Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A915F89C/5B07F3AC1D8311E29B35A5D808B02CD2/6480462C1F5511EC999E640AC4F9AE02.roa
File:                     6480462C1F5511EC999E640AC4F9AE02.roa (raw, json)
Hash identifier:          FGOl/G+64uwQtPqszdubijBBc16NQ5r432NkvWyIy/g=
Subject key identifier:   54:07:CF:10:FC:A1:EC:F5:30:A3:34:BC:57:79:7E:1F:5F:71:72:CA
Certificate issuer:       /CN=A915F89C/serialNumber=D697BB6F3F99E94480EE0BBAD3D26800AB416260
Certificate serial:       3406
Authority key identifier: D6:97:BB:6F:3F:99:E9:44:80:EE:0B:BA:D3:D2:68:00:AB:41:62:60
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/1pe7bz-Z6USA7gu609JoAKtBYmA.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A915F89C/5B07F3AC1D8311E29B35A5D808B02CD2/6480462C1F5511EC999E640AC4F9AE02.roa
Signing time:             Thu 22 Feb 2024 05:27:22 +0000
ROA not before:           Thu 22 Feb 2024 05:27:22 +0000
ROA not after:            Thu 31 Oct 2024 00:00:00 +0000
asID:                     3758
IP address blocks:        128.106.0.0/18 maxlen: 18
                          128.106.4.0/24 maxlen: 24
                          128.106.5.0/24 maxlen: 24
                          128.106.6.0/24 maxlen: 24
                          128.106.7.0/24 maxlen: 24
                          128.106.12.0/24 maxlen: 24
                          128.106.15.0/24 maxlen: 24
                          128.106.17.0/24 maxlen: 24
                          128.106.19.0/24 maxlen: 24
                          128.106.20.0/24 maxlen: 24
                          128.106.21.0/24 maxlen: 24
                          128.106.22.0/24 maxlen: 24
                          128.106.23.0/24 maxlen: 24
                          128.106.28.0/24 maxlen: 24
                          128.106.40.0/23 maxlen: 24
                          128.106.64.0/18 maxlen: 18
                          128.106.128.0/17 maxlen: 17
                          165.21.0.0/16 maxlen: 16
                          165.21.12.0/24 maxlen: 24
                          165.21.18.0/24 maxlen: 24
                          165.21.19.0/24 maxlen: 24
                          165.21.31.0/24 maxlen: 24
                          165.21.36.0/23 maxlen: 23
                          165.21.39.0/24 maxlen: 24
                          165.21.49.0/24 maxlen: 24
                          165.21.50.0/24 maxlen: 24
                          165.21.52.0/24 maxlen: 24
                          165.21.70.0/24 maxlen: 24
                          165.21.71.0/24 maxlen: 24
                          165.21.72.0/24 maxlen: 24
                          165.21.74.0/24 maxlen: 24
                          165.21.84.0/24 maxlen: 24
                          165.21.88.0/24 maxlen: 24
                          165.21.91.0/24 maxlen: 24
                          165.21.93.0/24 maxlen: 24
                          165.21.94.0/24 maxlen: 24
                          165.21.95.0/24 maxlen: 24
                          165.21.100.0/24 maxlen: 24
                          165.21.104.0/24 maxlen: 24
                          165.21.108.0/24 maxlen: 24
                          165.21.109.0/24 maxlen: 24
                          165.21.122.0/24 maxlen: 24
                          165.21.123.0/24 maxlen: 24
                          165.21.138.0/24 maxlen: 24
                          165.21.139.0/24 maxlen: 24
                          165.21.238.0/24 maxlen: 24
                          165.21.244.0/24 maxlen: 24
                          165.21.246.0/24 maxlen: 24
                          165.21.254.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 17 Jul 2024 03:37:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 13318 (0x3406)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A915F89C/serialNumber=D697BB6F3F99E94480EE0BBAD3D26800AB416260
        Validity
            Not Before: Feb 22 05:27:22 2024 GMT
            Not After : Oct 31 00:00:00 2024 GMT
        Subject: CN=65d6db3a-5edf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:a7:f7:1d:10:ef:d1:d9:b9:a0:fb:0f:f9:a7:
                    c3:99:a9:80:53:17:46:cb:e6:af:24:8e:98:dd:0b:
                    da:26:fd:81:67:76:80:bf:b0:1d:80:69:5b:a0:af:
                    da:26:3a:7a:18:3f:e0:06:2b:53:c0:17:97:2c:a9:
                    5b:12:99:b8:2b:f1:73:ac:ac:c4:ff:f0:6e:c4:40:
                    92:05:93:af:82:6f:e3:36:aa:24:78:a9:67:98:0b:
                    b7:1e:54:04:c8:9b:b6:52:ce:54:9e:b9:93:c1:bf:
                    68:f9:12:6b:c7:78:f8:d4:f9:a9:32:19:8a:2d:7b:
                    1c:87:6e:c1:5c:d3:74:9f:af:1d:08:b9:e6:97:eb:
                    ad:d5:94:be:d6:5a:e3:24:14:b4:32:64:87:f7:d6:
                    5c:81:4b:1d:1e:01:b9:c7:b8:ef:08:e1:5f:f7:cd:
                    8b:ff:55:a8:0b:f4:9f:e5:59:1f:1e:bd:76:77:7a:
                    14:1c:ac:06:d4:2d:01:c6:9e:06:56:75:fc:ec:9d:
                    02:f0:71:1f:2e:77:45:5d:72:67:e0:54:a4:f9:89:
                    dd:d3:ff:a9:95:80:5d:fd:1a:05:2c:22:03:47:1d:
                    e3:e6:63:a4:cc:56:fc:f1:71:00:27:22:cb:91:5b:
                    99:ca:1e:77:dc:26:4e:63:06:19:7f:62:c0:c0:bd:
                    91:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:07:CF:10:FC:A1:EC:F5:30:A3:34:BC:57:79:7E:1F:5F:71:72:CA
            X509v3 Authority Key Identifier:
                keyid:D6:97:BB:6F:3F:99:E9:44:80:EE:0B:BA:D3:D2:68:00:AB:41:62:60

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A915F89C/5B07F3AC1D8311E29B35A5D808B02CD2/1pe7bz-Z6USA7gu609JoAKtBYmA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/1pe7bz-Z6USA7gu609JoAKtBYmA.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A915F89C/5B07F3AC1D8311E29B35A5D808B02CD2/6480462C1F5511EC999E640AC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  128.106.0.0/16
                  165.21.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         04:ed:35:c1:99:02:92:50:65:33:68:77:db:d7:23:7a:44:9d:
         8a:a9:97:05:48:54:a4:04:c6:eb:32:fc:77:2a:84:92:8e:81:
         f4:f4:85:72:30:2d:9b:59:69:f6:dd:fd:47:e4:ac:25:15:a4:
         9c:1f:d6:e9:bb:bf:33:84:40:07:d8:00:e4:11:16:23:bc:38:
         99:cf:92:99:61:41:a0:a9:19:22:ac:b1:4a:f9:fb:7d:a0:ff:
         c2:6f:1e:4e:f9:73:f2:78:5e:8a:72:d4:8f:76:f9:23:46:5d:
         cb:72:c6:19:94:01:91:c4:0b:6b:f7:bb:cc:12:c8:34:53:a3:
         c3:f0:f6:a3:e7:cd:88:c4:4c:83:38:16:6c:0a:08:4f:59:13:
         72:05:4c:b5:3c:f7:f8:48:63:f5:af:da:02:f1:6f:c3:db:33:
         a8:2a:cc:df:33:92:56:57:7c:9b:cf:18:16:a1:70:80:bd:ea:
         ce:a6:97:2c:2a:39:5f:43:43:8d:2d:92:a9:aa:40:39:9e:7e:
         f8:46:ed:7b:f6:19:c6:ed:7f:31:70:fe:57:02:52:21:b4:40:
         c3:dc:f3:5e:5f:1e:d3:f6:c5:59:c1:50:29:75:10:95:fd:86:
         f1:7a:94:9e:0d:d4:a0:a3:f7:8a:74:8c:84:d3:ef:3b:86:8b:
         a5:09:29:ec
-----BEGIN CERTIFICATE-----
MIIFdTCCBF2gAwIBAgICNAYwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NUY4OUMxMTAvBgNVBAUTKEQ2OTdCQjZGM0Y5OUU5NDQ4MEVFMEJCQUQzRDI2ODAw
QUI0MTYyNjAwHhcNMjQwMjIyMDUyNzIyWhcNMjQxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWQ2ZGIzYS01ZWRmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA1Kf3HRDv0dm5oPsP+afDmamAUxdGy+avJI6Y3QvaJv2BZ3aAv7AdgGlboK/a
Jjp6GD/gBitTwBeXLKlbEpm4K/FzrKzE//BuxECSBZOvgm/jNqokeKlnmAu3HlQE
yJu2Us5UnrmTwb9o+RJrx3j41PmpMhmKLXsch27BXNN0n68dCLnml+ut1ZS+1lrj
JBS0MmSH99ZcgUsdHgG5x7jvCOFf982L/1WoC/Sf5VkfHr12d3oUHKwG1C0Bxp4G
VnX87J0C8HEfLndFXXJn4FSk+Ynd0/+plYBd/RoFLCIDRx3j5mOkzFb88XEAJyLL
kVuZyh533CZOYwYZf2LAwL2RaQIDAQABo4ICmTCCApUwHQYDVR0OBBYEFFQHzxD8
oez1MKM0vFd5fh9fcXLKMB8GA1UdIwQYMBaAFNaXu28/melEgO4LutPSaACrQWJg
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1Rjg5Qy81QjA3RjNBQzFE
ODMxMUUyOUIzNUE1RDgwOEIwMkNEMi8xcGU3YnotWjZVU0E3Z3U2MDlKb0FLdEJZ
bUEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyLzFwZTdiei1aNlVTQTdndTYwOUpvQUt0QlltQS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NUY4OUMvNUIwN0YzQUMxRDgzMTFFMjlCMzVBNUQ4MDhCMDJDRDIvNjQ4MDQ2MkMx
RjU1MTFFQzk5OUU2NDBBQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwIwYIKwYBBQUHAQcBAf8E
FDASMBAEAgABMAoDAwCAagMDAKUVMA0GCSqGSIb3DQEBCwUAA4IBAQAE7TXBmQKS
UGUzaHfb1yN6RJ2KqZcFSFSkBMbrMvx3KoSSjoH09IVyMC2bWWn23f1H5KwlFaSc
H9bpu78zhEAH2ADkERYjvDiZz5KZYUGgqRkirLFK+ft9oP/Cbx5O+XPyeF6KctSP
dvkjRl3LcsYZlAGRxAtr97vMEsg0U6PD8Paj582IxEyDOBZsCghPWRNyBUy1PPf4
SGP1r9oC8W/D2zOoKszfM5JWV3ybzxgWoXCAverOppcsKjlfQ0ONLZKpqkA5nn74
Ru179hnG7X8xcP5XAlIhtEDD3PNeXx7T9sVZwVApdRCV/YbxepSeDdSgo/eKdIyE
0+87houlCSns
-----END CERTIFICATE-----
Generated at Wed Jul 17 06:41:59 2024 by rpki-client on console-ams.rpki-client.org