Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91DC2A9/D8DDC1A634C611EEB4EBB070C4F9AE02/CACD5C0CE0CE11EE92988946C4F9AE02.roa
File:                     CACD5C0CE0CE11EE92988946C4F9AE02.roa (raw, json)
Hash identifier:          1KGtxE7bl+OU3oQIeoZn0XXzt3pnmEbnMyP5d1Nuulo=
Subject key identifier:   A0:E2:67:1C:92:63:F3:97:F3:73:99:9C:F3:59:E4:86:BE:C4:F4:A2
Certificate issuer:       /CN=A91DC2A9/serialNumber=3F996261AB3D1EF041661B3AEF7D8932B5702637
Certificate serial:       7A
Authority key identifier: 3F:99:62:61:AB:3D:1E:F0:41:66:1B:3A:EF:7D:89:32:B5:70:26:37
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/P5liYas9HvBBZhs6732JMrVwJjc.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91DC2A9/D8DDC1A634C611EEB4EBB070C4F9AE02/CACD5C0CE0CE11EE92988946C4F9AE02.roa
Signing time:             Wed 13 Mar 2024 00:15:26 +0000
ROA not before:           Wed 13 Mar 2024 00:15:26 +0000
ROA not after:            Thu 01 May 2025 00:00:00 +0000
asID:                     7477
IP address blocks:        103.206.236.0/22 maxlen: 24
                          114.129.160.0/20 maxlen: 24
                          114.129.176.0/21 maxlen: 24
                          180.181.128.0/19 maxlen: 24
                          180.181.160.0/19 maxlen: 24
                          210.16.68.0/22 maxlen: 24
                          2401:a400::/32 maxlen: 32
                          2401:a400:100::/40 maxlen: 40
                          2401:a400:200::/40 maxlen: 40
                          2401:a400:300::/40 maxlen: 40
                          2401:a400:400::/40 maxlen: 40
                          2401:a400:500::/40 maxlen: 40
                          2401:a400:2000::/36 maxlen: 36
                          2401:a400:3000::/36 maxlen: 36
                          2401:a400:4000::/36 maxlen: 36
                          2401:a400:5000::/36 maxlen: 36
                          2401:a400:6000::/36 maxlen: 36
                          2401:a400:7000::/36 maxlen: 36
                          2401:a400:c200::/40 maxlen: 40
                          2401:a400:c300::/40 maxlen: 40
                          2401:a400:c400::/40 maxlen: 40
                          2401:a400:c500::/40 maxlen: 40
                          2401:a400:c600::/40 maxlen: 40

Validation:               Failed, certificate revoked on Tue 28 May 2024 04:27:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 122 (0x7a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91DC2A9/serialNumber=3F996261AB3D1EF041661B3AEF7D8932B5702637
        Validity
            Not Before: Mar 13 00:15:26 2024 GMT
            Not After : May  1 00:00:00 2025 GMT
        Subject: CN=65f0f01e-c9ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:92:3b:d1:c6:b3:fe:d1:18:76:8e:5b:90:f4:
                    4b:a1:b3:ae:d3:17:5c:25:18:c9:6a:35:7a:73:6c:
                    64:ff:38:6d:e0:4a:93:4a:25:d7:49:09:dd:2f:77:
                    84:63:d5:7f:91:8f:3a:7b:b9:79:88:f1:74:49:30:
                    54:f9:57:29:93:97:60:bf:e1:e2:9e:84:e6:59:28:
                    ec:c4:f1:5d:1c:e9:7a:ca:72:5d:62:de:73:bb:a5:
                    08:e9:00:ba:5f:4a:3c:78:14:ef:3a:ee:1c:ca:c5:
                    66:1a:74:ef:66:89:9e:cb:94:90:64:5f:6c:f4:c4:
                    06:6f:1d:c5:74:e6:1a:2a:fe:f4:95:60:c6:55:70:
                    f5:2c:09:38:9d:82:3d:6e:5f:72:b5:31:e6:a5:0f:
                    4f:d9:a7:e1:24:6f:67:05:2e:33:12:ff:14:ba:5e:
                    a8:25:05:62:21:7e:e1:56:a2:e0:0b:52:34:b1:5c:
                    40:da:82:a6:fe:c1:df:53:6d:43:46:99:31:09:e8:
                    a7:00:bb:15:e0:b8:8b:96:84:f7:22:f2:ca:9e:d3:
                    bc:f6:0c:e3:9a:28:cf:7c:79:53:ae:2d:91:49:5c:
                    82:e4:79:3f:05:de:87:f3:74:30:93:5a:9a:ba:38:
                    c6:51:1d:44:92:ae:d8:86:78:47:a8:c7:c7:41:89:
                    5f:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:E2:67:1C:92:63:F3:97:F3:73:99:9C:F3:59:E4:86:BE:C4:F4:A2
            X509v3 Authority Key Identifier:
                keyid:3F:99:62:61:AB:3D:1E:F0:41:66:1B:3A:EF:7D:89:32:B5:70:26:37

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91DC2A9/D8DDC1A634C611EEB4EBB070C4F9AE02/P5liYas9HvBBZhs6732JMrVwJjc.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/P5liYas9HvBBZhs6732JMrVwJjc.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91DC2A9/D8DDC1A634C611EEB4EBB070C4F9AE02/CACD5C0CE0CE11EE92988946C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.206.236.0/22
                  114.129.160.0-114.129.183.255
                  180.181.128.0/18
                  210.16.68.0/22
                IPv6:
                  2401:a400::/32

    Signature Algorithm: sha256WithRSAEncryption
         c0:30:b1:22:86:a2:df:4f:ee:d5:99:48:00:2b:34:5d:07:5a:
         15:a1:13:14:fb:32:e1:80:a4:2d:68:42:72:03:05:08:c0:dd:
         96:61:8f:ec:a3:57:27:7f:79:73:54:db:86:87:83:51:ce:1f:
         43:45:04:72:1c:73:a5:65:f4:f9:62:8e:b6:19:0d:49:70:a9:
         0d:26:35:39:9f:fa:1c:b2:be:b5:73:9e:90:7c:95:fe:51:73:
         d0:75:d3:6f:e9:ab:b6:44:50:08:0d:77:86:e4:f0:cc:2c:4c:
         9c:ce:e2:58:0a:d6:49:21:5a:2a:a3:50:a4:ce:d7:94:62:b1:
         4d:12:d4:ca:21:be:a2:00:ab:bd:5e:3c:2d:f7:85:ae:06:6f:
         14:f4:ec:75:3a:e1:5e:d7:fa:66:2d:b6:f2:2a:e4:f0:28:f4:
         39:51:91:de:4e:54:a8:44:ed:b4:df:07:c3:cb:c6:73:c1:2c:
         0f:07:b4:0a:5a:87:ae:f2:12:53:02:1f:cb:73:33:e6:8d:20:
         89:1b:c2:b3:5e:60:29:f2:8c:8d:d3:58:bf:c5:bb:4f:63:0e:
         3d:b3:61:80:b5:4b:70:e6:81:d0:67:08:b1:7a:5e:4d:f7:c6:
         07:0e:15:2c:32:02:33:66:b7:8b:34:c3:dc:82:00:6d:b4:03:
         27:d2:ca:ca
-----BEGIN CERTIFICATE-----
MIIFmTCCBIGgAwIBAgIBejANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFE
QzJBOTExMC8GA1UEBRMoM0Y5OTYyNjFBQjNEMUVGMDQxNjYxQjNBRUY3RDg5MzJC
NTcwMjYzNzAeFw0yNDAzMTMwMDE1MjZaFw0yNTA1MDEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY1ZjBmMDFlLWM5ZWUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQC9kjvRxrP+0Rh2jluQ9Euhs67TF1wlGMlqNXpzbGT/OG3gSpNKJddJCd0vd4Rj
1X+Rjzp7uXmI8XRJMFT5VymTl2C/4eKehOZZKOzE8V0c6XrKcl1i3nO7pQjpALpf
Sjx4FO867hzKxWYadO9miZ7LlJBkX2z0xAZvHcV05hoq/vSVYMZVcPUsCTidgj1u
X3K1MealD0/Zp+Ekb2cFLjMS/xS6XqglBWIhfuFWouALUjSxXEDagqb+wd9TbUNG
mTEJ6KcAuxXguIuWhPci8sqe07z2DOOaKM98eVOuLZFJXILkeT8F3ofzdDCTWpq6
OMZRHUSSrtiGeEeox8dBiV/1AgMBAAGjggK+MIICujAdBgNVHQ4EFgQUoOJnHJJj
85fzc5mc81nkhr7E9KIwHwYDVR0jBBgwFoAUP5liYas9HvBBZhs6732JMrVwJjcw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MURDMkE5L0Q4RERDMUE2MzRD
NjExRUVCNEVCQjA3MEM0RjlBRTAyL1A1bGlZYXM5SHZCQlpoczY3MzJKTXJWd0pq
Yy5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvUDVsaVlhczlIdkJCWmhzNjczMkpNclZ3SmpjLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFE
QzJBOS9EOEREQzFBNjM0QzYxMUVFQjRFQkIwNzBDNEY5QUUwMi9DQUNENUMwQ0Uw
Q0UxMUVFOTI5ODg5NDZDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDBIBggrBgEFBQcBBwEB/wQ5
MDcwJgQCAAEwIAMEAmfO7DAMAwQFcoGgAwQDcoGwAwQGtLWAAwQC0hBEMA0EAgAC
MAcDBQAkAaQAMA0GCSqGSIb3DQEBCwUAA4IBAQDAMLEihqLfT+7VmUgAKzRdB1oV
oRMU+zLhgKQtaEJyAwUIwN2WYY/so1cnf3lzVNuGh4NRzh9DRQRyHHOlZfT5Yo62
GQ1JcKkNJjU5n/ocsr61c56QfJX+UXPQddNv6au2RFAIDXeG5PDMLEyczuJYCtZJ
IVoqo1CkzteUYrFNEtTKIb6iAKu9Xjwt94WuBm8U9Ox1OuFe1/pmLbbyKuTwKPQ5
UZHeTlSoRO203wfDy8ZzwSwPB7QKWoeu8hJTAh/LczPmjSCJG8KzXmAp8oyN01i/
xbtPYw49s2GAtUtw5oHQZwixel5N98YHDhUsMgIzZreLNMPcggBttAMn0srK
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:06:30 2024 by rpki-client on console-ams.rpki-client.org