Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91632D7/F97959C2241711ED9C0C700DC4F9AE02/23971C7A171B11EEA0A4F04FC4F9AE02.roa
File:                     23971C7A171B11EEA0A4F04FC4F9AE02.roa (raw, json)
Hash identifier:          vQDvYFwFC+oQSdAn0JIL6JbDgCaiS6uhSC/fWx3hg5Y=
Subject key identifier:   47:D9:9D:F7:D2:A4:0E:C5:60:9B:13:73:62:2E:56:07:02:6F:DE:DA
Certificate issuer:       /CN=A91632D7/serialNumber=4E07378667EC79D53D650E524D1E8F98B08C28E1
Certificate serial:       014E
Authority key identifier: 4E:07:37:86:67:EC:79:D5:3D:65:0E:52:4D:1E:8F:98:B0:8C:28:E1
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Tgc3hmfsedU9ZQ5STR6PmLCMKOE.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91632D7/F97959C2241711ED9C0C700DC4F9AE02/23971C7A171B11EEA0A4F04FC4F9AE02.roa
Signing time:             Thu 01 Feb 2024 04:55:22 +0000
ROA not before:           Thu 01 Feb 2024 04:55:22 +0000
ROA not after:            Mon 31 Mar 2025 00:00:00 +0000
asID:                     60021
IP address blocks:        125.62.68.0/24 maxlen: 24
                          125.62.69.0/24 maxlen: 24
                          125.62.70.0/24 maxlen: 24
                          125.62.71.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 02 Feb 2024 05:37:46 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 334 (0x14e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91632D7/serialNumber=4E07378667EC79D53D650E524D1E8F98B08C28E1
        Validity
            Not Before: Feb  1 04:55:22 2024 GMT
            Not After : Mar 31 00:00:00 2025 GMT
        Subject: CN=65bb243a-0f39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:99:68:9a:8d:3a:bd:2f:62:52:a3:28:7e:f4:
                    53:dd:06:e9:48:45:35:31:d2:f2:63:29:8f:21:8f:
                    61:80:59:3f:0c:82:a5:7b:de:78:aa:9a:8c:bc:29:
                    3b:3e:e9:1b:8e:e0:c9:4a:00:77:ab:48:60:fd:2a:
                    0e:89:38:d5:23:57:ec:65:c9:30:4e:e1:ca:41:4e:
                    6c:b9:7b:57:b9:1c:d6:61:96:c6:28:fc:a6:85:9e:
                    15:44:18:99:e1:88:99:2b:ff:f9:7a:8a:b2:1e:a0:
                    36:11:de:e5:21:34:00:ad:ba:cd:77:2c:50:18:5d:
                    43:56:d0:d4:78:3e:67:3f:6f:a6:2c:1f:8d:a5:cd:
                    85:1b:ca:0f:b8:83:7e:f6:fd:16:2b:67:21:b2:c4:
                    93:e2:19:88:48:91:a6:b4:2e:8d:ee:dd:55:39:e5:
                    4e:cc:ca:15:61:e4:d8:bb:d3:a2:f1:7e:e0:d3:93:
                    0b:40:3b:77:26:9b:52:4f:d7:41:4e:3a:6f:a2:c9:
                    91:69:9e:b8:ae:4b:72:11:65:57:5b:7e:a0:40:0d:
                    e3:21:4b:3e:5d:18:14:33:74:54:c2:cb:50:14:63:
                    02:06:b2:64:60:4a:58:39:4a:ff:b3:ac:85:a0:69:
                    9e:79:75:60:5b:4d:23:2c:c0:b8:d7:14:37:b2:b4:
                    37:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:D9:9D:F7:D2:A4:0E:C5:60:9B:13:73:62:2E:56:07:02:6F:DE:DA
            X509v3 Authority Key Identifier:
                keyid:4E:07:37:86:67:EC:79:D5:3D:65:0E:52:4D:1E:8F:98:B0:8C:28:E1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91632D7/F97959C2241711ED9C0C700DC4F9AE02/Tgc3hmfsedU9ZQ5STR6PmLCMKOE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Tgc3hmfsedU9ZQ5STR6PmLCMKOE.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91632D7/F97959C2241711ED9C0C700DC4F9AE02/23971C7A171B11EEA0A4F04FC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  125.62.68.0/22

    Signature Algorithm: sha256WithRSAEncryption
         42:ef:1d:ba:85:46:a9:eb:91:ca:2d:97:16:bc:0f:74:34:0a:
         92:81:e9:e8:10:1b:91:2b:1c:4a:78:2b:90:c9:27:3e:17:b6:
         e6:e4:7f:2b:80:27:4c:32:a5:88:b8:80:e3:b8:d1:3c:7f:1e:
         d6:2a:dc:4d:53:69:d9:f6:c9:72:ac:cc:87:47:bc:28:46:54:
         23:8d:dd:8c:56:64:cf:8f:a7:35:8a:e1:1f:77:dc:f5:b0:35:
         0e:35:25:27:6e:07:96:2f:1f:98:d0:8d:34:55:f7:9f:f0:cd:
         cf:dd:c1:90:ca:ef:79:66:25:21:b6:9f:ea:b4:cc:d2:f3:a2:
         bb:c0:0c:6d:3b:2a:7d:5c:2a:76:3f:39:cb:5f:c2:f1:0f:b7:
         2b:54:07:83:59:82:ea:b3:73:6e:74:c5:b7:46:1b:37:da:2f:
         5c:ec:59:5e:99:f0:9c:cc:9b:4d:da:76:03:a5:61:6a:5d:be:
         bf:d4:cb:46:65:59:bc:b1:f4:7c:6f:24:a3:a7:8e:4e:4a:ef:
         ee:f4:9c:f1:63:22:7f:9c:fd:d2:fb:b9:05:e1:e9:71:46:86:
         9a:9d:26:48:1e:52:b2:b1:6a:ac:c6:44:fe:a8:59:74:41:d8:
         7d:8f:07:dd:c1:ed:d0:6c:23:53:54:e5:38:86:a6:af:f9:07:
         0a:91:41:cc
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICAU4wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NjMyRDcxMTAvBgNVBAUTKDRFMDczNzg2NjdFQzc5RDUzRDY1MEU1MjREMUU4Rjk4
QjA4QzI4RTEwHhcNMjQwMjAxMDQ1NTIyWhcNMjUwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWJiMjQzYS0wZjM5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAxJlomo06vS9iUqMofvRT3QbpSEU1MdLyYymPIY9hgFk/DIKle954qpqMvCk7
PukbjuDJSgB3q0hg/SoOiTjVI1fsZckwTuHKQU5suXtXuRzWYZbGKPymhZ4VRBiZ
4YiZK//5eoqyHqA2Ed7lITQArbrNdyxQGF1DVtDUeD5nP2+mLB+Npc2FG8oPuIN+
9v0WK2chssST4hmISJGmtC6N7t1VOeVOzMoVYeTYu9Oi8X7g05MLQDt3JptST9dB
TjpvosmRaZ64rktyEWVXW36gQA3jIUs+XRgUM3RUwstQFGMCBrJkYEpYOUr/s6yF
oGmeeXVgW00jLMC41xQ3srQ3dQIDAQABo4IClTCCApEwHQYDVR0OBBYEFEfZnffS
pA7FYJsTc2IuVgcCb97aMB8GA1UdIwQYMBaAFE4HN4Zn7HnVPWUOUk0ej5iwjCjh
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE2MzJENy9GOTc5NTlDMjI0
MTcxMUVEOUMwQzcwMERDNEY5QUUwMi9UZ2MzaG1mc2VkVTlaUTVTVFI2UG1MQ01L
T0UuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1RnYzNobWZzZWRVOVpRNVNUUjZQbUxDTUtPRS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NjMyRDcvRjk3OTU5QzIyNDE3MTFFRDlDMEM3MDBEQzRGOUFFMDIvMjM5NzFDN0Ex
NzFCMTFFRUEwQTRGMDRGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAJ9PkQwDQYJKoZIhvcNAQELBQADggEBAELvHbqFRqnrkcot
lxa8D3Q0CpKB6egQG5ErHEp4K5DJJz4XtubkfyuAJ0wypYi4gOO40Tx/HtYq3E1T
adn2yXKszIdHvChGVCON3YxWZM+PpzWK4R933PWwNQ41JSduB5YvH5jQjTRV95/w
zc/dwZDK73lmJSG2n+q0zNLzorvADG07Kn1cKnY/OctfwvEPtytUB4NZguqzc250
xbdGGzfaL1zsWV6Z8JzMm03adgOlYWpdvr/Uy0ZlWbyx9HxvJKOnjk5K7+70nPFj
In+c/dL7uQXh6XFGhpqdJkgeUrKxaqzGRP6oWXRB2H2PB93B7dBsI1NU5TiGpq/5
BwqRQcw=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:09 2024 by rpki-client on console-ams.rpki-client.org