Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A911B412/C1EA033CD2EA11EBA206B178C4F9AE02/8916A11A7D6E11EE88CBA548C4F9AE02.roa
File:                     8916A11A7D6E11EE88CBA548C4F9AE02.roa (raw, json)
Hash identifier:          YDHknKdRYsHX/55RtoobUwwk1KTxu3758MIG5PX1taA=
Subject key identifier:   9A:C5:9E:6F:B3:7A:9E:5E:AD:D4:3C:FD:13:9A:9E:AF:31:16:47:9D
Certificate issuer:       /CN=A911B412/serialNumber=873D595AF5569C20239F53DD80EB1177D80B0934
Certificate serial:       054D
Authority key identifier: 87:3D:59:5A:F5:56:9C:20:23:9F:53:DD:80:EB:11:77:D8:0B:09:34
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/hz1ZWvVWnCAjn1PdgOsRd9gLCTQ.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A911B412/C1EA033CD2EA11EBA206B178C4F9AE02/8916A11A7D6E11EE88CBA548C4F9AE02.roa
Signing time:             Tue 07 Nov 2023 13:06:59 +0000
ROA not before:           Tue 07 Nov 2023 13:06:59 +0000
ROA not after:            Mon 30 Dec 2024 00:00:00 +0000
asID:                     132422
IP address blocks:        43.252.208.0/24 maxlen: 24
                          43.252.209.0/24 maxlen: 24
                          43.252.210.0/24 maxlen: 24
                          43.252.211.0/24 maxlen: 24
                          103.228.64.0/24 maxlen: 24
                          103.234.54.0/24 maxlen: 24
                          150.107.0.0/24 maxlen: 24
                          150.107.1.0/24 maxlen: 24
                          150.107.2.0/24 maxlen: 24
                          150.107.3.0/24 maxlen: 24
                          150.129.42.0/24 maxlen: 24
                          163.53.16.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 22 Nov 2023 06:10:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1357 (0x54d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A911B412/serialNumber=873D595AF5569C20239F53DD80EB1177D80B0934
        Validity
            Not Before: Nov  7 13:06:59 2023 GMT
            Not After : Dec 30 00:00:00 2024 GMT
        Subject: CN=654a3673-4c8d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:7c:0f:52:ca:08:2f:34:bb:79:e2:7c:5c:0b:
                    11:48:c0:f4:1e:6b:aa:ec:a4:5e:94:6e:fe:4a:84:
                    97:c2:14:7c:00:52:41:33:cf:f0:b6:0d:43:ac:b4:
                    95:8d:cc:43:3b:85:16:1c:84:c2:eb:54:ad:ee:ed:
                    08:68:80:f9:3a:ff:95:9e:b4:19:a8:10:c4:f8:2f:
                    47:d4:22:6d:4f:d9:1f:47:d7:95:32:40:11:9f:cc:
                    0c:7b:88:5c:86:35:d5:94:0b:bf:fd:ed:a3:be:ca:
                    8b:cc:97:fc:e0:81:ee:c7:c2:7f:ae:21:6b:fc:ea:
                    1c:7e:14:21:6c:33:39:07:99:82:d6:f1:a6:64:b9:
                    a0:d7:2d:e9:94:28:41:20:35:25:35:72:42:47:5a:
                    7e:63:ef:17:d5:3d:8d:6e:c1:a4:1b:98:ba:c8:b8:
                    3e:ec:c3:bc:2c:c2:67:57:01:54:4a:fc:6c:86:66:
                    22:f9:2e:85:73:9c:48:8f:5e:3c:5d:1b:34:30:b1:
                    a2:57:7d:49:cc:a7:1b:9f:f2:0a:1f:e8:b9:05:a8:
                    29:b5:fe:67:88:92:12:fd:b3:3e:f4:a6:7f:93:2a:
                    0b:2a:0e:d3:73:b2:69:49:90:22:48:9c:80:6c:0c:
                    d8:8b:d4:a4:bd:e4:6c:d7:c4:79:1c:60:1b:3f:0c:
                    94:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:C5:9E:6F:B3:7A:9E:5E:AD:D4:3C:FD:13:9A:9E:AF:31:16:47:9D
            X509v3 Authority Key Identifier:
                keyid:87:3D:59:5A:F5:56:9C:20:23:9F:53:DD:80:EB:11:77:D8:0B:09:34

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A911B412/C1EA033CD2EA11EBA206B178C4F9AE02/hz1ZWvVWnCAjn1PdgOsRd9gLCTQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/hz1ZWvVWnCAjn1PdgOsRd9gLCTQ.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A911B412/C1EA033CD2EA11EBA206B178C4F9AE02/8916A11A7D6E11EE88CBA548C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.252.208.0/22
                  103.228.64.0/24
                  103.234.54.0/24
                  150.107.0.0/22
                  150.129.42.0/24
                  163.53.16.0/24

    Signature Algorithm: sha256WithRSAEncryption
         4c:d2:3c:16:05:52:6c:1b:64:ae:58:18:3b:42:7b:78:54:7b:
         ea:9f:3e:d0:ef:d2:2f:5c:b9:c3:0f:d5:e8:67:12:0b:af:25:
         a2:b6:ed:bb:55:c8:26:79:c2:33:ad:a6:d7:1b:69:31:d4:af:
         3c:3a:e0:f2:aa:78:e1:4b:c5:27:b7:58:bf:61:ff:6b:14:f1:
         6a:af:98:ad:2f:a3:9b:29:47:d2:a4:9d:40:09:9b:be:33:55:
         cb:4c:72:f5:07:75:d7:08:cd:d2:1c:a7:22:71:a2:d3:f2:75:
         02:01:fd:8d:74:84:85:cd:a5:35:bc:ff:eb:1c:3d:cf:9b:2c:
         dd:07:a6:08:e4:2d:78:98:3d:b4:63:cd:2f:23:de:3a:0d:a1:
         92:bb:9b:39:fb:69:9b:a1:8f:f4:6b:6c:b0:27:5a:6b:36:98:
         9f:bf:a6:cb:c7:d8:0d:9b:6a:01:b3:98:ed:e8:51:c9:03:14:
         a2:2c:59:b6:f5:36:f7:b3:a4:3c:45:31:99:94:bd:9c:a1:45:
         4d:df:6f:57:b2:50:3c:66:81:2c:49:77:ce:af:f2:bf:76:6f:
         48:50:d1:3f:3b:4f:bf:82:5e:9e:ea:28:90:0b:75:7e:30:a6:
         e7:15:87:2b:13:23:15:eb:f3:1e:6d:f7:69:bd:7f:14:f8:01:
         8e:27:e8:b3
-----BEGIN CERTIFICATE-----
MIIFjzCCBHegAwIBAgICBU0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MUI0MTIxMTAvBgNVBAUTKDg3M0Q1OTVBRjU1NjlDMjAyMzlGNTNERDgwRUIxMTc3
RDgwQjA5MzQwHhcNMjMxMTA3MTMwNjU5WhcNMjQxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTRhMzY3My00YzhkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAynwPUsoILzS7eeJ8XAsRSMD0Hmuq7KRelG7+SoSXwhR8AFJBM8/wtg1DrLSV
jcxDO4UWHITC61St7u0IaID5Ov+VnrQZqBDE+C9H1CJtT9kfR9eVMkARn8wMe4hc
hjXVlAu//e2jvsqLzJf84IHux8J/riFr/OocfhQhbDM5B5mC1vGmZLmg1y3plChB
IDUlNXJCR1p+Y+8X1T2NbsGkG5i6yLg+7MO8LMJnVwFUSvxshmYi+S6Fc5xIj148
XRs0MLGiV31JzKcbn/IKH+i5Bagptf5niJIS/bM+9KZ/kyoLKg7Tc7JpSZAiSJyA
bAzYi9SkveRs18R5HGAbPwyUmQIDAQABo4ICszCCAq8wHQYDVR0OBBYEFJrFnm+z
ep5erdQ8/ROanq8xFkedMB8GA1UdIwQYMBaAFIc9WVr1VpwgI59T3YDrEXfYCwk0
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTExQjQxMi9DMUVBMDMzQ0Qy
RUExMUVCQTIwNkIxNzhDNEY5QUUwMi9oejFaV3ZWV25DQWpuMVBkZ09zUmQ5Z0xD
VFEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2h6MVpXdlZXbkNBam4xUGRnT3NSZDlnTENUUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MUI0MTIvQzFFQTAzM0NEMkVBMTFFQkEyMDZCMTc4QzRGOUFFMDIvODkxNkExMUE3
RDZFMTFFRTg4Q0JBNTQ4QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwPQYIKwYBBQUHAQcBAf8E
LjAsMCoEAgABMCQDBAIr/NADBABn5EADBABn6jYDBAKWawADBACWgSoDBACjNRAw
DQYJKoZIhvcNAQELBQADggEBAEzSPBYFUmwbZK5YGDtCe3hUe+qfPtDv0i9cucMP
1ehnEguvJaK27btVyCZ5wjOtptcbaTHUrzw64PKqeOFLxSe3WL9h/2sU8WqvmK0v
o5spR9KknUAJm74zVctMcvUHddcIzdIcpyJxotPydQIB/Y10hIXNpTW8/+scPc+b
LN0HpgjkLXiYPbRjzS8j3joNoZK7mzn7aZuhj/RrbLAnWms2mJ+/psvH2A2bagGz
mO3oUckDFKIsWbb1NvezpDxFMZmUvZyhRU3fb1eyUDxmgSxJd86v8r92b0hQ0T87
T7+CXp7qKJALdX4wpucVhysTIxXr8x5t92m9fxT4AY4n6LM=
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:50:55 2024 by rpki-client on console-fra.rpki-client.org