Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A911B412/C1EA033CD2EA11EBA206B178C4F9AE02/91CA42BC681511EE880F7E85C4F9AE02.roa
File:                     91CA42BC681511EE880F7E85C4F9AE02.roa (raw, json)
Hash identifier:          dvG68TlPOJqtQg5az4o0k2GV9qtf3lUx+CHrRzFlh/I=
Subject key identifier:   9D:92:19:C5:4F:B6:FD:61:CE:0F:4C:8A:75:F8:BB:AC:CA:C0:5E:58
Certificate issuer:       /CN=A911B412/serialNumber=873D595AF5569C20239F53DD80EB1177D80B0934
Certificate serial:       0535
Authority key identifier: 87:3D:59:5A:F5:56:9C:20:23:9F:53:DD:80:EB:11:77:D8:0B:09:34
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/hz1ZWvVWnCAjn1PdgOsRd9gLCTQ.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A911B412/C1EA033CD2EA11EBA206B178C4F9AE02/91CA42BC681511EE880F7E85C4F9AE02.roa
Signing time:             Fri 13 Oct 2023 00:53:07 +0000
ROA not before:           Fri 13 Oct 2023 00:53:07 +0000
ROA not after:            Mon 30 Dec 2024 00:00:00 +0000
asID:                     40065
IP address blocks:        43.229.154.0/24 maxlen: 24
                          103.20.222.0/24 maxlen: 24
                          103.20.223.0/24 maxlen: 24
                          103.48.169.0/24 maxlen: 24
                          103.225.199.0/24 maxlen: 24
                          150.129.41.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 03 Sep 2024 08:02:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1333 (0x535)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A911B412/serialNumber=873D595AF5569C20239F53DD80EB1177D80B0934
        Validity
            Not Before: Oct 13 00:53:07 2023 GMT
            Not After : Dec 30 00:00:00 2024 GMT
        Subject: CN=652894f2-7191
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:24:f2:9e:17:8c:00:b4:4e:20:ce:5e:69:31:
                    c3:60:54:0d:c0:f4:99:9a:d6:61:78:6a:07:c9:d4:
                    f1:ad:cd:28:54:1d:92:20:b2:0b:f1:a3:35:16:c3:
                    25:84:e6:b9:42:93:58:ba:b0:60:19:a4:f1:87:c5:
                    67:5a:29:e1:30:0e:82:26:68:f6:8b:fc:9c:0e:69:
                    b0:d6:19:9a:73:c4:f3:83:2b:c9:db:26:e6:d1:ea:
                    8a:b1:bf:02:4c:b4:0b:38:fa:c8:91:36:da:47:86:
                    95:06:97:19:d5:f1:c4:07:1d:4c:9b:c6:3f:99:4e:
                    61:95:01:81:c3:6d:6d:2e:8b:43:fa:1d:eb:62:09:
                    07:61:a4:0d:01:b9:40:c0:e2:c3:97:05:c8:c0:f9:
                    12:02:6c:d1:96:99:f3:de:71:dd:20:ba:4e:71:9e:
                    d1:05:46:9d:a3:97:97:aa:a2:e4:45:4c:7a:77:c8:
                    ab:14:57:9d:ff:ae:50:a7:b7:4e:c9:41:d2:8a:2e:
                    72:0f:ae:8f:fd:f4:9e:d0:0d:c1:7c:87:c7:df:8b:
                    65:82:ae:02:38:23:f0:b0:71:9f:e8:4d:a5:e3:90:
                    ed:38:71:1f:bf:41:51:91:73:e1:ba:28:64:04:77:
                    03:f9:20:5d:01:5c:15:4a:ee:e8:a0:47:e3:4b:62:
                    dd:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9D:92:19:C5:4F:B6:FD:61:CE:0F:4C:8A:75:F8:BB:AC:CA:C0:5E:58
            X509v3 Authority Key Identifier:
                keyid:87:3D:59:5A:F5:56:9C:20:23:9F:53:DD:80:EB:11:77:D8:0B:09:34

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A911B412/C1EA033CD2EA11EBA206B178C4F9AE02/hz1ZWvVWnCAjn1PdgOsRd9gLCTQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/hz1ZWvVWnCAjn1PdgOsRd9gLCTQ.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A911B412/C1EA033CD2EA11EBA206B178C4F9AE02/91CA42BC681511EE880F7E85C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.229.154.0/24
                  103.20.222.0/23
                  103.48.169.0/24
                  103.225.199.0/24
                  150.129.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2a:53:5e:18:4f:b5:a0:af:ab:e8:cd:a8:a7:94:4a:49:3d:b5:
         17:4e:40:b4:6c:d8:02:2a:59:40:91:2f:0d:87:36:ba:f2:42:
         91:d9:9a:77:99:c4:70:f4:21:da:86:fb:e8:9e:4f:74:db:f6:
         f4:08:18:14:ec:c5:d6:e9:5d:26:0f:4e:f4:8a:85:c4:3d:2f:
         c8:db:b3:54:d5:f8:ca:51:24:ea:bd:4c:d5:ee:f4:d2:36:97:
         3c:c8:2e:ff:66:10:83:69:f7:54:53:c5:69:c7:fe:93:82:f5:
         7c:19:08:aa:3c:32:86:f2:25:98:e0:9a:85:97:e6:da:05:80:
         bc:ae:25:6d:c2:53:be:c4:b1:2c:eb:d8:45:bf:96:d4:24:72:
         98:42:f7:dc:29:a3:38:7b:82:2c:46:80:a8:c3:5c:ac:1f:03:
         f0:e6:fc:19:b1:03:c2:43:84:23:c8:82:19:28:44:b5:01:3e:
         d0:1f:62:9f:6c:e8:2b:72:67:df:ff:2c:f3:60:76:d6:05:cb:
         1d:ff:91:bb:0f:d2:d6:d9:8f:c3:40:dc:93:10:5d:43:7b:a6:
         1b:86:c5:f2:38:d4:40:d0:2d:c8:02:25:88:0a:f2:85:3d:24:
         65:bb:45:e4:e9:2b:0d:99:6d:68:58:ad:75:1a:a9:91:86:0b:
         7c:f7:23:0b
-----BEGIN CERTIFICATE-----
MIIFiTCCBHGgAwIBAgICBTUwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MUI0MTIxMTAvBgNVBAUTKDg3M0Q1OTVBRjU1NjlDMjAyMzlGNTNERDgwRUIxMTc3
RDgwQjA5MzQwHhcNMjMxMDEzMDA1MzA3WhcNMjQxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTI4OTRmMi03MTkxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAsSTynheMALROIM5eaTHDYFQNwPSZmtZheGoHydTxrc0oVB2SILIL8aM1FsMl
hOa5QpNYurBgGaTxh8VnWinhMA6CJmj2i/ycDmmw1hmac8TzgyvJ2ybm0eqKsb8C
TLQLOPrIkTbaR4aVBpcZ1fHEBx1Mm8Y/mU5hlQGBw21tLotD+h3rYgkHYaQNAblA
wOLDlwXIwPkSAmzRlpnz3nHdILpOcZ7RBUado5eXqqLkRUx6d8irFFed/65Qp7dO
yUHSii5yD66P/fSe0A3BfIfH34tlgq4COCPwsHGf6E2l45DtOHEfv0FRkXPhuihk
BHcD+SBdAVwVSu7ooEfjS2Ld1QIDAQABo4ICrTCCAqkwHQYDVR0OBBYEFJ2SGcVP
tv1hzg9MinX4u6zKwF5YMB8GA1UdIwQYMBaAFIc9WVr1VpwgI59T3YDrEXfYCwk0
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTExQjQxMi9DMUVBMDMzQ0Qy
RUExMUVCQTIwNkIxNzhDNEY5QUUwMi9oejFaV3ZWV25DQWpuMVBkZ09zUmQ5Z0xD
VFEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2h6MVpXdlZXbkNBam4xUGRnT3NSZDlnTENUUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MUI0MTIvQzFFQTAzM0NEMkVBMTFFQkEyMDZCMTc4QzRGOUFFMDIvOTFDQTQyQkM2
ODE1MTFFRTg4MEY3RTg1QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNwYIKwYBBQUHAQcBAf8E
KDAmMCQEAgABMB4DBAAr5ZoDBAFnFN4DBABnMKkDBABn4ccDBACWgSkwDQYJKoZI
hvcNAQELBQADggEBACpTXhhPtaCvq+jNqKeUSkk9tRdOQLRs2AIqWUCRLw2HNrry
QpHZmneZxHD0IdqG++ieT3Tb9vQIGBTsxdbpXSYPTvSKhcQ9L8jbs1TV+MpRJOq9
TNXu9NI2lzzILv9mEINp91RTxWnH/pOC9XwZCKo8MobyJZjgmoWX5toFgLyuJW3C
U77EsSzr2EW/ltQkcphC99wpozh7gixGgKjDXKwfA/Dm/BmxA8JDhCPIghkoRLUB
PtAfYp9s6CtyZ9//LPNgdtYFyx3/kbsP0tbZj8NA3JMQXUN7phuGxfI41EDQLcgC
JYgK8oU9JGW7ReTpKw2ZbWhYrXUaqZGGC3z3Iws=
-----END CERTIFICATE-----
Generated at Tue Sep 3 10:16:07 2024 by rpki-client on console-ams.rpki-client.org