Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A911CA78/BE8846D235D811EAA730EC46C4F9AE02/9E638FF83C2B11EE80590B7DC4F9AE02.roa
File:                     9E638FF83C2B11EE80590B7DC4F9AE02.roa (raw, json)
Hash identifier:          3BLTCCwoAUc2DJQsrVqzxu+RgFaeQ+AMdxl7wsX/2p0=
Subject key identifier:   C7:44:FE:75:D9:D2:75:69:A1:31:D0:34:F5:2C:EB:EC:3D:4D:13:B9
Certificate issuer:       /CN=A911CA78/serialNumber=40562C143A29CB19C70FFC9B99B60BBECD1D73B6
Certificate serial:       0B48
Authority key identifier: 40:56:2C:14:3A:29:CB:19:C7:0F:FC:9B:99:B6:0B:BE:CD:1D:73:B6
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QFYsFDopyxnHD_ybmbYLvs0dc7Y.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A911CA78/BE8846D235D811EAA730EC46C4F9AE02/9E638FF83C2B11EE80590B7DC4F9AE02.roa
Signing time:             Tue 16 Apr 2024 09:13:38 +0000
ROA not before:           Tue 16 Apr 2024 09:13:38 +0000
ROA not after:            Sun 02 Mar 2025 00:00:00 +0000
asID:                     17971
IP address blocks:        49.236.192.0/20 maxlen: 24
                          103.17.168.0/22 maxlen: 24
                          112.137.160.0/20 maxlen: 24
                          119.110.96.0/20 maxlen: 24
                          202.71.96.0/20 maxlen: 24
                          202.75.32.0/20 maxlen: 24
                          202.75.48.0/20 maxlen: 24
                          202.165.3.0/24 maxlen: 24
                          210.48.144.0/20 maxlen: 24
                          218.100.22.0/24 maxlen: 24
                          2401:b000::/32 maxlen: 32
                          2401:b000::/48 maxlen: 48
                          2401:b000:0:5::/64 maxlen: 64
                          2401:b000:0:6::/64 maxlen: 64
                          2401:b000:10::/48 maxlen: 48
                          2404:b8::/48 maxlen: 48
                          2404:b8:3::/48 maxlen: 48

Validation:               Failed, certificate revoked on Mon 14 Oct 2024 02:04:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2888 (0xb48)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A911CA78/serialNumber=40562C143A29CB19C70FFC9B99B60BBECD1D73B6
        Validity
            Not Before: Apr 16 09:13:38 2024 GMT
            Not After : Mar  2 00:00:00 2025 GMT
        Subject: CN=661e4142-280a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:44:54:4c:0e:6e:cf:f1:fa:cb:79:3e:e6:c4:
                    97:c5:43:3f:68:13:7f:26:08:24:45:51:6b:38:d5:
                    3c:a8:65:2b:a1:59:34:a7:95:e6:f9:4e:fd:a9:5b:
                    ac:49:f0:97:76:a2:3f:66:9b:a2:82:8b:87:92:5c:
                    8c:d5:b9:90:3f:9c:7f:79:d6:0b:6e:f2:f6:0b:32:
                    4f:54:6f:7f:79:55:36:d7:7e:b6:f3:07:a7:0a:41:
                    a4:7c:26:9e:52:83:1c:e4:7c:42:2d:61:06:5a:a5:
                    88:d4:8c:d3:62:e4:ec:09:e7:a9:c0:e2:6f:52:e6:
                    66:6e:90:72:80:c9:5c:a5:fd:b5:bd:18:21:9f:f3:
                    95:ef:7d:e6:75:e5:d8:bb:b5:0c:8c:5c:e8:8b:92:
                    c4:72:c2:7e:c9:c3:a1:c2:bd:72:c6:9a:35:3c:4d:
                    64:37:ca:4b:f1:b7:bd:78:c1:e1:82:fc:d9:aa:e8:
                    7e:8f:a5:e2:54:4c:1c:2c:52:f4:bb:ac:b7:bc:d0:
                    47:46:44:14:1a:34:b3:b1:a6:77:b9:f1:fb:ee:cc:
                    5d:96:77:5b:6e:a1:23:0d:40:6e:f4:45:2f:f4:eb:
                    3a:90:5f:ac:51:65:dd:c0:2e:39:02:48:92:a0:d1:
                    63:05:9a:a5:92:d3:b2:71:4b:51:ff:4b:6d:dc:05:
                    88:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:44:FE:75:D9:D2:75:69:A1:31:D0:34:F5:2C:EB:EC:3D:4D:13:B9
            X509v3 Authority Key Identifier:
                keyid:40:56:2C:14:3A:29:CB:19:C7:0F:FC:9B:99:B6:0B:BE:CD:1D:73:B6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A911CA78/BE8846D235D811EAA730EC46C4F9AE02/QFYsFDopyxnHD_ybmbYLvs0dc7Y.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QFYsFDopyxnHD_ybmbYLvs0dc7Y.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A911CA78/BE8846D235D811EAA730EC46C4F9AE02/9E638FF83C2B11EE80590B7DC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  49.236.192.0/20
                  103.17.168.0/22
                  112.137.160.0/20
                  119.110.96.0/20
                  202.71.96.0/20
                  202.75.32.0/19
                  202.165.3.0/24
                  210.48.144.0/20
                  218.100.22.0/24
                IPv6:
                  2401:b000::/32
                  2404:b8::/48
                  2404:b8:3::/48

    Signature Algorithm: sha256WithRSAEncryption
         79:da:aa:63:61:9e:09:00:ee:9c:d9:0f:18:65:35:8b:97:05:
         dc:c4:5f:9c:44:3d:12:a7:59:11:52:dc:02:69:fe:d6:3f:70:
         4a:4f:77:15:62:00:3e:c5:7a:96:0c:e4:54:ba:60:3b:5f:fc:
         d0:9f:b3:d0:7a:6f:b9:5a:2e:5b:10:88:0b:8b:18:eb:28:26:
         10:c3:3e:27:83:09:a8:f9:08:f9:85:6a:e1:fe:e9:06:cd:e3:
         f2:f9:a9:1d:76:c4:44:7b:2b:ef:03:d0:15:c0:fd:2b:98:6d:
         d8:f2:8a:4e:c8:7b:43:85:4e:46:cf:70:86:25:2f:b3:d5:4e:
         c5:b1:60:97:3b:d7:85:6b:e7:88:b7:4d:9f:09:1d:b7:28:26:
         21:9b:e0:f8:e7:a4:e7:03:45:5e:3d:0d:5a:91:f0:3a:9e:90:
         78:e5:aa:dc:82:39:0e:30:cd:d7:d3:52:99:c4:e8:f9:ed:00:
         76:4e:59:b7:68:60:cc:92:7a:70:84:b8:62:29:25:f1:48:00:
         19:3d:9d:30:67:b7:7d:60:62:6d:dd:30:c2:4a:02:7b:89:67:
         ce:0c:04:c9:17:cd:09:bd:84:76:4c:23:a8:64:f0:26:84:60:
         ae:e0:73:af:45:45:41:4e:e4:61:18:a7:e0:5a:cf:cc:f1:42:
         2f:7f:12:f0
-----BEGIN CERTIFICATE-----
MIIFwjCCBKqgAwIBAgICC0gwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MUNBNzgxMTAvBgNVBAUTKDQwNTYyQzE0M0EyOUNCMTlDNzBGRkM5Qjk5QjYwQkJF
Q0QxRDczQjYwHhcNMjQwNDE2MDkxMzM4WhcNMjUwMzAyMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjFlNDE0Mi0yODBhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAoERUTA5uz/H6y3k+5sSXxUM/aBN/JggkRVFrONU8qGUroVk0p5Xm+U79qVus
SfCXdqI/ZpuigouHklyM1bmQP5x/edYLbvL2CzJPVG9/eVU213628wenCkGkfCae
UoMc5HxCLWEGWqWI1IzTYuTsCeepwOJvUuZmbpBygMlcpf21vRghn/OV733mdeXY
u7UMjFzoi5LEcsJ+ycOhwr1yxpo1PE1kN8pL8be9eMHhgvzZquh+j6XiVEwcLFL0
u6y3vNBHRkQUGjSzsaZ3ufH77sxdlndbbqEjDUBu9EUv9Os6kF+sUWXdwC45AkiS
oNFjBZqlktOycUtR/0tt3AWIuQIDAQABo4IC5jCCAuIwHQYDVR0OBBYEFMdE/nXZ
0nVpoTHQNPUs6+w9TRO5MB8GA1UdIwQYMBaAFEBWLBQ6KcsZxw/8m5m2C77NHXO2
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTExQ0E3OC9CRTg4NDZEMjM1
RDgxMUVBQTczMEVDNDZDNEY5QUUwMi9RRllzRkRvcHl4bkhEX3libWJZTHZzMGRj
N1kuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1FGWXNGRG9weXhuSERfeWJtYllMdnMwZGM3WS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MUNBNzgvQkU4ODQ2RDIzNUQ4MTFFQUE3MzBFQzQ2QzRGOUFFMDIvOUU2MzhGRjgz
QzJCMTFFRTgwNTkwQjdEQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwcAYIKwYBBQUHAQcBAf8E
YTBfMDwEAgABMDYDBAQx7MADBAJnEagDBARwiaADBAR3bmADBATKR2ADBAXKSyAD
BADKpQMDBATSMJADBADaZBYwHwQCAAIwGQMFACQBsAADBwAkBAC4AAADBwAkBAC4
AAMwDQYJKoZIhvcNAQELBQADggEBAHnaqmNhngkA7pzZDxhlNYuXBdzEX5xEPRKn
WRFS3AJp/tY/cEpPdxViAD7FepYM5FS6YDtf/NCfs9B6b7laLlsQiAuLGOsoJhDD
PieDCaj5CPmFauH+6QbN4/L5qR12xER7K+8D0BXA/SuYbdjyik7Ie0OFTkbPcIYl
L7PVTsWxYJc714Vr54i3TZ8JHbcoJiGb4PjnpOcDRV49DVqR8DqekHjlqtyCOQ4w
zdfTUpnE6PntAHZOWbdoYMySenCEuGIpJfFIABk9nTBnt31gYm3dMMJKAnuJZ84M
BMkXzQm9hHZMI6hk8CaEYK7gc69FRUFO5GEYp+Baz8zxQi9/EvA=
-----END CERTIFICATE-----
Generated at Mon Oct 14 05:49:48 2024 by rpki-client on console-ams.rpki-client.org