Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9157861/34D26C88846F11E6A313C022C4F9AE02/F1AEE332DBBD11EA94610067C4F9AE02.roa
File:                     F1AEE332DBBD11EA94610067C4F9AE02.roa (raw, json)
Hash identifier:          IlTHpMGzSI5Ql1Sf7eZEVKipKLU7cFITujqRc9qf1Ig=
Subject key identifier:   EF:0C:88:35:53:3C:BA:4E:10:22:C8:AB:7B:B8:45:2E:88:78:42:29
Certificate issuer:       /CN=A9157861/serialNumber=BD5F088894D9DA7565D4436143EE026C320E4A2A
Certificate serial:       1D63
Authority key identifier: BD:5F:08:88:94:D9:DA:75:65:D4:43:61:43:EE:02:6C:32:0E:4A:2A
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/vV8IiJTZ2nVl1ENhQ-4CbDIOSio.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9157861/34D26C88846F11E6A313C022C4F9AE02/F1AEE332DBBD11EA94610067C4F9AE02.roa
Signing time:             Wed 21 Feb 2024 02:04:11 +0000
ROA not before:           Wed 21 Feb 2024 02:04:11 +0000
ROA not after:            Mon 30 Sep 2024 00:00:00 +0000
asID:                     38176
IP address blocks:        113.208.64.0/23 maxlen: 23
                          113.208.66.0/24 maxlen: 24
                          113.208.67.0/24 maxlen: 24
                          113.208.68.0/24 maxlen: 24
                          113.208.69.0/24 maxlen: 24
                          113.208.70.0/24 maxlen: 24
                          113.208.71.0/24 maxlen: 24
                          113.208.72.0/24 maxlen: 24
                          113.208.73.0/24 maxlen: 24
                          113.208.74.0/24 maxlen: 24
                          113.208.75.0/24 maxlen: 24
                          113.208.76.0/24 maxlen: 24
                          113.208.78.0/24 maxlen: 24
                          113.208.79.0/24 maxlen: 24
                          113.208.80.0/24 maxlen: 24
                          113.208.81.0/24 maxlen: 24
                          113.208.82.0/24 maxlen: 24
                          113.208.83.0/24 maxlen: 24
                          113.208.84.0/24 maxlen: 24
                          113.208.85.0/24 maxlen: 24
                          113.208.86.0/24 maxlen: 24
                          113.208.87.0/24 maxlen: 24
                          113.208.88.0/21 maxlen: 21
                          203.202.224.0/23 maxlen: 23
                          203.202.224.0/24 maxlen: 24
                          203.202.225.0/24 maxlen: 24
                          203.202.226.0/23 maxlen: 23
                          203.202.226.0/24 maxlen: 24
                          203.202.227.0/24 maxlen: 24
                          203.202.228.0/23 maxlen: 23
                          203.202.228.0/24 maxlen: 24
                          203.202.229.0/24 maxlen: 24
                          203.202.230.0/23 maxlen: 23
                          203.202.230.0/24 maxlen: 24
                          203.202.231.0/24 maxlen: 24
                          2405:1400::/34 maxlen: 34
                          2405:1400:4000::/34 maxlen: 34
                          2405:1400:8000::/34 maxlen: 34
                          2405:1400:c000::/34 maxlen: 34

Validation:               Failed, certificate revoked on Fri 23 Feb 2024 02:10:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 7523 (0x1d63)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9157861/serialNumber=BD5F088894D9DA7565D4436143EE026C320E4A2A
        Validity
            Not Before: Feb 21 02:04:11 2024 GMT
            Not After : Sep 30 00:00:00 2024 GMT
        Subject: CN=65d55a1b-a833
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:5c:5a:c8:7d:7e:b5:a6:8a:1b:1a:ae:ab:d8:
                    d6:ab:8b:92:80:0b:a9:19:8b:e5:be:c5:3a:f9:6e:
                    f9:59:48:1d:a3:fd:b4:6a:35:d9:30:45:76:58:0c:
                    0b:e6:8a:ec:2c:fd:fc:96:ad:a6:b5:93:13:ec:dd:
                    a2:ad:eb:be:e0:23:63:7b:77:1c:09:c4:25:2a:85:
                    da:a9:34:41:85:4c:e3:51:48:25:90:38:44:47:80:
                    60:7b:7e:ae:6b:e3:d3:0c:a6:55:89:28:64:0a:a6:
                    e2:a8:18:cc:cb:b1:43:24:a1:db:03:0b:21:24:dd:
                    89:15:e3:cc:ff:5b:fc:5d:b8:39:c4:e8:03:13:7f:
                    b3:01:82:41:31:5b:68:f5:67:92:2d:c2:4a:08:b8:
                    0a:0b:0e:34:71:93:a3:82:cd:5e:3d:3a:91:41:4f:
                    6b:21:38:ea:17:d4:0f:ba:3f:cb:11:03:21:f5:a4:
                    31:e1:a4:5f:97:30:df:fe:a0:b3:15:eb:70:5c:97:
                    1f:11:d1:42:6f:ee:23:63:ab:15:75:5e:d8:a0:f7:
                    88:eb:41:db:a7:d0:00:1d:cf:00:4b:84:c6:c1:02:
                    15:20:b6:ac:97:77:f8:0a:62:e3:a8:c7:14:f6:dc:
                    21:cc:9d:5e:cf:7a:60:1e:80:a2:d0:9f:1c:00:42:
                    67:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EF:0C:88:35:53:3C:BA:4E:10:22:C8:AB:7B:B8:45:2E:88:78:42:29
            X509v3 Authority Key Identifier:
                keyid:BD:5F:08:88:94:D9:DA:75:65:D4:43:61:43:EE:02:6C:32:0E:4A:2A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9157861/34D26C88846F11E6A313C022C4F9AE02/vV8IiJTZ2nVl1ENhQ-4CbDIOSio.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/vV8IiJTZ2nVl1ENhQ-4CbDIOSio.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9157861/34D26C88846F11E6A313C022C4F9AE02/F1AEE332DBBD11EA94610067C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  113.208.64.0-113.208.76.255
                  113.208.78.0-113.208.95.255
                  203.202.224.0/21
                IPv6:
                  2405:1400::/32

    Signature Algorithm: sha256WithRSAEncryption
         a6:be:5f:62:f2:ba:c8:4e:87:00:a8:47:3f:44:9e:68:a1:01:
         f4:1b:e3:c2:6c:6d:f8:e3:f3:e3:18:72:80:53:3f:df:89:9d:
         24:cd:09:de:7b:2c:13:ff:20:ac:52:55:03:2c:1e:39:d1:fb:
         0a:aa:dd:0a:5d:52:7f:b0:00:a3:51:cb:f4:f3:cd:d9:e3:dc:
         fb:fa:0f:24:43:dd:e2:47:19:b5:7a:97:36:26:50:2e:ca:50:
         f0:08:82:cb:51:ab:81:cd:42:22:03:03:04:07:59:b3:38:a8:
         b4:3b:80:55:48:dc:cb:92:12:de:9c:23:c2:9e:51:12:f9:3b:
         38:6f:8f:57:0b:b0:2b:b4:ff:a8:33:55:a9:c6:c2:32:3f:38:
         21:39:82:7a:a1:02:c0:3b:f3:1f:40:2b:19:ab:d5:a3:99:ea:
         1f:6f:62:ed:c3:48:ab:b7:7d:dd:e6:71:51:3e:e2:99:00:7c:
         06:aa:7f:b6:a8:43:5e:ea:22:37:1b:f3:dc:d3:10:b0:3b:95:
         aa:b9:ab:89:04:c9:61:5b:fa:13:4f:84:31:65:c4:2a:ec:7f:
         63:18:6e:f4:61:9a:f7:28:ef:df:78:12:25:8a:04:fb:53:c8:
         36:71:90:3c:8d:b0:99:ab:0a:d8:67:90:aa:ff:7e:1b:6c:43:
         26:f6:1c:42
-----BEGIN CERTIFICATE-----
MIIFnDCCBISgAwIBAgICHWMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NTc4NjExMTAvBgNVBAUTKEJENUYwODg4OTREOURBNzU2NUQ0NDM2MTQzRUUwMjZD
MzIwRTRBMkEwHhcNMjQwMjIxMDIwNDExWhcNMjQwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWQ1NWExYi1hODMzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA2lxayH1+taaKGxquq9jWq4uSgAupGYvlvsU6+W75WUgdo/20ajXZMEV2WAwL
5orsLP38lq2mtZMT7N2ireu+4CNje3ccCcQlKoXaqTRBhUzjUUglkDhER4Bge36u
a+PTDKZViShkCqbiqBjMy7FDJKHbAwshJN2JFePM/1v8Xbg5xOgDE3+zAYJBMVto
9WeSLcJKCLgKCw40cZOjgs1ePTqRQU9rITjqF9QPuj/LEQMh9aQx4aRflzDf/qCz
FetwXJcfEdFCb+4jY6sVdV7YoPeI60Hbp9AAHc8AS4TGwQIVILasl3f4CmLjqMcU
9twhzJ1ez3pgHoCi0J8cAEJnRQIDAQABo4ICwDCCArwwHQYDVR0OBBYEFO8MiDVT
PLpOECLIq3u4RS6IeEIpMB8GA1UdIwQYMBaAFL1fCIiU2dp1ZdRDYUPuAmwyDkoq
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1Nzg2MS8zNEQyNkM4ODg0
NkYxMUU2QTMxM0MwMjJDNEY5QUUwMi92VjhJaUpUWjJuVmwxRU5oUS00Q2JESU9T
aW8uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3ZWOElpSlRaMm5WbDFFTmhRLTRDYkRJT1Npby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NTc4NjEvMzREMjZDODg4NDZGMTFFNkEzMTNDMDIyQzRGOUFFMDIvRjFBRUUzMzJE
QkJEMTFFQTk0NjEwMDY3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwSgYIKwYBBQUHAQcBAf8E
OzA5MCgEAgABMCIwDAMEBnHQQAMEAHHQTDAMAwQBcdBOAwQFcdBAAwQDy8rgMA0E
AgACMAcDBQAkBRQAMA0GCSqGSIb3DQEBCwUAA4IBAQCmvl9i8rrITocAqEc/RJ5o
oQH0G+PCbG344/PjGHKAUz/fiZ0kzQneeywT/yCsUlUDLB450fsKqt0KXVJ/sACj
Ucv0883Z49z7+g8kQ93iRxm1epc2JlAuylDwCILLUauBzUIiAwMEB1mzOKi0O4BV
SNzLkhLenCPCnlES+Ts4b49XC7ArtP+oM1WpxsIyPzghOYJ6oQLAO/MfQCsZq9Wj
meofb2Ltw0irt33d5nFRPuKZAHwGqn+2qENe6iI3G/Pc0xCwO5WquauJBMlhW/oT
T4QxZcQq7H9jGG70YZr3KO/feBIligT7U8g2cZA8jbCZqwrYZ5Cq/34bbEMm9hxC
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:07 2024 by rpki-client on console-fra.rpki-client.org