Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91CE3A3/2091DC8E050111EABD9B202CC4F9AE02/CC5545B43E5F11EABE971529C4F9AE02.roa
File:                     CC5545B43E5F11EABE971529C4F9AE02.roa (raw, json)
Hash identifier:          eL/ykZGFpJAGAAHPHwSnKEhbIUUCqPgh0mbtAHc3Twk=
Subject key identifier:   73:1A:52:8C:12:40:78:7F:3E:54:84:90:ED:37:5C:33:6F:95:F7:BC
Certificate issuer:       /CN=A91CE3A3/serialNumber=B4B10E6CB38D5365D054E8DBE90F34F2C388B10C
Certificate serial:       0B50
Authority key identifier: B4:B1:0E:6C:B3:8D:53:65:D0:54:E8:DB:E9:0F:34:F2:C3:88:B1:0C
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/tLEObLONU2XQVOjb6Q808sOIsQw.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91CE3A3/2091DC8E050111EABD9B202CC4F9AE02/CC5545B43E5F11EABE971529C4F9AE02.roa
Signing time:             Thu 02 Nov 2023 19:26:53 +0000
ROA not before:           Thu 02 Nov 2023 19:26:53 +0000
ROA not after:            Fri 31 Jan 2025 00:00:00 +0000
asID:                     45638
IP address blocks:        43.241.52.0/22 maxlen: 24
                          43.250.140.0/22 maxlen: 24
                          103.9.168.0/22 maxlen: 24
                          103.11.206.0/23 maxlen: 24
                          103.18.108.0/24 maxlen: 24
                          103.18.109.0/24 maxlen: 24
                          103.18.110.0/24 maxlen: 24
                          103.27.32.0/22 maxlen: 24
                          103.42.108.0/22 maxlen: 24
                          103.241.0.0/22 maxlen: 22
                          103.252.152.0/22 maxlen: 24
                          110.232.140.0/22 maxlen: 24
                          112.140.176.0/22 maxlen: 24
                          112.140.180.0/22 maxlen: 24
                          223.130.24.0/22 maxlen: 24
                          2400:8f80::/48 maxlen: 48
                          2400:8f80:1::/48 maxlen: 48
                          2400:8f80:ac::/48 maxlen: 48
                          2400:b800::/48 maxlen: 48
                          2400:b800:1::/48 maxlen: 48
                          2400:b800:2::/48 maxlen: 48
                          2400:b800:3::/48 maxlen: 48
                          2400:b800:4::/48 maxlen: 48
                          2400:b800:5::/48 maxlen: 48
                          2400:b800:6::/48 maxlen: 48
                          2400:b800:7::/48 maxlen: 48
                          2400:b800:8::/48 maxlen: 48
                          2407:e700:1::/48 maxlen: 48
                          2407:e700:2::/48 maxlen: 48
                          2407:e700:11::/48 maxlen: 48

Validation:               Failed, certificate revoked on Thu 11 Apr 2024 04:08:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2896 (0xb50)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91CE3A3/serialNumber=B4B10E6CB38D5365D054E8DBE90F34F2C388B10C
        Validity
            Not Before: Nov  2 19:26:53 2023 GMT
            Not After : Jan 31 00:00:00 2025 GMT
        Subject: CN=6543f7fd-5481
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:49:a0:04:95:c9:f9:ac:2e:49:5b:5d:00:1b:
                    45:0d:f4:74:06:dd:7c:1f:f7:1c:ae:f6:f7:36:3e:
                    1a:28:9c:d8:5b:74:1d:92:15:ad:92:7f:a6:00:6b:
                    3e:7f:be:2e:56:97:d3:13:a3:bb:29:7d:f0:b4:98:
                    f0:17:24:43:8a:ab:c8:b1:c5:a5:28:19:18:c1:96:
                    6a:8e:32:69:07:e4:25:ea:b6:71:e3:ab:ae:e1:ec:
                    f7:a5:5e:9f:25:f2:94:c6:18:0b:fe:9d:be:ab:c6:
                    e1:71:e0:e9:87:e0:a2:ab:cb:0b:a0:70:24:3c:bb:
                    26:84:81:4e:aa:6a:60:60:68:2a:64:82:c7:23:33:
                    59:a3:27:cc:5a:4f:85:ee:22:88:8a:86:7d:2c:e0:
                    22:58:d8:83:e9:71:5a:e0:4b:23:cf:0a:41:df:0f:
                    48:a9:d5:83:7a:df:35:d0:3d:32:45:4b:80:99:3a:
                    af:cc:cd:a0:a4:e5:0c:ab:9f:f1:97:98:a7:f9:77:
                    0a:d9:4a:d9:87:b0:a7:63:06:f4:20:1e:96:a2:fc:
                    e2:fb:0f:da:4d:a1:96:ab:3c:db:2c:e6:f1:f4:a4:
                    e5:f2:b3:5d:bc:14:be:6f:fa:8e:c2:fc:4a:e4:e9:
                    3a:4a:7a:fd:d3:ae:9c:a0:cf:f5:d0:a0:a3:2f:cb:
                    e7:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:1A:52:8C:12:40:78:7F:3E:54:84:90:ED:37:5C:33:6F:95:F7:BC
            X509v3 Authority Key Identifier:
                keyid:B4:B1:0E:6C:B3:8D:53:65:D0:54:E8:DB:E9:0F:34:F2:C3:88:B1:0C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91CE3A3/2091DC8E050111EABD9B202CC4F9AE02/tLEObLONU2XQVOjb6Q808sOIsQw.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/tLEObLONU2XQVOjb6Q808sOIsQw.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91CE3A3/2091DC8E050111EABD9B202CC4F9AE02/CC5545B43E5F11EABE971529C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.241.52.0/22
                  43.250.140.0/22
                  103.9.168.0/22
                  103.11.206.0/23
                  103.18.108.0-103.18.110.255
                  103.27.32.0/22
                  103.42.108.0/22
                  103.241.0.0/22
                  103.252.152.0/22
                  110.232.140.0/22
                  112.140.176.0/21
                  223.130.24.0/22
                IPv6:
                  2400:8f80::/47
                  2400:8f80:ac::/48
                  2400:b800::-2400:b800:8:ffff:ffff:ffff:ffff:ffff
                  2407:e700:1::-2407:e700:2:ffff:ffff:ffff:ffff:ffff
                  2407:e700:11::/48

    Signature Algorithm: sha256WithRSAEncryption
         32:d2:2e:3e:76:56:7a:2d:d5:52:ac:bd:b7:94:8c:b5:b5:f3:
         e6:4e:67:5f:8e:c0:4f:f0:8a:df:fd:de:68:9a:b1:0b:67:1a:
         54:5c:55:52:b8:c0:65:37:6e:74:14:ed:d6:dd:5f:8d:92:ba:
         5d:1b:02:cd:36:66:5c:7e:12:e9:8e:1c:0f:93:e7:21:5f:1e:
         83:27:18:e0:5c:59:39:f2:a8:a4:37:0e:35:4c:e7:b1:cf:cb:
         7f:b7:b5:90:ec:60:2c:87:18:5b:b6:3f:10:76:b7:0d:82:e5:
         99:56:49:96:ca:68:7e:db:1e:49:d3:a6:33:7e:e6:d8:bf:c8:
         2e:aa:8e:22:be:13:c8:9b:0e:39:7e:32:7b:d0:8a:9d:b9:24:
         9f:0c:e0:b5:13:39:4b:79:78:d3:a0:da:8c:0d:88:bd:94:16:
         37:dc:0e:d4:3c:da:d9:0f:d6:d6:12:6d:b1:3e:88:98:ca:8c:
         2b:28:1a:bb:29:ab:f7:d9:27:08:b9:dd:b8:43:36:ea:39:f9:
         1e:25:7b:af:64:0c:de:e1:c5:17:6a:90:1b:a1:41:60:ec:81:
         af:83:df:37:56:42:f1:57:39:60:f8:3b:77:86:0b:60:63:c5:
         40:08:40:5a:1a:20:ee:66:00:8f:7b:ee:f5:33:72:88:de:f6:
         48:f4:05:c0
-----BEGIN CERTIFICATE-----
MIIGBjCCBO6gAwIBAgICC1AwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Q0UzQTMxMTAvBgNVBAUTKEI0QjEwRTZDQjM4RDUzNjVEMDU0RThEQkU5MEYzNEYy
QzM4OEIxMEMwHhcNMjMxMTAyMTkyNjUzWhcNMjUwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTQzZjdmZC01NDgxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAukmgBJXJ+awuSVtdABtFDfR0Bt18H/ccrvb3Nj4aKJzYW3QdkhWtkn+mAGs+
f74uVpfTE6O7KX3wtJjwFyRDiqvIscWlKBkYwZZqjjJpB+Ql6rZx46uu4ez3pV6f
JfKUxhgL/p2+q8bhceDph+Ciq8sLoHAkPLsmhIFOqmpgYGgqZILHIzNZoyfMWk+F
7iKIioZ9LOAiWNiD6XFa4EsjzwpB3w9IqdWDet810D0yRUuAmTqvzM2gpOUMq5/x
l5in+XcK2UrZh7CnYwb0IB6Wovzi+w/aTaGWqzzbLObx9KTl8rNdvBS+b/qOwvxK
5Ok6Snr9066coM/10KCjL8vnBwIDAQABo4IDKjCCAyYwHQYDVR0OBBYEFHMaUowS
QHh/PlSEkO03XDNvlfe8MB8GA1UdIwQYMBaAFLSxDmyzjVNl0FTo2+kPNPLDiLEM
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDRTNBMy8yMDkxREM4RTA1
MDExMUVBQkQ5QjIwMkNDNEY5QUUwMi90TEVPYkxPTlUyWFFWT2piNlE4MDhzT0lz
UXcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3RMRU9iTE9OVTJYUVZPamI2UTgwOHNPSXNRdy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Q0UzQTMvMjA5MURDOEUwNTAxMTFFQUJEOUIyMDJDQzRGOUFFMDIvQ0M1NTQ1QjQz
RTVGMTFFQUJFOTcxNTI5QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgbMGCCsGAQUFBwEHAQH/
BIGjMIGgMFYEAgABMFADBAIr8TQDBAIr+owDBAJnCagDBAFnC84wDAMEAmcSbAME
AGcSbgMEAmcbIAMEAmcqbAMEAmfxAAMEAmf8mAMEAm7ojAMEA3CMsAMEAt+CGDBG
BAIAAjBAAwcBJACPgAAAAwcAJACPgACsMA8DBAMkALgDBwAkALgAAAgwEgMHACQH
5wAAAQMHACQH5wAAAgMHACQH5wAAETANBgkqhkiG9w0BAQsFAAOCAQEAMtIuPnZW
ei3VUqy9t5SMtbXz5k5nX47AT/CK3/3eaJqxC2caVFxVUrjAZTdudBTt1t1fjZK6
XRsCzTZmXH4S6Y4cD5PnIV8egycY4FxZOfKopDcONUznsc/Lf7e1kOxgLIcYW7Y/
EHa3DYLlmVZJlspoftseSdOmM37m2L/ILqqOIr4TyJsOOX4ye9CKnbkknwzgtRM5
S3l406DajA2IvZQWN9wO1Dza2Q/W1hJtsT6ImMqMKygauymr99knCLnduEM26jn5
HiV7r2QM3uHFF2qQG6FBYOyBr4PfN1ZC8Vc5YPg7d4YLYGPFQAhAWhog7mYAj3vu
9TNyiN72SPQFwA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:06:27 2024 by rpki-client on console-ams.rpki-client.org