Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A916EB94/E3CC25D8811E11EC92025551C4F9AE02/8DF4ACD67CC311EFA5E7EB14C4F9AE02.roa
File:                     8DF4ACD67CC311EFA5E7EB14C4F9AE02.roa (raw, json)
Hash identifier:          T2iUf1btTT42ciP/5ZRON+OBg0LrE3GeZvYxC3l9XQU=
Subject key identifier:   7E:AF:BB:6A:A3:D9:2A:95:A9:1D:D1:0B:32:50:09:E2:C5:54:11:BD
Certificate issuer:       /CN=A916EB94/serialNumber=C4D4FB0FF027796E9DAA17B75551FD0B77F1982F
Certificate serial:       038A
Authority key identifier: C4:D4:FB:0F:F0:27:79:6E:9D:AA:17:B7:55:51:FD:0B:77:F1:98:2F
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xNT7D_AneW6dqhe3VVH9C3fxmC8.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A916EB94/E3CC25D8811E11EC92025551C4F9AE02/8DF4ACD67CC311EFA5E7EB14C4F9AE02.roa
Signing time:             Fri 27 Sep 2024 11:31:47 +0000
ROA not before:           Fri 27 Sep 2024 11:31:47 +0000
ROA not after:            Sun 31 Aug 2025 00:00:00 +0000
asID:                     58688
IP address blocks:        45.112.72.0/24 maxlen: 24
                          103.20.180.0/22 maxlen: 24
                          103.217.112.0/22 maxlen: 24
                          103.247.44.0/22 maxlen: 24
                          2405:6900:f000::/36 maxlen: 36

Validation:               Failed, certificate revoked on Thu 03 Oct 2024 06:54:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 906 (0x38a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A916EB94/serialNumber=C4D4FB0FF027796E9DAA17B75551FD0B77F1982F
        Validity
            Not Before: Sep 27 11:31:47 2024 GMT
            Not After : Aug 31 00:00:00 2025 GMT
        Subject: CN=66f697a3-7719
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:4c:19:f7:ac:41:31:93:f0:d1:a3:a4:74:cb:
                    3a:46:04:79:25:a8:d9:82:36:6a:3d:22:cb:37:9e:
                    cc:9e:8a:4c:70:c5:92:59:f0:56:dd:62:55:6d:77:
                    9b:37:ad:e7:49:9e:e3:ee:30:50:bb:07:dc:af:3c:
                    01:7c:68:31:eb:e9:76:18:80:3c:c7:4d:4a:5c:53:
                    e7:d0:88:41:a7:aa:0e:ac:29:6d:05:ee:e1:34:be:
                    b4:04:dc:a2:4d:98:7b:f7:af:b6:8f:cc:6f:4c:5a:
                    bb:b6:1f:8e:de:f7:c4:b0:7c:dd:bd:30:2f:65:0e:
                    98:26:b2:02:2a:94:16:55:51:9d:83:f1:a5:6b:50:
                    74:23:d8:d8:90:34:00:37:33:cb:4c:01:92:a2:39:
                    b6:03:f3:c7:cc:d3:f2:c8:60:3d:f4:78:2a:52:d2:
                    73:37:95:7d:95:f3:6b:19:37:f0:f9:8c:fc:26:f0:
                    c2:b4:b6:0a:1c:b3:05:27:df:97:fa:33:fa:17:05:
                    53:d9:24:b6:fb:0c:74:87:b7:7c:31:d3:c0:36:00:
                    fe:67:75:80:31:c1:47:33:56:f8:3b:0c:c0:13:21:
                    bb:47:29:40:87:d0:02:d4:fd:0a:a0:7e:b4:13:be:
                    9d:77:e1:f7:fb:2d:96:44:7e:2a:d5:f9:0a:80:a4:
                    e6:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:AF:BB:6A:A3:D9:2A:95:A9:1D:D1:0B:32:50:09:E2:C5:54:11:BD
            X509v3 Authority Key Identifier:
                keyid:C4:D4:FB:0F:F0:27:79:6E:9D:AA:17:B7:55:51:FD:0B:77:F1:98:2F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A916EB94/E3CC25D8811E11EC92025551C4F9AE02/xNT7D_AneW6dqhe3VVH9C3fxmC8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xNT7D_AneW6dqhe3VVH9C3fxmC8.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A916EB94/E3CC25D8811E11EC92025551C4F9AE02/8DF4ACD67CC311EFA5E7EB14C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.112.72.0/24
                  103.20.180.0/22
                  103.217.112.0/22
                  103.247.44.0/22
                IPv6:
                  2405:6900:f000::/36

    Signature Algorithm: sha256WithRSAEncryption
         20:08:00:19:4f:d6:2e:05:f7:78:91:c6:47:6d:65:6b:17:62:
         5f:04:72:2a:5d:11:e4:5b:ba:f1:5b:a9:2f:1b:52:72:1a:a2:
         d0:68:47:40:42:48:a8:8d:e8:5a:e7:03:51:71:e1:fd:5d:db:
         2f:23:da:77:e2:45:fe:03:f1:0e:81:b3:f1:65:e5:9e:fc:81:
         dc:a1:f0:d1:b9:e2:e0:09:44:db:2d:ee:49:26:e0:9a:76:c1:
         6e:83:0c:a6:92:f8:aa:c3:a4:64:b7:c2:05:8b:e2:a8:7a:ad:
         d1:f6:76:25:f4:21:6d:c6:58:57:de:be:80:3f:21:ca:4e:3c:
         bf:30:4a:b9:3e:d1:02:74:97:ee:b7:cb:39:72:55:80:99:8e:
         ae:36:73:f0:54:60:45:42:f8:48:a1:4e:64:b5:83:8e:87:7d:
         8a:e0:d0:13:61:4b:9a:42:91:4a:22:aa:80:47:21:f4:ab:e1:
         8b:88:53:36:33:b0:22:c4:01:d9:a5:65:1b:45:23:10:12:b1:
         f6:b4:3e:2a:9a:af:fc:da:1f:92:27:08:d1:88:0c:7f:4d:66:
         63:02:7c:ee:b5:20:23:7d:83:da:53:f5:97:02:0c:e1:f5:bd:
         12:02:bb:4d:cc:16:50:04:0f:84:b3:a0:d7:46:64:df:2a:54:
         79:ee:a4:84
-----BEGIN CERTIFICATE-----
MIIFkzCCBHugAwIBAgICA4owDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NkVCOTQxMTAvBgNVBAUTKEM0RDRGQjBGRjAyNzc5NkU5REFBMTdCNzU1NTFGRDBC
NzdGMTk4MkYwHhcNMjQwOTI3MTEzMTQ3WhcNMjUwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NmY2OTdhMy03NzE5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAv0wZ96xBMZPw0aOkdMs6RgR5JajZgjZqPSLLN57MnopMcMWSWfBW3WJVbXeb
N63nSZ7j7jBQuwfcrzwBfGgx6+l2GIA8x01KXFPn0IhBp6oOrCltBe7hNL60BNyi
TZh796+2j8xvTFq7th+O3vfEsHzdvTAvZQ6YJrICKpQWVVGdg/Gla1B0I9jYkDQA
NzPLTAGSojm2A/PHzNPyyGA99HgqUtJzN5V9lfNrGTfw+Yz8JvDCtLYKHLMFJ9+X
+jP6FwVT2SS2+wx0h7d8MdPANgD+Z3WAMcFHM1b4OwzAEyG7RylAh9AC1P0KoH60
E76dd+H3+y2WRH4q1fkKgKTm/wIDAQABo4ICtzCCArMwHQYDVR0OBBYEFH6vu2qj
2SqVqR3RCzJQCeLFVBG9MB8GA1UdIwQYMBaAFMTU+w/wJ3lunaoXt1VR/Qt38Zgv
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE2RUI5NC9FM0NDMjVEODgx
MUUxMUVDOTIwMjU1NTFDNEY5QUUwMi94TlQ3RF9BbmVXNmRxaGUzVlZIOUMzZnht
QzguY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3hOVDdEX0FuZVc2ZHFoZTNWVkg5QzNmeG1DOC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NkVCOTQvRTNDQzI1RDg4MTFFMTFFQzkyMDI1NTUxQzRGOUFFMDIvOERGNEFDRDY3
Q0MzMTFFRkE1RTdFQjE0QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwQQYIKwYBBQUHAQcBAf8E
MjAwMB4EAgABMBgDBAAtcEgDBAJnFLQDBAJn2XADBAJn9ywwDgQCAAIwCAMGBCQF
aQDwMA0GCSqGSIb3DQEBCwUAA4IBAQAgCAAZT9YuBfd4kcZHbWVrF2JfBHIqXRHk
W7rxW6kvG1JyGqLQaEdAQkiojeha5wNRceH9XdsvI9p34kX+A/EOgbPxZeWe/IHc
ofDRueLgCUTbLe5JJuCadsFugwymkviqw6Rkt8IFi+Koeq3R9nYl9CFtxlhX3r6A
PyHKTjy/MEq5PtECdJfut8s5clWAmY6uNnPwVGBFQvhIoU5ktYOOh32K4NATYUua
QpFKIqqARyH0q+GLiFM2M7AixAHZpWUbRSMQErH2tD4qmq/82h+SJwjRiAx/TWZj
AnzutSAjfYPaU/WXAgzh9b0SArtNzBZQBA+Es6DXRmTfKlR57qSE
-----END CERTIFICATE-----