Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91DA0AA/82BBB552003D11EE9608F147C4F9AE02/8A0713CC004411EE8F32354EC4F9AE02.roa
File:                     8A0713CC004411EE8F32354EC4F9AE02.roa (raw, json)
Hash identifier:          /1WM5frSEi8T8c339qUq074XMkk/x119K6bXLM1j3Lo=
Subject key identifier:   79:7B:7F:81:B7:DC:2F:BC:52:40:00:5A:5A:C2:23:96:A2:98:DD:94
Certificate issuer:       /CN=A91DA0AA/serialNumber=ED8F5D6C9BFC148F7ABB708C5291D384781C61FD
Certificate serial:       D8
Authority key identifier: ED:8F:5D:6C:9B:FC:14:8F:7A:BB:70:8C:52:91:D3:84:78:1C:61:FD
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/7Y9dbJv8FI96u3CMUpHThHgcYf0.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91DA0AA/82BBB552003D11EE9608F147C4F9AE02/8A0713CC004411EE8F32354EC4F9AE02.roa
Signing time:             Fri 05 Jul 2024 05:26:40 +0000
ROA not before:           Fri 05 Jul 2024 05:26:40 +0000
ROA not after:            Wed 30 Jul 2025 00:00:00 +0000
asID:                     17828
IP address blocks:        202.58.128.0/22 maxlen: 22
                          202.58.131.0/24 maxlen: 24
                          202.165.192.0/20 maxlen: 20
                          2001:c60::/32 maxlen: 32

Validation:               Failed, certificate revoked on Sun 01 Sep 2024 13:09:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 216 (0xd8)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91DA0AA/serialNumber=ED8F5D6C9BFC148F7ABB708C5291D384781C61FD
        Validity
            Not Before: Jul  5 05:26:40 2024 GMT
            Not After : Jul 30 00:00:00 2025 GMT
        Subject: CN=6687840f-669c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:f7:2b:3f:4c:cd:e2:19:2c:b6:23:ee:5f:82:
                    47:b9:4c:46:98:9f:ba:e7:cd:6a:d7:56:09:86:94:
                    97:df:79:5f:bb:a7:ef:e9:60:75:44:38:a3:7c:d9:
                    bf:12:17:7b:b2:fa:2e:08:82:af:9f:2a:ea:9d:a3:
                    f2:05:94:88:8f:cd:ae:ed:fb:cd:6f:e5:7d:53:c5:
                    e7:28:df:8f:32:1b:f2:26:a6:da:3e:f3:d0:5f:35:
                    91:28:bf:4f:4b:ba:30:07:9e:da:5e:c2:90:3a:ba:
                    8a:2b:9e:20:10:a3:b7:f1:2f:bb:d0:2d:ca:d2:b0:
                    9d:03:0d:71:08:31:32:da:56:23:7a:c2:14:a7:f4:
                    91:9e:45:d4:25:30:4a:16:05:d5:8e:52:f7:61:0f:
                    74:b8:26:23:5d:6c:35:60:67:1e:20:2b:ed:28:f5:
                    f2:77:8b:46:b3:61:53:b8:41:b1:79:40:df:50:f9:
                    c2:09:d6:6d:e7:0b:37:c2:82:cc:7d:47:da:1d:45:
                    e1:41:a4:d6:06:a6:a6:0b:01:58:b0:e3:9f:fc:96:
                    57:44:55:41:cf:25:b0:84:6e:e4:1d:53:c6:b7:d5:
                    16:c6:4a:b7:8e:91:70:bc:84:cc:2c:1c:2c:fd:39:
                    7b:23:e9:e6:1f:14:06:b0:53:13:97:a0:b0:7c:d8:
                    f8:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:7B:7F:81:B7:DC:2F:BC:52:40:00:5A:5A:C2:23:96:A2:98:DD:94
            X509v3 Authority Key Identifier:
                keyid:ED:8F:5D:6C:9B:FC:14:8F:7A:BB:70:8C:52:91:D3:84:78:1C:61:FD

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91DA0AA/82BBB552003D11EE9608F147C4F9AE02/7Y9dbJv8FI96u3CMUpHThHgcYf0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/7Y9dbJv8FI96u3CMUpHThHgcYf0.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91DA0AA/82BBB552003D11EE9608F147C4F9AE02/8A0713CC004411EE8F32354EC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.58.128.0/22
                  202.165.192.0/20
                IPv6:
                  2001:c60::/32

    Signature Algorithm: sha256WithRSAEncryption
         00:3c:03:e7:4c:d6:d9:2c:0d:ad:fa:08:ac:24:81:58:3f:77:
         0a:ba:35:f9:87:6c:33:0c:33:50:05:22:ad:b8:e6:68:d6:8f:
         c6:36:06:01:84:1c:8e:f9:63:14:ec:1c:82:ab:8f:51:01:34:
         0b:8b:db:34:9b:bd:20:ce:3f:31:c2:d0:1c:5c:af:a1:34:d3:
         67:0a:a3:51:b0:36:10:4b:36:92:2f:77:be:30:62:b2:b4:c4:
         4d:dd:9f:8b:a6:7b:88:3b:6c:b2:76:6c:ff:c6:b9:8a:b2:68:
         29:f7:cc:87:88:9c:8b:ad:cd:f7:43:7c:97:50:78:a7:d3:ee:
         60:23:70:7c:3e:d5:49:da:c5:43:08:a3:db:8c:fa:74:3e:61:
         32:cc:15:4f:82:ba:f7:b1:88:02:c3:93:98:0e:04:0f:99:52:
         49:53:0c:48:d2:fa:00:dc:0a:44:b0:f7:9d:f3:15:7d:48:2a:
         2c:81:64:48:92:bc:c0:ac:75:9d:d6:9e:bc:2b:ca:09:6c:f3:
         ff:c7:1e:00:d9:d7:a3:84:6e:7d:8e:ff:c5:e6:78:e4:a2:da:
         7e:ed:d2:fc:0f:a7:38:f6:5e:b8:cb:76:de:a1:97:ed:ae:0d:
         72:ca:67:a8:22:98:8a:1f:37:2d:de:37:54:6e:75:4c:1a:a0:
         10:bc:52:a7
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgICANgwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
REEwQUExMTAvBgNVBAUTKEVEOEY1RDZDOUJGQzE0OEY3QUJCNzA4QzUyOTFEMzg0
NzgxQzYxRkQwHhcNMjQwNzA1MDUyNjQwWhcNMjUwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02Njg3ODQwZi02NjljMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAt/crP0zN4hkstiPuX4JHuUxGmJ+6581q11YJhpSX33lfu6fv6WB1RDijfNm/
Ehd7svouCIKvnyrqnaPyBZSIj82u7fvNb+V9U8XnKN+PMhvyJqbaPvPQXzWRKL9P
S7owB57aXsKQOrqKK54gEKO38S+70C3K0rCdAw1xCDEy2lYjesIUp/SRnkXUJTBK
FgXVjlL3YQ90uCYjXWw1YGceICvtKPXyd4tGs2FTuEGxeUDfUPnCCdZt5ws3woLM
fUfaHUXhQaTWBqamCwFYsOOf/JZXRFVBzyWwhG7kHVPGt9UWxkq3jpFwvITMLBws
/Tl7I+nmHxQGsFMTl6CwfNj4JwIDAQABo4ICqjCCAqYwHQYDVR0OBBYEFHl7f4G3
3C+8UkAAWlrCI5aimN2UMB8GA1UdIwQYMBaAFO2PXWyb/BSPertwjFKR04R4HGH9
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFEQTBBQS84MkJCQjU1MjAw
M0QxMUVFOTYwOEYxNDdDNEY5QUUwMi83WTlkYkp2OEZJOTZ1M0NNVXBIVGhIZ2NZ
ZjAuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzdZOWRiSnY4Rkk5NnUzQ01VcEhUaEhnY1lmMC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
REEwQUEvODJCQkI1NTIwMDNEMTFFRTk2MDhGMTQ3QzRGOUFFMDIvOEEwNzEzQ0Mw
MDQ0MTFFRThGMzIzNTRFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNAYIKwYBBQUHAQcBAf8E
JTAjMBIEAgABMAwDBALKOoADBATKpcAwDQQCAAIwBwMFACABDGAwDQYJKoZIhvcN
AQELBQADggEBAAA8A+dM1tksDa36CKwkgVg/dwq6NfmHbDMMM1AFIq245mjWj8Y2
BgGEHI75YxTsHIKrj1EBNAuL2zSbvSDOPzHC0Bxcr6E002cKo1GwNhBLNpIvd74w
YrK0xE3dn4ume4g7bLJ2bP/GuYqyaCn3zIeInIutzfdDfJdQeKfT7mAjcHw+1Una
xUMIo9uM+nQ+YTLMFU+CuvexiALDk5gOBA+ZUklTDEjS+gDcCkSw953zFX1IKiyB
ZEiSvMCsdZ3Wnrwrygls8//HHgDZ16OEbn2O/8XmeOSi2n7t0vwPpzj2XrjLdt6h
l+2uDXLKZ6gimIofNy3eN1RudUwaoBC8Uqc=
-----END CERTIFICATE-----