Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91E0C33/54265F34668711EEB93D3F6CC4F9AE02/A7DE227411BD11EFA02D391CC4F9AE02.roa
File:                     A7DE227411BD11EFA02D391CC4F9AE02.roa (raw, json)
Hash identifier:          kWvXSJ5mUvt7HLrw+FCtLL4bvwul0waHSeYn8w9pLSc=
Subject key identifier:   95:8B:73:07:A1:C5:C7:65:C2:83:61:DF:1B:FA:5B:24:7F:4F:70:6F
Certificate issuer:       /CN=A91E0C33/serialNumber=80BE930E30649B12ACEE8DC40B575AB7DDE64945
Certificate serial:       7D
Authority key identifier: 80:BE:93:0E:30:64:9B:12:AC:EE:8D:C4:0B:57:5A:B7:DD:E6:49:45
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gL6TDjBkmxKs7o3EC1dat93mSUU.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91E0C33/54265F34668711EEB93D3F6CC4F9AE02/A7DE227411BD11EFA02D391CC4F9AE02.roa
Signing time:             Tue 14 May 2024 06:46:13 +0000
ROA not before:           Tue 14 May 2024 06:46:13 +0000
ROA not after:            Fri 31 Jan 2025 00:00:00 +0000
asID:                     24499
IP address blocks:        103.249.114.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 14 May 2024 15:18:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 125 (0x7d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E0C33/serialNumber=80BE930E30649B12ACEE8DC40B575AB7DDE64945
        Validity
            Not Before: May 14 06:46:13 2024 GMT
            Not After : Jan 31 00:00:00 2025 GMT
        Subject: CN=664308b5-a5d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:dd:64:dd:9d:d7:69:34:17:39:3e:d7:7b:4d:
                    46:2d:52:61:83:90:b6:f3:97:e4:7a:df:c7:e4:66:
                    0d:e9:e1:b6:c6:0b:75:78:e5:62:04:b6:3a:73:95:
                    61:59:3b:16:05:a4:33:82:44:f1:92:6b:5b:63:29:
                    34:f6:4f:a1:48:fb:79:ed:18:64:b3:22:ad:64:6a:
                    25:33:eb:53:0c:8f:01:a2:aa:ae:bd:ac:19:cb:c4:
                    8a:34:38:b0:c6:dd:16:b8:f9:48:a9:c4:d0:16:3d:
                    6f:74:f0:8f:84:71:ee:98:4a:d7:8c:d8:83:d6:95:
                    a6:fb:fc:7b:ef:bb:d9:ea:2d:9e:b2:47:ac:33:5d:
                    82:22:8e:e3:d8:d5:51:28:a5:48:74:08:f5:43:ab:
                    ff:dc:ef:1d:31:5e:50:c9:20:09:82:fe:8f:2c:a0:
                    d8:bd:33:15:c3:41:0f:4c:0e:5e:59:bc:50:76:53:
                    fc:ad:0f:90:00:d1:f7:ae:b1:6e:d1:f8:c4:45:8b:
                    e3:f4:d7:ad:90:9e:0e:f1:9b:f6:2e:c2:45:8b:00:
                    47:c2:88:99:02:cb:9d:94:93:2b:90:5a:b2:12:d4:
                    e6:f7:89:35:b8:43:0d:ef:e6:b0:6e:23:03:f7:76:
                    f0:75:ef:16:c0:98:a6:fe:08:e8:d4:6b:66:8f:56:
                    0b:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:8B:73:07:A1:C5:C7:65:C2:83:61:DF:1B:FA:5B:24:7F:4F:70:6F
            X509v3 Authority Key Identifier:
                keyid:80:BE:93:0E:30:64:9B:12:AC:EE:8D:C4:0B:57:5A:B7:DD:E6:49:45

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91E0C33/54265F34668711EEB93D3F6CC4F9AE02/gL6TDjBkmxKs7o3EC1dat93mSUU.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gL6TDjBkmxKs7o3EC1dat93mSUU.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91E0C33/54265F34668711EEB93D3F6CC4F9AE02/A7DE227411BD11EFA02D391CC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.249.114.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:a2:f5:52:0f:20:d5:d1:6d:62:45:7f:fb:9d:13:3b:9c:90:
         cd:05:ee:d1:07:42:ca:53:f8:01:64:03:f8:bc:a4:34:1e:94:
         eb:31:e9:a6:07:5b:01:d5:99:34:9e:d9:80:68:37:37:ef:46:
         4f:2d:4e:34:ab:21:21:22:4e:2d:0a:f1:e3:8e:4f:4c:b3:09:
         2f:8f:24:51:b9:81:5f:7a:72:44:71:a2:13:cf:07:92:f8:f0:
         d9:24:71:9f:b8:4a:f9:ee:d9:fc:78:3d:f3:12:1c:23:81:24:
         4d:af:c2:c4:c1:c1:d9:61:dc:b3:c7:0b:e0:8a:27:5d:91:c8:
         91:03:f3:6a:be:b9:7e:63:6f:2b:a4:48:39:ce:76:21:a0:fa:
         19:08:3c:d6:4b:a6:7e:47:db:ab:8f:d2:32:de:69:4d:83:7d:
         a4:32:e3:6b:58:37:46:3f:f7:91:55:41:ed:e1:d2:ef:57:48:
         b1:8d:c6:9c:cc:35:b6:0a:4a:19:6e:70:07:ce:28:0b:63:a0:
         35:da:f4:51:da:86:74:95:b8:75:4c:62:27:ec:a6:a5:a2:a2:
         a7:5d:78:00:7c:d0:44:5c:07:a8:4f:a5:8b:f6:43:9c:8a:76:
         15:60:44:5c:b4:8a:ea:2f:68:83:88:ec:03:dd:2e:8c:bb:98:
         29:d2:4f:de
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgIBfTANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFF
MEMzMzExMC8GA1UEBRMoODBCRTkzMEUzMDY0OUIxMkFDRUU4REM0MEI1NzVBQjdE
REU2NDk0NTAeFw0yNDA1MTQwNjQ2MTNaFw0yNTAxMzEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY2NDMwOGI1LWE1ZDYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDL3WTdnddpNBc5Ptd7TUYtUmGDkLbzl+R638fkZg3p4bbGC3V45WIEtjpzlWFZ
OxYFpDOCRPGSa1tjKTT2T6FI+3ntGGSzIq1kaiUz61MMjwGiqq69rBnLxIo0OLDG
3Ra4+UipxNAWPW908I+Ece6YSteM2IPWlab7/Hvvu9nqLZ6yR6wzXYIijuPY1VEo
pUh0CPVDq//c7x0xXlDJIAmC/o8soNi9MxXDQQ9MDl5ZvFB2U/ytD5AA0feusW7R
+MRFi+P0162Qng7xm/YuwkWLAEfCiJkCy52UkyuQWrIS1Ob3iTW4Qw3v5rBuIwP3
dvB17xbAmKb+COjUa2aPVgvRAgMBAAGjggKVMIICkTAdBgNVHQ4EFgQUlYtzB6HF
x2XCg2HfG/pbJH9PcG8wHwYDVR0jBBgwFoAUgL6TDjBkmxKs7o3EC1dat93mSUUw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUUwQzMzLzU0MjY1RjM0NjY4
NzExRUVCOTNEM0Y2Q0M0RjlBRTAyL2dMNlREakJrbXhLczdvM0VDMWRhdDkzbVNV
VS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvZ0w2VERqQmtteEtzN28zRUMxZGF0OTNtU1VVLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFF
MEMzMy81NDI2NUYzNDY2ODcxMUVFQjkzRDNGNkNDNEY5QUUwMi9BN0RFMjI3NDEx
QkQxMUVGQTAyRDM5MUNDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEAGf5cjANBgkqhkiG9w0BAQsFAAOCAQEAnaL1Ug8g1dFtYkV/
+50TO5yQzQXu0QdCylP4AWQD+LykNB6U6zHppgdbAdWZNJ7ZgGg3N+9GTy1ONKsh
ISJOLQrx445PTLMJL48kUbmBX3pyRHGiE88Hkvjw2SRxn7hK+e7Z/Hg98xIcI4Ek
Ta/CxMHB2WHcs8cL4IonXZHIkQPzar65fmNvK6RIOc52IaD6GQg81kumfkfbq4/S
Mt5pTYN9pDLja1g3Rj/3kVVB7eHS71dIsY3GnMw1tgpKGW5wB84oC2OgNdr0UdqG
dJW4dUxiJ+ympaKip114AHzQRFwHqE+li/ZDnIp2FWBEXLSK6i9og4jsA90ujLuY
KdJP3g==
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:43 2024 by rpki-client on console-fra.rpki-client.org