Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A918FC75/3AA5DEE0DD5811EC870FC20DC4F9AE02/516E44F67C9811EEBE3EA92AC4F9AE02.roa
File:                     516E44F67C9811EEBE3EA92AC4F9AE02.roa (raw, json)
Hash identifier:          gRFCEUyt7wllN6L8nWau5A3TEUkpXawZQUXoOsUypOQ=
Subject key identifier:   1E:E5:91:DF:A5:3A:89:4B:BA:0C:C9:62:0A:1F:D5:24:C8:81:07:0A
Certificate issuer:       /CN=A918FC75/serialNumber=482E5A6E0896A266A91A4066C06F4B4ED984649D
Certificate serial:       02B8
Authority key identifier: 48:2E:5A:6E:08:96:A2:66:A9:1A:40:66:C0:6F:4B:4E:D9:84:64:9D
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/SC5abgiWomapGkBmwG9LTtmEZJ0.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A918FC75/3AA5DEE0DD5811EC870FC20DC4F9AE02/516E44F67C9811EEBE3EA92AC4F9AE02.roa
Signing time:             Mon 06 Nov 2023 11:33:34 +0000
ROA not before:           Mon 06 Nov 2023 11:33:34 +0000
ROA not after:            Sat 31 Aug 2024 00:00:00 +0000
asID:                     9443
IP address blocks:        203.32.7.0/24 maxlen: 24
                          203.32.21.0/24 maxlen: 24
                          203.32.22.0/24 maxlen: 24
                          203.32.23.0/24 maxlen: 24
                          203.32.32.0/24 maxlen: 24
                          203.32.38.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 09 Nov 2023 02:18:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 696 (0x2b8)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A918FC75/serialNumber=482E5A6E0896A266A91A4066C06F4B4ED984649D
        Validity
            Not Before: Nov  6 11:33:34 2023 GMT
            Not After : Aug 31 00:00:00 2024 GMT
        Subject: CN=6548cf0e-2d6b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:32:f3:78:bf:ba:7e:d0:a2:f4:a5:95:68:86:
                    1f:7f:e8:d0:96:d0:e7:48:61:df:f3:a0:2f:4d:1a:
                    1d:14:18:72:84:64:84:c0:3f:b0:61:78:cc:c9:50:
                    c2:6c:e3:11:5f:12:2e:06:bc:7e:76:aa:3e:93:03:
                    1d:e5:6a:a5:13:02:52:d1:89:55:70:b6:d6:7c:60:
                    07:f8:f1:e4:68:a3:50:cd:29:00:23:50:64:ab:99:
                    4c:e7:3f:4b:23:57:c9:43:b7:d6:8c:a8:d9:6d:66:
                    e6:ba:74:aa:bb:b3:b1:94:43:d3:60:1b:8c:23:8e:
                    69:29:45:2c:7f:11:27:80:c4:79:ae:9b:d3:4c:9e:
                    70:40:48:c7:e6:5e:61:8f:93:e2:db:b0:b4:49:08:
                    aa:37:3b:d5:e2:e6:46:df:dd:28:ea:51:82:fd:96:
                    3c:36:d1:20:50:c5:07:ba:b4:d3:34:da:4d:80:0d:
                    22:fa:32:81:32:89:63:bf:93:60:0d:d4:03:4f:2b:
                    35:5d:80:95:b3:66:27:aa:2c:43:5c:21:8c:20:12:
                    cd:56:72:d0:3a:d1:14:77:4c:c9:8e:ed:36:19:d7:
                    e5:40:6d:4d:de:67:c3:11:92:20:aa:36:35:59:74:
                    f5:95:71:64:b3:b2:b3:40:58:e9:8d:72:25:07:53:
                    29:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:E5:91:DF:A5:3A:89:4B:BA:0C:C9:62:0A:1F:D5:24:C8:81:07:0A
            X509v3 Authority Key Identifier:
                keyid:48:2E:5A:6E:08:96:A2:66:A9:1A:40:66:C0:6F:4B:4E:D9:84:64:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A918FC75/3AA5DEE0DD5811EC870FC20DC4F9AE02/SC5abgiWomapGkBmwG9LTtmEZJ0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/SC5abgiWomapGkBmwG9LTtmEZJ0.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918FC75/3AA5DEE0DD5811EC870FC20DC4F9AE02/516E44F67C9811EEBE3EA92AC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.32.7.0/24
                  203.32.21.0-203.32.23.255
                  203.32.32.0/24
                  203.32.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:f7:30:26:90:8f:bb:b7:90:87:a5:80:0b:40:1e:1d:32:da:
         08:df:de:14:df:c4:9f:79:56:41:03:eb:43:50:17:5a:99:f9:
         09:19:c2:8c:d8:e0:d0:45:6c:e6:7e:36:85:68:ea:99:d5:2e:
         6e:65:90:d0:d6:4f:40:49:58:bc:c3:13:85:5c:24:8c:50:25:
         03:9e:bf:da:b4:2d:e9:6b:60:37:9a:ab:52:0d:98:35:4a:95:
         59:5e:8d:4d:80:7f:25:59:3f:60:1f:70:70:9c:f0:8a:6c:e0:
         7a:c3:eb:88:a3:7c:6c:d1:d9:fe:49:55:24:be:03:d7:67:9f:
         ac:a9:b2:65:78:82:46:ee:5b:7e:eb:39:82:f4:98:d8:0d:0b:
         fb:4d:1b:51:bc:7b:77:96:db:41:b4:62:ba:2c:cb:3a:83:3e:
         73:5b:0e:e4:57:fa:01:33:f7:53:40:c7:ec:33:bd:32:95:f1:
         7b:36:70:62:b1:d1:05:87:82:76:d0:b6:0e:28:55:94:09:ee:
         40:d8:1e:4a:fe:15:46:ee:14:e5:2b:bf:50:f4:26:9a:9f:5f:
         ea:e3:ba:6b:8f:9d:78:c6:60:06:5e:e4:ef:b7:98:a3:22:bc:
         fe:a3:07:66:45:53:63:a3:2c:1c:12:82:b2:f9:c4:b4:2a:ed:
         55:90:2b:08
-----BEGIN CERTIFICATE-----
MIIFizCCBHOgAwIBAgICArgwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OEZDNzUxMTAvBgNVBAUTKDQ4MkU1QTZFMDg5NkEyNjZBOTFBNDA2NkMwNkY0QjRF
RDk4NDY0OUQwHhcNMjMxMTA2MTEzMzM0WhcNMjQwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTQ4Y2YwZS0yZDZiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAtjLzeL+6ftCi9KWVaIYff+jQltDnSGHf86AvTRodFBhyhGSEwD+wYXjMyVDC
bOMRXxIuBrx+dqo+kwMd5WqlEwJS0YlVcLbWfGAH+PHkaKNQzSkAI1Bkq5lM5z9L
I1fJQ7fWjKjZbWbmunSqu7OxlEPTYBuMI45pKUUsfxEngMR5rpvTTJ5wQEjH5l5h
j5Pi27C0SQiqNzvV4uZG390o6lGC/ZY8NtEgUMUHurTTNNpNgA0i+jKBMoljv5Ng
DdQDTys1XYCVs2YnqixDXCGMIBLNVnLQOtEUd0zJju02GdflQG1N3mfDEZIgqjY1
WXT1lXFks7KzQFjpjXIlB1Mp0QIDAQABo4ICrzCCAqswHQYDVR0OBBYEFB7lkd+l
OolLugzJYgof1STIgQcKMB8GA1UdIwQYMBaAFEguWm4IlqJmqRpAZsBvS07ZhGSd
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4RkM3NS8zQUE1REVFMERE
NTgxMUVDODcwRkMyMERDNEY5QUUwMi9TQzVhYmdpV29tYXBHa0Jtd0c5TFR0bUVa
SjAuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1NDNWFiZ2lXb21hcEdrQm13RzlMVHRtRVpKMC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OEZDNzUvM0FBNURFRTBERDU4MTFFQzg3MEZDMjBEQzRGOUFFMDIvNTE2RTQ0RjY3
Qzk4MTFFRUJFM0VBOTJBQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwOQYIKwYBBQUHAQcBAf8E
KjAoMCYEAgABMCADBADLIAcwDAMEAMsgFQMEA8sgEAMEAMsgIAMEAMsgJjANBgkq
hkiG9w0BAQsFAAOCAQEAfPcwJpCPu7eQh6WAC0AeHTLaCN/eFN/En3lWQQPrQ1AX
Wpn5CRnCjNjg0EVs5n42hWjqmdUubmWQ0NZPQElYvMMThVwkjFAlA56/2rQt6Wtg
N5qrUg2YNUqVWV6NTYB/JVk/YB9wcJzwimzgesPriKN8bNHZ/klVJL4D12efrKmy
ZXiCRu5bfus5gvSY2A0L+00bUbx7d5bbQbRiuizLOoM+c1sO5Ff6ATP3U0DH7DO9
MpXxezZwYrHRBYeCdtC2DihVlAnuQNgeSv4VRu4U5Su/UPQmmp9f6uO6a4+deMZg
Bl7k77eYoyK8/qMHZkVTY6MsHBKCsvnEtCrtVZArCA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:46 2024 by rpki-client on console-ams.rpki-client.org