Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9167A72/22FD121ADCF011EEBC90311EC4F9AE02/EED067AEDCF311EEAE4E2014C4F9AE02.roa
File:                     EED067AEDCF311EEAE4E2014C4F9AE02.roa (raw, json)
Hash identifier:          DjILY1x8oUdlUbgiWlU4ZnmG0IDP4rI3/7Qxt8AZL4k=
Subject key identifier:   3F:42:F9:9F:F5:1A:92:75:66:EE:B7:7A:58:61:AE:48:D7:06:07:A7
Certificate issuer:       /CN=A9167A72/serialNumber=90A47F3C659B3718FDC82D3007A9D34249CCC8F4
Certificate serial:       03
Authority key identifier: 90:A4:7F:3C:65:9B:37:18:FD:C8:2D:30:07:A9:D3:42:49:CC:C8:F4
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/kKR_PGWbNxj9yC0wB6nTQknMyPQ.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9167A72/22FD121ADCF011EEBC90311EC4F9AE02/EED067AEDCF311EEAE4E2014C4F9AE02.roa
Signing time:             Fri 08 Mar 2024 02:31:14 +0000
ROA not before:           Fri 08 Mar 2024 02:31:14 +0000
ROA not after:            Sat 31 Aug 2024 00:00:00 +0000
asID:                     63981
IP address blocks:        103.167.140.0/24 maxlen: 24
                          103.167.141.0/24 maxlen: 24
                          103.197.28.0/22 maxlen: 22
                          2407:6bc0::/32 maxlen: 32

Validation:               Failed, certificate revoked on Fri 15 Mar 2024 07:59:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3 (0x3)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9167A72/serialNumber=90A47F3C659B3718FDC82D3007A9D34249CCC8F4
        Validity
            Not Before: Mar  8 02:31:14 2024 GMT
            Not After : Aug 31 00:00:00 2024 GMT
        Subject: CN=65ea7871-e128
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:55:87:52:fe:44:f8:a2:47:da:07:91:a9:f4:
                    ca:20:f9:bf:17:c5:68:68:85:f9:b0:b9:2c:55:75:
                    78:c1:5e:ae:04:e3:33:ce:e0:7d:8b:39:9d:8c:f9:
                    a2:06:57:df:46:c8:1a:c1:80:55:84:24:6b:92:49:
                    92:45:77:40:e4:5b:6c:bb:bd:b2:d8:5a:55:08:76:
                    7b:d6:89:10:87:f0:bb:8f:ab:0b:ae:33:c0:ae:0e:
                    e4:cb:36:75:89:39:d8:22:ef:be:ac:66:8b:8c:0b:
                    e7:c2:16:8e:3d:76:67:7e:64:50:8d:f0:23:b4:0b:
                    08:e6:d6:22:f0:e4:7d:3d:b2:54:5a:1f:ea:bb:0b:
                    9d:6a:33:25:7e:f6:95:3a:9e:f9:2a:c5:6c:d7:42:
                    99:1d:35:54:ac:a3:97:39:9c:d1:2f:22:1a:e7:6c:
                    bd:2f:fa:e2:83:0d:0b:99:62:33:ea:9b:01:06:07:
                    60:6a:7a:ed:ef:18:4f:12:54:56:23:2d:ef:3f:bb:
                    b4:e7:ba:32:3b:50:80:3f:fe:d0:83:a1:5c:31:ab:
                    fe:c5:ab:cc:a9:9d:3b:30:d6:30:94:d8:b0:dd:fd:
                    dd:2b:98:2e:aa:41:8c:d4:ee:bc:b2:41:10:d3:5c:
                    ac:f4:eb:95:67:e3:ad:2d:88:06:e1:8b:aa:8d:c4:
                    8c:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:42:F9:9F:F5:1A:92:75:66:EE:B7:7A:58:61:AE:48:D7:06:07:A7
            X509v3 Authority Key Identifier:
                keyid:90:A4:7F:3C:65:9B:37:18:FD:C8:2D:30:07:A9:D3:42:49:CC:C8:F4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9167A72/22FD121ADCF011EEBC90311EC4F9AE02/kKR_PGWbNxj9yC0wB6nTQknMyPQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/kKR_PGWbNxj9yC0wB6nTQknMyPQ.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9167A72/22FD121ADCF011EEBC90311EC4F9AE02/EED067AEDCF311EEAE4E2014C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.167.140.0/23
                  103.197.28.0/22
                IPv6:
                  2407:6bc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         51:b6:a1:a1:35:68:20:64:6f:38:5f:fe:a2:be:48:68:84:95:
         6d:3a:f4:db:63:0a:92:6d:48:c8:bd:b0:14:55:cd:d3:78:4c:
         b1:a9:d2:f2:7d:1c:86:91:bd:6c:cc:18:e7:3b:b1:d2:e8:90:
         b6:f0:93:35:d6:61:81:f5:99:c4:7d:df:92:53:cc:44:24:c0:
         5d:b5:e1:26:15:6e:11:96:bb:43:e0:b5:29:82:12:b4:66:22:
         fa:90:b9:46:7a:4d:bb:1b:d9:08:54:f9:e5:5f:cb:dc:6d:e4:
         ed:a8:44:72:74:89:e3:b9:ea:2d:02:05:c5:34:57:8b:77:f7:
         ed:33:29:88:ee:34:79:66:48:c2:0f:a8:4e:6e:57:45:27:83:
         44:49:66:8b:04:ce:6f:b7:90:04:01:75:40:2e:e7:de:c1:b1:
         81:d3:3a:6e:f1:bb:6f:c3:87:63:5c:9b:41:e1:6a:ef:c7:d3:
         c5:22:a6:93:ee:5f:eb:66:c8:26:51:31:bd:a9:9c:4a:02:d7:
         fe:b5:45:50:a3:86:bc:a3:28:a4:f5:f2:d7:ef:4e:ad:e4:c0:
         96:12:df:62:2a:20:84:45:e3:17:ed:b7:4d:f7:83:b5:a7:3c:
         35:76:67:6e:f1:2b:8d:1f:aa:2d:fd:32:2d:b6:8f:a7:a3:19:
         c9:ff:9d:46
-----BEGIN CERTIFICATE-----
MIIFhTCCBG2gAwIBAgIBAzANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTE2
N0E3MjExMC8GA1UEBRMoOTBBNDdGM0M2NTlCMzcxOEZEQzgyRDMwMDdBOUQzNDI0
OUNDQzhGNDAeFw0yNDAzMDgwMjMxMTRaFw0yNDA4MzEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY1ZWE3ODcxLWUxMjgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDCVYdS/kT4okfaB5Gp9Mog+b8XxWhohfmwuSxVdXjBXq4E4zPO4H2LOZ2M+aIG
V99GyBrBgFWEJGuSSZJFd0DkW2y7vbLYWlUIdnvWiRCH8LuPqwuuM8CuDuTLNnWJ
Odgi776sZouMC+fCFo49dmd+ZFCN8CO0Cwjm1iLw5H09slRaH+q7C51qMyV+9pU6
nvkqxWzXQpkdNVSso5c5nNEvIhrnbL0v+uKDDQuZYjPqmwEGB2Bqeu3vGE8SVFYj
Le8/u7TnujI7UIA//tCDoVwxq/7Fq8ypnTsw1jCU2LDd/d0rmC6qQYzU7ryyQRDT
XKz065Vn460tiAbhi6qNxIwDAgMBAAGjggKqMIICpjAdBgNVHQ4EFgQUP0L5n/Ua
knVm7rd6WGGuSNcGB6cwHwYDVR0jBBgwFoAUkKR/PGWbNxj9yC0wB6nTQknMyPQw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTY3QTcyLzIyRkQxMjFBRENG
MDExRUVCQzkwMzExRUM0RjlBRTAyL2tLUl9QR1diTnhqOXlDMHdCNm5UUWtuTXlQ
US5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIva0tSX1BHV2JOeGo5eUMwd0I2blRRa25NeVBRLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE2
N0E3Mi8yMkZEMTIxQURDRjAxMUVFQkM5MDMxMUVDNEY5QUUwMi9FRUQwNjdBRURD
RjMxMUVFQUU0RTIwMTRDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDA0BggrBgEFBQcBBwEB/wQl
MCMwEgQCAAEwDAMEAWenjAMEAmfFHDANBAIAAjAHAwUAJAdrwDANBgkqhkiG9w0B
AQsFAAOCAQEAUbahoTVoIGRvOF/+or5IaISVbTr022MKkm1IyL2wFFXN03hMsanS
8n0chpG9bMwY5zux0uiQtvCTNdZhgfWZxH3fklPMRCTAXbXhJhVuEZa7Q+C1KYIS
tGYi+pC5RnpNuxvZCFT55V/L3G3k7ahEcnSJ47nqLQIFxTRXi3f37TMpiO40eWZI
wg+oTm5XRSeDRElmiwTOb7eQBAF1QC7n3sGxgdM6bvG7b8OHY1ybQeFq78fTxSKm
k+5f62bIJlExvamcSgLX/rVFUKOGvKMopPXy1+9OreTAlhLfYioghEXjF+23TfeD
tac8NXZnbvErjR+qLf0yLbaPp6MZyf+dRg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:10 2024 by rpki-client on console-fra.rpki-client.org