Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A917B520/161D4C0AE4CA11EDA414E259C4F9AE02/E7207594498B11EF98DFD17BC4F9AE02.roa
File:                     E7207594498B11EF98DFD17BC4F9AE02.roa (raw, json)
Hash identifier:          LnVg5WjpQxzMwTLFesisuELosyOOR7Bzj4yC3fPqx0g=
Subject key identifier:   B1:92:2E:90:C5:2D:08:65:21:92:AB:4B:4C:79:7E:99:FC:80:D5:60
Certificate issuer:       /CN=A917B520/serialNumber=542B94D8625CF711964FD13741295D27AD7A9004
Certificate serial:       0140
Authority key identifier: 54:2B:94:D8:62:5C:F7:11:96:4F:D1:37:41:29:5D:27:AD:7A:90:04
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/VCuU2GJc9xGWT9E3QSldJ616kAQ.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A917B520/161D4C0AE4CA11EDA414E259C4F9AE02/E7207594498B11EF98DFD17BC4F9AE02.roa
Signing time:             Mon 21 Oct 2024 09:17:07 +0000
ROA not before:           Mon 21 Oct 2024 09:17:07 +0000
ROA not after:            Wed 30 Jul 2025 00:00:00 +0000
asID:                     150436
IP address blocks:        101.47.0.0/18 maxlen: 24
                          101.47.64.0/20 maxlen: 24
                          101.47.80.0/20 maxlen: 23
                          101.47.80.0/21 maxlen: 24
                          101.47.88.0/22 maxlen: 24
                          101.47.92.0/23 maxlen: 24
                          101.47.95.0/24 maxlen: 24
                          101.47.96.0/21 maxlen: 24
                          101.47.128.0/18 maxlen: 21
                          101.47.253.0/24 maxlen: 24
                          2401:4c20::/40 maxlen: 44
                          2401:4c20:100::/40 maxlen: 40

Validation:               Failed, certificate revoked on Tue 12 Nov 2024 09:06:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 320 (0x140)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A917B520/serialNumber=542B94D8625CF711964FD13741295D27AD7A9004
        Validity
            Not Before: Oct 21 09:17:07 2024 GMT
            Not After : Jul 30 00:00:00 2025 GMT
        Subject: CN=67161c12-72aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:33:91:bf:9a:74:31:3e:e1:e2:eb:7c:1b:a0:
                    19:70:cf:82:b0:a2:e6:83:5b:4b:99:ac:33:04:88:
                    b5:a0:20:ef:e9:88:93:df:5f:40:35:cb:15:36:c8:
                    48:d1:da:8c:14:d2:8c:dd:49:2e:b2:f8:83:25:b9:
                    c3:bc:5d:6c:5c:c8:ef:e5:1d:72:95:30:41:fc:ba:
                    35:35:f2:9a:fe:d3:84:4c:ef:4c:59:4c:2c:60:b2:
                    60:e7:17:97:87:14:73:6a:da:02:dc:9b:cc:ba:0a:
                    6a:1a:2d:6e:4f:23:b7:39:e6:26:45:41:cb:62:cd:
                    2b:02:43:59:07:ec:ce:c0:00:b1:6e:9f:1f:ff:a2:
                    50:13:94:da:e2:7d:c5:48:55:80:dc:7a:0a:05:eb:
                    a4:e6:d1:33:34:9a:e0:82:ad:f2:9c:b9:b0:54:5c:
                    58:48:ce:af:19:fe:83:12:7d:e8:bf:13:fc:64:5a:
                    5b:e8:48:1f:8e:fe:09:60:6f:a7:9c:05:6a:2b:e4:
                    69:a2:fb:19:5c:b9:54:0c:95:57:1e:09:58:7c:42:
                    18:8b:d6:df:a9:ca:d9:32:a3:9c:5d:cf:a1:48:2e:
                    7e:8d:ba:c9:46:81:07:46:ff:10:c2:95:83:4d:e3:
                    4d:da:bb:d6:6f:bd:dd:f5:c8:a8:c8:be:f1:60:20:
                    03:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:92:2E:90:C5:2D:08:65:21:92:AB:4B:4C:79:7E:99:FC:80:D5:60
            X509v3 Authority Key Identifier:
                keyid:54:2B:94:D8:62:5C:F7:11:96:4F:D1:37:41:29:5D:27:AD:7A:90:04

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A917B520/161D4C0AE4CA11EDA414E259C4F9AE02/VCuU2GJc9xGWT9E3QSldJ616kAQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/VCuU2GJc9xGWT9E3QSldJ616kAQ.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A917B520/161D4C0AE4CA11EDA414E259C4F9AE02/E7207594498B11EF98DFD17BC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  101.47.0.0-101.47.103.255
                  101.47.128.0/18
                  101.47.253.0/24
                IPv6:
                  2401:4c20::/39

    Signature Algorithm: sha256WithRSAEncryption
         57:93:fd:a2:5d:01:a5:0e:3c:28:93:50:a9:8e:b0:6e:ff:59:
         9d:dd:ee:ce:70:88:2f:f8:a9:47:88:21:d1:31:36:dd:2d:8b:
         21:bd:3e:e5:bc:1e:d5:ee:df:12:45:6a:5c:ca:ec:32:ae:bc:
         7b:71:94:16:2f:ec:d1:15:d3:50:8e:c0:8c:df:27:93:82:25:
         51:a9:f4:dc:c2:53:b7:52:66:97:00:fd:19:06:c9:1e:71:6a:
         0c:e4:ac:29:13:06:e4:e7:d3:17:23:92:38:ce:62:50:13:c5:
         4a:ff:c8:01:99:a8:4c:9e:63:04:c7:c8:e4:93:76:3c:b6:9d:
         51:ef:91:94:f0:1c:84:3b:78:ce:ba:bc:42:1e:cc:85:05:49:
         2c:8e:28:9c:0a:49:cf:d8:23:2d:34:e6:95:8d:91:de:bf:b6:
         49:2c:ce:bc:86:dd:4f:9a:d5:7d:b4:72:34:47:eb:1b:f1:cf:
         10:92:41:71:ef:10:b0:d1:e5:c2:26:9b:53:99:fb:a9:a7:d2:
         43:9e:b0:62:0a:e9:86:b7:96:35:cc:93:2b:46:40:99:2f:6d:
         34:25:63:f9:f7:61:c1:26:56:1f:02:e0:e3:4f:c3:84:11:de:
         c8:74:46:d5:22:4c:bf:48:52:c8:37:c7:a3:7e:9b:07:92:f5:
         c1:83:8c:f5
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgICAUAwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
N0I1MjAxMTAvBgNVBAUTKDU0MkI5NEQ4NjI1Q0Y3MTE5NjRGRDEzNzQxMjk1RDI3
QUQ3QTkwMDQwHhcNMjQxMDIxMDkxNzA3WhcNMjUwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzE2MWMxMi03MmFhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA0TORv5p0MT7h4ut8G6AZcM+CsKLmg1tLmawzBIi1oCDv6YiT319ANcsVNshI
0dqMFNKM3UkusviDJbnDvF1sXMjv5R1ylTBB/Lo1NfKa/tOETO9MWUwsYLJg5xeX
hxRzatoC3JvMugpqGi1uTyO3OeYmRUHLYs0rAkNZB+zOwACxbp8f/6JQE5Ta4n3F
SFWA3HoKBeuk5tEzNJrggq3ynLmwVFxYSM6vGf6DEn3ovxP8ZFpb6Egfjv4JYG+n
nAVqK+RpovsZXLlUDJVXHglYfEIYi9bfqcrZMqOcXc+hSC5+jbrJRoEHRv8QwpWD
TeNN2rvWb73d9cioyL7xYCAD4QIDAQABo4ICuDCCArQwHQYDVR0OBBYEFLGSLpDF
LQhlIZKrS0x5fpn8gNVgMB8GA1UdIwQYMBaAFFQrlNhiXPcRlk/RN0EpXSetepAE
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3QjUyMC8xNjFENEMwQUU0
Q0ExMUVEQTQxNEUyNTlDNEY5QUUwMi9WQ3VVMkdKYzl4R1dUOUUzUVNsZEo2MTZr
QVEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1ZDdVUyR0pjOXhHV1Q5RTNRU2xkSjYxNmtBUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
N0I1MjAvMTYxRDRDMEFFNENBMTFFREE0MTRFMjU5QzRGOUFFMDIvRTcyMDc1OTQ0
OThCMTFFRjk4REZEMTdCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwQgYIKwYBBQUHAQcBAf8E
MzAxMB8EAgABMBkwCwMDAGUvAwQDZS9gAwQGZS+AAwQAZS/9MA4EAgACMAgDBgEk
AUwgADANBgkqhkiG9w0BAQsFAAOCAQEAV5P9ol0BpQ48KJNQqY6wbv9Znd3uznCI
L/ipR4gh0TE23S2LIb0+5bwe1e7fEkVqXMrsMq68e3GUFi/s0RXTUI7AjN8nk4Il
Uan03MJTt1JmlwD9GQbJHnFqDOSsKRMG5OfTFyOSOM5iUBPFSv/IAZmoTJ5jBMfI
5JN2PLadUe+RlPAchDt4zrq8Qh7MhQVJLI4onApJz9gjLTTmlY2R3r+2SSzOvIbd
T5rVfbRyNEfrG/HPEJJBce8QsNHlwiabU5n7qafSQ56wYgrphreWNcyTK0ZAmS9t
NCVj+fdhwSZWHwLg40/DhBHeyHRG1SJMv0hSyDfHo36bB5L1wYOM9Q==
-----END CERTIFICATE-----