Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9131711/9FDD2DA0C99111EE891BA419C4F9AE02/21AC01E4C99211EEA4374F37C4F9AE02.roa
File:                     21AC01E4C99211EEA4374F37C4F9AE02.roa (raw, json)
Hash identifier:          PapkzipFpipgj0S98LguUVp8y4zR8vA2KzV1dtFi+Ew=
Subject key identifier:   08:05:AD:44:4A:DC:A4:39:C2:7A:8E:6E:5C:CD:36:91:89:AA:3E:25
Certificate issuer:       /CN=A9131711/serialNumber=B57B207F0E1C1BA873A0793582C7A8134098674C
Certificate serial:       02
Authority key identifier: B5:7B:20:7F:0E:1C:1B:A8:73:A0:79:35:82:C7:A8:13:40:98:67:4C
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/tXsgfw4cG6hzoHk1gseoE0CYZ0w.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9131711/9FDD2DA0C99111EE891BA419C4F9AE02/21AC01E4C99211EEA4374F37C4F9AE02.roa
Signing time:             Mon 12 Feb 2024 10:33:16 +0000
ROA not before:           Mon 12 Feb 2024 10:33:16 +0000
ROA not after:            Wed 28 May 2025 00:00:00 +0000
asID:                     131247
IP address blocks:        157.15.223.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 12 Mar 2024 19:22:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9131711/serialNumber=B57B207F0E1C1BA873A0793582C7A8134098674C
        Validity
            Not Before: Feb 12 10:33:16 2024 GMT
            Not After : May 28 00:00:00 2025 GMT
        Subject: CN=65c9f3ec-621f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:a4:b8:20:36:ba:d6:f1:ad:44:1c:66:fb:d9:
                    60:de:6d:d1:dd:18:50:54:db:ff:e3:71:2f:8a:23:
                    3b:1e:77:21:47:44:98:fa:1d:61:a3:34:26:7b:aa:
                    a7:e4:ef:19:05:45:77:3f:b3:07:a4:c4:40:c4:ce:
                    4f:06:cd:4e:2b:e9:7b:c6:31:e3:2f:1d:f5:92:89:
                    44:c0:e3:40:8f:16:b1:9b:05:ac:e0:f1:03:ff:3d:
                    8d:0e:f9:41:7e:b1:d5:13:a8:c8:b0:d1:6e:fb:8d:
                    d1:a6:b9:dc:53:e5:95:8c:e8:51:0a:c2:ab:d4:c3:
                    cb:c6:8d:21:72:99:ff:1c:67:3f:15:a7:78:0a:01:
                    e1:aa:12:b4:fd:04:6a:92:64:dc:13:94:ec:6c:06:
                    bf:d3:4c:ab:b9:3f:fd:28:b6:9d:bf:87:e2:e7:d1:
                    85:cc:a8:05:fa:45:a9:3a:73:71:31:8d:3a:c7:06:
                    cb:c5:88:ce:da:fc:1d:4e:87:ee:e6:76:52:29:f0:
                    01:35:cd:2a:60:2c:27:5e:d2:8f:1a:46:b9:22:1b:
                    77:88:ce:c3:62:f7:b4:fc:77:65:56:1a:a4:83:90:
                    a4:bb:d5:67:36:10:63:ee:59:4c:80:53:ec:64:61:
                    54:65:65:21:b7:df:d9:a8:50:a1:c1:66:8d:20:18:
                    0c:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:05:AD:44:4A:DC:A4:39:C2:7A:8E:6E:5C:CD:36:91:89:AA:3E:25
            X509v3 Authority Key Identifier:
                keyid:B5:7B:20:7F:0E:1C:1B:A8:73:A0:79:35:82:C7:A8:13:40:98:67:4C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9131711/9FDD2DA0C99111EE891BA419C4F9AE02/tXsgfw4cG6hzoHk1gseoE0CYZ0w.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/tXsgfw4cG6hzoHk1gseoE0CYZ0w.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9131711/9FDD2DA0C99111EE891BA419C4F9AE02/21AC01E4C99211EEA4374F37C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.15.223.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:a9:dd:ba:d9:2a:62:e5:08:67:d1:cc:86:31:49:a2:00:aa:
         32:cd:57:98:bc:a8:1c:87:4c:3a:07:1e:17:83:f8:24:9d:5e:
         4c:59:98:64:cd:ad:e4:56:d0:2c:e4:f6:85:0a:06:f3:2e:8f:
         68:7e:d5:47:24:f9:c0:52:d6:2a:71:98:78:e4:45:b5:83:7d:
         08:d0:af:bc:8e:77:bd:71:e4:a8:08:a6:60:f7:04:2c:de:c4:
         25:8f:61:72:73:3c:dd:26:aa:8f:bb:15:e7:b7:c9:85:8a:50:
         c6:6e:c4:c5:67:5f:40:17:8c:4f:e9:99:c2:38:37:cd:39:9e:
         8a:dd:81:11:29:d8:4c:36:a0:42:12:1c:23:06:38:4f:e3:07:
         c8:e0:11:4f:38:8c:0c:17:49:ac:6c:40:97:7e:2c:b4:aa:84:
         e2:a5:b6:37:44:1f:4d:c4:b8:f9:48:3e:11:94:c7:9a:62:ca:
         28:e8:12:d3:ef:51:fc:9d:0d:5f:d0:d0:24:88:09:82:a9:66:
         98:b3:0b:22:94:36:87:6b:24:0c:eb:76:f2:b5:0b:09:da:31:
         5f:8a:49:04:ae:81:3a:6c:63:46:92:42:81:05:1a:b0:d6:0f:
         11:01:8c:37:56:51:7d:f7:b6:c7:64:61:c5:92:e3:62:bf:2c:
         d4:ee:91:d9
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgIBAjANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTEz
MTcxMTExMC8GA1UEBRMoQjU3QjIwN0YwRTFDMUJBODczQTA3OTM1ODJDN0E4MTM0
MDk4Njc0QzAeFw0yNDAyMTIxMDMzMTZaFw0yNTA1MjgwMDAwMDBaMBgxFjAUBgNV
BAMTDTY1YzlmM2VjLTYyMWYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDtpLggNrrW8a1EHGb72WDebdHdGFBU2//jcS+KIzsedyFHRJj6HWGjNCZ7qqfk
7xkFRXc/swekxEDEzk8GzU4r6XvGMeMvHfWSiUTA40CPFrGbBazg8QP/PY0O+UF+
sdUTqMiw0W77jdGmudxT5ZWM6FEKwqvUw8vGjSFymf8cZz8Vp3gKAeGqErT9BGqS
ZNwTlOxsBr/TTKu5P/0otp2/h+Ln0YXMqAX6Rak6c3ExjTrHBsvFiM7a/B1Oh+7m
dlIp8AE1zSpgLCde0o8aRrkiG3eIzsNi97T8d2VWGqSDkKS71Wc2EGPuWUyAU+xk
YVRlZSG339moUKHBZo0gGAxVAgMBAAGjggKVMIICkTAdBgNVHQ4EFgQUCAWtRErc
pDnCeo5uXM02kYmqPiUwHwYDVR0jBBgwFoAUtXsgfw4cG6hzoHk1gseoE0CYZ0ww
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTMxNzExLzlGREQyREEwQzk5
MTExRUU4OTFCQTQxOUM0RjlBRTAyL3RYc2dmdzRjRzZoem9IazFnc2VvRTBDWVow
dy5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRGMjAxRDY2MTFFMjhBQzg4MzdDNzJG
RDFGRjIvdFhzZ2Z3NGNHNmh6b0hrMWdzZW9FMENZWjB3LmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEz
MTcxMS85RkREMkRBMEM5OTExMUVFODkxQkE0MTlDNEY5QUUwMi8yMUFDMDFFNEM5
OTIxMUVFQTQzNzRGMzdDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEAJ0P3zANBgkqhkiG9w0BAQsFAAOCAQEAM6ndutkqYuUIZ9HM
hjFJogCqMs1XmLyoHIdMOgceF4P4JJ1eTFmYZM2t5FbQLOT2hQoG8y6PaH7VRyT5
wFLWKnGYeORFtYN9CNCvvI53vXHkqAimYPcELN7EJY9hcnM83Saqj7sV57fJhYpQ
xm7ExWdfQBeMT+mZwjg3zTmeit2BESnYTDagQhIcIwY4T+MHyOARTziMDBdJrGxA
l34stKqE4qW2N0QfTcS4+Ug+EZTHmmLKKOgS0+9R/J0NX9DQJIgJgqlmmLMLIpQ2
h2skDOt28rULCdoxX4pJBK6BOmxjRpJCgQUasNYPEQGMN1ZRffe2x2RhxZLjYr8s
1O6R2Q==
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:50:58 2024 by rpki-client on console-fra.rpki-client.org