Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A911B412/C1EA033CD2EA11EBA206B178C4F9AE02/C901C56C88FD11EE8616C748C4F9AE02.roa
File:                     C901C56C88FD11EE8616C748C4F9AE02.roa (raw, json)
Hash identifier:          Cly01sbuvLEA3FGQ23CslXfy3MFnXpH8eOz7M8zUp9s=
Subject key identifier:   B3:01:3A:07:05:FC:03:7C:30:0D:2B:F2:D2:5E:3F:D7:EC:DA:E6:A1
Certificate issuer:       /CN=A911B412/serialNumber=873D595AF5569C20239F53DD80EB1177D80B0934
Certificate serial:       05CC
Authority key identifier: 87:3D:59:5A:F5:56:9C:20:23:9F:53:DD:80:EB:11:77:D8:0B:09:34
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/hz1ZWvVWnCAjn1PdgOsRd9gLCTQ.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A911B412/C1EA033CD2EA11EBA206B178C4F9AE02/C901C56C88FD11EE8616C748C4F9AE02.roa
Signing time:             Fri 19 Apr 2024 11:51:02 +0000
ROA not before:           Fri 19 Apr 2024 11:51:02 +0000
ROA not after:            Mon 30 Dec 2024 00:00:00 +0000
asID:                     64021
IP address blocks:        43.229.152.0/24 maxlen: 24
                          43.252.208.0/24 maxlen: 24
                          43.252.209.0/24 maxlen: 24
                          43.252.210.0/24 maxlen: 24
                          103.209.235.0/24 maxlen: 24
                          103.228.64.0/24 maxlen: 24
                          103.228.66.0/23 maxlen: 23
                          103.234.52.0/24 maxlen: 24
                          103.234.54.0/24 maxlen: 24
                          150.107.0.0/24 maxlen: 24
                          150.107.1.0/24 maxlen: 24
                          150.107.2.0/24 maxlen: 24
                          150.107.3.0/24 maxlen: 24
                          150.129.42.0/24 maxlen: 24
                          163.53.16.0/24 maxlen: 24
                          163.53.19.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Thu 09 May 2024 09:44:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1484 (0x5cc)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A911B412/serialNumber=873D595AF5569C20239F53DD80EB1177D80B0934
        Validity
            Not Before: Apr 19 11:51:02 2024 GMT
            Not After : Dec 30 00:00:00 2024 GMT
        Subject: CN=66225aa5-0578
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:44:2f:54:73:ad:66:2e:5d:ff:89:c5:86:ee:
                    b1:9d:7c:db:87:8b:4f:89:a3:29:55:2e:06:6e:07:
                    a3:c2:09:49:2e:8b:57:e5:3c:ba:4e:a6:2f:d0:6b:
                    ed:85:49:00:58:77:21:76:5f:b2:89:ab:27:5b:71:
                    0f:e8:63:29:f3:8d:0d:0e:2c:00:20:18:40:ad:93:
                    83:a4:e5:38:f5:b5:26:79:ef:f5:1c:3f:8e:b0:2c:
                    c1:31:a2:89:14:aa:57:29:bc:28:3f:64:79:c1:25:
                    a7:35:64:0c:29:51:5f:e9:5e:1e:15:67:12:70:27:
                    c7:18:be:84:d4:f4:14:03:9a:e6:08:5b:f6:72:ac:
                    02:d4:cf:b9:3f:60:67:8d:82:88:04:f5:b9:f0:62:
                    a2:61:f7:cf:a1:9b:54:25:0c:e4:30:d7:25:8e:fa:
                    8d:69:63:eb:4a:b9:9c:f5:e5:8a:40:a0:97:cd:46:
                    f8:53:ad:b6:ca:eb:67:95:12:be:56:74:65:65:6b:
                    51:d1:91:c3:82:02:f5:d2:5b:9c:55:44:68:3e:60:
                    f0:73:12:17:71:bc:fc:04:81:40:69:07:df:11:51:
                    2d:cd:c2:d4:53:b8:7c:47:32:6a:cc:a1:7a:b5:77:
                    8c:6e:f9:be:22:aa:84:16:ee:28:a0:2a:d3:ff:a4:
                    74:59
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:01:3A:07:05:FC:03:7C:30:0D:2B:F2:D2:5E:3F:D7:EC:DA:E6:A1
            X509v3 Authority Key Identifier:
                keyid:87:3D:59:5A:F5:56:9C:20:23:9F:53:DD:80:EB:11:77:D8:0B:09:34

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A911B412/C1EA033CD2EA11EBA206B178C4F9AE02/hz1ZWvVWnCAjn1PdgOsRd9gLCTQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/hz1ZWvVWnCAjn1PdgOsRd9gLCTQ.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A911B412/C1EA033CD2EA11EBA206B178C4F9AE02/C901C56C88FD11EE8616C748C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.229.152.0/24
                  43.252.208.0-43.252.210.255
                  103.209.235.0/24
                  103.228.64.0/24
                  103.228.66.0/23
                  103.234.52.0/24
                  103.234.54.0/24
                  150.107.0.0/22
                  150.129.42.0/24
                  163.53.16.0/24
                  163.53.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:14:2f:e9:2a:b9:36:2b:f2:41:8a:70:28:c5:35:e1:7d:e6:
         bf:6b:3d:6f:85:2a:57:98:d2:f2:04:dc:aa:ef:10:78:67:f1:
         34:c6:f1:30:47:00:cb:57:c2:ed:d3:3d:30:5c:7c:b9:4c:3a:
         fa:eb:6c:7a:34:40:89:9d:42:df:48:c8:77:9c:e2:6d:39:d5:
         e8:39:88:21:b7:55:09:55:c8:3e:94:42:2f:d3:55:1b:6f:d7:
         df:8e:73:6c:55:ea:e8:0d:88:d0:88:b3:93:71:7b:ff:44:92:
         d3:66:94:10:ba:0e:cc:4f:e4:40:86:2e:0e:6c:0b:09:ce:8b:
         db:27:e2:50:b2:5a:1a:3f:98:0e:90:40:44:1a:81:4e:9d:ef:
         37:76:6a:23:27:01:1d:cf:ef:41:24:f3:18:b5:57:da:15:b9:
         d3:ac:b7:51:c2:aa:32:84:81:8c:05:4a:df:ab:b9:10:60:ae:
         c5:88:a3:04:b0:d4:f3:4c:6c:57:c5:1c:34:d9:67:db:8a:2b:
         99:84:db:66:88:78:6b:c4:d1:bd:f0:7c:a9:a5:6e:5d:ea:40:
         df:47:3f:9b:25:6f:2a:49:c2:e5:4f:40:8f:af:b4:68:fc:34:
         6b:aa:0c:d4:7d:9b:8f:10:90:ad:d8:e5:64:08:16:78:a7:34:
         af:19:7a:0d
-----BEGIN CERTIFICATE-----
MIIFtTCCBJ2gAwIBAgICBcwwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MUI0MTIxMTAvBgNVBAUTKDg3M0Q1OTVBRjU1NjlDMjAyMzlGNTNERDgwRUIxMTc3
RDgwQjA5MzQwHhcNMjQwNDE5MTE1MTAyWhcNMjQxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjIyNWFhNS0wNTc4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAvUQvVHOtZi5d/4nFhu6xnXzbh4tPiaMpVS4GbgejwglJLotX5Ty6TqYv0Gvt
hUkAWHchdl+yiasnW3EP6GMp840NDiwAIBhArZODpOU49bUmee/1HD+OsCzBMaKJ
FKpXKbwoP2R5wSWnNWQMKVFf6V4eFWcScCfHGL6E1PQUA5rmCFv2cqwC1M+5P2Bn
jYKIBPW58GKiYffPoZtUJQzkMNcljvqNaWPrSrmc9eWKQKCXzUb4U622yutnlRK+
VnRlZWtR0ZHDggL10lucVURoPmDwcxIXcbz8BIFAaQffEVEtzcLUU7h8RzJqzKF6
tXeMbvm+IqqEFu4ooCrT/6R0WQIDAQABo4IC2TCCAtUwHQYDVR0OBBYEFLMBOgcF
/AN8MA0r8tJeP9fs2uahMB8GA1UdIwQYMBaAFIc9WVr1VpwgI59T3YDrEXfYCwk0
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTExQjQxMi9DMUVBMDMzQ0Qy
RUExMUVCQTIwNkIxNzhDNEY5QUUwMi9oejFaV3ZWV25DQWpuMVBkZ09zUmQ5Z0xD
VFEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2h6MVpXdlZXbkNBam4xUGRnT3NSZDlnTENUUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MUI0MTIvQzFFQTAzM0NEMkVBMTFFQkEyMDZCMTc4QzRGOUFFMDIvQzkwMUM1NkM4
OEZEMTFFRTg2MTZDNzQ4QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwYwYIKwYBBQUHAQcBAf8E
VDBSMFAEAgABMEoDBAAr5ZgwDAMEBCv80AMEACv80gMEAGfR6wMEAGfkQAMEAWfk
QgMEAGfqNAMEAGfqNgMEApZrAAMEAJaBKgMEAKM1EAMEAKM1EzANBgkqhkiG9w0B
AQsFAAOCAQEAdxQv6Sq5NivyQYpwKMU14X3mv2s9b4UqV5jS8gTcqu8QeGfxNMbx
MEcAy1fC7dM9MFx8uUw6+utsejRAiZ1C30jId5zibTnV6DmIIbdVCVXIPpRCL9NV
G2/X345zbFXq6A2I0Iizk3F7/0SS02aUELoOzE/kQIYuDmwLCc6L2yfiULJaGj+Y
DpBARBqBTp3vN3ZqIycBHc/vQSTzGLVX2hW506y3UcKqMoSBjAVK36u5EGCuxYij
BLDU80xsV8UcNNln24ormYTbZoh4a8TRvfB8qaVuXepA30c/myVvKknC5U9Aj6+0
aPw0a6oM1H2bjxCQrdjlZAgWeKc0rxl6DQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:50:55 2024 by rpki-client on console-fra.rpki-client.org