Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91B6587/417D71B4918611EDA84A124DC4F9AE02/720F30326E5E11EEBFA4E75BC4F9AE02.roa
File:                     720F30326E5E11EEBFA4E75BC4F9AE02.roa (raw, json)
Hash identifier:          tndYu5V2i4EBKzB2WQEa6Kz3slutPy4/CPHJxugLnew=
Subject key identifier:   69:64:CE:09:B9:BA:F8:0E:F8:E7:F8:AF:2A:12:79:5F:F0:25:13:1B
Certificate issuer:       /CN=A91B6587/serialNumber=2D634077CC847B59D4048D43E04B3309698FE638
Certificate serial:       0171
Authority key identifier: 2D:63:40:77:CC:84:7B:59:D4:04:8D:43:E0:4B:33:09:69:8F:E6:38
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/LWNAd8yEe1nUBI1D4EszCWmP5jg.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91B6587/417D71B4918611EDA84A124DC4F9AE02/720F30326E5E11EEBFA4E75BC4F9AE02.roa
Signing time:             Wed 31 Jan 2024 06:58:05 +0000
ROA not before:           Wed 31 Jan 2024 06:58:05 +0000
ROA not after:            Thu 31 Oct 2024 00:00:00 +0000
asID:                     133499
IP address blocks:        43.225.80.0/22 maxlen: 22
                          43.225.188.0/24 maxlen: 24
                          43.225.190.0/24 maxlen: 24
                          43.228.236.0/24 maxlen: 24
                          43.228.238.0/24 maxlen: 24
                          43.228.239.0/24 maxlen: 24
                          103.84.120.0/22 maxlen: 24
                          103.194.113.0/24 maxlen: 24
                          103.240.164.0/22 maxlen: 24
                          103.241.52.0/22 maxlen: 22
                          103.241.52.0/24 maxlen: 24
                          103.241.53.0/24 maxlen: 24
                          103.241.54.0/24 maxlen: 24
                          103.241.55.0/24 maxlen: 24
                          103.252.110.0/24 maxlen: 24
                          150.107.226.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Wed 04 Sep 2024 10:53:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 369 (0x171)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91B6587/serialNumber=2D634077CC847B59D4048D43E04B3309698FE638
        Validity
            Not Before: Jan 31 06:58:05 2024 GMT
            Not After : Oct 31 00:00:00 2024 GMT
        Subject: CN=65b9ef7d-a68c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:50:82:0a:f9:df:c0:8a:c3:ef:da:9f:39:6c:
                    17:33:f4:ce:99:73:e9:77:c0:cc:eb:32:bd:b5:47:
                    4e:ad:73:44:01:0b:dc:a5:05:aa:07:59:6d:ed:ce:
                    58:b3:b0:2b:fb:bf:81:12:c1:01:f8:f2:8b:49:87:
                    c4:f0:cf:47:46:19:67:f3:92:52:83:6a:a3:69:4d:
                    42:54:d4:b0:aa:2e:59:cf:ec:82:7d:a8:ec:4a:63:
                    2f:08:d5:24:1c:21:d8:2d:c3:46:b1:e7:d0:4c:b0:
                    ef:4b:50:a8:87:3c:55:20:d1:29:9b:52:09:18:36:
                    14:5f:7e:8d:33:c7:18:8f:bf:4e:22:d4:1f:48:24:
                    4d:5f:06:00:73:98:0b:2f:ff:45:de:87:8b:c5:d3:
                    87:3a:1c:4a:13:7b:6d:00:7f:2e:04:a4:c9:ba:1a:
                    79:e2:23:f3:8b:aa:39:96:1e:90:5d:4d:9d:09:6c:
                    8b:9e:57:11:a5:cb:e2:c5:c7:01:e6:39:fd:a7:fc:
                    59:fb:d0:0e:02:58:62:4c:e2:73:e8:dd:84:99:93:
                    bf:c1:fc:72:be:9e:db:f9:27:0e:b5:df:8e:5b:18:
                    9a:a1:71:cf:3f:bd:ee:cd:85:b1:cd:20:bf:58:b5:
                    80:af:5a:48:16:1c:31:85:2a:63:7b:3e:a7:78:b2:
                    3e:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:64:CE:09:B9:BA:F8:0E:F8:E7:F8:AF:2A:12:79:5F:F0:25:13:1B
            X509v3 Authority Key Identifier:
                keyid:2D:63:40:77:CC:84:7B:59:D4:04:8D:43:E0:4B:33:09:69:8F:E6:38

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91B6587/417D71B4918611EDA84A124DC4F9AE02/LWNAd8yEe1nUBI1D4EszCWmP5jg.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/LWNAd8yEe1nUBI1D4EszCWmP5jg.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B6587/417D71B4918611EDA84A124DC4F9AE02/720F30326E5E11EEBFA4E75BC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.225.80.0/22
                  43.225.188.0/24
                  43.225.190.0/24
                  43.228.236.0/24
                  43.228.238.0/23
                  103.84.120.0/22
                  103.194.113.0/24
                  103.240.164.0/22
                  103.241.52.0/22
                  103.252.110.0/24
                  150.107.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8b:19:6f:ff:5a:45:b1:cf:1c:a5:63:22:8b:fd:e4:6e:0c:59:
         43:4b:83:14:ee:90:9b:f2:b1:b4:6e:77:b8:db:e9:8a:34:65:
         98:31:7f:fd:75:b6:5f:11:80:b7:03:55:57:78:6e:b9:bc:ee:
         b1:74:b9:e0:61:70:61:52:b1:df:a7:71:b8:cd:02:31:f8:fa:
         7e:34:d8:73:0f:74:48:39:66:8f:18:b1:2f:d9:f7:ed:d0:1e:
         f5:c4:a9:05:45:29:a1:e6:a5:d3:ac:44:73:a7:13:fc:87:54:
         c1:be:11:00:07:26:b2:ad:cb:ef:0a:29:1e:0c:1b:63:65:9d:
         26:b3:a5:74:3c:fc:b5:d8:a4:6a:88:d8:d6:19:54:6c:f6:ed:
         d1:b4:0e:17:4a:7d:7f:f5:e9:bc:66:11:4b:ca:9c:2c:32:37:
         53:f5:8c:82:c1:21:83:c7:57:00:6e:6c:ba:31:a4:77:cf:7a:
         0e:b2:94:81:4b:f4:11:9d:eb:87:23:12:6c:d3:19:78:b2:16:
         fe:38:7d:6b:70:73:da:0b:53:a6:a9:5e:2d:bb:81:88:48:b4:
         9f:74:91:7c:3e:1f:6f:69:af:41:3b:8c:fe:15:b6:ed:89:30:
         8f:7d:e8:d3:9f:02:70:eb:5d:1a:5f:68:52:c8:3a:a1:aa:ce:
         b3:a4:1d:03
-----BEGIN CERTIFICATE-----
MIIFrTCCBJWgAwIBAgICAXEwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QjY1ODcxMTAvBgNVBAUTKDJENjM0MDc3Q0M4NDdCNTlENDA0OEQ0M0UwNEIzMzA5
Njk4RkU2MzgwHhcNMjQwMTMxMDY1ODA1WhcNMjQxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWI5ZWY3ZC1hNjhjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA11CCCvnfwIrD79qfOWwXM/TOmXPpd8DM6zK9tUdOrXNEAQvcpQWqB1lt7c5Y
s7Ar+7+BEsEB+PKLSYfE8M9HRhln85JSg2qjaU1CVNSwqi5Zz+yCfajsSmMvCNUk
HCHYLcNGsefQTLDvS1CohzxVINEpm1IJGDYUX36NM8cYj79OItQfSCRNXwYAc5gL
L/9F3oeLxdOHOhxKE3ttAH8uBKTJuhp54iPzi6o5lh6QXU2dCWyLnlcRpcvixccB
5jn9p/xZ+9AOAlhiTOJz6N2EmZO/wfxyvp7b+ScOtd+OWxiaoXHPP73uzYWxzSC/
WLWAr1pIFhwxhSpjez6neLI+QQIDAQABo4IC0TCCAs0wHQYDVR0OBBYEFGlkzgm5
uvgO+Of4ryoSeV/wJRMbMB8GA1UdIwQYMBaAFC1jQHfMhHtZ1ASNQ+BLMwlpj+Y4
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCNjU4Ny80MTdENzFCNDkx
ODYxMUVEQTg0QTEyNERDNEY5QUUwMi9MV05BZDh5RWUxblVCSTFENEVzekNXbVA1
amcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0xXTkFkOHlFZTFuVUJJMUQ0RXN6Q1dtUDVqZy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QjY1ODcvNDE3RDcxQjQ5MTg2MTFFREE4NEExMjREQzRGOUFFMDIvNzIwRjMwMzI2
RTVFMTFFRUJGQTRFNzVCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwWwYIKwYBBQUHAQcBAf8E
TDBKMEgEAgABMEIDBAIr4VADBAAr4bwDBAAr4b4DBAAr5OwDBAEr5O4DBAJnVHgD
BABnwnEDBAJn8KQDBAJn8TQDBABn/G4DBACWa+IwDQYJKoZIhvcNAQELBQADggEB
AIsZb/9aRbHPHKVjIov95G4MWUNLgxTukJvysbRud7jb6Yo0ZZgxf/11tl8RgLcD
VVd4brm87rF0ueBhcGFSsd+ncbjNAjH4+n402HMPdEg5Zo8YsS/Z9+3QHvXEqQVF
KaHmpdOsRHOnE/yHVMG+EQAHJrKty+8KKR4MG2NlnSazpXQ8/LXYpGqI2NYZVGz2
7dG0DhdKfX/16bxmEUvKnCwyN1P1jILBIYPHVwBubLoxpHfPeg6ylIFL9BGd64cj
EmzTGXiyFv44fWtwc9oLU6apXi27gYhItJ90kXw+H29pr0E7jP4Vtu2JMI996NOf
AnDrXRpfaFLIOqGqzrOkHQM=
-----END CERTIFICATE-----
Generated at Wed Sep 4 13:10:43 2024 by rpki-client on console-ams.rpki-client.org