Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A918D6BF/E361BA20A5A111E7B3A3127DC4F9AE02/AD943A42A59B11EF92D3341FC4F9AE02.roa
File:                     AD943A42A59B11EF92D3341FC4F9AE02.roa (raw, json)
Hash identifier:          HH05g/+HJvHXaJfOXcDGr2PD0VKijbeB4Ab3ScK41ro=
Subject key identifier:   51:93:83:67:27:97:32:EA:E2:7C:FD:DC:BE:9A:3A:E0:FE:02:99:3E
Certificate issuer:       /CN=A918D6BF/serialNumber=4E01F4FCA76DBF9295DEC61C1B32A4EE68ADFD23
Certificate serial:       185A
Authority key identifier: 4E:01:F4:FC:A7:6D:BF:92:95:DE:C6:1C:1B:32:A4:EE:68:AD:FD:23
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/TgH0_Kdtv5KV3sYcGzKk7mit_SM.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A918D6BF/E361BA20A5A111E7B3A3127DC4F9AE02/AD943A42A59B11EF92D3341FC4F9AE02.roa
Signing time:             Mon 18 Nov 2024 10:55:52 +0000
ROA not before:           Mon 18 Nov 2024 10:55:52 +0000
ROA not after:            Fri 31 Jan 2025 00:00:00 +0000
asID:                     59256
IP address blocks:        103.39.239.0/24 maxlen: 24
                          103.39.248.0/24 maxlen: 24
                          103.243.239.0/24 maxlen: 24
                          175.111.176.0/24 maxlen: 24
                          175.111.177.0/24 maxlen: 24
                          175.111.179.0/24 maxlen: 24
                          2001:df6:9000::/48 maxlen: 48
                          2401:9cc0:200::/48 maxlen: 48

Validation:               Failed, certificate revoked on Mon 18 Nov 2024 22:36:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 6234 (0x185a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A918D6BF/serialNumber=4E01F4FCA76DBF9295DEC61C1B32A4EE68ADFD23
        Validity
            Not Before: Nov 18 10:55:52 2024 GMT
            Not After : Jan 31 00:00:00 2025 GMT
        Subject: CN=673b1d38-02c1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fa:ad:60:a4:47:d1:26:cf:f6:13:ca:74:fc:5d:
                    e6:e1:c4:f5:0e:d3:c1:12:b4:56:c6:64:7d:6b:5b:
                    ac:e6:a5:5d:fb:9a:08:4d:6e:3c:04:a9:81:17:fc:
                    5c:4f:7a:64:f3:45:d0:b4:b1:df:80:46:95:9a:5a:
                    05:da:60:6e:7a:70:83:2a:8f:10:40:fe:b4:8f:df:
                    c0:66:d4:ed:ea:bd:dd:0e:27:3e:77:04:b2:1e:36:
                    58:cb:ab:f8:6c:52:d5:01:6e:36:85:3c:e7:66:10:
                    46:18:1f:55:98:61:f3:1c:cc:4b:ca:c9:39:b5:10:
                    ec:a1:86:dd:13:61:7b:17:29:ad:e2:ad:af:21:05:
                    cd:cd:9d:f6:1c:05:46:4e:01:52:67:02:2a:0e:66:
                    6b:e6:cf:92:38:40:73:aa:15:7d:20:d0:95:b8:08:
                    98:4b:75:7f:cf:be:4c:1e:65:10:77:3d:29:6e:69:
                    3c:7f:1d:25:d9:67:ae:3f:9d:5f:1f:4a:25:4b:38:
                    fe:f8:62:86:d6:87:ff:1c:01:b9:2a:aa:63:a6:09:
                    a8:bb:f9:d7:c1:69:4d:3b:f4:62:6b:4b:69:93:e0:
                    ed:91:33:b8:38:3a:ce:45:c6:ad:29:f5:1f:18:f6:
                    df:42:3d:81:3a:00:3e:f7:1a:31:5b:69:90:86:61:
                    89:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:93:83:67:27:97:32:EA:E2:7C:FD:DC:BE:9A:3A:E0:FE:02:99:3E
            X509v3 Authority Key Identifier:
                keyid:4E:01:F4:FC:A7:6D:BF:92:95:DE:C6:1C:1B:32:A4:EE:68:AD:FD:23

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A918D6BF/E361BA20A5A111E7B3A3127DC4F9AE02/TgH0_Kdtv5KV3sYcGzKk7mit_SM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/TgH0_Kdtv5KV3sYcGzKk7mit_SM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918D6BF/E361BA20A5A111E7B3A3127DC4F9AE02/AD943A42A59B11EF92D3341FC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.39.239.0/24
                  103.39.248.0/24
                  103.243.239.0/24
                  175.111.176.0/23
                  175.111.179.0/24
                IPv6:
                  2001:df6:9000::/48
                  2401:9cc0:200::/48

    Signature Algorithm: sha256WithRSAEncryption
         62:c4:2e:b2:55:6a:e5:a4:f7:78:0f:e0:ec:bb:38:42:ef:ed:
         f2:be:ea:25:a1:21:1f:a0:81:71:a6:a2:69:fb:32:36:56:b7:
         5a:f0:40:c4:52:10:c6:3c:73:17:0e:34:17:a8:cd:55:a3:da:
         4f:03:c6:03:64:a5:69:7e:7f:b8:89:68:f3:ab:b1:9c:c0:7c:
         b7:b7:4f:2c:dc:cf:d9:b0:15:9c:0d:0b:65:9b:c7:5a:40:20:
         76:9c:e5:00:06:ca:4e:c3:8e:c0:f0:e5:b0:c2:77:a8:d4:3d:
         02:2e:64:b4:0d:ba:43:45:0a:f5:24:ed:3e:54:2b:74:61:01:
         bc:fe:e4:11:3b:e3:1d:a3:41:51:da:e5:60:67:21:9a:8e:48:
         1a:fa:e8:23:36:01:80:b0:dd:09:8a:6a:b6:c4:9b:44:b6:35:
         d9:69:7d:89:1c:c8:e4:47:a2:2c:52:b9:d4:85:4f:57:3d:2b:
         c5:9b:99:62:b9:69:32:fe:2f:72:f4:9e:56:86:c5:5d:be:3b:
         9d:90:12:f5:6e:a5:54:03:9c:a8:ae:a8:42:cb:b0:ed:36:15:
         fb:ba:c1:65:1a:3b:7f:c4:9a:f3:e9:57:d7:1e:a2:ef:18:f1:
         2c:21:0f:3f:46:7a:76:c3:0d:69:1a:ed:33:ee:00:c5:cc:d2:
         b2:78:a4:0f
-----BEGIN CERTIFICATE-----
MIIFozCCBIugAwIBAgICGFowDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OEQ2QkYxMTAvBgNVBAUTKDRFMDFGNEZDQTc2REJGOTI5NURFQzYxQzFCMzJBNEVF
NjhBREZEMjMwHhcNMjQxMTE4MTA1NTUyWhcNMjUwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzNiMWQzOC0wMmMxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA+q1gpEfRJs/2E8p0/F3m4cT1DtPBErRWxmR9a1us5qVd+5oITW48BKmBF/xc
T3pk80XQtLHfgEaVmloF2mBuenCDKo8QQP60j9/AZtTt6r3dDic+dwSyHjZYy6v4
bFLVAW42hTznZhBGGB9VmGHzHMxLysk5tRDsoYbdE2F7Fymt4q2vIQXNzZ32HAVG
TgFSZwIqDmZr5s+SOEBzqhV9INCVuAiYS3V/z75MHmUQdz0pbmk8fx0l2WeuP51f
H0olSzj++GKG1of/HAG5Kqpjpgmou/nXwWlNO/Ria0tpk+DtkTO4ODrORcatKfUf
GPbfQj2BOgA+9xoxW2mQhmGJxQIDAQABo4ICxzCCAsMwHQYDVR0OBBYEFFGTg2cn
lzLq4nz93L6aOuD+Apk+MB8GA1UdIwQYMBaAFE4B9Pynbb+Sld7GHBsypO5orf0j
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4RDZCRi9FMzYxQkEyMEE1
QTExMUU3QjNBMzEyN0RDNEY5QUUwMi9UZ0gwX0tkdHY1S1Yzc1ljR3pLazdtaXRf
U00uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1RnSDBfS2R0djVLVjNzWWNHektrN21pdF9TTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OEQ2QkYvRTM2MUJBMjBBNUExMTFFN0IzQTMxMjdEQzRGOUFFMDIvQUQ5NDNBNDJB
NTlCMTFFRjkyRDMzNDFGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwUQYIKwYBBQUHAQcBAf8E
QjBAMCQEAgABMB4DBABnJ+8DBABnJ/gDBABn8+8DBAGvb7ADBACvb7MwGAQCAAIw
EgMHACABDfaQAAMHACQBnMACADANBgkqhkiG9w0BAQsFAAOCAQEAYsQuslVq5aT3
eA/g7Ls4Qu/t8r7qJaEhH6CBcaaiafsyNla3WvBAxFIQxjxzFw40F6jNVaPaTwPG
A2SlaX5/uIlo86uxnMB8t7dPLNzP2bAVnA0LZZvHWkAgdpzlAAbKTsOOwPDlsMJ3
qNQ9Ai5ktA26Q0UK9STtPlQrdGEBvP7kETvjHaNBUdrlYGchmo5IGvroIzYBgLDd
CYpqtsSbRLY12Wl9iRzI5EeiLFK51IVPVz0rxZuZYrlpMv4vcvSeVobFXb47nZAS
9W6lVAOcqK6oQsuw7TYV+7rBZRo7f8Sa8+lX1x6i7xjxLCEPP0Z6dsMNaRrtM+4A
xczSsnikDw==
-----END CERTIFICATE-----