Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91EB2B8/3F44CBAE2F4D11ED8F5A6A64C4F9AE02/A3F9947EED6311EDB69EB62AC4F9AE02.roa
File:                     A3F9947EED6311EDB69EB62AC4F9AE02.roa (raw, json)
Hash identifier:          ch/hkPBw5amprk6P6FpE6XcAO6PyDK55R7r9ol/Iraw=
Subject key identifier:   7B:85:AE:0E:BE:6A:EE:47:3F:56:92:22:F9:78:0C:7F:CE:BA:C2:50
Certificate issuer:       /CN=A91EB2B8/serialNumber=A69700E78D0C812AD2E2C114C82C655A0ACD447F
Certificate serial:       01AA
Authority key identifier: A6:97:00:E7:8D:0C:81:2A:D2:E2:C1:14:C8:2C:65:5A:0A:CD:44:7F
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ppcA540MgSrS4sEUyCxlWgrNRH8.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91EB2B8/3F44CBAE2F4D11ED8F5A6A64C4F9AE02/A3F9947EED6311EDB69EB62AC4F9AE02.roa
Signing time:             Fri 21 Jun 2024 03:54:43 +0000
ROA not before:           Fri 21 Jun 2024 03:54:43 +0000
ROA not after:            Sun 31 Aug 2025 00:00:00 +0000
asID:                     139057
IP address blocks:        103.138.246.0/24 maxlen: 24
                          103.138.247.0/24 maxlen: 24
                          103.243.92.0/24 maxlen: 24
                          103.243.93.0/24 maxlen: 24
                          103.243.94.0/24 maxlen: 24
                          103.243.95.0/24 maxlen: 24
                          123.108.72.0/24 maxlen: 24
                          123.108.73.0/24 maxlen: 24
                          123.108.74.0/24 maxlen: 24
                          123.108.75.0/24 maxlen: 24
                          2407:2440:1::/48 maxlen: 48
                          2407:2440:2::/48 maxlen: 48
                          2407:2440:3::/48 maxlen: 48
                          2407:2440:4::/48 maxlen: 48
                          2407:2440:5::/48 maxlen: 48
                          2407:2440:6::/48 maxlen: 48
                          2407:2440:7::/48 maxlen: 48
                          2407:2440:8::/48 maxlen: 48
                          2407:2440:9::/48 maxlen: 48
                          2407:2440:a::/48 maxlen: 48
                          2407:2440:b::/48 maxlen: 48
                          2407:2440:c::/48 maxlen: 48
                          2407:2440:d::/48 maxlen: 48
                          2407:2440:e::/48 maxlen: 48
                          2407:2440:f::/48 maxlen: 48
                          2407:2440:10::/48 maxlen: 48
                          2407:2440:11::/48 maxlen: 48
                          2407:2440:12::/48 maxlen: 48
                          2407:2440:13::/48 maxlen: 48
                          2407:2440:14::/48 maxlen: 48
                          2407:2440:15::/48 maxlen: 48
                          2407:2440:16::/48 maxlen: 48
                          2407:2440:17::/48 maxlen: 48
                          2407:2440:18::/48 maxlen: 48
                          2407:2440:19::/48 maxlen: 48
                          2407:2440:1e::/48 maxlen: 48
                          2407:2440:1f::/48 maxlen: 48
                          2407:2440:20::/48 maxlen: 48
                          2407:2440:22::/48 maxlen: 48
                          2407:2440:23::/48 maxlen: 48
                          2407:2440:25::/48 maxlen: 48
                          2407:2440:28::/48 maxlen: 48
                          2407:2440:29::/48 maxlen: 48
                          2407:2440:2a::/48 maxlen: 48

Validation:               Failed, certificate revoked on Mon 15 Jul 2024 08:38:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 426 (0x1aa)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91EB2B8/serialNumber=A69700E78D0C812AD2E2C114C82C655A0ACD447F
        Validity
            Not Before: Jun 21 03:54:43 2024 GMT
            Not After : Aug 31 00:00:00 2025 GMT
        Subject: CN=6674f983-50b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:5f:cd:88:25:68:f2:d3:f1:34:f2:08:37:64:
                    1e:0b:2b:ff:73:e2:2f:4d:ea:72:3e:a5:41:16:d6:
                    8f:92:eb:b3:91:10:d0:31:14:5c:d6:94:b5:ac:b6:
                    f7:d1:c0:c5:63:32:92:c2:02:29:cb:91:5c:d8:57:
                    8b:d4:89:f9:f8:97:58:31:62:ee:f1:5b:c7:30:01:
                    05:31:ba:2f:71:5b:72:82:02:0d:03:ff:77:31:6e:
                    b0:31:84:56:22:f2:18:fe:4f:6a:e1:75:ab:6b:6a:
                    ea:f1:da:bb:55:9e:df:20:3b:eb:b4:c7:af:dd:fd:
                    85:0c:b3:8a:e9:e3:e2:24:40:05:4a:15:f1:96:eb:
                    b2:a2:d2:a0:b0:ed:63:5d:a4:55:ec:80:21:7d:5f:
                    e0:96:0b:aa:0a:19:22:10:b4:17:51:f9:a3:e0:c6:
                    9c:92:b2:5b:70:39:2a:5c:ba:e7:b2:51:10:cf:f3:
                    1f:5f:db:71:72:83:7d:9b:9e:d4:3f:9f:72:15:33:
                    a9:79:f0:7c:9f:7f:0b:72:be:07:3e:c3:4f:f7:86:
                    72:52:43:24:c3:13:91:2e:40:34:97:29:5b:54:93:
                    34:7d:a5:14:95:61:d5:1f:9a:3c:a4:66:12:9f:65:
                    57:15:07:52:65:da:70:74:4b:1c:a8:2f:c4:ee:d4:
                    f6:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:85:AE:0E:BE:6A:EE:47:3F:56:92:22:F9:78:0C:7F:CE:BA:C2:50
            X509v3 Authority Key Identifier:
                keyid:A6:97:00:E7:8D:0C:81:2A:D2:E2:C1:14:C8:2C:65:5A:0A:CD:44:7F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91EB2B8/3F44CBAE2F4D11ED8F5A6A64C4F9AE02/ppcA540MgSrS4sEUyCxlWgrNRH8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ppcA540MgSrS4sEUyCxlWgrNRH8.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91EB2B8/3F44CBAE2F4D11ED8F5A6A64C4F9AE02/A3F9947EED6311EDB69EB62AC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.138.246.0/23
                  103.243.92.0/22
                  123.108.72.0/22
                IPv6:
                  2407:2440:1::-2407:2440:19:ffff:ffff:ffff:ffff:ffff
                  2407:2440:1e::-2407:2440:20:ffff:ffff:ffff:ffff:ffff
                  2407:2440:22::/47
                  2407:2440:25::/48
                  2407:2440:28::-2407:2440:2a:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         aa:9f:00:de:1b:d3:f7:86:9e:13:51:d8:f7:3b:56:ff:a2:40:
         fe:e7:9d:ef:6a:1d:78:91:bd:55:b4:42:d5:82:fb:cb:15:e6:
         36:09:66:22:0f:a2:75:a5:94:e9:57:17:07:67:cb:9f:3b:f5:
         3b:bf:71:15:1e:dc:9b:c2:81:4b:c4:17:7b:ad:d3:6d:6e:cd:
         91:3d:2e:a2:d5:91:eb:08:25:56:6d:5e:70:30:b6:ca:8c:2f:
         2a:ba:02:b4:df:b5:a7:54:75:2c:0e:f7:ca:c1:06:b6:34:1d:
         7e:81:4f:62:30:b1:0a:86:c6:95:b4:4a:38:f5:26:d8:0b:0b:
         42:70:49:61:e7:90:2d:4c:73:03:8a:57:89:53:ed:1f:3e:b9:
         8c:3e:d5:cc:72:9a:de:15:ab:56:42:74:12:6a:9c:33:e0:86:
         37:b2:48:4b:37:b9:aa:7d:86:ed:71:60:1c:10:d0:3b:cf:7c:
         0e:6b:87:c4:36:f4:4d:72:85:2b:71:43:39:63:1b:5d:51:eb:
         38:b1:a2:0e:23:cb:de:17:2b:70:9c:e9:7c:06:8b:1f:8d:d8:
         02:52:3a:a7:a6:c0:34:dc:1f:ad:2b:4a:3d:74:4b:62:2f:d9:
         53:d2:01:a4:9e:ee:da:72:13:e6:3e:28:a9:56:a3:2c:f0:9c:
         c5:2f:95:95
-----BEGIN CERTIFICATE-----
MIIF1DCCBLygAwIBAgICAaowDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RUIyQjgxMTAvBgNVBAUTKEE2OTcwMEU3OEQwQzgxMkFEMkUyQzExNEM4MkM2NTVB
MEFDRDQ0N0YwHhcNMjQwNjIxMDM1NDQzWhcNMjUwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02Njc0Zjk4My01MGI4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAu1/NiCVo8tPxNPIIN2QeCyv/c+IvTepyPqVBFtaPkuuzkRDQMRRc1pS1rLb3
0cDFYzKSwgIpy5Fc2FeL1In5+JdYMWLu8VvHMAEFMbovcVtyggINA/93MW6wMYRW
IvIY/k9q4XWra2rq8dq7VZ7fIDvrtMev3f2FDLOK6ePiJEAFShXxluuyotKgsO1j
XaRV7IAhfV/glguqChkiELQXUfmj4MackrJbcDkqXLrnslEQz/MfX9txcoN9m57U
P59yFTOpefB8n38Lcr4HPsNP94ZyUkMkwxORLkA0lylbVJM0faUUlWHVH5o8pGYS
n2VXFQdSZdpwdEscqC/E7tT24wIDAQABo4IC+DCCAvQwHQYDVR0OBBYEFHuFrg6+
au5HP1aSIvl4DH/OusJQMB8GA1UdIwQYMBaAFKaXAOeNDIEq0uLBFMgsZVoKzUR/
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFQjJCOC8zRjQ0Q0JBRTJG
NEQxMUVEOEY1QTZBNjRDNEY5QUUwMi9wcGNBNTQwTWdTclM0c0VVeUN4bFdnck5S
SDguY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3BwY0E1NDBNZ1NyUzRzRVV5Q3hsV2dyTlJIOC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RUIyQjgvM0Y0NENCQUUyRjREMTFFRDhGNUE2QTY0QzRGOUFFMDIvQTNGOTk0N0VF
RDYzMTFFREI2OUVCNjJBQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgYEGCCsGAQUFBwEHAQH/
BHIwcDAYBAIAATASAwQBZ4r2AwQCZ/NcAwQCe2xIMFQEAgACME4wEgMHACQHJEAA
AQMHASQHJEAAGDASAwcBJAckQAAeAwcAJAckQAAgAwcBJAckQAAiAwcAJAckQAAl
MBIDBwMkByRAACgDBwAkByRAACowDQYJKoZIhvcNAQELBQADggEBAKqfAN4b0/eG
nhNR2Pc7Vv+iQP7nne9qHXiRvVW0QtWC+8sV5jYJZiIPonWllOlXFwdny5879Tu/
cRUe3JvCgUvEF3ut021uzZE9LqLVkesIJVZtXnAwtsqMLyq6ArTftadUdSwO98rB
BrY0HX6BT2IwsQqGxpW0Sjj1JtgLC0JwSWHnkC1McwOKV4lT7R8+uYw+1cxymt4V
q1ZCdBJqnDPghjeySEs3uap9hu1xYBwQ0DvPfA5rh8Q29E1yhStxQzljG11R6zix
og4jy94XK3Cc6XwGix+N2AJSOqemwDTcH60rSj10S2Iv2VPSAaSe7tpyE+Y+KKlW
oyzwnMUvlZU=
-----END CERTIFICATE-----
Generated at Mon Jul 15 10:55:54 2024 by rpki-client on console-ams.rpki-client.org