Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A911A0AB/744526F60FA111EFA6788886C4F9AE02/8F7EB7560FA211EF9973D20FC4F9AE02.roa
File:                     8F7EB7560FA211EF9973D20FC4F9AE02.roa (raw, json)
Hash identifier:          KgI85aHCH0n9a6s6ffJmw2EsEhFYRsWWLA+fH7x9vC0=
Subject key identifier:   F3:D2:63:55:BB:AC:FB:FE:B8:CC:D8:17:0D:E5:6F:64:9D:9A:F6:02
Certificate issuer:       /CN=A911A0AB/serialNumber=265703D85933F45D9B04DAB77237584FC92D9D44
Certificate serial:       02
Authority key identifier: 26:57:03:D8:59:33:F4:5D:9B:04:DA:B7:72:37:58:4F:C9:2D:9D:44
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/JlcD2Fkz9F2bBNq3cjdYT8ktnUQ.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A911A0AB/744526F60FA111EFA6788886C4F9AE02/8F7EB7560FA211EF9973D20FC4F9AE02.roa
Signing time:             Sat 11 May 2024 14:27:14 +0000
ROA not before:           Sat 11 May 2024 14:27:14 +0000
ROA not after:            Thu 01 May 2025 00:00:00 +0000
asID:                     136170
IP address blocks:        45.64.0.0/22 maxlen: 22
                          45.64.2.0/24 maxlen: 24
                          49.50.8.0/22 maxlen: 22
                          49.50.8.0/24 maxlen: 24
                          49.50.9.0/24 maxlen: 24
                          49.50.10.0/24 maxlen: 24
                          49.50.11.0/24 maxlen: 24
                          103.11.74.0/23 maxlen: 23
                          103.25.222.0/23 maxlen: 23
                          103.82.240.0/22 maxlen: 22
                          103.229.72.0/22 maxlen: 22
                          103.229.73.0/24 maxlen: 24
                          2400:88c0::/32 maxlen: 32

Validation:               Failed, certificate revoked on Wed 18 Sep 2024 04:49:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A911A0AB/serialNumber=265703D85933F45D9B04DAB77237584FC92D9D44
        Validity
            Not Before: May 11 14:27:14 2024 GMT
            Not After : May  1 00:00:00 2025 GMT
        Subject: CN=663f8042-9401
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:13:de:5d:6c:93:5b:a2:04:0d:24:05:48:47:
                    b4:ca:48:96:6d:ea:8e:ca:57:d2:28:8e:c0:71:b2:
                    b4:90:e4:93:a0:f3:1d:85:8a:03:56:e2:3a:c7:d6:
                    b7:0b:80:28:31:9b:f6:70:b9:f7:33:50:db:e3:da:
                    87:eb:09:3a:a3:91:2b:2a:f8:b3:1c:a8:59:2b:c0:
                    bf:08:82:3c:35:e0:0b:0d:8a:ec:e1:e4:ae:fb:f6:
                    da:73:de:b2:a1:51:31:b6:4a:bb:d4:a0:da:ae:63:
                    91:cb:a0:87:db:c4:30:d6:7d:70:6a:02:c8:f9:ae:
                    6c:23:b6:12:c9:b7:09:5d:bf:d4:76:c1:ff:2a:68:
                    50:6f:8c:7f:b3:d0:14:f8:e4:7b:a0:2d:3d:37:66:
                    0f:bc:66:ca:0c:0d:21:f0:b8:f8:a1:be:31:50:b1:
                    0c:89:6d:11:12:47:1e:f4:85:78:5e:f2:e2:f3:09:
                    70:5b:bb:e8:8c:1b:f5:90:7e:da:02:11:58:7b:ed:
                    61:d5:f2:4a:a0:01:8f:0f:e4:d2:18:3a:b3:52:6a:
                    d5:06:2a:c5:58:11:b5:78:93:98:50:6a:02:a9:0c:
                    a2:58:5f:b1:06:81:f6:b8:37:b7:ed:a1:2b:fc:e6:
                    61:85:b1:87:d3:88:4c:a9:fc:46:d1:12:2f:de:45:
                    0a:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:D2:63:55:BB:AC:FB:FE:B8:CC:D8:17:0D:E5:6F:64:9D:9A:F6:02
            X509v3 Authority Key Identifier:
                keyid:26:57:03:D8:59:33:F4:5D:9B:04:DA:B7:72:37:58:4F:C9:2D:9D:44

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A911A0AB/744526F60FA111EFA6788886C4F9AE02/JlcD2Fkz9F2bBNq3cjdYT8ktnUQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/JlcD2Fkz9F2bBNq3cjdYT8ktnUQ.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A911A0AB/744526F60FA111EFA6788886C4F9AE02/8F7EB7560FA211EF9973D20FC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.64.0.0/22
                  49.50.8.0/22
                  103.11.74.0/23
                  103.25.222.0/23
                  103.82.240.0/22
                  103.229.72.0/22
                IPv6:
                  2400:88c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         20:db:08:00:60:e2:4e:c0:3f:94:67:18:ee:d9:67:e4:78:02:
         8e:61:6a:db:f9:7e:fc:af:d8:36:58:fd:c7:5f:19:8d:55:0f:
         2f:90:25:a4:96:14:2c:e5:0a:6f:2b:73:36:32:75:a8:3f:a7:
         54:52:c0:2b:6c:58:22:6c:93:6d:18:9c:0e:f0:d2:b3:3c:1a:
         aa:88:ac:c1:0a:11:fc:56:c1:b1:ef:91:0e:a0:d3:d9:81:89:
         47:86:38:53:bf:ae:6d:4b:d0:17:c5:d4:97:ba:82:7e:cc:63:
         48:28:6f:97:7c:28:5f:93:ce:bf:61:9b:06:6d:63:2e:86:03:
         af:30:1f:3a:93:5a:04:19:13:ad:06:a1:18:50:f8:42:d1:f7:
         bb:05:fd:b8:d7:d3:9e:bc:86:03:a9:8d:1c:b2:7b:45:f2:77:
         ea:57:c5:bf:43:d4:2c:3b:b8:da:9c:62:fb:93:10:f8:bf:89:
         1f:e6:98:63:65:20:65:4f:fd:1e:75:ec:cb:b9:e7:c4:23:71:
         e1:87:77:46:45:cf:1c:f6:a6:e6:4f:7a:79:be:c8:cb:cf:e0:
         21:6a:6a:81:84:8d:f0:05:38:44:26:82:d1:38:c5:47:cc:f8:
         a1:f5:3d:00:82:7e:a7:b4:76:13:66:90:eb:d4:87:7d:c8:43:
         51:ef:2b:d5
-----BEGIN CERTIFICATE-----
MIIFnTCCBIWgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTEx
QTBBQjExMC8GA1UEBRMoMjY1NzAzRDg1OTMzRjQ1RDlCMDREQUI3NzIzNzU4NEZD
OTJEOUQ0NDAeFw0yNDA1MTExNDI3MTRaFw0yNTA1MDEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY2M2Y4MDQyLTk0MDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDwE95dbJNbogQNJAVIR7TKSJZt6o7KV9IojsBxsrSQ5JOg8x2FigNW4jrH1rcL
gCgxm/ZwufczUNvj2ofrCTqjkSsq+LMcqFkrwL8Igjw14AsNiuzh5K779tpz3rKh
UTG2SrvUoNquY5HLoIfbxDDWfXBqAsj5rmwjthLJtwldv9R2wf8qaFBvjH+z0BT4
5HugLT03Zg+8ZsoMDSHwuPihvjFQsQyJbRESRx70hXhe8uLzCXBbu+iMG/WQftoC
EVh77WHV8kqgAY8P5NIYOrNSatUGKsVYEbV4k5hQagKpDKJYX7EGgfa4N7ftoSv8
5mGFsYfTiEyp/EbREi/eRQq3AgMBAAGjggLCMIICvjAdBgNVHQ4EFgQU89JjVbus
+/64zNgXDeVvZJ2a9gIwHwYDVR0jBBgwFoAUJlcD2Fkz9F2bBNq3cjdYT8ktnUQw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTFBMEFCLzc0NDUyNkY2MEZB
MTExRUZBNjc4ODg4NkM0RjlBRTAyL0psY0QyRmt6OUYyYkJOcTNjamRZVDhrdG5V
US5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvSmxjRDJGa3o5RjJiQk5xM2NqZFlUOGt0blVRLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEx
QTBBQi83NDQ1MjZGNjBGQTExMUVGQTY3ODg4ODZDNEY5QUUwMi84RjdFQjc1NjBG
QTIxMUVGOTk3M0QyMEZDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDBMBggrBgEFBQcBBwEB/wQ9
MDswKgQCAAEwJAMEAi1AAAMEAjEyCAMEAWcLSgMEAWcZ3gMEAmdS8AMEAmflSDAN
BAIAAjAHAwUAJACIwDANBgkqhkiG9w0BAQsFAAOCAQEAINsIAGDiTsA/lGcY7tln
5HgCjmFq2/l+/K/YNlj9x18ZjVUPL5AlpJYULOUKbytzNjJ1qD+nVFLAK2xYImyT
bRicDvDSszwaqoiswQoR/FbBse+RDqDT2YGJR4Y4U7+ubUvQF8XUl7qCfsxjSChv
l3woX5POv2GbBm1jLoYDrzAfOpNaBBkTrQahGFD4QtH3uwX9uNfTnryGA6mNHLJ7
RfJ36lfFv0PULDu42pxi+5MQ+L+JH+aYY2UgZU/9HnXsy7nnxCNx4Yd3RkXPHPam
5k96eb7Iy8/gIWpqgYSN8AU4RCaC0TjFR8z4ofU9AIJ+p7R2E2aQ69SHfchDUe8r
1Q==
-----END CERTIFICATE-----
Generated at Wed Sep 18 08:51:06 2024 by rpki-client on console-ams.rpki-client.org