Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A918F1C9/6A57AB8C7F9511EAB0ED8537C4F9AE02/8DE8DADA056B11EE9B7EDB79C4F9AE02.roa
File:                     8DE8DADA056B11EE9B7EDB79C4F9AE02.roa (raw, json)
Hash identifier:          bmRyE2tb1VV11+7O+R6PZ6ct2hTuHiynQsBRb60Q+xw=
Subject key identifier:   D8:CE:35:EE:39:00:23:7E:13:92:BB:EC:32:4B:68:69:A7:43:AE:F9
Certificate issuer:       /CN=A918F1C9/serialNumber=398911300104D7C58B326E5664B3D79A2D4646E0
Certificate serial:       08AF
Authority key identifier: 39:89:11:30:01:04:D7:C5:8B:32:6E:56:64:B3:D7:9A:2D:46:46:E0
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/OYkRMAEE18WLMm5WZLPXmi1GRuA.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A918F1C9/6A57AB8C7F9511EAB0ED8537C4F9AE02/8DE8DADA056B11EE9B7EDB79C4F9AE02.roa
Signing time:             Fri 20 Oct 2023 20:49:13 +0000
ROA not before:           Fri 20 Oct 2023 20:49:13 +0000
ROA not after:            Sun 01 Dec 2024 00:00:00 +0000
asID:                     138167
IP address blocks:        103.121.224.0/24 maxlen: 24
                          103.121.225.0/24 maxlen: 24
                          103.121.226.0/24 maxlen: 24
                          103.121.227.0/24 maxlen: 24
                          2403:72c0::/48 maxlen: 48
                          2403:72c0:1::/48 maxlen: 48
                          2403:72c0:2::/48 maxlen: 48
                          2403:72c0:3::/48 maxlen: 48

Validation:               Failed, certificate revoked on Wed 25 Oct 2023 21:20:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2223 (0x8af)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A918F1C9/serialNumber=398911300104D7C58B326E5664B3D79A2D4646E0
        Validity
            Not Before: Oct 20 20:49:13 2023 GMT
            Not After : Dec  1 00:00:00 2024 GMT
        Subject: CN=6532e7c8-966d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:59:e9:f8:6c:cf:15:90:2b:46:6b:e0:3a:9c:
                    ae:ed:90:94:85:46:65:bd:8d:8c:c1:84:f1:e9:a7:
                    54:19:63:27:3c:7c:26:33:f1:e6:85:62:c0:d7:bf:
                    c3:85:4d:fb:7d:08:d9:b2:eb:05:ca:86:2c:7c:a7:
                    2c:71:c9:36:09:8a:54:8d:7b:a2:08:8c:7d:27:54:
                    9f:e1:34:3e:11:6a:70:31:ad:51:df:f4:7b:35:14:
                    5e:9b:8c:cf:08:a3:da:e0:44:1c:c2:41:97:a6:1d:
                    c7:56:b1:64:3c:a5:bf:6d:86:ed:2b:a4:b4:67:cd:
                    05:cf:c7:84:a6:cb:34:ab:9a:95:f6:76:70:8e:4a:
                    4e:07:e5:74:4a:2e:e4:c1:9d:62:83:f9:29:1a:6c:
                    03:86:ed:c4:55:40:9c:7f:36:7b:60:e0:b8:67:02:
                    ce:7f:ef:21:4e:78:08:66:89:c5:b3:fb:76:0c:17:
                    41:05:cd:bf:c4:6c:91:30:b5:04:1d:ba:c1:3b:b3:
                    73:6a:6d:2d:57:12:a5:12:18:e3:e8:51:95:f0:3e:
                    48:59:0b:67:9a:f6:bd:50:35:e4:6d:73:3a:75:86:
                    ae:30:bd:e1:91:04:9c:69:5f:9b:64:57:4c:ce:01:
                    80:0d:28:cd:31:71:f2:ea:2e:2f:44:f5:58:fe:37:
                    9f:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:CE:35:EE:39:00:23:7E:13:92:BB:EC:32:4B:68:69:A7:43:AE:F9
            X509v3 Authority Key Identifier:
                keyid:39:89:11:30:01:04:D7:C5:8B:32:6E:56:64:B3:D7:9A:2D:46:46:E0

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A918F1C9/6A57AB8C7F9511EAB0ED8537C4F9AE02/OYkRMAEE18WLMm5WZLPXmi1GRuA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/OYkRMAEE18WLMm5WZLPXmi1GRuA.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918F1C9/6A57AB8C7F9511EAB0ED8537C4F9AE02/8DE8DADA056B11EE9B7EDB79C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.121.224.0/22
                IPv6:
                  2403:72c0::/46

    Signature Algorithm: sha256WithRSAEncryption
         48:af:97:e3:ee:52:8a:2e:0b:9e:c2:49:92:f7:ba:b0:0a:39:
         db:b4:8b:80:5b:f1:74:f9:9b:4f:4e:1e:60:0f:9b:8a:6d:03:
         32:32:2f:23:33:9a:2f:dd:ab:03:9e:a0:8f:e3:85:4a:77:5b:
         35:1d:ed:c5:dc:56:b5:8c:0f:62:2a:ed:84:28:24:52:1d:25:
         b5:4d:ab:e8:ef:64:9c:c0:29:dd:78:3c:b7:2a:54:9a:0e:bf:
         04:39:91:c9:4e:18:c6:76:58:dd:d6:19:f6:cd:c7:f1:57:3c:
         07:b4:4f:22:fe:f0:1b:ae:5d:fa:d3:7b:15:4d:49:f3:fc:f3:
         58:78:82:b2:ca:37:71:35:16:3b:1e:72:c1:dd:ba:83:9b:39:
         0e:4d:94:d2:06:99:80:e3:a6:87:3a:3b:b5:02:77:e3:15:2f:
         54:a4:fa:02:9b:12:74:b5:70:d2:5a:07:36:a7:3e:68:eb:bc:
         63:2b:cf:1e:65:de:28:3b:ac:8d:45:e9:a4:05:ba:c0:2d:69:
         10:f0:b1:e1:d2:34:83:48:3c:34:8d:95:3f:96:ef:4e:87:a8:
         38:3c:40:08:d0:64:26:c6:7f:4f:65:5e:e4:97:eb:58:63:11:
         b5:ab:0b:75:ff:e3:a9:ba:9a:df:26:4f:0e:8e:ed:72:02:c6:
         35:01:6c:5a
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICCK8wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OEYxQzkxMTAvBgNVBAUTKDM5ODkxMTMwMDEwNEQ3QzU4QjMyNkU1NjY0QjNENzlB
MkQ0NjQ2RTAwHhcNMjMxMDIwMjA0OTEzWhcNMjQxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTMyZTdjOC05NjZkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAulnp+GzPFZArRmvgOpyu7ZCUhUZlvY2MwYTx6adUGWMnPHwmM/HmhWLA17/D
hU37fQjZsusFyoYsfKcscck2CYpUjXuiCIx9J1Sf4TQ+EWpwMa1R3/R7NRRem4zP
CKPa4EQcwkGXph3HVrFkPKW/bYbtK6S0Z80Fz8eEpss0q5qV9nZwjkpOB+V0Si7k
wZ1ig/kpGmwDhu3EVUCcfzZ7YOC4ZwLOf+8hTngIZonFs/t2DBdBBc2/xGyRMLUE
HbrBO7Nzam0tVxKlEhjj6FGV8D5IWQtnmva9UDXkbXM6dYauML3hkQScaV+bZFdM
zgGADSjNMXHy6i4vRPVY/jefbwIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFNjONe45
ACN+E5K77DJLaGmnQ675MB8GA1UdIwQYMBaAFDmJETABBNfFizJuVmSz15otRkbg
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4RjFDOS82QTU3QUI4QzdG
OTUxMUVBQjBFRDg1MzdDNEY5QUUwMi9PWWtSTUFFRTE4V0xNbTVXWkxQWG1pMUdS
dUEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL09Za1JNQUVFMThXTE1tNVdaTFBYbWkxR1J1QS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OEYxQzkvNkE1N0FCOEM3Rjk1MTFFQUIwRUQ4NTM3QzRGOUFFMDIvOERFOERBREEw
NTZCMTFFRTlCN0VEQjc5QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBAJneeAwDwQCAAIwCQMHAiQDcsAAADANBgkqhkiG9w0BAQsF
AAOCAQEASK+X4+5Sii4LnsJJkve6sAo527SLgFvxdPmbT04eYA+bim0DMjIvIzOa
L92rA56gj+OFSndbNR3txdxWtYwPYirthCgkUh0ltU2r6O9knMAp3Xg8typUmg6/
BDmRyU4YxnZY3dYZ9s3H8Vc8B7RPIv7wG65d+tN7FU1J8/zzWHiCsso3cTUWOx5y
wd26g5s5Dk2U0gaZgOOmhzo7tQJ34xUvVKT6ApsSdLVw0loHNqc+aOu8YyvPHmXe
KDusjUXppAW6wC1pEPCx4dI0g0g8NI2VP5bvToeoODxACNBkJsZ/T2Ve5JfrWGMR
tasLdf/jqbqa3yZPDo7tcgLGNQFsWg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:33 2024 by rpki-client on console-fra.rpki-client.org