Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91BB4C2/B17E95D6037011EE9BB62C2FC4F9AE02/40D36B002D4011EEAA478B35C4F9AE02.roa
File:                     40D36B002D4011EEAA478B35C4F9AE02.roa (raw, json)
Hash identifier:          QnCQMwnpd1XgK5afZha2OcW2yC+dyea7HY2NZmnZR0Y=
Subject key identifier:   D5:6C:56:B3:0F:16:65:4A:E8:38:C9:16:FA:6D:15:1D:FE:9E:2D:43
Certificate issuer:       /CN=A91BB4C2/serialNumber=DC23A69EA1EFC1A379492C13E9AC147C49F5AD04
Certificate serial:       45
Authority key identifier: DC:23:A6:9E:A1:EF:C1:A3:79:49:2C:13:E9:AC:14:7C:49:F5:AD:04
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/3COmnqHvwaN5SSwT6awUfEn1rQQ.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91BB4C2/B17E95D6037011EE9BB62C2FC4F9AE02/40D36B002D4011EEAA478B35C4F9AE02.roa
Signing time:             Fri 28 Jul 2023 12:14:09 +0000
ROA not before:           Fri 28 Jul 2023 12:14:08 +0000
ROA not after:            Sat 31 Aug 2024 00:00:00 +0000
asID:                     151391
IP address blocks:        2401:5e0::/32 maxlen: 32
                          2401:5e0::/36 maxlen: 36
                          2401:5e0:1000::/36 maxlen: 36
                          2401:5e0:2000::/36 maxlen: 36
                          2401:5e0:3000::/36 maxlen: 36
                          2401:5e0:4000::/36 maxlen: 36
                          2401:5e0:5000::/36 maxlen: 36
                          2401:5e0:6000::/36 maxlen: 36
                          2401:5e0:7000::/36 maxlen: 36
                          2401:5e0:8000::/36 maxlen: 36
                          2401:5e0:9000::/36 maxlen: 36
                          2401:5e0:a000::/36 maxlen: 36
                          2401:5e0:b000::/36 maxlen: 36
                          2401:5e0:c000::/36 maxlen: 36
                          2401:5e0:d000::/36 maxlen: 36
                          2401:5e0:e000::/36 maxlen: 36
                          2401:5e0:f000::/36 maxlen: 36

Validation:               Failed, certificate revoked on Fri 28 Jul 2023 12:23:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 69 (0x45)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91BB4C2/serialNumber=DC23A69EA1EFC1A379492C13E9AC147C49F5AD04
        Validity
            Not Before: Jul 28 12:14:08 2023 GMT
            Not After : Aug 31 00:00:00 2024 GMT
        Subject: CN=64c3b110-a6aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:b1:46:ef:0a:cc:1b:68:b7:df:52:11:7d:0d:
                    d9:13:56:ba:87:d0:a3:55:a6:21:59:2d:81:ed:e0:
                    5d:b3:e2:98:52:d4:4f:44:22:5a:c3:b3:2a:a8:88:
                    ac:c0:b8:1f:09:83:43:37:3b:41:16:6a:4c:b9:4d:
                    9a:fb:7a:0d:d1:bc:ee:c2:89:42:bf:3b:82:8a:fd:
                    7c:81:ac:60:23:a3:b1:2a:db:ed:5d:58:d9:db:5b:
                    95:a4:73:b6:bc:72:e1:03:fc:05:9e:ba:7e:1d:1a:
                    7c:fe:f7:24:85:22:c1:a6:77:53:d8:14:2a:2b:dc:
                    22:78:a7:18:54:bd:78:6c:a1:76:d8:aa:3e:89:a4:
                    f8:ca:8e:26:13:95:b6:07:d7:fb:b7:59:bd:c6:8e:
                    25:64:21:d7:c0:69:8c:9e:8b:bc:e4:07:2d:43:ef:
                    01:01:2d:70:e9:16:7d:0f:49:d6:db:81:71:e3:18:
                    a1:8f:66:2d:6c:20:02:67:46:ac:af:77:00:61:61:
                    09:e2:0b:be:19:ba:29:ee:c1:e5:cc:92:0a:00:1d:
                    10:5f:06:da:7c:2f:da:a8:2f:04:4a:df:9c:82:58:
                    7e:64:dc:72:a8:76:31:eb:e6:71:bd:28:e8:05:05:
                    49:fc:85:f2:ba:08:10:59:8f:cc:cf:d5:74:60:0d:
                    80:09
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:6C:56:B3:0F:16:65:4A:E8:38:C9:16:FA:6D:15:1D:FE:9E:2D:43
            X509v3 Authority Key Identifier:
                keyid:DC:23:A6:9E:A1:EF:C1:A3:79:49:2C:13:E9:AC:14:7C:49:F5:AD:04

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91BB4C2/B17E95D6037011EE9BB62C2FC4F9AE02/3COmnqHvwaN5SSwT6awUfEn1rQQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/3COmnqHvwaN5SSwT6awUfEn1rQQ.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91BB4C2/B17E95D6037011EE9BB62C2FC4F9AE02/40D36B002D4011EEAA478B35C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2401:5e0::/32

    Signature Algorithm: sha256WithRSAEncryption
         be:3b:d3:99:65:4c:02:6f:64:97:13:3b:32:9c:f7:35:d4:76:
         58:9c:19:ad:cc:c8:db:36:48:01:b8:d2:c3:fe:7b:21:53:21:
         c1:5a:fc:f3:ec:bc:fa:12:97:ee:ba:16:94:60:9e:8d:26:57:
         09:e6:7e:7b:c9:65:ef:48:c2:20:f4:1a:0f:d9:b2:52:1b:5a:
         1e:0c:b0:56:6f:a4:45:31:81:8d:43:d9:81:e5:fc:e2:af:e5:
         ef:9e:83:1f:41:ce:bc:33:86:18:fc:41:1e:f5:a8:db:ff:19:
         a5:44:2a:cf:e5:d1:a0:73:5f:8b:99:67:a4:58:a1:f9:77:53:
         b1:78:ae:1a:7f:3c:9a:3f:ce:24:b6:77:6e:8c:b0:fc:d9:82:
         d6:d8:f1:a0:0e:52:b1:30:f6:cc:ea:8b:3e:71:f9:c8:1e:c8:
         bc:5d:cf:bf:35:e8:3d:85:d8:a9:c4:da:89:04:91:2f:d0:9b:
         1f:5d:e6:b9:bd:63:14:74:d3:87:cf:20:25:9e:d9:36:80:4d:
         ed:38:a6:aa:94:6c:aa:ce:b4:a3:c6:65:2e:57:e7:bd:0b:09:
         94:5e:7f:0b:72:75:3c:78:65:ca:65:36:77:31:2a:2f:8f:16:
         19:d7:8a:37:72:09:4e:b6:b2:89:c5:1c:8c:77:58:c1:b6:06:
         53:fa:1d:b2
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgIBRTANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFC
QjRDMjExMC8GA1UEBRMoREMyM0E2OUVBMUVGQzFBMzc5NDkyQzEzRTlBQzE0N0M0
OUY1QUQwNDAeFw0yMzA3MjgxMjE0MDhaFw0yNDA4MzEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY0YzNiMTEwLWE2YWEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQC9sUbvCswbaLffUhF9DdkTVrqH0KNVpiFZLYHt4F2z4phS1E9EIlrDsyqoiKzA
uB8Jg0M3O0EWaky5TZr7eg3RvO7CiUK/O4KK/XyBrGAjo7Eq2+1dWNnbW5Wkc7a8
cuED/AWeun4dGnz+9ySFIsGmd1PYFCor3CJ4pxhUvXhsoXbYqj6JpPjKjiYTlbYH
1/u3Wb3GjiVkIdfAaYyei7zkBy1D7wEBLXDpFn0PSdbbgXHjGKGPZi1sIAJnRqyv
dwBhYQniC74ZuinuweXMkgoAHRBfBtp8L9qoLwRK35yCWH5k3HKodjHr5nG9KOgF
BUn8hfK6CBBZj8zP1XRgDYAJAgMBAAGjggKWMIICkjAdBgNVHQ4EFgQU1WxWsw8W
ZUroOMkW+m0VHf6eLUMwHwYDVR0jBBgwFoAU3COmnqHvwaN5SSwT6awUfEn1rQQw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUJCNEMyL0IxN0U5NUQ2MDM3
MDExRUU5QkI2MkMyRkM0RjlBRTAyLzNDT21ucUh2d2FONVNTd1Q2YXdVZkVuMXJR
US5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvM0NPbW5xSHZ3YU41U1N3VDZhd1VmRW4xclFRLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFC
QjRDMi9CMTdFOTVENjAzNzAxMUVFOUJCNjJDMkZDNEY5QUUwMi80MEQzNkIwMDJE
NDAxMUVFQUE0NzhCMzVDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAgBggrBgEFBQcBBwEB/wQR
MA8wDQQCAAIwBwMFACQBBeAwDQYJKoZIhvcNAQELBQADggEBAL4705llTAJvZJcT
OzKc9zXUdlicGa3MyNs2SAG40sP+eyFTIcFa/PPsvPoSl+66FpRgno0mVwnmfnvJ
Ze9IwiD0Gg/ZslIbWh4MsFZvpEUxgY1D2YHl/OKv5e+egx9Bzrwzhhj8QR71qNv/
GaVEKs/l0aBzX4uZZ6RYofl3U7F4rhp/PJo/ziS2d26MsPzZgtbY8aAOUrEw9szq
iz5x+cgeyLxdz7816D2F2KnE2okEkS/Qmx9d5rm9YxR004fPICWe2TaATe04pqqU
bKrOtKPGZS5X570LCZRefwtydTx4ZcplNncxKi+PFhnXijdyCU62sonFHIx3WMG2
BlP6HbI=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:06:23 2024 by rpki-client on console-ams.rpki-client.org