Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A918FC75/3AA5DEE0DD5811EC870FC20DC4F9AE02/2D4253164D0D11EE8FACD076C4F9AE02.roa
File:                     2D4253164D0D11EE8FACD076C4F9AE02.roa (raw, json)
Hash identifier:          tB9JS/Vt7+2YDr1tLoin+waq/vlha01KTY4NjgfWLcE=
Subject key identifier:   29:46:96:F6:0A:5E:98:FC:AB:CC:1A:38:7C:AE:FF:0B:CE:3F:AF:44
Certificate issuer:       /CN=A918FC75/serialNumber=482E5A6E0896A266A91A4066C06F4B4ED984649D
Certificate serial:       026D
Authority key identifier: 48:2E:5A:6E:08:96:A2:66:A9:1A:40:66:C0:6F:4B:4E:D9:84:64:9D
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/SC5abgiWomapGkBmwG9LTtmEZJ0.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A918FC75/3AA5DEE0DD5811EC870FC20DC4F9AE02/2D4253164D0D11EE8FACD076C4F9AE02.roa
Signing time:             Thu 21 Sep 2023 00:18:42 +0000
ROA not before:           Thu 21 Sep 2023 00:18:42 +0000
ROA not after:            Sat 31 Aug 2024 00:00:00 +0000
asID:                     9443
IP address blocks:        203.32.7.0/24 maxlen: 24
                          203.32.22.0/24 maxlen: 24
                          203.32.25.0/24 maxlen: 24
                          203.32.26.0/24 maxlen: 24
                          203.32.28.0/24 maxlen: 24
                          203.32.32.0/24 maxlen: 24
                          203.32.40.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 21 Sep 2023 22:43:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 621 (0x26d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A918FC75/serialNumber=482E5A6E0896A266A91A4066C06F4B4ED984649D
        Validity
            Not Before: Sep 21 00:18:42 2023 GMT
            Not After : Aug 31 00:00:00 2024 GMT
        Subject: CN=650b8be2-d25d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:e3:50:6a:5c:5a:c3:40:7a:f0:29:6a:80:c2:
                    5e:17:f0:88:fe:19:b2:cc:75:a2:3b:cb:5a:9b:3b:
                    17:10:be:83:a1:14:36:73:5f:e4:e7:58:89:71:56:
                    76:b0:93:dc:3e:f5:06:76:6b:48:33:34:ca:a8:1f:
                    b9:bf:54:11:94:78:9a:79:38:b5:cb:b3:22:2f:d3:
                    ed:60:a3:ae:71:df:41:86:a5:6c:44:b0:2a:eb:a2:
                    17:8b:2d:49:3a:f3:ab:54:fa:7f:02:cf:94:97:f5:
                    fb:cf:18:36:7d:1e:3b:c4:f6:b2:10:bb:10:82:3f:
                    08:ae:6b:14:9b:a7:d6:a3:6f:b8:e3:54:80:d9:c9:
                    e0:c4:d0:aa:67:50:e1:26:ea:d4:57:bd:e8:79:d9:
                    7a:3c:6b:4c:f5:b5:58:37:c1:3f:39:65:a8:63:b7:
                    98:b0:bb:c9:1b:a7:f9:21:2b:5f:ce:8e:f6:81:76:
                    55:fd:52:a7:6f:51:83:44:ce:0c:6c:84:fb:7c:b2:
                    cf:1e:e8:71:15:84:17:40:52:eb:4a:27:97:4d:8a:
                    72:b0:57:91:22:ca:7e:0e:a5:39:90:06:26:39:f1:
                    61:94:7d:3a:4b:3f:f1:93:b8:d1:3d:c1:35:11:10:
                    af:1e:73:5a:5a:e7:60:03:ca:0a:ab:01:18:dc:8f:
                    85:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:46:96:F6:0A:5E:98:FC:AB:CC:1A:38:7C:AE:FF:0B:CE:3F:AF:44
            X509v3 Authority Key Identifier:
                keyid:48:2E:5A:6E:08:96:A2:66:A9:1A:40:66:C0:6F:4B:4E:D9:84:64:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A918FC75/3AA5DEE0DD5811EC870FC20DC4F9AE02/SC5abgiWomapGkBmwG9LTtmEZJ0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/SC5abgiWomapGkBmwG9LTtmEZJ0.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918FC75/3AA5DEE0DD5811EC870FC20DC4F9AE02/2D4253164D0D11EE8FACD076C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.32.7.0/24
                  203.32.22.0/24
                  203.32.25.0-203.32.26.255
                  203.32.28.0/24
                  203.32.32.0/24
                  203.32.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:76:4f:a2:95:65:ce:de:17:1b:e8:56:25:07:34:94:3b:28:
         3a:b9:df:03:c8:22:58:74:75:74:87:8c:2c:ab:bf:00:97:be:
         2c:f3:e2:32:35:01:69:d1:06:65:e2:a5:e9:ce:8b:48:35:c5:
         37:e1:88:2b:fe:9a:19:2d:30:85:b8:07:e7:ab:6f:2d:8b:5e:
         56:6a:43:b5:29:08:6c:cd:7a:e9:4e:c3:ad:e5:de:3b:b9:02:
         3d:e9:1e:e3:9b:46:d2:1e:fb:74:a6:24:b9:d9:b6:90:cb:f4:
         a2:5e:c7:09:ef:ec:e1:a0:76:6d:23:ca:16:83:4d:cc:a2:d3:
         82:c3:a6:67:8f:92:9d:05:04:25:de:54:ef:ee:ed:6b:a6:65:
         7e:e3:c5:82:73:c8:2e:88:d7:24:f4:1a:52:8a:84:3f:1a:65:
         68:38:ca:d1:fa:f5:02:31:73:40:97:57:67:b2:45:98:4b:48:
         b7:1b:0f:98:78:6b:a1:c0:c6:18:f7:c3:64:47:8e:c1:13:22:
         e9:4c:48:84:fc:91:c0:1d:86:e7:a2:54:bf:20:0c:c3:b2:31:
         1f:88:e5:86:01:ad:0b:05:cb:68:3d:3e:3e:9a:42:1d:c4:ce:
         f7:84:35:ba:5c:4e:af:7f:65:e1:3d:c7:3b:37:1f:b2:ad:f6:
         85:be:3f:07
-----BEGIN CERTIFICATE-----
MIIFlzCCBH+gAwIBAgICAm0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OEZDNzUxMTAvBgNVBAUTKDQ4MkU1QTZFMDg5NkEyNjZBOTFBNDA2NkMwNkY0QjRF
RDk4NDY0OUQwHhcNMjMwOTIxMDAxODQyWhcNMjQwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTBiOGJlMi1kMjVkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAsONQalxaw0B68ClqgMJeF/CI/hmyzHWiO8tamzsXEL6DoRQ2c1/k51iJcVZ2
sJPcPvUGdmtIMzTKqB+5v1QRlHiaeTi1y7MiL9PtYKOucd9BhqVsRLAq66IXiy1J
OvOrVPp/As+Ul/X7zxg2fR47xPayELsQgj8IrmsUm6fWo2+441SA2cngxNCqZ1Dh
JurUV73oedl6PGtM9bVYN8E/OWWoY7eYsLvJG6f5IStfzo72gXZV/VKnb1GDRM4M
bIT7fLLPHuhxFYQXQFLrSieXTYpysFeRIsp+DqU5kAYmOfFhlH06Sz/xk7jRPcE1
ERCvHnNaWudgA8oKqwEY3I+FpwIDAQABo4ICuzCCArcwHQYDVR0OBBYEFClGlvYK
Xpj8q8waOHyu/wvOP69EMB8GA1UdIwQYMBaAFEguWm4IlqJmqRpAZsBvS07ZhGSd
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4RkM3NS8zQUE1REVFMERE
NTgxMUVDODcwRkMyMERDNEY5QUUwMi9TQzVhYmdpV29tYXBHa0Jtd0c5TFR0bUVa
SjAuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1NDNWFiZ2lXb21hcEdrQm13RzlMVHRtRVpKMC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OEZDNzUvM0FBNURFRTBERDU4MTFFQzg3MEZDMjBEQzRGOUFFMDIvMkQ0MjUzMTY0
RDBEMTFFRThGQUNEMDc2QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwRQYIKwYBBQUHAQcBAf8E
NjA0MDIEAgABMCwDBADLIAcDBADLIBYwDAMEAMsgGQMEAMsgGgMEAMsgHAMEAMsg
IAMEAMsgKDANBgkqhkiG9w0BAQsFAAOCAQEAJ3ZPopVlzt4XG+hWJQc0lDsoOrnf
A8giWHR1dIeMLKu/AJe+LPPiMjUBadEGZeKl6c6LSDXFN+GIK/6aGS0whbgH56tv
LYteVmpDtSkIbM166U7DreXeO7kCPeke45tG0h77dKYkudm2kMv0ol7HCe/s4aB2
bSPKFoNNzKLTgsOmZ4+SnQUEJd5U7+7ta6ZlfuPFgnPILojXJPQaUoqEPxplaDjK
0fr1AjFzQJdXZ7JFmEtItxsPmHhrocDGGPfDZEeOwRMi6UxIhPyRwB2G56JUvyAM
w7IxH4jlhgGtCwXLaD0+PppCHcTO94Q1ulxOr39l4T3HOzcfsq32hb4/Bw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:46 2024 by rpki-client on console-ams.rpki-client.org