Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9126A3C/7BFB4CACC6A011EF928B7960C4F9AE02/507396ECC6A111EFAB2F7E64C4F9AE02.roa
File:                     507396ECC6A111EFAB2F7E64C4F9AE02.roa (raw, json)
Hash identifier:          bXGvcyVkEzsPx80RY/HT8ApoXyk4U3xgvi1N/6AqftM=
Subject key identifier:   A9:D7:18:AD:70:4B:CF:3C:F4:E0:29:D4:16:A7:6F:4D:18:9C:A2:1C
Certificate issuer:       /CN=A9126A3C/serialNumber=EE819A49B8C8A84413EE8FE8326EF137F5185C66
Certificate serial:       02
Authority key identifier: EE:81:9A:49:B8:C8:A8:44:13:EE:8F:E8:32:6E:F1:37:F5:18:5C:66
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/7oGaSbjIqEQT7o_oMm7xN_UYXGY.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9126A3C/7BFB4CACC6A011EF928B7960C4F9AE02/507396ECC6A111EFAB2F7E64C4F9AE02.roa
Signing time:             Mon 30 Dec 2024 11:29:21 +0000
ROA not before:           Mon 30 Dec 2024 11:29:21 +0000
ROA not after:            Tue 31 Mar 2026 00:00:00 +0000
asID:                     153476
IP address blocks:        2401:e4e0::/32 maxlen: 32
Validation:               Failed, certificate revoked on Mon 30 Dec 2024 18:14:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9126A3C
        Validity
            Not Before: Dec 30 11:29:21 2024 GMT
            Not After : Mar 31 00:00:00 2026 GMT
        Subject: CN=67728411-d4c8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:1a:96:87:18:26:a5:bd:65:f7:74:cb:81:3a:
                    85:ca:18:97:21:c9:5a:a9:1f:af:cc:b8:4d:22:36:
                    9d:38:9f:43:d1:26:bd:3a:d7:59:ef:70:85:6a:c3:
                    97:bf:d9:01:5c:d8:0d:8b:a2:61:28:62:2e:a8:e8:
                    75:31:ae:c0:46:67:fa:8e:c8:44:73:97:0f:d4:e0:
                    4e:dd:95:bb:82:d9:e0:b3:b1:aa:f2:46:07:48:11:
                    36:44:c0:03:2a:51:0f:b5:f2:4a:d5:97:04:10:66:
                    5c:3f:e0:c0:17:b4:e2:1e:85:80:b0:ac:6f:11:2e:
                    69:ef:27:6f:cf:1a:db:11:88:47:92:78:65:94:be:
                    55:ed:4c:24:88:cb:ac:62:33:3e:87:60:75:ed:77:
                    59:38:26:2a:9e:16:a4:e8:eb:63:5c:be:f9:30:46:
                    d0:f1:2c:0c:b2:8d:7b:69:c1:4a:98:f0:32:9a:4b:
                    76:77:0d:6a:e2:b2:1e:fd:ad:84:5e:f8:12:5e:c5:
                    f3:80:11:4a:04:ca:1e:6b:f6:c6:86:2a:2e:5c:47:
                    85:ed:1c:d1:8d:08:5d:c5:2c:3e:ff:60:e8:11:b1:
                    5c:94:bc:af:8c:0d:1f:24:df:bb:29:3d:ee:8b:1e:
                    51:1c:53:3a:21:60:ae:d7:c2:b6:cb:73:49:1f:97:
                    53:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:D7:18:AD:70:4B:CF:3C:F4:E0:29:D4:16:A7:6F:4D:18:9C:A2:1C
            X509v3 Authority Key Identifier:
                keyid:EE:81:9A:49:B8:C8:A8:44:13:EE:8F:E8:32:6E:F1:37:F5:18:5C:66

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9126A3C/7BFB4CACC6A011EF928B7960C4F9AE02/7oGaSbjIqEQT7o_oMm7xN_UYXGY.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/7oGaSbjIqEQT7o_oMm7xN_UYXGY.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9126A3C/7BFB4CACC6A011EF928B7960C4F9AE02/507396ECC6A111EFAB2F7E64C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2401:e4e0::/32

    Signature Algorithm: sha256WithRSAEncryption
         c3:4f:0c:eb:64:a3:30:44:84:c7:67:03:91:1e:2f:74:a3:7c:
         b4:be:27:40:24:19:ab:52:a4:21:fe:90:21:1d:5f:f0:f3:d5:
         37:f6:c8:53:ca:6e:6f:cd:45:61:9b:06:84:8b:26:93:06:38:
         fe:2c:34:df:65:5f:af:18:c1:fd:9e:bc:f5:f1:30:09:25:27:
         e2:a3:b5:4a:95:06:cc:75:a8:97:5c:46:ce:d8:4e:a2:22:29:
         28:f9:9a:ef:ab:5b:5c:8b:c5:f5:ec:eb:cf:37:59:ac:26:41:
         7f:e2:ce:5e:e1:38:c8:df:13:54:b9:3b:d3:50:ff:37:80:aa:
         67:3b:99:93:0d:3e:c7:cf:ea:54:bc:d2:53:e2:73:9c:90:df:
         d0:31:2b:79:d8:dd:9b:bf:78:ba:a5:57:d8:c0:33:56:49:98:
         ae:ef:ed:83:c1:da:64:37:f8:b7:47:f4:79:8e:12:4a:36:f0:
         7f:6d:83:e1:6f:94:e8:23:a4:6b:82:75:61:8f:6e:5f:3a:e5:
         50:5d:a3:23:8d:62:65:32:fc:e9:1d:45:d8:de:b7:4e:c8:81:
         32:57:a4:b4:d8:52:85:a9:2f:0b:0e:f0:0c:29:a2:36:df:f4:
         57:f1:73:d0:8b:5d:6f:61:0d:68:3b:69:b5:a8:db:41:b6:3b:
         f2:fe:1b:f1
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgIBAjANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTEy
NkEzQzExMC8GA1UEBRMoRUU4MTlBNDlCOEM4QTg0NDEzRUU4RkU4MzI2RUYxMzdG
NTE4NUM2NjAeFw0yNDEyMzAxMTI5MjFaFw0yNjAzMzEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY3NzI4NDExLWQ0YzgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQC9GpaHGCalvWX3dMuBOoXKGJchyVqpH6/MuE0iNp04n0PRJr0611nvcIVqw5e/
2QFc2A2LomEoYi6o6HUxrsBGZ/qOyERzlw/U4E7dlbuC2eCzsaryRgdIETZEwAMq
UQ+18krVlwQQZlw/4MAXtOIehYCwrG8RLmnvJ2/PGtsRiEeSeGWUvlXtTCSIy6xi
Mz6HYHXtd1k4JiqeFqTo62NcvvkwRtDxLAyyjXtpwUqY8DKaS3Z3DWrish79rYRe
+BJexfOAEUoEyh5r9saGKi5cR4XtHNGNCF3FLD7/YOgRsVyUvK+MDR8k37spPe6L
HlEcUzohYK7XwrbLc0kfl1MNAgMBAAGjggKWMIICkjAdBgNVHQ4EFgQUqdcYrXBL
zzz04CnUFqdvTRicohwwHwYDVR0jBBgwFoAU7oGaSbjIqEQT7o/oMm7xN/UYXGYw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTI2QTNDLzdCRkI0Q0FDQzZB
MDExRUY5MjhCNzk2MEM0RjlBRTAyLzdvR2FTYmpJcUVRVDdvX29NbTd4Tl9VWVhH
WS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvN29HYVNiaklxRVFUN29fb01tN3hOX1VZWEdZLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEy
NkEzQy83QkZCNENBQ0M2QTAxMUVGOTI4Qjc5NjBDNEY5QUUwMi81MDczOTZFQ0M2
QTExMUVGQUIyRjdFNjRDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAgBggrBgEFBQcBBwEB/wQR
MA8wDQQCAAIwBwMFACQB5OAwDQYJKoZIhvcNAQELBQADggEBAMNPDOtkozBEhMdn
A5EeL3SjfLS+J0AkGatSpCH+kCEdX/Dz1Tf2yFPKbm/NRWGbBoSLJpMGOP4sNN9l
X68Ywf2evPXxMAklJ+KjtUqVBsx1qJdcRs7YTqIiKSj5mu+rW1yLxfXs6883Wawm
QX/izl7hOMjfE1S5O9NQ/zeAqmc7mZMNPsfP6lS80lPic5yQ39AxK3nY3Zu/eLql
V9jAM1ZJmK7v7YPB2mQ3+LdH9HmOEko28H9tg+FvlOgjpGuCdWGPbl865VBdoyON
YmUy/OkdRdjet07IgTJXpLTYUoWpLwsO8Awpojbf9Ffxc9CLXW9hDWg7abWo20G2
O/L+G/E=
-----END CERTIFICATE-----
Generated at Thu Feb 6 04:48:55 2025 by rpki-client