Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9140D69/0E177D5A058C11EDADD66011C4F9AE02/85DF02C00D5411ED8208604DC4F9AE02.roa
File:                     85DF02C00D5411ED8208604DC4F9AE02.roa (raw, json)
Hash identifier:          6rR/odhUUC5TRyN/kt+0VU054d3mvvlQx/UfLqHwnWU=
Subject key identifier:   27:A1:2B:6C:CF:39:49:FE:1A:0A:FE:34:B2:90:08:7A:D0:7D:EB:8F
Certificate issuer:       /CN=A9140D69/serialNumber=103FA8BDFFFB9F0557072C47332B81A9E80EDD35
Certificate serial:       0165
Authority key identifier: 10:3F:A8:BD:FF:FB:9F:05:57:07:2C:47:33:2B:81:A9:E8:0E:DD:35
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ED-ovf_7nwVXByxHMyuBqegO3TU.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9140D69/0E177D5A058C11EDADD66011C4F9AE02/85DF02C00D5411ED8208604DC4F9AE02.roa
Signing time:             Sat 30 Sep 2023 14:39:16 +0000
ROA not before:           Sat 30 Sep 2023 14:39:16 +0000
ROA not after:            Thu 31 Oct 2024 00:00:00 +0000
asID:                     64021
IP address blocks:        103.237.100.0/24 maxlen: 24
                          103.237.101.0/24 maxlen: 24
                          103.237.103.0/24 maxlen: 24
                          163.53.244.0/24 maxlen: 24
                          163.53.245.0/24 maxlen: 24
                          163.53.247.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 18 Jun 2024 09:32:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 357 (0x165)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9140D69/serialNumber=103FA8BDFFFB9F0557072C47332B81A9E80EDD35
        Validity
            Not Before: Sep 30 14:39:16 2023 GMT
            Not After : Oct 31 00:00:00 2024 GMT
        Subject: CN=65183314-cd38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:2f:a4:92:a6:0b:ec:e4:f6:be:e4:9d:c8:d9:
                    be:e5:5d:76:ea:7c:eb:67:fd:30:41:22:66:98:ba:
                    17:76:75:d3:ac:6e:3c:77:56:82:e8:18:b2:27:8c:
                    ff:0a:93:b4:ab:e0:ef:66:df:92:d5:bc:69:18:d0:
                    fb:6c:eb:1a:bb:96:41:a5:2f:12:8e:20:e1:e9:72:
                    5f:b7:df:8b:57:9d:eb:45:a6:2e:57:96:7f:5b:d3:
                    59:0d:30:9d:45:12:62:ee:92:53:b0:8e:e6:5f:52:
                    70:12:e5:d5:32:80:3c:ff:5d:86:cc:31:90:f2:a9:
                    85:75:de:1f:04:61:99:61:83:c1:d9:4c:99:09:c8:
                    cb:cf:1a:17:41:63:c6:86:c5:73:18:39:14:5d:32:
                    c7:cf:9d:85:e5:85:4c:ed:48:df:4c:f8:f5:76:a5:
                    e4:81:34:9c:3e:61:5e:98:73:e3:a9:88:45:09:bf:
                    b2:d0:bb:0f:3f:75:a0:f6:3a:4b:ce:ae:4e:ee:70:
                    c4:00:de:25:3c:e7:48:59:e2:b7:5f:8f:8d:94:6b:
                    91:96:f3:9a:13:46:54:be:ec:df:4b:5d:e1:13:e1:
                    22:6a:de:49:a4:3e:af:f7:dc:78:fa:a6:77:b3:45:
                    54:1d:eb:0f:22:cb:00:dc:fa:06:50:9b:11:44:43:
                    ec:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:A1:2B:6C:CF:39:49:FE:1A:0A:FE:34:B2:90:08:7A:D0:7D:EB:8F
            X509v3 Authority Key Identifier:
                keyid:10:3F:A8:BD:FF:FB:9F:05:57:07:2C:47:33:2B:81:A9:E8:0E:DD:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9140D69/0E177D5A058C11EDADD66011C4F9AE02/ED-ovf_7nwVXByxHMyuBqegO3TU.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ED-ovf_7nwVXByxHMyuBqegO3TU.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9140D69/0E177D5A058C11EDADD66011C4F9AE02/85DF02C00D5411ED8208604DC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.237.100.0/23
                  103.237.103.0/24
                  163.53.244.0/23
                  163.53.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:8f:88:3b:95:7e:60:a9:50:2e:4e:95:94:0b:18:17:7d:7f:
         97:e5:d7:1d:e8:fa:16:1e:d1:e3:80:21:5c:57:cc:8a:b5:12:
         19:b7:fa:98:58:e2:0d:e1:b0:c3:c5:ed:3b:ed:7c:9f:5c:0d:
         dd:78:46:60:82:ac:f1:de:d3:8c:ac:e1:5e:9c:b3:97:d7:21:
         8a:f4:7d:e5:27:04:a6:91:b9:47:92:bc:f8:af:46:e0:92:9a:
         36:34:66:45:17:76:56:5b:22:a3:b6:bf:88:42:73:e6:e2:c0:
         c8:b6:de:7a:a7:62:dc:fc:3c:fa:82:a3:73:50:61:c3:f3:d6:
         c6:ff:37:11:1b:61:76:0a:cb:89:c8:08:9c:67:37:22:1b:b4:
         eb:e7:e6:23:93:0b:34:6c:b5:2a:f4:ca:d5:bc:74:a8:44:82:
         f5:2d:48:4f:8d:52:3a:6e:06:1e:91:0b:b4:fa:ff:3a:45:ef:
         fa:ae:95:d4:56:56:2c:f6:68:24:a3:f3:b4:da:b9:b0:e0:c2:
         99:31:76:14:1a:d0:65:e6:10:2e:75:79:12:d6:4c:72:10:e2:
         43:43:a9:b3:58:3c:a5:4f:02:af:b0:03:ff:09:c8:cc:94:87:
         35:54:0e:cc:c1:5b:2d:22:c8:8e:53:84:7c:ee:ed:ab:0f:83:
         e9:9c:3b:b2
-----BEGIN CERTIFICATE-----
MIIFgzCCBGugAwIBAgICAWUwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDBENjkxMTAvBgNVBAUTKDEwM0ZBOEJERkZGQjlGMDU1NzA3MkM0NzMzMkI4MUE5
RTgwRUREMzUwHhcNMjMwOTMwMTQzOTE2WhcNMjQxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTE4MzMxNC1jZDM4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA2y+kkqYL7OT2vuSdyNm+5V126nzrZ/0wQSJmmLoXdnXTrG48d1aC6BiyJ4z/
CpO0q+DvZt+S1bxpGND7bOsau5ZBpS8SjiDh6XJft9+LV53rRaYuV5Z/W9NZDTCd
RRJi7pJTsI7mX1JwEuXVMoA8/12GzDGQ8qmFdd4fBGGZYYPB2UyZCcjLzxoXQWPG
hsVzGDkUXTLHz52F5YVM7UjfTPj1dqXkgTScPmFemHPjqYhFCb+y0LsPP3Wg9jpL
zq5O7nDEAN4lPOdIWeK3X4+NlGuRlvOaE0ZUvuzfS13hE+Eiat5JpD6v99x4+qZ3
s0VUHesPIssA3PoGUJsRREPsuQIDAQABo4ICpzCCAqMwHQYDVR0OBBYEFCehK2zP
OUn+Ggr+NLKQCHrQfeuPMB8GA1UdIwQYMBaAFBA/qL3/+58FVwcsRzMrganoDt01
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0MEQ2OS8wRTE3N0Q1QTA1
OEMxMUVEQURENjYwMTFDNEY5QUUwMi9FRC1vdmZfN253VlhCeXhITXl1QnFlZ08z
VFUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0VELW92Zl83bndWWEJ5eEhNeXVCcWVnTzNUVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDBENjkvMEUxNzdENUEwNThDMTFFREFERDY2MDExQzRGOUFFMDIvODVERjAyQzAw
RDU0MTFFRDgyMDg2MDREQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMQYIKwYBBQUHAQcBAf8E
IjAgMB4EAgABMBgDBAFn7WQDBABn7WcDBAGjNfQDBACjNfcwDQYJKoZIhvcNAQEL
BQADggEBAKqPiDuVfmCpUC5OlZQLGBd9f5fl1x3o+hYe0eOAIVxXzIq1Ehm3+phY
4g3hsMPF7TvtfJ9cDd14RmCCrPHe04ys4V6cs5fXIYr0feUnBKaRuUeSvPivRuCS
mjY0ZkUXdlZbIqO2v4hCc+biwMi23nqnYtz8PPqCo3NQYcPz1sb/NxEbYXYKy4nI
CJxnNyIbtOvn5iOTCzRstSr0ytW8dKhEgvUtSE+NUjpuBh6RC7T6/zpF7/quldRW
Viz2aCSj87TaubDgwpkxdhQa0GXmEC51eRLWTHIQ4kNDqbNYPKVPAq+wA/8JyMyU
hzVUDszBWy0iyI5ThHzu7asPg+mcO7I=
-----END CERTIFICATE-----
Generated at Tue Jun 18 13:14:06 2024 by rpki-client on console-fra.rpki-client.org