Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A918BCEE/68C3563013FF11EDA3F33941C4F9AE02/595B949E6C3411EEB41EC72BC4F9AE02.roa
File:                     595B949E6C3411EEB41EC72BC4F9AE02.roa (raw, json)
Hash identifier:          tn0UTpMCrDbne9QMCcbU0v/X+Lg1hRG2hAX8gHJlpV0=
Subject key identifier:   05:19:1F:70:BA:51:EF:17:03:CC:B7:09:FD:51:28:95:40:37:F4:26
Certificate issuer:       /CN=A918BCEE/serialNumber=F40BE8B5AD16B1847FC0D4F4708F9D414931ABA6
Certificate serial:       01B6
Authority key identifier: F4:0B:E8:B5:AD:16:B1:84:7F:C0:D4:F4:70:8F:9D:41:49:31:AB:A6
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/9Avota0WsYR_wNT0cI-dQUkxq6Y.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A918BCEE/68C3563013FF11EDA3F33941C4F9AE02/595B949E6C3411EEB41EC72BC4F9AE02.roa
Signing time:             Wed 13 Mar 2024 04:06:26 +0000
ROA not before:           Wed 13 Mar 2024 04:06:26 +0000
ROA not after:            Wed 28 May 2025 00:00:00 +0000
asID:                     54203
IP address blocks:        36.255.205.0/24 maxlen: 24
                          103.209.252.0/24 maxlen: 24
                          2404:5d80:6000::/40 maxlen: 40
                          2404:5d80:6100::/40 maxlen: 40
                          2404:5d80:6300::/40 maxlen: 40
                          2404:5d80:6600::/40 maxlen: 40
                          2404:5d80:6800::/40 maxlen: 40
Validation:               Failed, certificate revoked on Thu 18 Jul 2024 17:34:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 438 (0x1b6)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A918BCEE
        Validity
            Not Before: Mar 13 04:06:26 2024 GMT
            Not After : May 28 00:00:00 2025 GMT
        Subject: CN=65f12641-a4fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:31:dc:5c:60:26:56:c7:15:e3:4b:0c:de:43:
                    c0:e7:da:a8:a4:f7:45:fa:a0:e4:36:a3:90:08:38:
                    ee:26:1e:de:65:dc:2c:99:d5:02:43:58:fb:40:ae:
                    fb:bb:e4:ea:5d:c5:84:ca:06:ed:9e:b3:cb:3e:7c:
                    51:74:cd:01:3d:ee:55:39:3b:99:a5:b2:be:c0:42:
                    4a:65:f6:0d:da:7f:6c:70:00:71:6e:38:4a:05:3b:
                    a3:f0:d1:8c:b0:c0:f4:0d:18:46:73:66:59:f3:91:
                    62:a1:86:7a:4b:8d:e2:e3:7e:3b:5a:a6:2d:ba:4a:
                    09:04:16:0b:76:53:0e:79:e5:1e:3a:48:2f:0b:9e:
                    ea:7e:66:2a:ae:14:78:ab:07:a0:67:4a:1d:d4:7b:
                    09:a9:9c:e1:05:44:83:c8:39:5b:ef:d8:8e:48:ac:
                    d8:60:0c:a0:d7:cc:72:f9:e7:a4:a1:81:71:51:f9:
                    46:93:03:a9:0f:68:4c:b5:18:62:8a:7d:ab:3c:f0:
                    eb:71:bb:bf:4e:1c:bf:3b:96:dd:51:85:a1:dd:e0:
                    4d:07:24:82:2f:14:05:2a:a3:28:10:e0:4f:51:24:
                    38:63:4f:07:ec:5f:73:26:17:47:d6:50:17:84:42:
                    66:b8:3d:c6:b1:98:59:15:c2:05:e5:20:36:23:b6:
                    02:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:19:1F:70:BA:51:EF:17:03:CC:B7:09:FD:51:28:95:40:37:F4:26
            X509v3 Authority Key Identifier:
                keyid:F4:0B:E8:B5:AD:16:B1:84:7F:C0:D4:F4:70:8F:9D:41:49:31:AB:A6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A918BCEE/68C3563013FF11EDA3F33941C4F9AE02/9Avota0WsYR_wNT0cI-dQUkxq6Y.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/9Avota0WsYR_wNT0cI-dQUkxq6Y.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918BCEE/68C3563013FF11EDA3F33941C4F9AE02/595B949E6C3411EEB41EC72BC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  36.255.205.0/24
                  103.209.252.0/24
                IPv6:
                  2404:5d80:6000::/39
                  2404:5d80:6300::/40
                  2404:5d80:6600::/40
                  2404:5d80:6800::/40

    Signature Algorithm: sha256WithRSAEncryption
         19:aa:68:b6:d5:e5:1b:9e:8d:c2:2a:d9:89:ac:ee:8a:ab:cd:
         61:c8:49:b0:d2:39:c8:1d:bb:c3:9d:4f:9c:17:47:53:87:73:
         67:89:01:1d:a7:d1:e9:b3:78:36:46:6a:89:f6:96:30:af:e0:
         af:bb:54:6b:60:34:68:e1:11:1c:f6:d6:7f:e3:b5:1b:05:01:
         8b:72:f9:a0:34:9d:10:96:8a:de:19:87:bd:78:50:c7:b8:9f:
         f5:6f:73:b3:23:bc:ea:eb:46:af:2b:14:1c:ba:bc:a7:b2:a3:
         ac:2f:50:65:f5:36:dd:6e:cb:0e:22:0a:6f:ac:5a:94:00:a1:
         da:2b:c9:27:c1:c5:0a:3e:d1:d1:38:74:a7:01:52:61:03:0d:
         34:15:5a:87:13:5b:7e:b9:1b:d3:a9:07:58:af:2c:20:5b:a6:
         a8:8a:d2:06:01:b4:74:fd:36:7d:d5:e4:9b:b1:36:c4:d5:a5:
         43:fe:d4:09:4f:a0:15:67:36:62:10:83:e3:14:6c:7b:35:c9:
         c8:51:9b:23:4d:18:7f:21:7d:fe:fa:71:ac:d9:f0:ac:00:f8:
         d1:04:5f:03:e7:b8:ff:46:62:bb:66:c9:75:b1:50:00:d5:ae:
         00:20:ed:99:cc:7d:ca:36:27:f9:21:88:94:e7:44:c4:d6:84:
         d8:b3:48:3d
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgICAbYwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OEJDRUUxMTAvBgNVBAUTKEY0MEJFOEI1QUQxNkIxODQ3RkMwRDRGNDcwOEY5RDQx
NDkzMUFCQTYwHhcNMjQwMzEzMDQwNjI2WhcNMjUwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02NWYxMjY0MS1hNGZkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA8zHcXGAmVscV40sM3kPA59qopPdF+qDkNqOQCDjuJh7eZdwsmdUCQ1j7QK77
u+TqXcWEygbtnrPLPnxRdM0BPe5VOTuZpbK+wEJKZfYN2n9scABxbjhKBTuj8NGM
sMD0DRhGc2ZZ85FioYZ6S43i4347WqYtukoJBBYLdlMOeeUeOkgvC57qfmYqrhR4
qwegZ0od1HsJqZzhBUSDyDlb79iOSKzYYAyg18xy+eekoYFxUflGkwOpD2hMtRhi
in2rPPDrcbu/Thy/O5bdUYWh3eBNBySCLxQFKqMoEOBPUSQ4Y08H7F9zJhdH1lAX
hEJmuD3GsZhZFcIF5SA2I7YCwwIDAQABo4ICwzCCAr8wHQYDVR0OBBYEFAUZH3C6
Ue8XA8y3Cf1RKJVAN/QmMB8GA1UdIwQYMBaAFPQL6LWtFrGEf8DU9HCPnUFJMaum
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4QkNFRS82OEMzNTYzMDEz
RkYxMUVEQTNGMzM5NDFDNEY5QUUwMi85QXZvdGEwV3NZUl93TlQwY0ktZFFVa3hx
NlkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzlBdm90YTBXc1lSX3dOVDBjSS1kUVVreHE2WS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OEJDRUUvNjhDMzU2MzAxM0ZGMTFFREEzRjMzOTQxQzRGOUFFMDIvNTk1Qjk0OUU2
QzM0MTFFRUI0MUVDNzJCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwTQYIKwYBBQUHAQcBAf8E
PjA8MBIEAgABMAwDBAAk/80DBABn0fwwJgQCAAIwIAMGASQEXYBgAwYAJARdgGMD
BgAkBF2AZgMGACQEXYBoMA0GCSqGSIb3DQEBCwUAA4IBAQAZqmi21eUbno3CKtmJ
rO6Kq81hyEmw0jnIHbvDnU+cF0dTh3NniQEdp9Hps3g2RmqJ9pYwr+Cvu1RrYDRo
4REc9tZ/47UbBQGLcvmgNJ0QloreGYe9eFDHuJ/1b3OzI7zq60avKxQcurynsqOs
L1Bl9TbdbssOIgpvrFqUAKHaK8knwcUKPtHROHSnAVJhAw00FVqHE1t+uRvTqQdY
rywgW6aoitIGAbR0/TZ91eSbsTbE1aVD/tQJT6AVZzZiEIPjFGx7NcnIUZsjTRh/
IX3++nGs2fCsAPjRBF8D57j/RmK7Zsl1sVAA1a4AIO2ZzH3KNif5IYiU50TE1oTY
s0g9
-----END CERTIFICATE-----