Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9139322/2CB1EEBAF65311EBA1B4A61AC4F9AE02/88978EF0A65111EEABE0B079C4F9AE02.roa
File:                     88978EF0A65111EEABE0B079C4F9AE02.roa (raw, json)
Hash identifier:          NxAtd/13bVeR3hgFnMNcl4NqwPAF1iee1z/CMtOAxpU=
Subject key identifier:   1F:DE:72:15:DB:30:9A:6D:C3:45:B9:AB:A1:7A:B9:2E:EF:6C:60:97
Certificate issuer:       /CN=A9139322/serialNumber=EDC547BD0E6C0C0706A185833835F65EA3C71013
Certificate serial:       0572
Authority key identifier: ED:C5:47:BD:0E:6C:0C:07:06:A1:85:83:38:35:F6:5E:A3:C7:10:13
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/7cVHvQ5sDAcGoYWDODX2XqPHEBM.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9139322/2CB1EEBAF65311EBA1B4A61AC4F9AE02/88978EF0A65111EEABE0B079C4F9AE02.roa
Signing time:             Fri 29 Dec 2023 13:52:41 +0000
ROA not before:           Fri 29 Dec 2023 13:52:41 +0000
ROA not after:            Sun 01 Dec 2024 00:00:00 +0000
asID:                     834
IP address blocks:        43.247.135.0/24 maxlen: 24
                          43.255.122.0/23 maxlen: 24
                          43.255.156.0/24 maxlen: 24
                          103.24.216.0/23 maxlen: 24
                          103.231.58.0/23 maxlen: 24

Validation:               Failed, certificate revoked on Thu 11 Jan 2024 07:58:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1394 (0x572)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9139322/serialNumber=EDC547BD0E6C0C0706A185833835F65EA3C71013
        Validity
            Not Before: Dec 29 13:52:41 2023 GMT
            Not After : Dec  1 00:00:00 2024 GMT
        Subject: CN=658ecf29-27f7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:1e:cf:50:1f:81:85:22:1e:9d:3a:27:eb:96:
                    ca:d0:97:61:fa:1f:c0:bf:2c:fc:7f:59:cc:7e:3a:
                    3d:2c:d2:85:09:e9:ce:cf:ad:45:11:32:2d:66:b1:
                    3b:b2:8b:f1:e1:37:fe:19:e5:9e:2c:b5:04:54:42:
                    be:e6:0d:1b:97:c9:15:6b:1c:89:82:24:12:b1:73:
                    f9:be:2f:b7:36:9f:ec:69:e4:21:8c:f2:48:26:d2:
                    5e:47:1d:69:21:f4:e6:7c:c3:d3:25:b3:92:5c:2a:
                    67:8e:3f:d0:7c:8d:46:01:f1:8b:16:74:10:07:19:
                    e0:8f:0f:61:29:71:fa:88:d0:f5:1c:00:c9:0b:f9:
                    e2:2c:0b:e0:29:9a:f1:57:f5:90:4a:fb:46:08:0f:
                    7d:18:46:8a:22:85:13:ae:52:b6:3d:21:bb:08:0e:
                    44:9b:92:14:03:e5:1b:14:fb:f0:4d:4b:e3:5d:2e:
                    5b:40:7e:fe:15:aa:6c:e1:9c:b3:8e:f1:e5:0d:a5:
                    b5:21:8d:d9:2c:70:e4:1a:d8:52:5c:69:90:93:98:
                    be:a8:72:55:40:5b:02:01:f3:2c:cd:9b:83:46:87:
                    30:c8:4e:01:40:a6:08:84:ab:35:ad:33:9c:34:50:
                    f3:9e:8c:c1:a5:a6:da:a0:b4:41:d7:9b:03:c6:ff:
                    8e:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:DE:72:15:DB:30:9A:6D:C3:45:B9:AB:A1:7A:B9:2E:EF:6C:60:97
            X509v3 Authority Key Identifier:
                keyid:ED:C5:47:BD:0E:6C:0C:07:06:A1:85:83:38:35:F6:5E:A3:C7:10:13

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9139322/2CB1EEBAF65311EBA1B4A61AC4F9AE02/7cVHvQ5sDAcGoYWDODX2XqPHEBM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/7cVHvQ5sDAcGoYWDODX2XqPHEBM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9139322/2CB1EEBAF65311EBA1B4A61AC4F9AE02/88978EF0A65111EEABE0B079C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.247.135.0/24
                  43.255.122.0/23
                  43.255.156.0/24
                  103.24.216.0/23
                  103.231.58.0/23

    Signature Algorithm: sha256WithRSAEncryption
         a7:5d:2b:ef:37:94:ec:d6:68:df:26:1e:6c:c0:df:a7:08:5d:
         07:99:90:4e:e4:8d:3b:18:a9:4b:e4:9d:e0:41:87:da:0e:b3:
         10:70:b8:17:c9:c3:37:f1:58:bf:ed:10:11:60:2e:7c:32:04:
         66:04:f9:aa:b2:9e:25:c3:25:68:ca:cb:ca:03:de:00:cf:f8:
         b3:ea:fa:37:36:ce:d5:b0:23:17:62:43:13:ac:6f:cf:f4:70:
         ca:b8:9b:aa:ff:5f:14:16:ce:51:af:ec:3a:2d:9c:42:b9:05:
         71:56:b6:af:37:8d:0e:6f:43:26:f5:c7:7c:f0:98:8e:d8:a9:
         b1:d7:dc:e7:42:e6:ef:e5:65:95:5e:6f:a8:8f:18:e1:4c:17:
         b7:94:b3:5a:6c:8a:5b:8f:a3:aa:76:ee:a2:1b:45:74:d7:07:
         c1:1b:3c:5b:a5:93:70:01:37:99:fb:87:b8:90:af:52:c6:f9:
         26:a5:0b:b3:44:76:51:f3:3d:b6:45:76:9d:1f:a8:a1:78:30:
         96:df:8e:5d:bd:3f:bf:49:6f:1d:e6:ee:34:26:b4:35:e3:e0:
         5e:15:24:65:64:f9:47:0f:4f:43:41:69:15:da:b9:74:4e:9c:
         8a:33:25:a6:c7:7d:df:df:e0:58:51:76:af:ad:36:3c:fe:a4:
         69:53:5e:ac
-----BEGIN CERTIFICATE-----
MIIFiTCCBHGgAwIBAgICBXIwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MzkzMjIxMTAvBgNVBAUTKEVEQzU0N0JEMEU2QzBDMDcwNkExODU4MzM4MzVGNjVF
QTNDNzEwMTMwHhcNMjMxMjI5MTM1MjQxWhcNMjQxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NThlY2YyOS0yN2Y3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA2h7PUB+BhSIenTon65bK0Jdh+h/Avyz8f1nMfjo9LNKFCenOz61FETItZrE7
sovx4Tf+GeWeLLUEVEK+5g0bl8kVaxyJgiQSsXP5vi+3Np/saeQhjPJIJtJeRx1p
IfTmfMPTJbOSXCpnjj/QfI1GAfGLFnQQBxngjw9hKXH6iND1HADJC/niLAvgKZrx
V/WQSvtGCA99GEaKIoUTrlK2PSG7CA5Em5IUA+UbFPvwTUvjXS5bQH7+Faps4Zyz
jvHlDaW1IY3ZLHDkGthSXGmQk5i+qHJVQFsCAfMszZuDRocwyE4BQKYIhKs1rTOc
NFDznozBpabaoLRB15sDxv+O1QIDAQABo4ICrTCCAqkwHQYDVR0OBBYEFB/echXb
MJptw0W5q6F6uS7vbGCXMB8GA1UdIwQYMBaAFO3FR70ObAwHBqGFgzg19l6jxxAT
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEzOTMyMi8yQ0IxRUVCQUY2
NTMxMUVCQTFCNEE2MUFDNEY5QUUwMi83Y1ZIdlE1c0RBY0dvWVdET0RYMlhxUEhF
Qk0uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzdjVkh2UTVzREFjR29ZV0RPRFgyWHFQSEVCTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MzkzMjIvMkNCMUVFQkFGNjUzMTFFQkExQjRBNjFBQzRGOUFFMDIvODg5NzhFRjBB
NjUxMTFFRUFCRTBCMDc5QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNwYIKwYBBQUHAQcBAf8E
KDAmMCQEAgABMB4DBAAr94cDBAEr/3oDBAAr/5wDBAFnGNgDBAFn5zowDQYJKoZI
hvcNAQELBQADggEBAKddK+83lOzWaN8mHmzA36cIXQeZkE7kjTsYqUvkneBBh9oO
sxBwuBfJwzfxWL/tEBFgLnwyBGYE+aqyniXDJWjKy8oD3gDP+LPq+jc2ztWwIxdi
QxOsb8/0cMq4m6r/XxQWzlGv7DotnEK5BXFWtq83jQ5vQyb1x3zwmI7YqbHX3OdC
5u/lZZVeb6iPGOFMF7eUs1psiluPo6p27qIbRXTXB8EbPFulk3ABN5n7h7iQr1LG
+SalC7NEdlHzPbZFdp0fqKF4MJbfjl29P79Jbx3m7jQmtDXj4F4VJGVk+UcPT0NB
aRXauXROnIozJabHfd/f4FhRdq+tNjz+pGlTXqw=
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:02 2024 by rpki-client on console-fra.rpki-client.org