Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91C2CC7/791C6A347B3811E9BC0D3B32C4F9AE02/3F763E44017211EE8B2BF635C4F9AE02.roa
File:                     3F763E44017211EE8B2BF635C4F9AE02.roa (raw, json)
Hash identifier:          T27PqZODiVTbI+EbFf62hQq8msnaqE9QMZQB3c52YSY=
Subject key identifier:   31:94:C5:E7:4C:EC:A4:6B:42:71:57:05:F6:15:7F:FA:4C:B9:11:A6
Certificate issuer:       /CN=A91C2CC7/serialNumber=77486B610D333AEBDA8F255C501411B01F18FF49
Certificate serial:       0E67
Authority key identifier: 77:48:6B:61:0D:33:3A:EB:DA:8F:25:5C:50:14:11:B0:1F:18:FF:49
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/d0hrYQ0zOuvajyVcUBQRsB8Y_0k.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91C2CC7/791C6A347B3811E9BC0D3B32C4F9AE02/3F763E44017211EE8B2BF635C4F9AE02.roa
Signing time:             Sat 20 Apr 2024 18:36:49 +0000
ROA not before:           Sat 20 Apr 2024 18:36:49 +0000
ROA not after:            Wed 28 May 2025 00:00:00 +0000
asID:                     3356
IP address blocks:        2401:df00:1::/48 maxlen: 48
                          2401:df00:2::/48 maxlen: 48
                          2401:df00:11::/48 maxlen: 48
                          2401:df00:12::/48 maxlen: 48
                          2401:df00:21::/48 maxlen: 48
                          2401:df00:22::/48 maxlen: 48
                          2401:df00:31::/48 maxlen: 48
                          2401:df00:32::/48 maxlen: 48
                          2401:df00:41::/48 maxlen: 48
                          2401:df00:42::/48 maxlen: 48
                          2401:df00:51::/48 maxlen: 48
                          2401:df00:52::/48 maxlen: 48
                          2401:df00:61::/48 maxlen: 48
                          2401:df00:62::/48 maxlen: 48

Validation:               Failed, certificate revoked on Tue 25 Jun 2024 21:28:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3687 (0xe67)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91C2CC7/serialNumber=77486B610D333AEBDA8F255C501411B01F18FF49
        Validity
            Not Before: Apr 20 18:36:49 2024 GMT
            Not After : May 28 00:00:00 2025 GMT
        Subject: CN=66240b41-258b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:3b:c0:c4:35:f5:f3:39:cb:b1:68:79:ac:9a:
                    28:ed:bd:d8:ea:b4:38:c0:a9:d0:8d:7f:2e:5a:7e:
                    cd:04:26:a3:0c:6e:95:61:5d:e4:37:23:70:a2:e7:
                    20:44:00:d0:87:d4:3c:0f:0d:f4:08:ad:b4:01:b1:
                    d2:4e:1e:59:ef:ef:5a:d7:f0:f5:a2:2f:40:16:22:
                    96:ae:b5:fd:af:b2:b1:dd:f4:14:31:f9:a2:f1:ae:
                    cd:cb:b4:a8:c5:ed:b0:34:2a:d5:08:7d:cb:15:6e:
                    13:31:15:3b:32:a5:98:89:72:6a:b7:a8:ad:39:60:
                    3b:2d:3c:ff:28:8d:21:93:4e:48:e0:00:c6:da:ad:
                    52:de:d7:5f:30:ad:a1:19:f6:65:ed:25:b7:4d:25:
                    b1:c5:71:9c:f2:01:39:6e:b5:5d:38:4b:e7:8f:4b:
                    7b:a4:08:74:a6:49:b6:53:1c:9a:6b:f6:45:06:9b:
                    94:6f:d0:60:5d:35:19:d2:fa:d2:cd:f3:56:1a:6d:
                    0a:09:b0:f1:ff:1e:c0:90:82:33:d8:59:c5:28:ae:
                    6b:59:b6:ec:2b:7c:5e:db:e5:a8:ba:f8:f3:bb:53:
                    d8:17:17:8f:68:92:63:3a:e7:6a:24:3f:52:44:a4:
                    ad:87:66:06:a0:bb:85:cb:aa:bc:42:43:22:4d:8e:
                    f2:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:94:C5:E7:4C:EC:A4:6B:42:71:57:05:F6:15:7F:FA:4C:B9:11:A6
            X509v3 Authority Key Identifier:
                keyid:77:48:6B:61:0D:33:3A:EB:DA:8F:25:5C:50:14:11:B0:1F:18:FF:49

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91C2CC7/791C6A347B3811E9BC0D3B32C4F9AE02/d0hrYQ0zOuvajyVcUBQRsB8Y_0k.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/d0hrYQ0zOuvajyVcUBQRsB8Y_0k.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91C2CC7/791C6A347B3811E9BC0D3B32C4F9AE02/3F763E44017211EE8B2BF635C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2401:df00:1::-2401:df00:2:ffff:ffff:ffff:ffff:ffff
                  2401:df00:11::-2401:df00:12:ffff:ffff:ffff:ffff:ffff
                  2401:df00:21::-2401:df00:22:ffff:ffff:ffff:ffff:ffff
                  2401:df00:31::-2401:df00:32:ffff:ffff:ffff:ffff:ffff
                  2401:df00:41::-2401:df00:42:ffff:ffff:ffff:ffff:ffff
                  2401:df00:51::-2401:df00:52:ffff:ffff:ffff:ffff:ffff
                  2401:df00:61::-2401:df00:62:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         d1:5a:c0:ec:7d:99:30:36:05:27:c4:0b:94:ef:08:00:80:0a:
         2a:1b:f9:2f:88:f8:91:3c:41:75:05:c4:e2:23:01:2f:b2:a4:
         2a:93:56:db:30:32:47:e3:fd:70:de:8a:c8:29:5d:5b:94:a5:
         fa:e8:fc:59:9f:68:fc:21:4b:ba:f7:9f:17:14:d3:7a:5b:85:
         ff:9c:c8:1b:ec:56:dc:9c:f6:16:d1:ea:cd:46:2d:f1:c6:66:
         09:fb:2d:44:6b:95:31:f7:93:bf:d5:bf:8c:58:9f:26:9b:11:
         40:90:5c:f7:b5:b1:78:5d:8e:05:b3:03:ee:65:e2:63:9d:df:
         82:a8:ee:90:ca:0e:b6:64:e2:24:cc:a4:35:2b:24:32:6a:70:
         e1:c1:9f:3d:b1:8c:67:8e:5e:4f:1c:ea:72:62:41:1b:60:05:
         7e:39:b1:f3:2c:2f:64:e3:64:f5:e2:48:bd:ef:58:c4:b8:f4:
         60:84:7e:dc:f4:70:da:93:d8:96:9c:aa:55:62:5a:94:c6:40:
         1c:9f:24:8e:b4:98:b4:33:7e:c1:fe:e2:73:f3:1f:8c:a9:2a:
         a8:51:c8:e2:e9:05:f4:5e:78:26:61:1b:9c:87:44:0e:10:c2:
         01:2c:b5:6f:77:18:b5:69:05:6c:d7:89:83:37:dc:5f:05:48:
         2b:c5:21:2b
-----BEGIN CERTIFICATE-----
MIIF/DCCBOSgAwIBAgICDmcwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QzJDQzcxMTAvBgNVBAUTKDc3NDg2QjYxMEQzMzNBRUJEQThGMjU1QzUwMTQxMUIw
MUYxOEZGNDkwHhcNMjQwNDIwMTgzNjQ5WhcNMjUwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02NjI0MGI0MS0yNThiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAszvAxDX18znLsWh5rJoo7b3Y6rQ4wKnQjX8uWn7NBCajDG6VYV3kNyNwoucg
RADQh9Q8Dw30CK20AbHSTh5Z7+9a1/D1oi9AFiKWrrX9r7Kx3fQUMfmi8a7Ny7So
xe2wNCrVCH3LFW4TMRU7MqWYiXJqt6itOWA7LTz/KI0hk05I4ADG2q1S3tdfMK2h
GfZl7SW3TSWxxXGc8gE5brVdOEvnj0t7pAh0pkm2Uxyaa/ZFBpuUb9BgXTUZ0vrS
zfNWGm0KCbDx/x7AkIIz2FnFKK5rWbbsK3xe2+Wouvjzu1PYFxePaJJjOudqJD9S
RKSth2YGoLuFy6q8QkMiTY7yrwIDAQABo4IDIDCCAxwwHQYDVR0OBBYEFDGUxedM
7KRrQnFXBfYVf/pMuRGmMB8GA1UdIwQYMBaAFHdIa2ENMzrr2o8lXFAUEbAfGP9J
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDMkNDNy83OTFDNkEzNDdC
MzgxMUU5QkMwRDNCMzJDNEY5QUUwMi9kMGhyWVEwek91dmFqeVZjVUJRUnNCOFlf
MGsuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2QwaHJZUTB6T3V2YWp5VmNVQlFSc0I4WV8way5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QzJDQzcvNzkxQzZBMzQ3QjM4MTFFOUJDMEQzQjMyQzRGOUFFMDIvM0Y3NjNFNDQw
MTcyMTFFRThCMkJGNjM1QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgakGCCsGAQUFBwEHAQH/
BIGZMIGWMIGTBAIAAjCBjDASAwcAJAHfAAABAwcAJAHfAAACMBIDBwAkAd8AABED
BwAkAd8AABIwEgMHACQB3wAAIQMHACQB3wAAIjASAwcAJAHfAAAxAwcAJAHfAAAy
MBIDBwAkAd8AAEEDBwAkAd8AAEIwEgMHACQB3wAAUQMHACQB3wAAUjASAwcAJAHf
AABhAwcAJAHfAABiMA0GCSqGSIb3DQEBCwUAA4IBAQDRWsDsfZkwNgUnxAuU7wgA
gAoqG/kviPiRPEF1BcTiIwEvsqQqk1bbMDJH4/1w3orIKV1blKX66PxZn2j8IUu6
958XFNN6W4X/nMgb7FbcnPYW0erNRi3xxmYJ+y1Ea5Ux95O/1b+MWJ8mmxFAkFz3
tbF4XY4FswPuZeJjnd+CqO6Qyg62ZOIkzKQ1KyQyanDhwZ89sYxnjl5PHOpyYkEb
YAV+ObHzLC9k42T14ki971jEuPRghH7c9HDak9iWnKpVYlqUxkAcnySOtJi0M37B
/uJz8x+MqSqoUcji6QX0XngmYRuch0QOEMIBLLVvdxi1aQVs14mDN9xfBUgrxSEr
-----END CERTIFICATE-----
Generated at Wed Jun 26 03:16:44 2024 by rpki-client on console-ams.rpki-client.org