Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91590E3/DA18B1849A4911E79A9F3030C4F9AE02/873D1792F93A11ED9A23733BC4F9AE02.roa
File:                     873D1792F93A11ED9A23733BC4F9AE02.roa (raw, json)
Hash identifier:          QwMBi7CHbnPhKlYAERZUIzReNJBtb6Vqe7OVf4UoflY=
Subject key identifier:   AD:A3:3F:7F:63:74:2C:47:30:11:50:FD:24:CE:0A:9B:42:42:45:12
Certificate issuer:       /CN=A91590E3/serialNumber=BB976A598E5ECB05E37FAC00A5B7888E57F51C52
Certificate serial:       179D
Authority key identifier: BB:97:6A:59:8E:5E:CB:05:E3:7F:AC:00:A5:B7:88:8E:57:F5:1C:52
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/u5dqWY5eywXjf6wApbeIjlf1HFI.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91590E3/DA18B1849A4911E79A9F3030C4F9AE02/873D1792F93A11ED9A23733BC4F9AE02.roa
Signing time:             Fri 22 Sep 2023 16:54:07 +0000
ROA not before:           Fri 22 Sep 2023 16:54:07 +0000
ROA not after:            Sun 01 Dec 2024 00:00:00 +0000
asID:                     136948
IP address blocks:        103.99.249.0/24 maxlen: 24
                          103.99.250.0/24 maxlen: 24
                          103.99.251.0/24 maxlen: 24
                          2401:b640::/32 maxlen: 32
                          2401:b640::/48 maxlen: 48
                          2401:b640:1::/48 maxlen: 48
                          2401:b640:2::/48 maxlen: 48
                          2401:b640:3::/48 maxlen: 48
                          2401:b640:4::/48 maxlen: 48
                          2401:b640:5::/48 maxlen: 48
                          2401:b640:6::/48 maxlen: 48

Validation:               Failed, certificate revoked on Mon 26 Feb 2024 11:29:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 6045 (0x179d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91590E3/serialNumber=BB976A598E5ECB05E37FAC00A5B7888E57F51C52
        Validity
            Not Before: Sep 22 16:54:07 2023 GMT
            Not After : Dec  1 00:00:00 2024 GMT
        Subject: CN=650dc6af-7f35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:3b:1f:f5:df:63:b0:e0:20:11:3f:98:b0:f8:
                    77:9a:71:07:15:85:cc:c7:2b:6d:5d:bd:08:0c:08:
                    89:a2:82:43:19:15:c7:11:17:1e:1b:3b:f9:f6:14:
                    c6:66:42:80:8b:87:2d:aa:8b:d1:45:11:0e:8a:b7:
                    0c:93:db:1b:78:4d:b3:87:8e:e5:41:1b:01:32:99:
                    5e:24:0a:53:46:47:b5:fa:9f:5c:03:e9:e9:a2:35:
                    f7:c9:8d:2d:02:68:97:d6:9f:28:84:5a:41:9b:53:
                    ed:f8:85:3b:f4:84:c9:69:d7:cf:72:c8:d3:9b:8d:
                    95:67:1c:f1:ae:a6:da:7d:2c:71:62:c0:93:6c:fd:
                    43:dc:14:22:55:6a:30:3f:dc:98:8c:22:33:0f:12:
                    00:0b:dc:94:43:d6:0e:2f:db:c4:06:ff:39:e8:44:
                    42:9c:47:2e:78:e4:94:cd:b6:1d:56:ad:41:7d:da:
                    ff:8e:0e:f9:c9:fe:89:08:76:41:f3:4a:38:e8:46:
                    77:a8:af:71:a2:9a:65:80:1b:1a:bd:0a:89:a3:03:
                    39:d6:4e:f9:96:17:a1:63:4f:28:6e:d6:d9:c8:3f:
                    8e:2e:28:8b:49:44:fa:d3:f4:fb:5f:b3:d1:07:45:
                    6b:1a:0b:65:41:4e:2e:37:76:0a:6f:49:ca:c0:58:
                    67:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:A3:3F:7F:63:74:2C:47:30:11:50:FD:24:CE:0A:9B:42:42:45:12
            X509v3 Authority Key Identifier:
                keyid:BB:97:6A:59:8E:5E:CB:05:E3:7F:AC:00:A5:B7:88:8E:57:F5:1C:52

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91590E3/DA18B1849A4911E79A9F3030C4F9AE02/u5dqWY5eywXjf6wApbeIjlf1HFI.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/u5dqWY5eywXjf6wApbeIjlf1HFI.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91590E3/DA18B1849A4911E79A9F3030C4F9AE02/873D1792F93A11ED9A23733BC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.99.249.0-103.99.251.255
                IPv6:
                  2401:b640::/32

    Signature Algorithm: sha256WithRSAEncryption
         8a:7a:a4:09:8e:bb:6a:a4:cd:2c:36:27:3b:e2:5e:fe:c6:c6:
         33:f7:37:d5:58:da:e9:0a:81:33:e0:04:c9:26:63:07:98:88:
         37:b9:bc:51:23:eb:0d:0e:72:2f:55:b3:74:72:28:31:83:6b:
         61:fa:13:48:2f:5e:73:9a:fa:7c:1e:60:d0:c0:95:13:15:17:
         4b:b6:ed:1d:6b:70:78:b6:e4:8e:b7:3e:87:5a:1f:80:22:0b:
         ee:9e:83:6c:4c:4d:7d:de:41:9c:df:8f:85:10:30:bf:36:3e:
         32:3d:52:39:f4:45:06:59:6d:6f:19:79:ac:40:36:7d:14:43:
         2d:2e:65:ec:52:62:17:23:37:93:90:e3:6f:4d:d7:aa:09:1a:
         19:49:7f:c9:66:f7:f3:8d:08:26:d5:7f:50:f1:d3:eb:db:4e:
         67:47:91:de:f9:27:e4:74:10:e7:a4:38:88:9d:5b:4b:d3:71:
         94:42:55:7c:66:2d:52:bd:4b:1f:ea:1d:f9:a1:3e:a5:85:b7:
         5e:4b:95:d3:a2:68:ce:e3:6a:86:61:3b:f0:90:24:89:27:6f:
         cf:f7:9a:6f:4f:d8:c1:f3:48:ab:49:6e:1d:a9:8e:0b:22:cb:
         c9:7b:fe:31:bc:d5:2e:31:5b:eb:ba:80:a0:23:6a:89:fe:56:
         58:ce:52:9d
-----BEGIN CERTIFICATE-----
MIIFiDCCBHCgAwIBAgICF50wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NTkwRTMxMTAvBgNVBAUTKEJCOTc2QTU5OEU1RUNCMDVFMzdGQUMwMEE1Qjc4ODhF
NTdGNTFDNTIwHhcNMjMwOTIyMTY1NDA3WhcNMjQxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTBkYzZhZi03ZjM1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAtTsf9d9jsOAgET+YsPh3mnEHFYXMxyttXb0IDAiJooJDGRXHERceGzv59hTG
ZkKAi4ctqovRRREOircMk9sbeE2zh47lQRsBMpleJApTRke1+p9cA+npojX3yY0t
AmiX1p8ohFpBm1Pt+IU79ITJadfPcsjTm42VZxzxrqbafSxxYsCTbP1D3BQiVWow
P9yYjCIzDxIAC9yUQ9YOL9vEBv856ERCnEcueOSUzbYdVq1Bfdr/jg75yf6JCHZB
80o46EZ3qK9xopplgBsavQqJowM51k75lhehY08obtbZyD+OLiiLSUT60/T7X7PR
B0VrGgtlQU4uN3YKb0nKwFhnawIDAQABo4ICrDCCAqgwHQYDVR0OBBYEFK2jP39j
dCxHMBFQ/STOCptCQkUSMB8GA1UdIwQYMBaAFLuXalmOXssF43+sAKW3iI5X9RxS
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1OTBFMy9EQTE4QjE4NDlB
NDkxMUU3OUE5RjMwMzBDNEY5QUUwMi91NWRxV1k1ZXl3WGpmNndBcGJlSWpsZjFI
RkkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3U1ZHFXWTVleXdYamY2d0FwYmVJamxmMUhGSS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NTkwRTMvREExOEIxODQ5QTQ5MTFFNzlBOUYzMDMwQzRGOUFFMDIvODczRDE3OTJG
OTNBMTFFRDlBMjM3MzNCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNgYIKwYBBQUHAQcBAf8E
JzAlMBQEAgABMA4wDAMEAGdj+QMEAmdj+DANBAIAAjAHAwUAJAG2QDANBgkqhkiG
9w0BAQsFAAOCAQEAinqkCY67aqTNLDYnO+Je/sbGM/c31Vja6QqBM+AEySZjB5iI
N7m8USPrDQ5yL1WzdHIoMYNrYfoTSC9ec5r6fB5g0MCVExUXS7btHWtweLbkjrc+
h1ofgCIL7p6DbExNfd5BnN+PhRAwvzY+Mj1SOfRFBlltbxl5rEA2fRRDLS5l7FJi
FyM3k5Djb03XqgkaGUl/yWb3840IJtV/UPHT69tOZ0eR3vkn5HQQ56Q4iJ1bS9Nx
lEJVfGYtUr1LH+od+aE+pYW3XkuV06JozuNqhmE78JAkiSdvz/eab0/YwfNIq0lu
HamOCyLLyXv+MbzVLjFb67qAoCNqif5WWM5SnQ==
-----END CERTIFICATE-----