Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A919DAF2/26EC6DDAD3DA11E58C5CD40FC4F9AE02/9B284B36C38411EE8DFA3721C4F9AE02.roa
File:                     9B284B36C38411EE8DFA3721C4F9AE02.roa (raw, json)
Hash identifier:          MDVT/P2tEJkVTSthoArOdqiRhMOb5wr4axKO/0E2AEE=
Subject key identifier:   C4:8C:73:18:28:66:5F:E7:2A:A4:B7:9E:6C:15:E5:FE:F7:46:CC:1E
Certificate issuer:       /CN=A919DAF2/serialNumber=139CC1DB6B9D24B93B14928A7518D04EB3B26A3A
Certificate serial:       20D0
Authority key identifier: 13:9C:C1:DB:6B:9D:24:B9:3B:14:92:8A:75:18:D0:4E:B3:B2:6A:3A
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/E5zB22udJLk7FJKKdRjQTrOyajo.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A919DAF2/26EC6DDAD3DA11E58C5CD40FC4F9AE02/9B284B36C38411EE8DFA3721C4F9AE02.roa
Signing time:             Sun 04 Feb 2024 17:41:20 +0000
ROA not before:           Sun 04 Feb 2024 17:41:20 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     18196
IP address blocks:        45.117.128.0/22 maxlen: 22
                          45.117.128.0/24 maxlen: 24
                          45.117.129.0/24 maxlen: 24
                          45.117.130.0/24 maxlen: 24
                          45.117.131.0/24 maxlen: 24
                          103.255.112.0/24 maxlen: 24
                          103.255.113.0/24 maxlen: 24
                          103.255.114.0/24 maxlen: 24
                          202.134.146.0/24 maxlen: 24
                          202.134.151.0/24 maxlen: 24
                          202.134.153.0/24 maxlen: 24
                          202.134.154.0/24 maxlen: 24
                          202.134.155.0/24 maxlen: 24
                          202.134.156.0/24 maxlen: 24
                          202.134.157.0/24 maxlen: 24
                          202.134.160.0/24 maxlen: 24
                          202.134.161.0/24 maxlen: 24
                          202.134.162.0/24 maxlen: 24
                          202.134.163.0/24 maxlen: 24
                          202.134.164.0/24 maxlen: 24
                          202.134.165.0/24 maxlen: 24
                          202.134.166.0/24 maxlen: 24
                          202.134.167.0/24 maxlen: 24
                          202.134.168.0/24 maxlen: 24
                          202.134.169.0/24 maxlen: 24
                          202.134.170.0/24 maxlen: 24
                          202.134.171.0/24 maxlen: 24
                          202.134.172.0/24 maxlen: 24
                          202.134.173.0/24 maxlen: 24
                          202.134.174.0/24 maxlen: 24
                          202.134.175.0/24 maxlen: 24
                          202.134.176.0/24 maxlen: 24
                          202.134.177.0/24 maxlen: 24
                          202.134.178.0/24 maxlen: 24
                          202.134.179.0/24 maxlen: 24
                          202.134.180.0/24 maxlen: 24
                          202.134.181.0/24 maxlen: 24
                          202.134.182.0/24 maxlen: 24
                          202.134.183.0/24 maxlen: 24
                          202.134.184.0/24 maxlen: 24
                          202.134.185.0/24 maxlen: 24
                          202.134.186.0/24 maxlen: 24
                          202.134.187.0/24 maxlen: 24
                          202.134.188.0/24 maxlen: 24
                          202.134.189.0/24 maxlen: 24
                          202.134.190.0/24 maxlen: 24
                          202.134.191.0/24 maxlen: 24
                          2402:f200::/32 maxlen: 32

Validation:               Failed, certificate revoked on Wed 14 Feb 2024 07:41:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 8400 (0x20d0)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A919DAF2/serialNumber=139CC1DB6B9D24B93B14928A7518D04EB3B26A3A
        Validity
            Not Before: Feb  4 17:41:20 2024 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=65bfcc40-973c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:c6:e8:57:94:2c:40:4c:51:c1:1a:52:42:0a:
                    7e:39:4a:e8:47:9d:5c:f6:ab:16:df:4f:22:7f:e7:
                    13:ea:8d:36:c6:b6:0c:45:77:30:81:9f:04:13:23:
                    ca:c7:3c:01:37:54:58:67:48:ef:fe:e6:31:82:96:
                    6c:b2:a9:54:fa:0a:ef:70:53:32:53:b5:d7:b5:63:
                    56:33:d0:fe:3a:8f:ad:82:2f:06:3b:60:09:7b:89:
                    37:84:2d:9b:1b:74:d6:53:7e:b3:0f:c0:00:a3:98:
                    df:6b:5c:e3:04:bf:15:45:46:7b:c3:04:49:90:a4:
                    85:b5:78:39:b9:6d:f5:06:fa:e1:ac:90:0c:cc:fb:
                    c4:a8:f0:33:df:d3:99:e5:19:c2:a7:b1:5d:93:5f:
                    af:c1:4b:d0:28:61:7f:35:82:21:36:97:f1:44:5a:
                    ae:fe:5a:16:0d:3f:0f:48:49:9b:cd:04:65:c1:a9:
                    8e:9c:8a:83:14:c8:8b:bd:c0:92:15:b7:df:96:3f:
                    45:46:96:9d:9b:97:17:64:80:ca:d0:6c:91:63:fe:
                    9b:19:e8:33:00:8c:4c:02:7e:3b:08:db:43:a3:c0:
                    47:7a:50:50:1f:51:77:77:f9:37:f6:ce:d9:b5:6b:
                    2c:99:23:0f:d9:e2:c6:09:a6:31:d1:5e:54:17:48:
                    99:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:8C:73:18:28:66:5F:E7:2A:A4:B7:9E:6C:15:E5:FE:F7:46:CC:1E
            X509v3 Authority Key Identifier:
                keyid:13:9C:C1:DB:6B:9D:24:B9:3B:14:92:8A:75:18:D0:4E:B3:B2:6A:3A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A919DAF2/26EC6DDAD3DA11E58C5CD40FC4F9AE02/E5zB22udJLk7FJKKdRjQTrOyajo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/E5zB22udJLk7FJKKdRjQTrOyajo.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A919DAF2/26EC6DDAD3DA11E58C5CD40FC4F9AE02/9B284B36C38411EE8DFA3721C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.117.128.0/22
                  103.255.112.0-103.255.114.255
                  202.134.146.0/24
                  202.134.151.0/24
                  202.134.153.0-202.134.157.255
                  202.134.160.0/19
                IPv6:
                  2402:f200::/32

    Signature Algorithm: sha256WithRSAEncryption
         5c:d9:5e:2f:64:79:a6:28:31:4d:47:f0:3e:98:8f:f9:45:a7:
         29:21:aa:81:c6:d1:32:96:8d:2c:fc:1a:74:96:00:57:90:0f:
         6e:c3:4e:54:b1:dc:dd:61:81:1f:0c:57:cc:21:a6:ec:73:0d:
         74:61:73:4a:ea:52:9e:33:6f:5a:7e:c3:db:66:86:f1:0c:64:
         77:1b:70:f4:3e:65:be:36:35:a4:57:c5:cb:c8:ad:e1:b7:a9:
         87:9d:51:eb:ce:92:4b:39:da:ae:4a:da:f8:2d:a9:8e:86:ba:
         3f:5e:5c:d0:fb:05:b5:05:c5:1d:d1:17:bd:5d:a8:a9:cd:ff:
         39:f4:b0:47:20:d0:16:46:f9:75:13:81:e8:88:5c:14:a9:30:
         41:a6:b5:9c:91:47:7a:64:ac:ec:1e:d2:b5:2d:31:5f:cc:13:
         43:c7:42:db:58:0f:9c:fa:2c:63:5d:42:14:e8:1d:ee:89:99:
         ae:a2:39:cd:24:f5:b5:cb:d4:31:92:52:51:ce:ba:37:93:e3:
         1d:ad:29:3c:1d:e3:e8:cc:37:8b:dc:21:ec:35:93:f2:89:91:
         3a:33:7f:cf:c1:53:20:be:c0:75:67:17:17:11:55:bd:82:ef:
         42:32:3b:01:1a:81:7f:01:01:04:c2:4d:c6:30:4a:db:a1:cc:
         0a:e0:c5:9e
-----BEGIN CERTIFICATE-----
MIIFrjCCBJagAwIBAgICINAwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OURBRjIxMTAvBgNVBAUTKDEzOUNDMURCNkI5RDI0QjkzQjE0OTI4QTc1MThEMDRF
QjNCMjZBM0EwHhcNMjQwMjA0MTc0MTIwWhcNMjQwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWJmY2M0MC05NzNjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAtMboV5QsQExRwRpSQgp+OUroR51c9qsW308if+cT6o02xrYMRXcwgZ8EEyPK
xzwBN1RYZ0jv/uYxgpZssqlU+grvcFMyU7XXtWNWM9D+Oo+tgi8GO2AJe4k3hC2b
G3TWU36zD8AAo5jfa1zjBL8VRUZ7wwRJkKSFtXg5uW31BvrhrJAMzPvEqPAz39OZ
5RnCp7Fdk1+vwUvQKGF/NYIhNpfxRFqu/loWDT8PSEmbzQRlwamOnIqDFMiLvcCS
Fbfflj9FRpadm5cXZIDK0GyRY/6bGegzAIxMAn47CNtDo8BHelBQH1F3d/k39s7Z
tWssmSMP2eLGCaYx0V5UF0iZMQIDAQABo4IC0jCCAs4wHQYDVR0OBBYEFMSMcxgo
Zl/nKqS3nmwV5f73RsweMB8GA1UdIwQYMBaAFBOcwdtrnSS5OxSSinUY0E6zsmo6
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5REFGMi8yNkVDNkREQUQz
REExMUU1OEM1Q0Q0MEZDNEY5QUUwMi9FNXpCMjJ1ZEpMazdGSktLZFJqUVRyT3lh
am8uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0U1ekIyMnVkSkxrN0ZKS0tkUmpRVHJPeWFqby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OURBRjIvMjZFQzZEREFEM0RBMTFFNThDNUNENDBGQzRGOUFFMDIvOUIyODRCMzZD
Mzg0MTFFRThERkEzNzIxQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwXAYIKwYBBQUHAQcBAf8E
TTBLMDoEAgABMDQDBAItdYAwDAMEBGf/cAMEAGf/cgMEAMqGkgMEAMqGlzAMAwQA
yoaZAwQByoacAwQFyoagMA0EAgACMAcDBQAkAvIAMA0GCSqGSIb3DQEBCwUAA4IB
AQBc2V4vZHmmKDFNR/A+mI/5RacpIaqBxtEylo0s/Bp0lgBXkA9uw05UsdzdYYEf
DFfMIabscw10YXNK6lKeM29afsPbZobxDGR3G3D0PmW+NjWkV8XLyK3ht6mHnVHr
zpJLOdquStr4LamOhro/XlzQ+wW1BcUd0Re9Xaipzf859LBHINAWRvl1E4HoiFwU
qTBBprWckUd6ZKzsHtK1LTFfzBNDx0LbWA+c+ixjXUIU6B3uiZmuojnNJPW1y9Qx
klJRzro3k+MdrSk8HePozDeL3CHsNZPyiZE6M3/PwVMgvsB1ZxcXEVW9gu9CMjsB
GoF/AQEEwk3GMErbocwK4MWe
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:35 2024 by rpki-client on console-fra.rpki-client.org