Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9139322/2CB1EEBAF65311EBA1B4A61AC4F9AE02/FA5B99004D3711EEAEC1C322C4F9AE02.roa
File:                     FA5B99004D3711EEAEC1C322C4F9AE02.roa (raw, json)
Hash identifier:          w/fCoTmgskEIJhHpseik5GftGnzzWZK89mgLP6vxpdY=
Subject key identifier:   0D:AC:1A:09:E3:CE:B6:13:3E:8E:E6:1F:0A:26:B3:34:00:4A:8B:F8
Certificate issuer:       /CN=A9139322/serialNumber=EDC547BD0E6C0C0706A185833835F65EA3C71013
Certificate serial:       04D2
Authority key identifier: ED:C5:47:BD:0E:6C:0C:07:06:A1:85:83:38:35:F6:5E:A3:C7:10:13
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/7cVHvQ5sDAcGoYWDODX2XqPHEBM.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9139322/2CB1EEBAF65311EBA1B4A61AC4F9AE02/FA5B99004D3711EEAEC1C322C4F9AE02.roa
Signing time:             Thu 07 Sep 2023 04:35:31 +0000
ROA not before:           Thu 07 Sep 2023 04:35:31 +0000
ROA not after:            Sun 01 Dec 2024 00:00:00 +0000
asID:                     834
IP address blocks:        43.254.167.0/24 maxlen: 24
                          43.255.122.0/23 maxlen: 24
                          43.255.156.0/24 maxlen: 24
                          103.24.216.0/23 maxlen: 24
                          103.231.58.0/23 maxlen: 24
                          103.240.198.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sun 10 Sep 2023 18:51:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1234 (0x4d2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9139322/serialNumber=EDC547BD0E6C0C0706A185833835F65EA3C71013
        Validity
            Not Before: Sep  7 04:35:31 2023 GMT
            Not After : Dec  1 00:00:00 2024 GMT
        Subject: CN=64f95313-996b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:0e:d6:4a:df:cf:e3:2d:b5:40:71:35:74:ec:
                    14:c9:6d:b7:6d:01:f2:6d:6e:42:45:2c:f4:a6:c9:
                    da:61:35:ae:69:ea:7b:f4:7f:05:4c:58:a3:a9:b9:
                    0c:44:54:73:60:6d:88:a7:12:8b:27:2f:80:6c:59:
                    0c:30:c3:39:d0:87:4d:48:af:0e:dd:64:db:62:7f:
                    bc:cb:06:03:15:1e:5a:70:3e:28:04:1b:1c:51:1e:
                    83:42:73:66:9a:b2:df:55:d4:38:a2:f7:29:2f:a1:
                    59:0d:d7:a4:a3:6e:28:31:df:4d:43:17:2c:d1:70:
                    ab:24:22:76:03:be:c9:c8:72:b1:d3:46:d5:6d:76:
                    7b:74:a4:e5:0a:22:4e:f3:c9:ce:84:b9:fd:33:a5:
                    45:8b:a8:7f:32:d6:c9:08:ca:02:28:04:73:43:ee:
                    74:b8:69:d4:ba:ae:17:44:f5:32:d4:2b:f5:c7:c3:
                    14:b1:25:2c:70:a5:f6:a7:c6:ac:7a:26:b1:43:b6:
                    dc:35:5d:97:3a:0d:4e:cd:4f:03:e8:e1:aa:1a:47:
                    44:e9:dc:93:c0:1a:61:8b:aa:50:44:e5:84:05:93:
                    f2:43:85:01:a2:cc:f0:80:c7:56:61:0e:b6:19:df:
                    3a:3c:e6:b8:80:b1:01:6a:c2:70:82:d8:08:b4:f7:
                    a1:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0D:AC:1A:09:E3:CE:B6:13:3E:8E:E6:1F:0A:26:B3:34:00:4A:8B:F8
            X509v3 Authority Key Identifier:
                keyid:ED:C5:47:BD:0E:6C:0C:07:06:A1:85:83:38:35:F6:5E:A3:C7:10:13

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9139322/2CB1EEBAF65311EBA1B4A61AC4F9AE02/7cVHvQ5sDAcGoYWDODX2XqPHEBM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/7cVHvQ5sDAcGoYWDODX2XqPHEBM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9139322/2CB1EEBAF65311EBA1B4A61AC4F9AE02/FA5B99004D3711EEAEC1C322C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.254.167.0/24
                  43.255.122.0/23
                  43.255.156.0/24
                  103.24.216.0/23
                  103.231.58.0/23
                  103.240.198.0/24

    Signature Algorithm: sha256WithRSAEncryption
         be:be:ff:02:31:2e:dd:3e:09:61:f8:00:8a:04:02:22:f5:77:
         73:62:83:69:3e:a7:3e:68:05:64:0d:d5:60:29:f0:db:07:2a:
         55:14:f4:b4:27:87:e7:66:79:b7:92:53:5c:78:85:e2:b7:23:
         57:53:77:a0:40:ac:9e:cb:ef:7a:d2:3d:5b:38:24:4c:92:b9:
         38:59:e3:87:90:cf:dc:ee:7c:ee:c5:56:80:4c:f8:f2:34:48:
         33:d4:a6:f4:2d:2d:9b:9c:83:75:79:8a:a3:ed:c5:d1:eb:d5:
         c1:a6:28:7d:48:4c:70:bb:31:af:c4:1d:e6:b5:13:28:4d:78:
         85:e8:70:0d:f8:03:e2:b9:85:4d:1b:f1:a0:38:7c:d3:e2:0b:
         f1:22:08:14:4b:fd:40:ec:5a:32:88:62:a8:2e:5d:b5:1f:c1:
         3f:b2:d2:96:71:34:0b:68:8c:1b:4b:bc:d9:72:2d:fe:6d:15:
         a6:65:69:2f:7b:00:72:47:ff:68:a8:a4:ce:83:e4:24:61:b5:
         a9:9e:6b:ca:c8:26:98:84:b5:4f:43:1c:64:57:7d:0a:8d:bd:
         92:09:fc:17:ff:8d:51:56:25:5f:52:10:11:e9:ae:f4:71:7a:
         de:d5:72:77:c4:c1:2d:24:04:7b:53:4b:4c:04:3c:08:f3:f4:
         4e:a8:8b:6b
-----BEGIN CERTIFICATE-----
MIIFjzCCBHegAwIBAgICBNIwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MzkzMjIxMTAvBgNVBAUTKEVEQzU0N0JEMEU2QzBDMDcwNkExODU4MzM4MzVGNjVF
QTNDNzEwMTMwHhcNMjMwOTA3MDQzNTMxWhcNMjQxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NGY5NTMxMy05OTZiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA5A7WSt/P4y21QHE1dOwUyW23bQHybW5CRSz0psnaYTWuaep79H8FTFijqbkM
RFRzYG2IpxKLJy+AbFkMMMM50IdNSK8O3WTbYn+8ywYDFR5acD4oBBscUR6DQnNm
mrLfVdQ4ovcpL6FZDdeko24oMd9NQxcs0XCrJCJ2A77JyHKx00bVbXZ7dKTlCiJO
88nOhLn9M6VFi6h/MtbJCMoCKARzQ+50uGnUuq4XRPUy1Cv1x8MUsSUscKX2p8as
eiaxQ7bcNV2XOg1OzU8D6OGqGkdE6dyTwBphi6pQROWEBZPyQ4UBoszwgMdWYQ62
Gd86POa4gLEBasJwgtgItPehXQIDAQABo4ICszCCAq8wHQYDVR0OBBYEFA2sGgnj
zrYTPo7mHwomszQASov4MB8GA1UdIwQYMBaAFO3FR70ObAwHBqGFgzg19l6jxxAT
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEzOTMyMi8yQ0IxRUVCQUY2
NTMxMUVCQTFCNEE2MUFDNEY5QUUwMi83Y1ZIdlE1c0RBY0dvWVdET0RYMlhxUEhF
Qk0uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzdjVkh2UTVzREFjR29ZV0RPRFgyWHFQSEVCTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MzkzMjIvMkNCMUVFQkFGNjUzMTFFQkExQjRBNjFBQzRGOUFFMDIvRkE1Qjk5MDA0
RDM3MTFFRUFFQzFDMzIyQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwPQYIKwYBBQUHAQcBAf8E
LjAsMCoEAgABMCQDBAAr/qcDBAEr/3oDBAAr/5wDBAFnGNgDBAFn5zoDBABn8MYw
DQYJKoZIhvcNAQELBQADggEBAL6+/wIxLt0+CWH4AIoEAiL1d3Nig2k+pz5oBWQN
1WAp8NsHKlUU9LQnh+dmebeSU1x4heK3I1dTd6BArJ7L73rSPVs4JEySuThZ44eQ
z9zufO7FVoBM+PI0SDPUpvQtLZucg3V5iqPtxdHr1cGmKH1ITHC7Ma/EHea1EyhN
eIXocA34A+K5hU0b8aA4fNPiC/EiCBRL/UDsWjKIYqguXbUfwT+y0pZxNAtojBtL
vNlyLf5tFaZlaS97AHJH/2iopM6D5CRhtamea8rIJpiEtU9DHGRXfQqNvZIJ/Bf/
jVFWJV9SEBHprvRxet7VcnfEwS0kBHtTS0wEPAjz9E6oi2s=
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:03 2024 by rpki-client on console-fra.rpki-client.org