Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9127C39/26294668D0D911E797AFD910C4F9AE02/28B5C4F238DE11E89BE3497AC4F9AE02.roa
File:                     28B5C4F238DE11E89BE3497AC4F9AE02.roa (raw, json)
Hash identifier:          ecQ/t5n9zIbibvLA9vFR6LH8kefVmJ8bZUANhbcVD3k=
Subject key identifier:   49:08:CB:C8:65:18:3A:56:92:9B:2A:D7:62:A3:BC:43:98:5B:6B:16
Certificate issuer:       /CN=A9127C39/serialNumber=76FB02A39FD0DEEFF4D2B27611F01E7DF37E635F
Certificate serial:       16BA
Authority key identifier: 76:FB:02:A3:9F:D0:DE:EF:F4:D2:B2:76:11:F0:1E:7D:F3:7E:63:5F
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/dvsCo5_Q3u_00rJ2EfAeffN-Y18.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9127C39/26294668D0D911E797AFD910C4F9AE02/28B5C4F238DE11E89BE3497AC4F9AE02.roa
Signing time:             Mon 04 Dec 2023 17:04:37 +0000
ROA not before:           Mon 04 Dec 2023 17:04:37 +0000
ROA not after:            Fri 31 Jan 2025 00:00:00 +0000
asID:                     65001
IP address blocks:        113.59.198.0/24 maxlen: 24
                          113.59.200.0/24 maxlen: 24
                          113.59.201.0/24 maxlen: 24
                          113.59.202.0/24 maxlen: 24
                          113.59.203.0/24 maxlen: 24
                          113.59.204.0/24 maxlen: 24
                          113.59.205.0/24 maxlen: 24
                          113.59.206.0/24 maxlen: 24
                          113.59.207.0/24 maxlen: 24
                          113.59.208.0/24 maxlen: 24
                          113.59.211.0/24 maxlen: 24
                          113.59.212.0/24 maxlen: 24
                          113.59.215.0/24 maxlen: 24
                          113.59.216.0/24 maxlen: 24
                          113.59.221.0/24 maxlen: 24
                          113.59.222.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 06 May 2024 04:51:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 5818 (0x16ba)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9127C39/serialNumber=76FB02A39FD0DEEFF4D2B27611F01E7DF37E635F
        Validity
            Not Before: Dec  4 17:04:37 2023 GMT
            Not After : Jan 31 00:00:00 2025 GMT
        Subject: CN=656e06a5-aedf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:19:6c:fa:47:b4:4b:26:30:2c:97:3c:6c:55:
                    a6:95:b3:df:c8:77:b7:84:3f:4b:1f:44:33:80:72:
                    9f:8c:40:dd:a8:68:9b:b4:86:e6:51:88:bf:00:0a:
                    6d:f8:95:4a:69:4d:eb:93:b5:9a:8c:22:88:92:6d:
                    73:e7:a2:1c:64:b1:ba:50:75:8b:8e:e8:62:eb:3f:
                    bb:36:11:76:19:4e:1e:65:57:ab:2a:ef:7e:15:5e:
                    92:69:68:e1:39:34:f2:b8:1e:9a:5b:8c:03:38:61:
                    c4:9c:8a:0f:3b:e7:c3:74:d1:3e:1f:25:1d:59:f0:
                    60:f6:01:24:51:30:78:e4:44:42:c4:4b:75:90:90:
                    b0:ef:6c:57:3a:dc:bb:7a:e3:13:60:52:4c:d9:f4:
                    93:35:b2:32:ac:ea:c2:3e:9a:15:4d:49:4f:77:6b:
                    ec:5e:13:d0:30:6f:7a:37:aa:3d:18:ea:02:82:5a:
                    9b:4f:b8:c0:71:98:29:fb:bf:60:37:d2:ce:57:d8:
                    94:71:7d:0c:f6:61:a1:eb:23:85:2c:31:30:83:0f:
                    93:53:50:3a:f1:82:c9:17:9c:27:b2:ad:08:bf:2c:
                    b4:50:45:44:25:e5:14:5b:66:c8:7b:a6:1d:fa:db:
                    04:23:34:cf:29:da:7c:20:f0:f5:42:e2:e3:ff:a6:
                    44:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:08:CB:C8:65:18:3A:56:92:9B:2A:D7:62:A3:BC:43:98:5B:6B:16
            X509v3 Authority Key Identifier:
                keyid:76:FB:02:A3:9F:D0:DE:EF:F4:D2:B2:76:11:F0:1E:7D:F3:7E:63:5F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9127C39/26294668D0D911E797AFD910C4F9AE02/dvsCo5_Q3u_00rJ2EfAeffN-Y18.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/dvsCo5_Q3u_00rJ2EfAeffN-Y18.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9127C39/26294668D0D911E797AFD910C4F9AE02/28B5C4F238DE11E89BE3497AC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  113.59.198.0/24
                  113.59.200.0-113.59.208.255
                  113.59.211.0-113.59.212.255
                  113.59.215.0-113.59.216.255
                  113.59.221.0-113.59.222.255

    Signature Algorithm: sha256WithRSAEncryption
         20:a4:ee:f2:92:57:0a:ad:15:b2:96:c3:a7:5b:c3:66:dd:49:
         9d:7d:ac:b2:88:85:05:cc:14:d4:c2:17:66:92:6c:ff:a9:a6:
         d7:26:fd:e3:ca:82:85:8d:7e:41:af:f4:3a:07:e8:7c:fc:bd:
         42:e0:1d:b0:4e:e8:8a:20:24:a2:da:cb:2a:49:38:79:7f:4a:
         ca:d2:92:b9:11:1b:86:b0:fd:bd:bf:dd:25:c9:b0:cd:10:74:
         01:e5:c2:fc:7d:26:04:f6:02:10:c5:2c:95:64:cb:c8:33:0d:
         17:41:d1:b6:fd:98:2c:d5:f1:3e:62:0f:20:e2:0c:b1:e2:61:
         8c:85:05:71:9d:48:62:a9:cb:bc:1d:66:cc:8c:11:7b:af:d4:
         6e:4f:9e:59:1a:6b:41:c6:0a:f6:93:0f:2b:65:28:2b:e3:9f:
         a2:9c:9e:93:96:8a:a4:97:d8:55:57:af:3a:d9:53:ea:d6:4c:
         a9:30:f6:18:d4:b8:d2:1e:45:d7:3c:87:99:39:da:14:87:c1:
         e3:af:65:b4:d2:58:51:bb:f6:66:b1:a1:e6:a1:b0:51:b2:cf:
         55:12:42:31:ad:04:f8:a3:00:fd:3d:a5:7f:d5:30:6d:13:fd:
         68:f4:99:42:10:03:ad:0e:5a:85:6f:a8:85:43:80:6d:1c:da:
         b2:b9:82:98
-----BEGIN CERTIFICATE-----
MIIFqTCCBJGgAwIBAgICFrowDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MjdDMzkxMTAvBgNVBAUTKDc2RkIwMkEzOUZEMERFRUZGNEQyQjI3NjExRjAxRTdE
RjM3RTYzNUYwHhcNMjMxMjA0MTcwNDM3WhcNMjUwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTZlMDZhNS1hZWRmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAvhls+ke0SyYwLJc8bFWmlbPfyHe3hD9LH0QzgHKfjEDdqGibtIbmUYi/AApt
+JVKaU3rk7WajCKIkm1z56IcZLG6UHWLjuhi6z+7NhF2GU4eZVerKu9+FV6SaWjh
OTTyuB6aW4wDOGHEnIoPO+fDdNE+HyUdWfBg9gEkUTB45ERCxEt1kJCw72xXOty7
euMTYFJM2fSTNbIyrOrCPpoVTUlPd2vsXhPQMG96N6o9GOoCglqbT7jAcZgp+79g
N9LOV9iUcX0M9mGh6yOFLDEwgw+TU1A68YLJF5wnsq0Ivyy0UEVEJeUUW2bIe6Yd
+tsEIzTPKdp8IPD1QuLj/6ZEowIDAQABo4ICzTCCAskwHQYDVR0OBBYEFEkIy8hl
GDpWkpsq12KjvEOYW2sWMB8GA1UdIwQYMBaAFHb7AqOf0N7v9NKydhHwHn3zfmNf
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEyN0MzOS8yNjI5NDY2OEQw
RDkxMUU3OTdBRkQ5MTBDNEY5QUUwMi9kdnNDbzVfUTN1XzAwckoyRWZBZWZmTi1Z
MTguY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2R2c0NvNV9RM3VfMDBySjJFZkFlZmZOLVkxOC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MjdDMzkvMjYyOTQ2NjhEMEQ5MTFFNzk3QUZEOTEwQzRGOUFFMDIvMjhCNUM0RjIz
OERFMTFFODlCRTM0OTdBQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwVwYIKwYBBQUHAQcBAf8E
SDBGMEQEAgABMD4DBABxO8YwDAMEA3E7yAMEAHE70DAMAwQAcTvTAwQAcTvUMAwD
BABxO9cDBABxO9gwDAMEAHE73QMEAHE73jANBgkqhkiG9w0BAQsFAAOCAQEAIKTu
8pJXCq0VspbDp1vDZt1JnX2ssoiFBcwU1MIXZpJs/6mm1yb948qChY1+Qa/0Ogfo
fPy9QuAdsE7oiiAkotrLKkk4eX9KytKSuREbhrD9vb/dJcmwzRB0AeXC/H0mBPYC
EMUslWTLyDMNF0HRtv2YLNXxPmIPIOIMseJhjIUFcZ1IYqnLvB1mzIwRe6/Ubk+e
WRprQcYK9pMPK2UoK+Ofopyek5aKpJfYVVevOtlT6tZMqTD2GNS40h5F1zyHmTna
FIfB469ltNJYUbv2ZrGh5qGwUbLPVRJCMa0E+KMA/T2lf9UwbRP9aPSZQhADrQ5a
hW+ohUOAbRzasrmCmA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:50:57 2024 by rpki-client on console-fra.rpki-client.org