Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A917B1EE/DE6A6130A55D11EEB8E9CE10C4F9AE02/C23FF022A5FF11EEB3B2347DC4F9AE02.roa
File:                     C23FF022A5FF11EEB3B2347DC4F9AE02.roa (raw, json)
Hash identifier:          O2izqhKyBs+u0716XA4L+zunEmm8s/5G4sEDzoWXNWU=
Subject key identifier:   F3:8A:AD:94:97:1A:66:3A:F6:09:92:D8:4C:DE:45:65:8C:31:AD:4D
Certificate issuer:       /CN=A917B1EE/serialNumber=6B3BE8F34CEA694B0D64BCF85785D917443695D4
Certificate serial:       11
Authority key identifier: 6B:3B:E8:F3:4C:EA:69:4B:0D:64:BC:F8:57:85:D9:17:44:36:95:D4
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/azvo80zqaUsNZLz4V4XZF0Q2ldQ.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A917B1EE/DE6A6130A55D11EEB8E9CE10C4F9AE02/C23FF022A5FF11EEB3B2347DC4F9AE02.roa
Signing time:             Sat 13 Jan 2024 11:39:24 +0000
ROA not before:           Sat 13 Jan 2024 11:39:24 +0000
ROA not after:            Mon 31 Mar 2025 00:00:00 +0000
asID:                     152193
IP address blocks:        36.50.250.0/23 maxlen: 23
                          36.50.250.0/24 maxlen: 24
                          36.50.251.0/24 maxlen: 24
                          2401:5f60::/32 maxlen: 32

Validation:               Failed, certificate revoked on Fri 09 Feb 2024 09:31:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 17 (0x11)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A917B1EE/serialNumber=6B3BE8F34CEA694B0D64BCF85785D917443695D4
        Validity
            Not Before: Jan 13 11:39:24 2024 GMT
            Not After : Mar 31 00:00:00 2025 GMT
        Subject: CN=65a2766c-e0de
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:0c:0d:17:93:cc:85:84:0d:88:e5:26:ed:21:
                    ab:d4:c8:52:89:a9:9f:40:bc:11:5a:4f:33:9a:09:
                    91:25:39:77:f1:de:32:9f:e9:4a:9d:83:a5:c1:fb:
                    7d:aa:ba:1d:96:ff:12:65:f1:91:ec:aa:1e:5a:a2:
                    fe:6c:d2:3a:59:86:04:01:80:15:5f:1f:33:f0:e0:
                    21:8b:28:00:a7:d1:2a:ed:f8:23:cb:d9:be:92:8a:
                    fb:20:23:e4:59:d1:55:05:00:3f:85:0f:bf:60:a9:
                    0b:81:52:00:7c:07:96:65:99:11:ba:97:e0:d4:d7:
                    32:47:85:51:7e:2a:eb:c9:e6:74:6c:73:9c:aa:7d:
                    f4:fd:f0:8d:ac:89:9d:f2:d3:19:6c:2b:1f:a3:b9:
                    b5:7b:b2:4e:c5:42:fc:73:a1:c2:6b:8d:87:d1:4b:
                    14:9f:cb:9e:2e:3f:2f:78:91:f2:41:2a:4d:eb:6b:
                    64:84:dd:df:dd:9a:6a:6b:32:09:9f:ee:ae:e7:e7:
                    8d:a3:ad:4d:fc:d2:e0:95:f5:dd:9d:c1:21:fc:34:
                    f7:a1:d2:8c:8f:a0:7c:18:f2:82:af:54:43:6e:52:
                    68:5e:5a:54:75:74:d6:61:06:e7:9a:3d:c8:ca:ed:
                    f6:4f:b1:b9:25:df:76:ff:02:64:68:55:55:c0:77:
                    6d:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:8A:AD:94:97:1A:66:3A:F6:09:92:D8:4C:DE:45:65:8C:31:AD:4D
            X509v3 Authority Key Identifier:
                keyid:6B:3B:E8:F3:4C:EA:69:4B:0D:64:BC:F8:57:85:D9:17:44:36:95:D4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A917B1EE/DE6A6130A55D11EEB8E9CE10C4F9AE02/azvo80zqaUsNZLz4V4XZF0Q2ldQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/azvo80zqaUsNZLz4V4XZF0Q2ldQ.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A917B1EE/DE6A6130A55D11EEB8E9CE10C4F9AE02/C23FF022A5FF11EEB3B2347DC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  36.50.250.0/23
                IPv6:
                  2401:5f60::/32

    Signature Algorithm: sha256WithRSAEncryption
         45:d2:6a:10:16:be:fb:ad:53:72:42:05:a2:22:ab:5d:be:fa:
         3c:ea:24:50:0f:3e:ed:68:72:6e:ec:3e:40:8b:16:4a:9c:d7:
         74:f1:62:d6:40:70:bb:f2:8b:71:fb:63:18:56:81:8b:ad:d9:
         55:2a:fe:c3:0d:60:aa:1a:84:26:ca:37:2d:35:f9:4f:16:aa:
         ff:16:a7:74:37:e7:c9:d3:ce:1c:40:51:4d:86:36:d3:9a:22:
         57:a2:92:80:60:cc:c0:35:a2:20:da:c9:f8:b6:0d:04:28:3b:
         df:9a:c8:8c:51:71:db:4a:6d:ae:32:5a:fd:dc:2e:ef:5f:fd:
         e8:61:88:ca:6b:e1:e9:c2:e7:32:99:f4:ae:c4:dc:0b:b9:81:
         2a:e9:01:fe:09:5d:81:c8:8a:63:94:9e:0d:12:99:3f:96:6d:
         9a:74:8b:c7:f1:f0:62:95:44:2b:82:e2:30:0e:37:8a:7e:04:
         4e:16:8f:8e:3a:ef:11:17:b5:dc:36:21:30:01:b1:56:2b:bd:
         1a:e4:aa:32:ee:18:f8:6f:57:e9:e8:69:05:0d:85:c7:3b:53:
         3b:07:88:4f:4a:60:57:e1:e3:36:c4:19:69:27:18:9d:a6:f2:
         a0:05:43:40:17:70:7f:90:88:6b:dc:db:a8:74:5b:d2:63:02:
         5c:e8:5d:27
-----BEGIN CERTIFICATE-----
MIIFfzCCBGegAwIBAgIBETANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTE3
QjFFRTExMC8GA1UEBRMoNkIzQkU4RjM0Q0VBNjk0QjBENjRCQ0Y4NTc4NUQ5MTc0
NDM2OTVENDAeFw0yNDAxMTMxMTM5MjRaFw0yNTAzMzEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY1YTI3NjZjLWUwZGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDBDA0Xk8yFhA2I5SbtIavUyFKJqZ9AvBFaTzOaCZElOXfx3jKf6Uqdg6XB+32q
uh2W/xJl8ZHsqh5aov5s0jpZhgQBgBVfHzPw4CGLKACn0Srt+CPL2b6SivsgI+RZ
0VUFAD+FD79gqQuBUgB8B5ZlmRG6l+DU1zJHhVF+KuvJ5nRsc5yqffT98I2siZ3y
0xlsKx+jubV7sk7FQvxzocJrjYfRSxSfy54uPy94kfJBKk3ra2SE3d/dmmprMgmf
7q7n542jrU380uCV9d2dwSH8NPeh0oyPoHwY8oKvVENuUmheWlR1dNZhBueaPcjK
7fZPsbkl33b/AmRoVVXAd21xAgMBAAGjggKkMIICoDAdBgNVHQ4EFgQU84qtlJca
Zjr2CZLYTN5FZYwxrU0wHwYDVR0jBBgwFoAUazvo80zqaUsNZLz4V4XZF0Q2ldQw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTdCMUVFL0RFNkE2MTMwQTU1
RDExRUVCOEU5Q0UxMEM0RjlBRTAyL2F6dm84MHpxYVVzTlpMejRWNFhaRjBRMmxk
US5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvYXp2bzgwenFhVXNOWkx6NFY0WFpGMFEybGRRLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3
QjFFRS9ERTZBNjEzMEE1NUQxMUVFQjhFOUNFMTBDNEY5QUUwMi9DMjNGRjAyMkE1
RkYxMUVFQjNCMjM0N0RDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAuBggrBgEFBQcBBwEB/wQf
MB0wDAQCAAEwBgMEASQy+jANBAIAAjAHAwUAJAFfYDANBgkqhkiG9w0BAQsFAAOC
AQEARdJqEBa++61TckIFoiKrXb76POokUA8+7Whybuw+QIsWSpzXdPFi1kBwu/KL
cftjGFaBi63ZVSr+ww1gqhqEJso3LTX5Txaq/xandDfnydPOHEBRTYY205oiV6KS
gGDMwDWiINrJ+LYNBCg735rIjFFx20ptrjJa/dwu71/96GGIymvh6cLnMpn0rsTc
C7mBKukB/gldgciKY5SeDRKZP5ZtmnSLx/HwYpVEK4LiMA43in4EThaPjjrvERe1
3DYhMAGxViu9GuSqMu4Y+G9X6ehpBQ2FxztTOweIT0pgV+HjNsQZaScYnabyoAVD
QBdwf5CIa9zbqHRb0mMCXOhdJw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:12 2024 by rpki-client on console-fra.rpki-client.org