Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9111318/DC7451F21D9111E298E746F408B02CD2/8BDCC232E5A911EEA5FF1816C4F9AE02.roa
File:                     8BDCC232E5A911EEA5FF1816C4F9AE02.roa (raw, json)
Hash identifier:          pk2fk7v4BD8/Ubf3H5+Wid4zeOsOqU7wkQJjBJVwWB0=
Subject key identifier:   D2:43:A2:31:0F:68:45:80:16:89:8C:D6:DC:82:8E:A6:B4:97:6B:CA
Certificate issuer:       /CN=A9111318/serialNumber=806ABFF463594CAA30DE70A311AE2F849189BC64
Certificate serial:       346F
Authority key identifier: 80:6A:BF:F4:63:59:4C:AA:30:DE:70:A3:11:AE:2F:84:91:89:BC:64
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gGq_9GNZTKow3nCjEa4vhJGJvGQ.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9111318/DC7451F21D9111E298E746F408B02CD2/8BDCC232E5A911EEA5FF1816C4F9AE02.roa
Signing time:             Tue 19 Mar 2024 04:31:25 +0000
ROA not before:           Tue 19 Mar 2024 04:31:25 +0000
ROA not after:            Sat 31 Aug 2024 00:00:00 +0000
asID:                     38022
IP address blocks:        163.7.128.0/18 maxlen: 18
                          163.7.128.0/24 maxlen: 24
                          163.7.129.0/24 maxlen: 24
                          163.7.134.0/24 maxlen: 24
                          163.7.135.0/24 maxlen: 24
                          163.7.137.0/24 maxlen: 24
                          163.7.138.0/24 maxlen: 24
                          163.7.139.0/24 maxlen: 24
                          163.7.143.0/24 maxlen: 24
                          163.7.144.0/21 maxlen: 21
                          163.7.176.0/22 maxlen: 22
                          163.7.176.0/24 maxlen: 24
                          163.7.177.0/24 maxlen: 24
                          163.7.178.0/24 maxlen: 24
                          163.7.179.0/24 maxlen: 24
                          163.7.190.0/24 maxlen: 24
                          163.7.191.0/24 maxlen: 24
                          210.7.32.0/20 maxlen: 20
                          2404:138::/32 maxlen: 32
                          2404:138:204::/48 maxlen: 48
                          2404:138:205::/48 maxlen: 48
                          2404:138:206::/48 maxlen: 48
                          2404:138:207::/48 maxlen: 48
                          2404:138:1306::/48 maxlen: 48
                          2404:139::/32 maxlen: 32

Validation:               Failed, certificate revoked on Wed 20 Mar 2024 02:15:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 13423 (0x346f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9111318/serialNumber=806ABFF463594CAA30DE70A311AE2F849189BC64
        Validity
            Not Before: Mar 19 04:31:25 2024 GMT
            Not After : Aug 31 00:00:00 2024 GMT
        Subject: CN=65f9151d-3c4d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:4e:6f:4e:00:2b:9a:58:5e:8e:0a:29:1b:54:
                    f9:ea:a0:ae:72:19:de:d7:2e:9a:40:37:a4:46:60:
                    af:ab:02:70:22:28:be:f6:7f:bd:2e:19:62:3c:eb:
                    74:7e:44:57:ba:5c:7a:11:07:d1:ee:92:45:e1:ac:
                    5d:5f:e1:01:86:4d:54:5c:ab:e4:04:b1:58:38:41:
                    45:6f:02:c8:b2:8d:d7:89:c9:12:2d:d2:d2:75:16:
                    65:af:41:51:cb:5d:b1:5a:10:d6:e7:ec:4b:ef:95:
                    f5:16:99:9d:cf:0b:0d:15:7c:5f:1b:65:7d:76:52:
                    38:74:78:67:2b:8a:39:5b:6d:2d:97:67:e4:fa:dc:
                    e7:f8:bb:55:1a:ce:a8:78:0a:0f:65:6b:e8:8b:0a:
                    0c:41:41:b3:df:82:cc:18:1f:9e:19:8c:65:41:a5:
                    26:d9:51:13:b6:3e:fd:87:38:06:3b:da:cd:68:9d:
                    38:cc:7c:5d:a0:03:c8:38:ba:cb:d1:fe:76:96:06:
                    91:2b:95:ae:58:13:9c:77:23:14:18:b2:ed:45:57:
                    95:74:85:d8:c7:12:b1:a8:51:f5:9a:50:71:ba:ee:
                    37:a3:65:49:b8:b1:7a:d7:8f:22:58:b9:1e:02:9d:
                    9d:9c:53:fb:cf:8a:f2:3c:74:ac:98:14:45:8a:76:
                    66:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:43:A2:31:0F:68:45:80:16:89:8C:D6:DC:82:8E:A6:B4:97:6B:CA
            X509v3 Authority Key Identifier:
                keyid:80:6A:BF:F4:63:59:4C:AA:30:DE:70:A3:11:AE:2F:84:91:89:BC:64

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9111318/DC7451F21D9111E298E746F408B02CD2/gGq_9GNZTKow3nCjEa4vhJGJvGQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gGq_9GNZTKow3nCjEa4vhJGJvGQ.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9111318/DC7451F21D9111E298E746F408B02CD2/8BDCC232E5A911EEA5FF1816C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  163.7.128.0/18
                  210.7.32.0/20
                IPv6:
                  2404:138::/31

    Signature Algorithm: sha256WithRSAEncryption
         3b:00:c0:4e:c2:f8:5c:8a:08:a5:34:80:5a:10:59:a5:4d:50:
         92:e1:1c:26:9c:2a:5f:1e:27:df:99:b3:f8:fd:8b:55:27:82:
         28:35:0b:29:ff:8b:b4:a2:b0:ef:96:ce:df:54:5d:a3:8e:7c:
         7a:5e:e9:1d:f4:e0:51:95:2f:1f:9b:26:9b:ce:ac:72:b0:55:
         ae:83:24:79:66:d4:4a:5c:bb:42:53:3f:ce:a8:f6:83:f9:14:
         80:f3:e0:86:07:fe:51:b4:c3:ea:7e:86:3a:b6:3c:ba:07:c5:
         29:66:f3:38:c2:4b:e2:86:91:21:59:18:28:fa:0d:5b:ac:3f:
         37:bb:4e:3a:a2:70:82:de:d4:38:0d:0e:9e:ad:8e:dc:c0:ec:
         32:7d:f6:22:be:9d:c8:e8:71:48:bc:a1:2e:16:55:2e:01:c2:
         cc:ce:08:0f:d5:95:07:b6:4d:6a:df:70:ad:c7:d1:35:59:f8:
         67:53:82:88:06:e4:ed:36:d2:91:48:86:c1:fc:21:de:58:a3:
         c8:08:61:7b:d9:dd:ef:17:b4:10:b1:ff:f2:d7:2c:bb:03:7c:
         8d:4b:0a:f0:c2:d6:fd:da:92:60:30:7d:5d:2e:1b:fb:22:8a:
         36:67:d9:75:5d:c4:c8:e3:42:af:c3:1c:06:9e:bf:89:82:87:
         76:0e:6b:9f
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgICNG8wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MTEzMTgxMTAvBgNVBAUTKDgwNkFCRkY0NjM1OTRDQUEzMERFNzBBMzExQUUyRjg0
OTE4OUJDNjQwHhcNMjQwMzE5MDQzMTI1WhcNMjQwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWY5MTUxZC0zYzRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAxE5vTgArmlhejgopG1T56qCuchne1y6aQDekRmCvqwJwIii+9n+9LhliPOt0
fkRXulx6EQfR7pJF4axdX+EBhk1UXKvkBLFYOEFFbwLIso3XickSLdLSdRZlr0FR
y12xWhDW5+xL75X1FpmdzwsNFXxfG2V9dlI4dHhnK4o5W20tl2fk+tzn+LtVGs6o
eAoPZWvoiwoMQUGz34LMGB+eGYxlQaUm2VETtj79hzgGO9rNaJ04zHxdoAPIOLrL
0f52lgaRK5WuWBOcdyMUGLLtRVeVdIXYxxKxqFH1mlBxuu43o2VJuLF6148iWLke
Ap2dnFP7z4ryPHSsmBRFinZm+QIDAQABo4ICqjCCAqYwHQYDVR0OBBYEFNJDojEP
aEWAFomM1tyCjqa0l2vKMB8GA1UdIwQYMBaAFIBqv/RjWUyqMN5woxGuL4SRibxk
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTExMTMxOC9EQzc0NTFGMjFE
OTExMUUyOThFNzQ2RjQwOEIwMkNEMi9nR3FfOUdOWlRLb3czbkNqRWE0dmhKR0p2
R1EuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2dHcV85R05aVEtvdzNuQ2pFYTR2aEpHSnZHUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MTEzMTgvREM3NDUxRjIxRDkxMTFFMjk4RTc0NkY0MDhCMDJDRDIvOEJEQ0MyMzJF
NUE5MTFFRUE1RkYxODE2QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNAYIKwYBBQUHAQcBAf8E
JTAjMBIEAgABMAwDBAajB4ADBATSByAwDQQCAAIwBwMFASQEATgwDQYJKoZIhvcN
AQELBQADggEBADsAwE7C+FyKCKU0gFoQWaVNUJLhHCacKl8eJ9+Zs/j9i1Ungig1
Cyn/i7SisO+Wzt9UXaOOfHpe6R304FGVLx+bJpvOrHKwVa6DJHlm1Epcu0JTP86o
9oP5FIDz4IYH/lG0w+p+hjq2PLoHxSlm8zjCS+KGkSFZGCj6DVusPze7TjqicILe
1DgNDp6tjtzA7DJ99iK+ncjocUi8oS4WVS4BwszOCA/VlQe2TWrfcK3H0TVZ+GdT
gogG5O020pFIhsH8Id5Yo8gIYXvZ3e8XtBCx//LXLLsDfI1LCvDC1v3akmAwfV0u
G/siijZn2XVdxMjjQq/DHAaev4mCh3YOa58=
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:50:54 2024 by rpki-client on console-fra.rpki-client.org