Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A918D6BF/E361BA20A5A111E7B3A3127DC4F9AE02/958AF8C0A5FD11EF8581563AC4F9AE02.roa
File:                     958AF8C0A5FD11EF8581563AC4F9AE02.roa (raw, json)
Hash identifier:          6vh0Qt6UBU8JQx1dQlCBeiDYPpiAtUkD/nhzGEw9Ig8=
Subject key identifier:   51:6D:F6:B8:D9:BB:14:70:17:BF:AA:20:AE:23:C4:71:57:07:1D:2D
Certificate issuer:       /CN=A918D6BF/serialNumber=4E01F4FCA76DBF9295DEC61C1B32A4EE68ADFD23
Certificate serial:       1861
Authority key identifier: 4E:01:F4:FC:A7:6D:BF:92:95:DE:C6:1C:1B:32:A4:EE:68:AD:FD:23
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/TgH0_Kdtv5KV3sYcGzKk7mit_SM.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A918D6BF/E361BA20A5A111E7B3A3127DC4F9AE02/958AF8C0A5FD11EF8581563AC4F9AE02.roa
Signing time:             Mon 18 Nov 2024 22:36:43 +0000
ROA not before:           Mon 18 Nov 2024 22:36:43 +0000
ROA not after:            Fri 31 Jan 2025 00:00:00 +0000
asID:                     59256
IP address blocks:        103.39.238.0/24 maxlen: 24
                          103.39.239.0/24 maxlen: 24
                          103.39.248.0/24 maxlen: 24
                          175.111.176.0/24 maxlen: 24
                          175.111.177.0/24 maxlen: 24
                          175.111.179.0/24 maxlen: 24
                          2001:df6:9000::/48 maxlen: 48
                          2401:9cc0:200::/48 maxlen: 48

Validation:               Failed, certificate revoked on Fri 22 Nov 2024 01:24:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 6241 (0x1861)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A918D6BF/serialNumber=4E01F4FCA76DBF9295DEC61C1B32A4EE68ADFD23
        Validity
            Not Before: Nov 18 22:36:43 2024 GMT
            Not After : Jan 31 00:00:00 2025 GMT
        Subject: CN=673bc17a-038a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:75:0a:5a:3c:3c:09:ad:41:d9:08:3c:5d:65:
                    e2:8c:92:ba:4e:1b:71:29:f2:87:de:ae:6c:c7:90:
                    7b:2b:7d:f6:2a:46:04:7b:6b:8c:43:b8:e5:32:bc:
                    7e:ee:cf:8d:a1:98:8f:0c:fb:40:d5:e2:42:6f:2c:
                    07:a7:6b:52:e9:f2:cb:c7:11:7a:8e:c0:b4:1e:bf:
                    47:fb:82:bd:c0:16:be:9e:67:3f:40:12:66:ba:0b:
                    67:a2:97:07:97:0b:66:f0:9f:fa:4a:a6:79:a7:d3:
                    f3:bf:db:2a:80:94:c2:a2:c2:5d:6d:02:42:d4:cc:
                    28:11:4d:09:13:7f:51:30:17:03:83:30:cd:d1:dc:
                    bf:04:99:1c:f8:dc:b7:69:75:d8:a2:b4:5f:71:5d:
                    17:8c:91:a1:21:cb:5c:41:da:8d:44:f9:be:f3:ad:
                    fd:22:d0:7f:f6:8a:ff:f4:30:52:0d:76:53:92:ce:
                    46:f5:b0:26:08:92:7e:7d:bc:0b:36:7c:53:c1:b6:
                    a1:fa:02:51:d6:4e:ef:6e:06:ea:84:c1:bf:55:da:
                    8c:22:a0:7b:41:9a:d5:e8:8b:1f:97:b1:d8:79:da:
                    24:c5:f9:ee:c7:0f:47:8e:80:fc:3a:36:0d:2b:d6:
                    d3:6d:ac:23:87:66:53:76:89:2f:21:f1:ba:de:9c:
                    fe:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:6D:F6:B8:D9:BB:14:70:17:BF:AA:20:AE:23:C4:71:57:07:1D:2D
            X509v3 Authority Key Identifier:
                keyid:4E:01:F4:FC:A7:6D:BF:92:95:DE:C6:1C:1B:32:A4:EE:68:AD:FD:23

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A918D6BF/E361BA20A5A111E7B3A3127DC4F9AE02/TgH0_Kdtv5KV3sYcGzKk7mit_SM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/TgH0_Kdtv5KV3sYcGzKk7mit_SM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918D6BF/E361BA20A5A111E7B3A3127DC4F9AE02/958AF8C0A5FD11EF8581563AC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.39.238.0/23
                  103.39.248.0/24
                  175.111.176.0/23
                  175.111.179.0/24
                IPv6:
                  2001:df6:9000::/48
                  2401:9cc0:200::/48

    Signature Algorithm: sha256WithRSAEncryption
         4a:2a:7b:79:7d:0a:2a:b5:89:2b:c5:f6:ac:d1:1c:08:38:91:
         08:c0:33:dc:61:c2:88:e9:0c:bf:4c:9b:f7:00:4d:5a:f4:87:
         e8:d9:07:a9:04:fa:8a:6e:ea:ae:b0:7c:50:d2:5e:2e:5c:cd:
         8a:28:9a:da:e6:32:c5:5c:6d:71:51:aa:32:e6:ff:73:96:01:
         70:9f:ca:a6:13:46:9c:ea:8c:b4:95:1c:f6:60:b5:96:bc:7a:
         d6:a9:af:05:a1:5c:45:a4:87:91:c6:f3:94:86:d2:a3:ba:58:
         5f:1f:fd:3d:8c:dd:62:af:a0:b8:dd:4d:8a:a2:b9:38:e4:5e:
         c6:9c:79:a4:fa:d5:a9:02:bf:d3:60:ff:78:9b:6f:81:d5:1b:
         2e:c0:20:12:bf:68:00:dd:07:be:b0:bc:14:54:54:0a:98:4d:
         ba:ea:62:35:12:5b:cf:b0:b1:50:9b:c3:43:0c:81:0b:03:27:
         3c:de:d0:6f:d2:14:f5:e5:56:90:50:4a:7e:f6:2b:70:93:f2:
         d6:a2:65:a8:4b:0d:6e:44:5b:a1:76:77:03:97:84:a2:40:ed:
         f5:69:bd:b6:e4:48:17:9c:83:59:35:5c:c1:ed:5d:b6:96:d6:
         d9:62:6e:69:23:8f:35:75:cf:0b:c3:24:45:89:11:73:5e:c6:
         be:de:1d:a7
-----BEGIN CERTIFICATE-----
MIIFnTCCBIWgAwIBAgICGGEwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OEQ2QkYxMTAvBgNVBAUTKDRFMDFGNEZDQTc2REJGOTI5NURFQzYxQzFCMzJBNEVF
NjhBREZEMjMwHhcNMjQxMTE4MjIzNjQzWhcNMjUwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzNiYzE3YS0wMzhhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAzHUKWjw8Ca1B2Qg8XWXijJK6ThtxKfKH3q5sx5B7K332KkYEe2uMQ7jlMrx+
7s+NoZiPDPtA1eJCbywHp2tS6fLLxxF6jsC0Hr9H+4K9wBa+nmc/QBJmugtnopcH
lwtm8J/6SqZ5p9Pzv9sqgJTCosJdbQJC1MwoEU0JE39RMBcDgzDN0dy/BJkc+Ny3
aXXYorRfcV0XjJGhIctcQdqNRPm+8639ItB/9or/9DBSDXZTks5G9bAmCJJ+fbwL
NnxTwbah+gJR1k7vbgbqhMG/VdqMIqB7QZrV6Isfl7HYedokxfnuxw9HjoD8OjYN
K9bTbawjh2ZTdokvIfG63pz+RQIDAQABo4ICwTCCAr0wHQYDVR0OBBYEFFFt9rjZ
uxRwF7+qIK4jxHFXBx0tMB8GA1UdIwQYMBaAFE4B9Pynbb+Sld7GHBsypO5orf0j
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4RDZCRi9FMzYxQkEyMEE1
QTExMUU3QjNBMzEyN0RDNEY5QUUwMi9UZ0gwX0tkdHY1S1Yzc1ljR3pLazdtaXRf
U00uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1RnSDBfS2R0djVLVjNzWWNHektrN21pdF9TTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OEQ2QkYvRTM2MUJBMjBBNUExMTFFN0IzQTMxMjdEQzRGOUFFMDIvOTU4QUY4QzBB
NUZEMTFFRjg1ODE1NjNBQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwSwYIKwYBBQUHAQcBAf8E
PDA6MB4EAgABMBgDBAFnJ+4DBABnJ/gDBAGvb7ADBACvb7MwGAQCAAIwEgMHACAB
DfaQAAMHACQBnMACADANBgkqhkiG9w0BAQsFAAOCAQEASip7eX0KKrWJK8X2rNEc
CDiRCMAz3GHCiOkMv0yb9wBNWvSH6NkHqQT6im7qrrB8UNJeLlzNiiia2uYyxVxt
cVGqMub/c5YBcJ/KphNGnOqMtJUc9mC1lrx61qmvBaFcRaSHkcbzlIbSo7pYXx/9
PYzdYq+guN1NiqK5OORexpx5pPrVqQK/02D/eJtvgdUbLsAgEr9oAN0HvrC8FFRU
CphNuupiNRJbz7CxUJvDQwyBCwMnPN7Qb9IU9eVWkFBKfvYrcJPy1qJlqEsNbkRb
oXZ3A5eEokDt9Wm9tuRIF5yDWTVcwe1dtpbW2WJuaSOPNXXPC8MkRYkRc17Gvt4d
pw==
-----END CERTIFICATE-----