CC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.158.116.0/24
                IPv6:
                  2401:e60:1::-2401:e60:2:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         a8:3a:de:38:d8:d0:a9:96:9e:ca:a5:39:7c:f7:4e:76:78:a4:
         f0:2d:69:df:64:de:f6:6c:c3:6f:24:6d:46:58:2d:cb:fc:e5:
         96:44:13:bc:9e:95:c0:cb:3f:24:85:fe:ab:c2:4c:d4:10:26:
         24:f3:7a:5c:e5:0d:35:89:2d:3c:94:ea:02:96:9f:12:8b:28:
         0a:9d:b6:62:a7:4b:95:48:d3:ce:4d:49:c7:39:15:57:14:03:
         87:26:86:06:91:ad:88:d8:d6:85:13:05:10:b9:44:34:84:a9:
         06:74:0c:96:eb:72:0b:16:9a:2a:66:86:15:02:cc:51:25:ef:
         85:6d:78:f6:7d:95:bc:37:f3:66:9b:8f:f4:57:3d:ea:87:4b:
         e3:c1:5b:f1:7f:3c:fa:aa:24:fe:40:fb:44:51:d7:ff:1d:94:
         73:89:27:a5:af:ce:27:cc:41:f6:6b:11:8d:ce:4b:58:bf:9a:
         7a:14:b5:01:b9:fd:92:72:35:c0:3a:8f:7b:92:8c:00:54:81:
         5f:e8:70:63:00:f3:5f:7b:64:90:c2:24:b9:b5:19:b6:80:1a:
         53:e7:90:51:84:16:59:00:f0:97:75:11:05:3c:55:d9:99:bc:
         64:ac:f2:a2:53:e9:3b:9f:bc:95:b2:bc:d2:90:10:f9:e1:cf:
         54:0c:63:d7
-----BEGIN CERTIFICATE-----
MIIFjDCCBHSgAwIBAgIBQTANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTE3
QkVBNzExMC8GA1UEBRMoMEI4RDYzOEZGRDM4QjFGNzdFNDhFMUJCNURGMjk5MjlD
RTdENzhCNTAeFw0yMzA5MjgxNzIyMTVaFw0yNDA5MzAwMDAwMDBaMBgxFjAUBgNV
BAMTDTY1MTViNjQ2LTkxYjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDjakdGQ9A4AmlIVz7tZu/J1DD+c0JkGGlL3uzuRZexdLNWaY/+6pZRBGkJkoNH
y17fFjAjOGSmcMYnIKkI6NtHOUQZOFSitJLdcuDqHFng/I8xcDA9wJqai9EKdz2n
sW4mnsC3uGabNkfLOhBNFWQ0vPvz/4OZzHGFkhKSCE6LV0JeFMdnms0bW4oSt8uj
pA84uA2nUKWVF/oyPBfsKYFSN0dScjtyh9wqwZzuB+MZGze8E0bVgRr0eCD7NjoY
ZYG26rhSttfeoBuD8BWdJ6iGHGtVH79eqaVi53avxuy5msoHonZJPNdLskU+94qC
g8AfVfUZQvwfs5W3gI91/CuxAgMBAAGjggKxMIICrTAdBgNVHQ4EFgQU0k6WaGnz
U8RzD5zGvmfNfajNeeUwHwYDVR0jBBgwFoAUC41jj/04sfd+SOG7XfKZKc59eLUw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTdCRUE3LzA0NEY2NDQ4MTE2
ODExRUVBQzYzQzIzNEM0RjlBRTAyL0M0MWpqXzA0c2ZkLVNPRzdYZktaS2M1OWVM
VS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvQzQxampfMDRzZmQtU09HN1hmS1pLYzU5ZUxVLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3
QkVBNy8wNDRGNjQ0ODExNjgxMUVFQUM2M0MyMzRDNEY5QUUwMi9EMjhDNjk1RTI2
QjgxMUVFQjEzNkNGMUNDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDA7BggrBgEFBQcBBwEB/wQs
MCowDAQCAAEwBgMEAGeedDAaBAIAAjAUMBIDBwAkAQ5gAAEDBwAkAQ5gAAIwDQYJ
KoZIhvcNAQELBQADggEBAKg63jjY0KmWnsqlOXz3TnZ4pPAtad9k3vZsw28kbUZY
Lcv85ZZEE7yelcDLPySF/qvCTNQQJiTzelzlDTWJLTyU6gKWnxKLKAqdtmKnS5VI
085NScc5FVcUA4cmhgaRrYjY1oUTBRC5RDSEqQZ0DJbrcgsWmipmhhUCzFEl74Vt
ePZ9lbw382abj/RXPeqHS+PBW/F/PPqqJP5A+0RR1/8dlHOJJ6WvzifMQfZrEY3O
S1i/mnoUtQG5/ZJyNcA6j3uSjABUgV/ocGMA8197ZJDCJLm1GbaAGlPnkFGEFlkA
8Jd1EQU8VdmZvGSs8qJT6TufvJWyvNKQEPnhz1QMY9c=
-----END CERTIFICATE-----