Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91C7B15/FAF6FD7871E611E8996E2E64C4F9AE02/B4AF52545FAB11ED981A0452C4F9AE02.roa
File:                     B4AF52545FAB11ED981A0452C4F9AE02.roa (raw, json)
Hash identifier:          cYeYp0iPAEAe4DmIHpg+mza5g2RboCfUWiNoUGcEhLA=
Subject key identifier:   12:C1:89:12:8F:C5:B0:32:A3:74:F8:0A:5B:10:BE:E2:1E:39:19:46
Certificate issuer:       /CN=A91C7B15/serialNumber=AFB08D6F7E97785B6F31171EF82E31BB1D06E2E3
Certificate serial:       1394
Authority key identifier: AF:B0:8D:6F:7E:97:78:5B:6F:31:17:1E:F8:2E:31:BB:1D:06:E2:E3
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/r7CNb36XeFtvMRce-C4xux0G4uM.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91C7B15/FAF6FD7871E611E8996E2E64C4F9AE02/B4AF52545FAB11ED981A0452C4F9AE02.roa
Signing time:             Mon 08 Apr 2024 17:55:30 +0000
ROA not before:           Mon 08 Apr 2024 17:55:30 +0000
ROA not after:            Wed 28 May 2025 00:00:00 +0000
asID:                     136557
IP address blocks:        103.108.228.0/24 maxlen: 24
                          103.108.231.0/24 maxlen: 24
                          2402:7340:1::/48 maxlen: 48
                          2402:7340:2::/48 maxlen: 48
                          2402:7340:3::/48 maxlen: 48

Validation:               Failed, certificate revoked on Thu 25 Apr 2024 00:18:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 5012 (0x1394)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91C7B15/serialNumber=AFB08D6F7E97785B6F31171EF82E31BB1D06E2E3
        Validity
            Not Before: Apr  8 17:55:30 2024 GMT
            Not After : May 28 00:00:00 2025 GMT
        Subject: CN=66142f91-b070
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:03:cb:10:42:62:20:1d:8e:6b:21:1a:b6:a3:
                    7d:43:31:dd:3d:36:00:55:c8:e8:50:93:6d:6a:56:
                    02:58:96:ca:9b:51:16:20:4a:02:2a:73:21:e0:66:
                    ca:51:16:24:99:08:85:64:a5:4a:c9:75:01:38:35:
                    18:a3:5f:62:df:19:8c:16:f8:84:31:28:bc:f2:1e:
                    0e:e0:ca:34:e0:d7:62:cd:f9:74:24:22:7e:b8:7d:
                    41:56:fc:3c:bc:11:bc:ce:b0:38:c2:9d:d8:b0:5e:
                    0a:12:1e:e2:88:e8:87:f1:42:40:e7:17:82:b1:ca:
                    15:9f:7e:65:72:9f:9b:82:db:a3:de:25:04:5c:0f:
                    23:e5:c7:2a:28:d9:22:70:47:f6:d5:50:bd:5c:d4:
                    27:4e:fb:a9:b4:aa:42:fc:5f:59:58:29:e1:2f:ef:
                    53:f3:86:ac:50:2a:95:80:4f:b3:ee:6c:6a:06:b2:
                    0d:9b:ff:93:18:38:a8:00:6e:82:a7:2d:58:9d:0d:
                    88:2c:08:07:ad:d4:e8:dc:1a:a2:7a:a5:d5:8c:f0:
                    a1:b0:38:95:b5:46:59:5a:29:23:c6:dc:20:7d:d3:
                    d1:37:d1:56:7e:31:b2:ed:05:de:55:c2:d2:8b:f6:
                    cb:4a:f3:ce:d6:4f:71:17:b1:22:6f:9d:34:d3:d1:
                    9a:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:C1:89:12:8F:C5:B0:32:A3:74:F8:0A:5B:10:BE:E2:1E:39:19:46
            X509v3 Authority Key Identifier:
                keyid:AF:B0:8D:6F:7E:97:78:5B:6F:31:17:1E:F8:2E:31:BB:1D:06:E2:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91C7B15/FAF6FD7871E611E8996E2E64C4F9AE02/r7CNb36XeFtvMRce-C4xux0G4uM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/r7CNb36XeFtvMRce-C4xux0G4uM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91C7B15/FAF6FD7871E611E8996E2E64C4F9AE02/B4AF52545FAB11ED981A0452C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.108.228.0/24
                  103.108.231.0/24
                IPv6:
                  2402:7340:1::-2402:7340:3:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         63:56:ba:c2:c4:3c:90:15:99:27:e8:ec:e5:d0:26:6e:11:8f:
         1e:29:4f:cc:2a:87:d4:35:3f:f4:72:db:70:e5:da:f3:1b:51:
         3e:66:57:ed:9c:99:df:41:ba:9d:d6:a0:e2:9e:4e:81:f3:1b:
         af:70:04:c8:0d:37:64:0a:86:b8:b2:b5:ca:5d:39:f5:13:e4:
         03:ca:c3:2f:ce:b5:8a:7d:4c:dc:f4:c5:98:dd:db:d5:73:75:
         06:85:13:29:7c:9b:cc:b6:0c:ef:6b:94:f3:9a:ed:4e:64:c4:
         6b:f3:a3:fb:1c:08:0c:ed:69:d2:41:76:e9:f0:c6:9b:ca:24:
         48:05:19:b2:e8:59:48:45:d5:d9:1c:16:f1:3a:30:6f:d1:28:
         9d:6e:c7:ce:80:57:cc:92:c2:23:d0:e8:f1:c6:cc:cf:b0:f6:
         32:e5:ff:60:db:2f:3d:f0:22:97:db:58:7c:5c:ce:73:bd:9f:
         15:cc:b3:2c:d1:b7:b9:b1:3c:87:45:89:a7:dd:87:5c:00:b0:
         e3:b5:93:ae:f0:b6:85:b8:5f:e5:97:71:64:e3:17:67:e4:f3:
         3d:bf:4c:d2:0a:ab:41:f7:b2:c6:66:85:df:8d:17:44:20:d1:
         8e:07:00:58:6c:47:bc:05:c9:68:6f:c9:4e:27:3f:10:fd:da:
         38:ac:c3:1b
-----BEGIN CERTIFICATE-----
MIIFkzCCBHugAwIBAgICE5QwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QzdCMTUxMTAvBgNVBAUTKEFGQjA4RDZGN0U5Nzc4NUI2RjMxMTcxRUY4MkUzMUJC
MUQwNkUyRTMwHhcNMjQwNDA4MTc1NTMwWhcNMjUwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02NjE0MmY5MS1iMDcwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA3wPLEEJiIB2OayEatqN9QzHdPTYAVcjoUJNtalYCWJbKm1EWIEoCKnMh4GbK
URYkmQiFZKVKyXUBODUYo19i3xmMFviEMSi88h4O4Mo04Ndizfl0JCJ+uH1BVvw8
vBG8zrA4wp3YsF4KEh7iiOiH8UJA5xeCscoVn35lcp+bgtuj3iUEXA8j5ccqKNki
cEf21VC9XNQnTvuptKpC/F9ZWCnhL+9T84asUCqVgE+z7mxqBrINm/+TGDioAG6C
py1YnQ2ILAgHrdTo3BqieqXVjPChsDiVtUZZWikjxtwgfdPRN9FWfjGy7QXeVcLS
i/bLSvPO1k9xF7Eib50009GauwIDAQABo4ICtzCCArMwHQYDVR0OBBYEFBLBiRKP
xbAyo3T4ClsQvuIeORlGMB8GA1UdIwQYMBaAFK+wjW9+l3hbbzEXHvguMbsdBuLj
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDN0IxNS9GQUY2RkQ3ODcx
RTYxMUU4OTk2RTJFNjRDNEY5QUUwMi9yN0NOYjM2WGVGdHZNUmNlLUM0eHV4MEc0
dU0uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3I3Q05iMzZYZUZ0dk1SY2UtQzR4dXgwRzR1TS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QzdCMTUvRkFGNkZENzg3MUU2MTFFODk5NkUyRTY0QzRGOUFFMDIvQjRBRjUyNTQ1
RkFCMTFFRDk4MUEwNDUyQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwQQYIKwYBBQUHAQcBAf8E
MjAwMBIEAgABMAwDBABnbOQDBABnbOcwGgQCAAIwFDASAwcAJAJzQAABAwcCJAJz
QAAAMA0GCSqGSIb3DQEBCwUAA4IBAQBjVrrCxDyQFZkn6Ozl0CZuEY8eKU/MKofU
NT/0cttw5drzG1E+ZlftnJnfQbqd1qDink6B8xuvcATIDTdkCoa4srXKXTn1E+QD
ysMvzrWKfUzc9MWY3dvVc3UGhRMpfJvMtgzva5Tzmu1OZMRr86P7HAgM7WnSQXbp
8MabyiRIBRmy6FlIRdXZHBbxOjBv0SidbsfOgFfMksIj0OjxxszPsPYy5f9g2y89
8CKX21h8XM5zvZ8VzLMs0be5sTyHRYmn3YdcALDjtZOu8LaFuF/ll3Fk4xdn5PM9
v0zSCqtB97LGZoXfjRdEINGOBwBYbEe8Bclob8lOJz8Q/do4rMMb
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:06:25 2024 by rpki-client on console-ams.rpki-client.org