Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A917E951/6F49B992DB7111ED9503D85DC4F9AE02/31E35CC6DB7511EDAD640D60C4F9AE02.roa
File:                     31E35CC6DB7511EDAD640D60C4F9AE02.roa (raw, json)
Hash identifier:          fsT4LJ08qLpXrQo3ydVhy7ly7rIXa3M0wHYomzVi6Z8=
Subject key identifier:   24:8A:0B:2B:97:82:CD:E3:15:51:36:7F:18:CE:EE:69:21:44:68:B5
Certificate issuer:       /CN=A917E951/serialNumber=1A0F786F11B8E17D45DE1EDCE61E1600DD4930A4
Certificate serial:       02
Authority key identifier: 1A:0F:78:6F:11:B8:E1:7D:45:DE:1E:DC:E6:1E:16:00:DD:49:30:A4
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Gg94bxG44X1F3h7c5h4WAN1JMKQ.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A917E951/6F49B992DB7111ED9503D85DC4F9AE02/31E35CC6DB7511EDAD640D60C4F9AE02.roa
Signing time:             Sat 15 Apr 2023 10:06:32 +0000
ROA not before:           Sat 15 Apr 2023 10:06:32 +0000
ROA not after:            Tue 30 Jul 2024 00:00:00 +0000
asID:                     151183
IP address blocks:        103.131.102.0/23 maxlen: 23
                          103.131.102.0/24 maxlen: 24
                          103.131.103.0/24 maxlen: 24
                          2001:df2:43c0::/48 maxlen: 48

Validation:               Failed, certificate revoked on Sat 15 Apr 2023 11:26:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A917E951/serialNumber=1A0F786F11B8E17D45DE1EDCE61E1600DD4930A4
        Validity
            Not Before: Apr 15 10:06:32 2023 GMT
            Not After : Jul 30 00:00:00 2024 GMT
        Subject: CN=643a7727-fe3f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:67:34:ba:c5:e6:e4:f8:b8:69:4c:3d:88:65:
                    b0:77:50:89:db:05:5d:5f:0b:27:70:e3:0d:74:d2:
                    d2:1c:e4:35:3e:a5:77:f9:23:95:6c:3f:cf:b9:5b:
                    35:8d:75:73:90:87:6a:b0:f1:87:65:1d:02:58:b5:
                    40:ba:aa:84:93:25:31:66:67:c1:3d:35:18:23:ce:
                    b1:ac:c8:76:f3:e8:02:99:b9:0d:b3:3f:e0:99:d7:
                    80:3d:9a:5e:3a:68:b7:1f:f7:57:d4:36:9d:cf:c2:
                    1d:e1:67:ef:65:89:0b:62:b3:c5:a7:fb:c1:dc:9d:
                    3e:42:46:fe:58:f5:24:93:d2:7f:ee:3d:d4:2a:6f:
                    1a:47:41:e7:13:40:12:46:be:19:70:e4:b1:b4:61:
                    a0:3b:8f:e2:95:10:ee:02:6d:e2:0b:66:88:2d:af:
                    d7:e8:4d:22:2a:6c:d0:51:97:12:7d:a2:ac:ed:4c:
                    37:7b:b3:1f:06:00:c4:af:79:6a:d8:27:77:e0:6d:
                    4d:1c:cc:90:53:b4:74:cb:e5:75:23:e8:bd:ea:a9:
                    0f:1e:b0:69:19:c0:f0:03:e1:1e:a1:b6:37:14:a8:
                    97:40:b2:cc:75:01:75:4a:5c:b9:d2:a6:0a:43:9a:
                    24:8a:78:47:7e:19:3c:b5:38:1c:9b:89:1d:af:96:
                    06:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:8A:0B:2B:97:82:CD:E3:15:51:36:7F:18:CE:EE:69:21:44:68:B5
            X509v3 Authority Key Identifier:
                keyid:1A:0F:78:6F:11:B8:E1:7D:45:DE:1E:DC:E6:1E:16:00:DD:49:30:A4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A917E951/6F49B992DB7111ED9503D85DC4F9AE02/Gg94bxG44X1F3h7c5h4WAN1JMKQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Gg94bxG44X1F3h7c5h4WAN1JMKQ.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A917E951/6F49B992DB7111ED9503D85DC4F9AE02/31E35CC6DB7511EDAD640D60C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.131.102.0/23
                IPv6:
                  2001:df2:43c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         80:cf:d0:a0:2c:2d:27:da:13:41:ae:0d:ac:b7:42:39:5a:6d:
         ba:21:86:5f:87:bc:1e:3f:72:14:17:87:51:7c:2d:40:ca:3c:
         21:d8:ff:d7:5f:77:e4:3d:7d:4c:b5:77:2c:aa:75:29:5b:2a:
         e5:e6:1a:ab:20:a6:13:33:0c:db:eb:44:bf:3c:97:e2:09:9d:
         c7:a8:71:4f:4d:ff:20:e1:b8:e2:72:8f:d9:83:7d:bb:38:cb:
         2a:0e:ca:fc:ed:82:cd:b2:50:d7:43:46:cc:2b:ab:98:9e:af:
         02:d0:f8:99:1a:36:3c:85:78:a7:d3:ac:f6:6a:b4:24:bb:2a:
         ef:97:3d:3c:b0:28:22:77:e3:dc:36:59:3b:d1:76:f7:bb:e7:
         55:78:b9:ea:40:1d:31:7e:88:a8:db:a6:be:96:fb:72:db:b3:
         fe:ff:5b:2a:e2:0d:76:e8:1f:3c:4c:87:5f:2b:48:cd:89:42:
         ea:01:81:bf:64:e8:9d:7d:3c:30:d9:ba:24:d3:ef:16:c7:ef:
         a7:68:3e:14:bd:9e:c0:f4:e5:e2:13:16:46:9b:e1:06:1b:29:
         39:c0:17:96:7d:29:cd:8a:0e:29:8e:d4:fa:b5:7f:42:98:0a:
         8f:96:e7:27:6b:b0:71:02:92:28:3e:2a:fc:21:52:ef:a5:a9:
         fa:69:09:20
-----BEGIN CERTIFICATE-----
MIIFgTCCBGmgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTE3
RTk1MTExMC8GA1UEBRMoMUEwRjc4NkYxMUI4RTE3RDQ1REUxRURDRTYxRTE2MDBE
RDQ5MzBBNDAeFw0yMzA0MTUxMDA2MzJaFw0yNDA3MzAwMDAwMDBaMBgxFjAUBgNV
BAMTDTY0M2E3NzI3LWZlM2YwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDEZzS6xebk+LhpTD2IZbB3UInbBV1fCydw4w100tIc5DU+pXf5I5VsP8+5WzWN
dXOQh2qw8YdlHQJYtUC6qoSTJTFmZ8E9NRgjzrGsyHbz6AKZuQ2zP+CZ14A9ml46
aLcf91fUNp3Pwh3hZ+9liQtis8Wn+8HcnT5CRv5Y9SST0n/uPdQqbxpHQecTQBJG
vhlw5LG0YaA7j+KVEO4CbeILZogtr9foTSIqbNBRlxJ9oqztTDd7sx8GAMSveWrY
J3fgbU0czJBTtHTL5XUj6L3qqQ8esGkZwPAD4R6htjcUqJdAssx1AXVKXLnSpgpD
miSKeEd+GTy1OBybiR2vlgZ9AgMBAAGjggKmMIICojAdBgNVHQ4EFgQUJIoLK5eC
zeMVUTZ/GM7uaSFEaLUwHwYDVR0jBBgwFoAUGg94bxG44X1F3h7c5h4WAN1JMKQw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTdFOTUxLzZGNDlCOTkyREI3
MTExRUQ5NTAzRDg1REM0RjlBRTAyL0dnOTRieEc0NFgxRjNoN2M1aDRXQU4xSk1L
US5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvR2c5NGJ4RzQ0WDFGM2g3YzVoNFdBTjFKTUtRLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3
RTk1MS82RjQ5Qjk5MkRCNzExMUVEOTUwM0Q4NURDNEY5QUUwMi8zMUUzNUNDNkRC
NzUxMUVEQUQ2NDBENjBDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAwBggrBgEFBQcBBwEB/wQh
MB8wDAQCAAEwBgMEAWeDZjAPBAIAAjAJAwcAIAEN8kPAMA0GCSqGSIb3DQEBCwUA
A4IBAQCAz9CgLC0n2hNBrg2st0I5Wm26IYZfh7weP3IUF4dRfC1Ayjwh2P/XX3fk
PX1MtXcsqnUpWyrl5hqrIKYTMwzb60S/PJfiCZ3HqHFPTf8g4bjico/Zg327OMsq
Dsr87YLNslDXQ0bMK6uYnq8C0PiZGjY8hXin06z2arQkuyrvlz08sCgid+PcNlk7
0Xb3u+dVeLnqQB0xfoio26a+lvty27P+/1sq4g126B88TIdfK0jNiULqAYG/ZOid
fTww2bok0+8Wx++naD4UvZ7A9OXiExZGm+EGGyk5wBeWfSnNig4pjtT6tX9CmAqP
lucna7BxApIoPir8IVLvpan6aQkg
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:13 2024 by rpki-client on console-fra.rpki-client.org