Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A913D1EA/9C932B48173A11EBA3B97E7FC4F9AE02/250D43FA74CB11EEB3C0267DC4F9AE02.roa
File:                     250D43FA74CB11EEB3C0267DC4F9AE02.roa (raw, json)
Hash identifier:          cwlee/MeNESN8c9NkcPntzwFpciLECNIArCUcR2m2M4=
Subject key identifier:   12:60:7D:E6:C6:17:BD:9A:E5:57:E5:14:16:6C:50:5E:4C:9B:32:CF
Certificate issuer:       /CN=A913D1EA/serialNumber=E692C5B60B3EF1C2044439FC390AD56DC3CBCD63
Certificate serial:       0658
Authority key identifier: E6:92:C5:B6:0B:3E:F1:C2:04:44:39:FC:39:0A:D5:6D:C3:CB:CD:63
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/5pLFtgs-8cIERDn8OQrVbcPLzWM.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A913D1EA/9C932B48173A11EBA3B97E7FC4F9AE02/250D43FA74CB11EEB3C0267DC4F9AE02.roa
Signing time:             Fri 27 Oct 2023 13:17:14 +0000
ROA not before:           Fri 27 Oct 2023 13:17:14 +0000
ROA not after:            Mon 30 Dec 2024 00:00:00 +0000
asID:                     135607
IP address blocks:        61.245.4.0/24 maxlen: 24
                          61.245.5.0/24 maxlen: 24
                          61.245.6.0/24 maxlen: 24
                          61.245.7.0/24 maxlen: 24
                          61.245.8.0/24 maxlen: 24
                          61.245.9.0/24 maxlen: 24
                          61.245.12.0/24 maxlen: 24
                          61.245.13.0/24 maxlen: 24
                          61.245.14.0/24 maxlen: 24
                          61.245.15.0/24 maxlen: 24
                          61.245.16.0/24 maxlen: 24
                          61.245.17.0/24 maxlen: 24
                          61.245.18.0/24 maxlen: 24
                          61.245.19.0/24 maxlen: 24
                          61.245.20.0/24 maxlen: 24
                          61.245.21.0/24 maxlen: 24
                          61.245.22.0/24 maxlen: 24
                          61.245.23.0/24 maxlen: 24
                          61.245.24.0/24 maxlen: 24
                          61.245.25.0/24 maxlen: 24
                          61.245.26.0/24 maxlen: 24
                          61.245.27.0/24 maxlen: 24
                          61.245.28.0/24 maxlen: 24
                          61.245.29.0/24 maxlen: 24
                          61.245.30.0/24 maxlen: 24
                          61.245.31.0/24 maxlen: 24
                          103.76.160.0/23 maxlen: 23
                          103.76.160.0/24 maxlen: 24
                          103.76.161.0/24 maxlen: 24
                          103.100.100.0/23 maxlen: 23
                          103.100.100.0/24 maxlen: 24
                          103.100.101.0/24 maxlen: 24
                          2401:e740::/32 maxlen: 32

Validation:               Failed, certificate revoked on Fri 24 Nov 2023 00:08:28 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1624 (0x658)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A913D1EA/serialNumber=E692C5B60B3EF1C2044439FC390AD56DC3CBCD63
        Validity
            Not Before: Oct 27 13:17:14 2023 GMT
            Not After : Dec 30 00:00:00 2024 GMT
        Subject: CN=653bb85a-f523
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:f3:fd:3c:aa:81:6f:4c:01:7e:f2:a1:ca:1c:
                    80:7e:15:fe:28:2c:5a:94:71:b9:b5:0c:53:dc:5e:
                    db:50:a8:97:aa:5e:a0:b9:78:77:65:c4:95:91:d4:
                    aa:58:39:f5:38:49:c9:cd:1e:ba:9a:2b:23:a9:22:
                    83:80:55:e0:9f:b6:3d:22:18:e7:8c:c5:32:a7:96:
                    ee:20:ca:56:4e:4a:0c:29:90:c7:ee:fd:cc:4b:72:
                    a2:c9:57:9a:c8:67:86:93:cc:f6:96:62:7c:39:3d:
                    c3:a9:48:ad:07:bd:1c:36:c4:9d:04:88:46:04:49:
                    c8:60:84:6f:7b:42:28:22:96:98:84:9a:36:a1:ae:
                    2c:97:0b:46:83:4e:05:c1:c6:46:e7:19:55:05:f6:
                    c1:cf:cb:e5:a6:aa:05:90:0c:09:6a:98:7d:c4:30:
                    a5:ca:a9:86:62:e7:c9:a3:f9:42:29:20:0c:d2:56:
                    8a:57:96:ff:33:4d:eb:9c:a4:9b:79:6a:c7:00:40:
                    a8:df:c6:a4:60:3a:0d:a7:88:d1:99:a6:a1:2e:c2:
                    10:2b:75:75:34:c0:0f:f8:08:68:87:8a:67:e1:ef:
                    c9:c3:47:ea:28:32:06:f5:d3:33:05:ee:2d:d7:5a:
                    af:d0:65:67:92:c5:79:2a:d3:76:36:76:50:e2:5a:
                    08:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:60:7D:E6:C6:17:BD:9A:E5:57:E5:14:16:6C:50:5E:4C:9B:32:CF
            X509v3 Authority Key Identifier:
                keyid:E6:92:C5:B6:0B:3E:F1:C2:04:44:39:FC:39:0A:D5:6D:C3:CB:CD:63

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A913D1EA/9C932B48173A11EBA3B97E7FC4F9AE02/5pLFtgs-8cIERDn8OQrVbcPLzWM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/5pLFtgs-8cIERDn8OQrVbcPLzWM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A913D1EA/9C932B48173A11EBA3B97E7FC4F9AE02/250D43FA74CB11EEB3C0267DC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  61.245.4.0-61.245.9.255
                  61.245.12.0-61.245.31.255
                  103.76.160.0/23
                  103.100.100.0/23
                IPv6:
                  2401:e740::/32

    Signature Algorithm: sha256WithRSAEncryption
         30:d9:37:a3:f2:c7:fc:3c:51:91:36:9f:89:4e:2d:83:8e:c8:
         91:81:aa:97:ba:be:8c:33:b6:f0:ab:00:6e:ee:96:d7:bb:88:
         a1:1d:00:85:56:20:b3:7b:6a:35:5f:e6:7e:69:5e:cc:07:3f:
         c2:66:97:db:5b:dd:e7:a9:aa:a7:88:50:a0:55:19:a5:15:7e:
         bd:88:ca:51:b2:f1:0d:9a:8d:29:1d:b9:f5:6c:30:6b:37:10:
         bd:54:f8:a3:0a:b3:9c:3b:81:fd:56:86:78:c3:67:14:92:2b:
         af:cf:90:03:8b:c3:5e:7d:8e:34:50:c3:38:ed:12:2b:25:6f:
         e9:fa:f0:9a:73:fb:3f:cf:f2:d0:15:17:45:77:4f:a0:e8:b9:
         27:8e:78:63:fe:1a:1d:69:18:12:8a:e5:69:68:aa:86:60:35:
         02:74:5d:08:73:97:c2:ba:a5:a8:c4:0b:48:5f:4d:a6:65:85:
         2d:ad:ed:49:94:61:68:f2:8d:74:f4:0e:e2:5a:fb:03:37:2e:
         bf:6f:61:ab:e4:19:c9:60:f2:79:98:b1:a4:6b:92:33:ab:2a:
         28:3f:e3:72:af:62:cf:3c:ac:6e:2f:37:13:51:87:70:4a:fd:
         ec:65:02:c1:ff:db:21:ad:da:0b:b8:5b:a8:f7:6f:b8:2b:d8:
         b2:7e:16:43
-----BEGIN CERTIFICATE-----
MIIFojCCBIqgAwIBAgICBlgwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
M0QxRUExMTAvBgNVBAUTKEU2OTJDNUI2MEIzRUYxQzIwNDQ0MzlGQzM5MEFENTZE
QzNDQkNENjMwHhcNMjMxMDI3MTMxNzE0WhcNMjQxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTNiYjg1YS1mNTIzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAqfP9PKqBb0wBfvKhyhyAfhX+KCxalHG5tQxT3F7bUKiXql6guXh3ZcSVkdSq
WDn1OEnJzR66misjqSKDgFXgn7Y9IhjnjMUyp5buIMpWTkoMKZDH7v3MS3KiyVea
yGeGk8z2lmJ8OT3DqUitB70cNsSdBIhGBEnIYIRve0IoIpaYhJo2oa4slwtGg04F
wcZG5xlVBfbBz8vlpqoFkAwJaph9xDClyqmGYufJo/lCKSAM0laKV5b/M03rnKSb
eWrHAECo38akYDoNp4jRmaahLsIQK3V1NMAP+Ahoh4pn4e/Jw0fqKDIG9dMzBe4t
11qv0GVnksV5KtN2NnZQ4loIAQIDAQABo4ICxjCCAsIwHQYDVR0OBBYEFBJgfebG
F72a5VflFBZsUF5MmzLPMB8GA1UdIwQYMBaAFOaSxbYLPvHCBEQ5/DkK1W3Dy81j
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEzRDFFQS85QzkzMkI0ODE3
M0ExMUVCQTNCOTdFN0ZDNEY5QUUwMi81cExGdGdzLThjSUVSRG44T1FyVmJjUEx6
V00uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzVwTEZ0Z3MtOGNJRVJEbjhPUXJWYmNQTHpXTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
M0QxRUEvOUM5MzJCNDgxNzNBMTFFQkEzQjk3RTdGQzRGOUFFMDIvMjUwRDQzRkE3
NENCMTFFRUIzQzAyNjdEQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwUAYIKwYBBQUHAQcBAf8E
QTA/MC4EAgABMCgwDAMEAj31BAMEAT31CDAMAwQCPfUMAwQFPfUAAwQBZ0ygAwQB
Z2RkMA0EAgACMAcDBQAkAedAMA0GCSqGSIb3DQEBCwUAA4IBAQAw2Tej8sf8PFGR
Np+JTi2DjsiRgaqXur6MM7bwqwBu7pbXu4ihHQCFViCze2o1X+Z+aV7MBz/CZpfb
W93nqaqniFCgVRmlFX69iMpRsvENmo0pHbn1bDBrNxC9VPijCrOcO4H9VoZ4w2cU
kiuvz5ADi8NefY40UMM47RIrJW/p+vCac/s/z/LQFRdFd0+g6Lknjnhj/hodaRgS
iuVpaKqGYDUCdF0Ic5fCuqWoxAtIX02mZYUtre1JlGFo8o109A7iWvsDNy6/b2Gr
5BnJYPJ5mLGka5IzqyooP+Nyr2LPPKxuLzcTUYdwSv3sZQLB/9shrdoLuFuo92+4
K9iyfhZD
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:03 2024 by rpki-client on console-fra.rpki-client.org