Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91B795B/124A539A01C511ED9E2C1055C4F9AE02/898B947001C811EDAE70396DC4F9AE02.roa
File:                     898B947001C811EDAE70396DC4F9AE02.roa (raw, json)
Hash identifier:          g2YKPFntVFXFEQZhDDwvooZpDQzbLt7HcaBMli3wxJk=
Subject key identifier:   4A:FC:F5:F1:D9:1A:89:38:7A:0A:71:3F:94:7F:5A:39:FA:E0:0A:EF
Certificate issuer:       /CN=A91B795B/serialNumber=9BB6958CF0061D4EF0FD8B9847D9ED27FCA21E21
Certificate serial:       0161
Authority key identifier: 9B:B6:95:8C:F0:06:1D:4E:F0:FD:8B:98:47:D9:ED:27:FC:A2:1E:21
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/m7aVjPAGHU7w_YuYR9ntJ_yiHiE.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91B795B/124A539A01C511ED9E2C1055C4F9AE02/898B947001C811EDAE70396DC4F9AE02.roa
Signing time:             Sun 17 Sep 2023 03:03:40 +0000
ROA not before:           Sun 17 Sep 2023 03:03:40 +0000
ROA not after:            Sun 01 Dec 2024 00:00:00 +0000
asID:                     58986
IP address blocks:        103.240.144.0/24 maxlen: 24
                          103.240.145.0/24 maxlen: 24
                          103.240.146.0/24 maxlen: 24
                          103.240.147.0/24 maxlen: 24
                          2001:df0:d000::/48 maxlen: 48

Validation:               Failed, certificate revoked on Wed 24 Jul 2024 04:53:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 353 (0x161)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91B795B/serialNumber=9BB6958CF0061D4EF0FD8B9847D9ED27FCA21E21
        Validity
            Not Before: Sep 17 03:03:40 2023 GMT
            Not After : Dec  1 00:00:00 2024 GMT
        Subject: CN=65066c8b-1fd9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:c2:02:e1:a9:0f:6d:76:3e:7a:23:e0:70:bd:
                    6b:64:69:18:e5:3a:11:5b:5f:14:36:41:99:5a:13:
                    f8:08:28:f0:60:99:60:f8:68:ab:50:ff:b6:73:75:
                    bc:93:69:d4:3b:c5:ba:f1:be:ba:a0:56:62:94:d9:
                    9a:68:16:70:9a:a7:77:b8:22:0b:c5:04:e2:fc:03:
                    12:07:e7:96:78:13:c6:56:ea:c8:98:34:31:b1:45:
                    9a:6e:2e:06:e7:f9:63:b7:0f:7b:58:13:26:4c:2d:
                    82:1e:27:9b:4c:f8:fb:7f:66:2f:6c:c9:9b:1c:d9:
                    33:aa:b0:b8:a6:90:f8:03:f6:6b:5e:04:59:a9:98:
                    8d:f2:76:62:20:78:79:43:98:32:af:92:0c:cf:fe:
                    81:b0:a4:f4:5f:64:ba:a9:01:5b:bc:28:8e:82:2d:
                    91:f5:02:8a:b8:d6:58:34:1e:98:a4:ef:26:d6:c6:
                    03:24:9b:9b:77:80:92:d6:dd:1d:87:60:b8:97:cc:
                    43:d9:26:e1:b7:bd:70:8a:0f:cc:99:12:db:b7:1f:
                    82:d9:81:25:3c:bc:72:27:91:40:b5:2d:4d:20:75:
                    b5:a8:13:44:9a:9a:e4:21:e1:99:d3:fd:80:e5:df:
                    00:27:a5:90:f3:dd:5e:33:7f:c4:f0:d5:47:ae:f1:
                    50:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4A:FC:F5:F1:D9:1A:89:38:7A:0A:71:3F:94:7F:5A:39:FA:E0:0A:EF
            X509v3 Authority Key Identifier:
                keyid:9B:B6:95:8C:F0:06:1D:4E:F0:FD:8B:98:47:D9:ED:27:FC:A2:1E:21

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91B795B/124A539A01C511ED9E2C1055C4F9AE02/m7aVjPAGHU7w_YuYR9ntJ_yiHiE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/m7aVjPAGHU7w_YuYR9ntJ_yiHiE.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B795B/124A539A01C511ED9E2C1055C4F9AE02/898B947001C811EDAE70396DC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.240.144.0/22
                IPv6:
                  2001:df0:d000::/48

    Signature Algorithm: sha256WithRSAEncryption
         6a:47:4f:ba:4f:72:f7:c0:4f:7a:dc:55:b1:5a:97:82:fe:f6:
         6c:fe:34:da:03:74:41:28:f5:e2:aa:8d:91:7d:2d:62:9a:07:
         5e:c6:3c:66:a5:04:92:da:16:23:5f:5e:b7:5a:5b:74:a5:f1:
         f4:6b:bb:3e:15:d6:0f:85:6f:92:99:a2:00:ee:aa:41:2d:02:
         e5:82:18:15:f6:1f:aa:ad:6e:9f:aa:e1:39:22:f3:94:c6:34:
         13:fc:83:45:4b:c9:7c:7e:ad:78:5f:b5:ba:d1:46:20:e8:1f:
         17:d1:16:83:49:b0:37:90:82:02:e0:cd:1e:98:0a:d5:f3:98:
         7f:16:4a:92:67:9b:5f:fd:75:67:f3:fa:62:7a:79:8b:f2:6c:
         a3:e1:f8:95:3b:2e:32:6b:17:be:e5:36:f2:24:93:56:9e:cf:
         01:1f:8b:3e:d5:3f:bc:eb:99:bd:9c:62:9c:24:4e:0e:5b:4c:
         15:96:21:8f:ba:7e:20:39:a7:cb:70:a0:a7:c6:cf:66:b9:9d:
         30:f0:b0:85:a9:1d:0d:11:2d:f9:22:00:c6:86:aa:2d:6d:10:
         d9:26:aa:41:4e:17:a1:0b:78:1a:3e:e3:a6:de:33:05:2e:4d:
         be:00:92:83:f3:fa:73:58:85:55:44:e9:03:3e:8a:a6:ff:1c:
         5e:72:fd:ab
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICAWEwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Qjc5NUIxMTAvBgNVBAUTKDlCQjY5NThDRjAwNjFENEVGMEZEOEI5ODQ3RDlFRDI3
RkNBMjFFMjEwHhcNMjMwOTE3MDMwMzQwWhcNMjQxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTA2NmM4Yi0xZmQ5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA8cIC4akPbXY+eiPgcL1rZGkY5ToRW18UNkGZWhP4CCjwYJlg+GirUP+2c3W8
k2nUO8W68b66oFZilNmaaBZwmqd3uCILxQTi/AMSB+eWeBPGVurImDQxsUWabi4G
5/ljtw97WBMmTC2CHiebTPj7f2YvbMmbHNkzqrC4ppD4A/ZrXgRZqZiN8nZiIHh5
Q5gyr5IMz/6BsKT0X2S6qQFbvCiOgi2R9QKKuNZYNB6YpO8m1sYDJJubd4CS1t0d
h2C4l8xD2Sbht71wig/MmRLbtx+C2YElPLxyJ5FAtS1NIHW1qBNEmprkIeGZ0/2A
5d8AJ6WQ891eM3/E8NVHrvFQ1QIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFEr89fHZ
Gok4egpxP5R/Wjn64ArvMB8GA1UdIwQYMBaAFJu2lYzwBh1O8P2LmEfZ7Sf8oh4h
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCNzk1Qi8xMjRBNTM5QTAx
QzUxMUVEOUUyQzEwNTVDNEY5QUUwMi9tN2FWalBBR0hVN3dfWXVZUjludEpfeWlI
aUUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL203YVZqUEFHSFU3d19ZdVlSOW50Sl95aUhpRS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Qjc5NUIvMTI0QTUzOUEwMUM1MTFFRDlFMkMxMDU1QzRGOUFFMDIvODk4Qjk0NzAw
MUM4MTFFREFFNzAzOTZEQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBAJn8JAwDwQCAAIwCQMHACABDfDQADANBgkqhkiG9w0BAQsF
AAOCAQEAakdPuk9y98BPetxVsVqXgv72bP402gN0QSj14qqNkX0tYpoHXsY8ZqUE
ktoWI19et1pbdKXx9Gu7PhXWD4VvkpmiAO6qQS0C5YIYFfYfqq1un6rhOSLzlMY0
E/yDRUvJfH6teF+1utFGIOgfF9EWg0mwN5CCAuDNHpgK1fOYfxZKkmebX/11Z/P6
Ynp5i/Jso+H4lTsuMmsXvuU28iSTVp7PAR+LPtU/vOuZvZxinCRODltMFZYhj7p+
IDmny3Cgp8bPZrmdMPCwhakdDREt+SIAxoaqLW0Q2SaqQU4XoQt4Gj7jpt4zBS5N
vgCSg/P6c1iFVUTpAz6Kpv8cXnL9qw==
-----END CERTIFICATE-----
Generated at Wed Jul 24 07:50:30 2024 by rpki-client on console-ams.rpki-client.org