Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91B036A/BBC2F776D1F111EE86051A61C4F9AE02/F5F1D24CD22211EEAE66374FC4F9AE02.roa
File:                     F5F1D24CD22211EEAE66374FC4F9AE02.roa (raw, json)
Hash identifier:          B7BrzQftMF0aU1XHyCqhT7PAQjrTAngicPSOxKGw+6w=
Subject key identifier:   29:40:C9:22:CC:28:17:79:26:A3:EC:34:8E:AE:96:FB:39:6E:C7:8B
Certificate issuer:       /CN=A91B036A/serialNumber=0F17F37DBC9484D96E1A0ABC78A4F9CACD5EDA8A
Certificate serial:       14
Authority key identifier: 0F:17:F3:7D:BC:94:84:D9:6E:1A:0A:BC:78:A4:F9:CA:CD:5E:DA:8A
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DxfzfbyUhNluGgq8eKT5ys1e2oo.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91B036A/BBC2F776D1F111EE86051A61C4F9AE02/F5F1D24CD22211EEAE66374FC4F9AE02.roa
Signing time:             Fri 23 Feb 2024 08:11:16 +0000
ROA not before:           Fri 23 Feb 2024 08:11:16 +0000
ROA not after:            Thu 01 May 2025 00:00:00 +0000
asID:                     24334
IP address blocks:        103.11.88.0/22 maxlen: 24
                          202.83.240.0/21 maxlen: 21
                          202.83.240.0/24 maxlen: 24
                          202.83.241.0/24 maxlen: 24
                          202.83.242.0/24 maxlen: 24
                          202.83.243.0/24 maxlen: 24
                          202.83.244.0/24 maxlen: 24
                          202.83.245.0/24 maxlen: 24
                          202.83.246.0/24 maxlen: 24
                          202.83.247.0/24 maxlen: 24
                          202.171.208.0/21 maxlen: 21
                          202.171.208.0/24 maxlen: 24
                          202.171.209.0/24 maxlen: 24
                          202.171.210.0/24 maxlen: 24
                          202.171.211.0/24 maxlen: 24
                          202.171.212.0/24 maxlen: 24
                          202.171.213.0/24 maxlen: 24
                          202.171.214.0/24 maxlen: 24
                          202.171.215.0/24 maxlen: 24
                          203.142.88.0/21 maxlen: 21
                          203.142.88.0/24 maxlen: 24
                          203.142.89.0/24 maxlen: 24
                          203.142.90.0/24 maxlen: 24
                          203.142.91.0/24 maxlen: 24
                          203.142.92.0/24 maxlen: 24
                          203.142.93.0/24 maxlen: 24
                          203.142.94.0/24 maxlen: 24
                          203.142.95.0/24 maxlen: 24
                          2404:1a0::/30 maxlen: 32

Validation:               Failed, certificate revoked on Mon 26 Feb 2024 22:31:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 20 (0x14)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91B036A/serialNumber=0F17F37DBC9484D96E1A0ABC78A4F9CACD5EDA8A
        Validity
            Not Before: Feb 23 08:11:16 2024 GMT
            Not After : May  1 00:00:00 2025 GMT
        Subject: CN=65d85324-2751
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:b2:7e:e3:6c:09:24:64:b7:6b:82:b6:6e:8d:
                    1f:87:54:92:fe:ec:0e:1c:ee:f0:a3:43:a8:32:c6:
                    15:20:e1:6a:da:3e:05:a6:60:ec:41:df:c8:a8:26:
                    99:52:ba:29:de:35:f7:79:0b:7a:c6:7c:55:c3:b0:
                    c2:4a:d2:aa:92:ef:cd:a0:64:9e:04:b7:3c:f8:53:
                    d1:3a:81:f9:f1:b7:9a:80:27:8b:48:78:be:ba:4d:
                    ef:86:41:c2:90:bf:4d:e8:65:e6:f5:30:d4:c7:22:
                    dc:a6:27:6f:0d:19:6f:40:5c:f1:8c:09:19:35:f2:
                    cb:16:21:92:94:09:6f:65:f9:a1:f4:34:00:69:85:
                    ce:62:8f:3c:f6:b3:ef:a9:12:aa:b7:db:32:82:30:
                    e8:bd:bc:8c:0e:b0:1d:d9:09:98:5e:b8:ba:94:01:
                    15:3c:4a:99:3d:a5:72:37:c8:7a:9f:b5:62:5d:33:
                    4e:79:b8:de:ec:71:76:9d:04:c9:8a:c3:1b:7b:89:
                    c5:b3:b1:52:62:0b:1e:4d:38:6e:cd:f8:0f:fe:99:
                    17:54:f6:71:43:98:cc:d2:28:60:c3:03:4e:91:9a:
                    61:63:80:c9:ba:f3:ad:e2:ad:1a:42:33:4e:d3:a2:
                    6c:43:62:55:9c:2d:81:1a:8d:b9:77:37:87:d3:dc:
                    8f:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:40:C9:22:CC:28:17:79:26:A3:EC:34:8E:AE:96:FB:39:6E:C7:8B
            X509v3 Authority Key Identifier:
                keyid:0F:17:F3:7D:BC:94:84:D9:6E:1A:0A:BC:78:A4:F9:CA:CD:5E:DA:8A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91B036A/BBC2F776D1F111EE86051A61C4F9AE02/DxfzfbyUhNluGgq8eKT5ys1e2oo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DxfzfbyUhNluGgq8eKT5ys1e2oo.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B036A/BBC2F776D1F111EE86051A61C4F9AE02/F5F1D24CD22211EEAE66374FC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.11.88.0/22
                  202.83.240.0/21
                  202.171.208.0/21
                  203.142.88.0/21
                IPv6:
                  2404:1a0::/30

    Signature Algorithm: sha256WithRSAEncryption
         96:3b:a0:02:14:1c:60:df:7f:58:8a:74:5d:38:91:63:8c:42:
         a4:14:44:63:ed:3b:d3:a0:55:e9:a3:cc:a1:30:cc:03:eb:e5:
         fc:54:28:47:6c:fa:43:54:4a:55:66:9b:1d:2f:44:48:28:39:
         e3:8f:8c:ca:28:32:bb:43:ce:af:54:b7:fb:cc:22:83:f7:40:
         d8:b7:0d:eb:9c:5a:fb:e7:6c:bf:80:ee:ab:30:8b:2e:48:c3:
         e5:4b:ad:68:c7:44:b2:3a:54:f6:76:5d:9b:24:4e:34:e4:8c:
         3c:22:f5:db:84:b0:7e:1b:8d:06:6c:ab:66:ae:01:35:85:6e:
         ec:0f:e9:93:8a:63:e2:11:96:8c:8b:63:71:ff:31:79:53:0d:
         57:36:64:0e:1c:e7:c0:ba:be:5d:91:80:d9:4d:a7:9d:5c:6d:
         3d:06:77:bf:31:35:79:ff:b5:87:fa:6f:0e:26:ac:9a:e4:06:
         41:61:c7:72:0c:7f:d5:5a:d8:82:37:9f:b1:ed:8d:8d:04:65:
         68:7d:d3:8b:b0:c5:c5:ca:90:99:ec:6b:6a:ed:68:4d:74:b0:
         d4:2d:d8:c4:c2:aa:8f:8c:e6:f5:97:99:84:ae:21:7e:8a:b0:
         f2:b5:38:43:a3:69:b6:33:2d:81:79:2b:5b:55:36:3c:0e:f0:
         d6:a7:f6:0a
-----BEGIN CERTIFICATE-----
MIIFkTCCBHmgAwIBAgIBFDANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFC
MDM2QTExMC8GA1UEBRMoMEYxN0YzN0RCQzk0ODREOTZFMUEwQUJDNzhBNEY5Q0FD
RDVFREE4QTAeFw0yNDAyMjMwODExMTZaFw0yNTA1MDEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY1ZDg1MzI0LTI3NTEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDAsn7jbAkkZLdrgrZujR+HVJL+7A4c7vCjQ6gyxhUg4WraPgWmYOxB38ioJplS
uineNfd5C3rGfFXDsMJK0qqS782gZJ4Etzz4U9E6gfnxt5qAJ4tIeL66Te+GQcKQ
v03oZeb1MNTHItymJ28NGW9AXPGMCRk18ssWIZKUCW9l+aH0NABphc5ijzz2s++p
Eqq32zKCMOi9vIwOsB3ZCZheuLqUARU8Spk9pXI3yHqftWJdM055uN7scXadBMmK
wxt7icWzsVJiCx5NOG7N+A/+mRdU9nFDmMzSKGDDA06RmmFjgMm6863irRpCM07T
omxDYlWcLYEajbl3N4fT3I87AgMBAAGjggK2MIICsjAdBgNVHQ4EFgQUKUDJIswo
F3kmo+w0jq6W+zlux4swHwYDVR0jBBgwFoAUDxfzfbyUhNluGgq8eKT5ys1e2oow
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUIwMzZBL0JCQzJGNzc2RDFG
MTExRUU4NjA1MUE2MUM0RjlBRTAyL0R4ZnpmYnlVaE5sdUdncThlS1Q1eXMxZTJv
by5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvRHhmemZieVVoTmx1R2dxOGVLVDV5czFlMm9vLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFC
MDM2QS9CQkMyRjc3NkQxRjExMUVFODYwNTFBNjFDNEY5QUUwMi9GNUYxRDI0Q0Qy
MjIxMUVFQUU2NjM3NEZDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDBABggrBgEFBQcBBwEB/wQx
MC8wHgQCAAEwGAMEAmcLWAMEA8pT8AMEA8qr0AMEA8uOWDANBAIAAjAHAwUCJAQB
oDANBgkqhkiG9w0BAQsFAAOCAQEAljugAhQcYN9/WIp0XTiRY4xCpBREY+0706BV
6aPMoTDMA+vl/FQoR2z6Q1RKVWabHS9ESCg544+Myigyu0POr1S3+8wig/dA2LcN
65xa++dsv4DuqzCLLkjD5UutaMdEsjpU9nZdmyRONOSMPCL124SwfhuNBmyrZq4B
NYVu7A/pk4pj4hGWjItjcf8xeVMNVzZkDhznwLq+XZGA2U2nnVxtPQZ3vzE1ef+1
h/pvDiasmuQGQWHHcgx/1VrYgjefse2NjQRlaH3Ti7DFxcqQmexrau1oTXSw1C3Y
xMKqj4zm9ZeZhK4hfoqw8rU4Q6NptjMtgXkrW1U2PA7w1qf2Cg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:37 2024 by rpki-client on console-fra.rpki-client.org