Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91CEAE0/AEF63760196811EF8FF7BE6FC4F9AE02/3BEB4F96197011EF9CB16228C4F9AE02.roa
File:                     3BEB4F96197011EF9CB16228C4F9AE02.roa (raw, json)
Hash identifier:          m5n2HvkdBqUyAnLtJwL2Uo/C7qXkt/hBmr5XJucfZNE=
Subject key identifier:   51:07:01:F5:AB:EA:72:3A:EA:4C:BC:2B:5E:AD:F2:95:B0:62:51:9D
Certificate issuer:       /CN=A91CEAE0/serialNumber=9DF4FEDFF92A9E7F6E02BFC054AD339853D9DD32
Certificate serial:       02
Authority key identifier: 9D:F4:FE:DF:F9:2A:9E:7F:6E:02:BF:C0:54:AD:33:98:53:D9:DD:32
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/nfT-3_kqnn9uAr_AVK0zmFPZ3TI.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91CEAE0/AEF63760196811EF8FF7BE6FC4F9AE02/3BEB4F96197011EF9CB16228C4F9AE02.roa
Signing time:             Fri 24 May 2024 01:52:11 +0000
ROA not before:           Fri 24 May 2024 01:52:11 +0000
ROA not after:            Sun 31 Aug 2025 00:00:00 +0000
asID:                     152878
IP address blocks:        160.20.142.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 24 May 2024 11:18:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91CEAE0/serialNumber=9DF4FEDFF92A9E7F6E02BFC054AD339853D9DD32
        Validity
            Not Before: May 24 01:52:11 2024 GMT
            Not After : Aug 31 00:00:00 2025 GMT
        Subject: CN=664ff2ca-8e6c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:e0:29:91:e8:ed:6a:1e:21:6c:35:d9:c6:ef:
                    a9:0c:9b:bd:6f:36:d8:84:04:c7:85:5e:a0:9f:63:
                    35:83:53:a5:c8:cc:da:ad:5e:1e:a1:32:48:40:b2:
                    88:ce:ee:80:61:1d:33:f0:52:e5:cd:2c:48:34:1b:
                    86:0d:16:d4:99:43:4e:08:5e:1c:00:00:78:35:d8:
                    2f:87:bc:eb:8c:9e:84:f1:ea:c5:d8:07:ad:08:dd:
                    bc:aa:87:86:a9:e4:02:d6:87:25:6d:12:e2:5a:5d:
                    1e:5f:bc:e2:8c:93:9b:8f:e1:50:27:fa:5f:44:c6:
                    6c:b3:3d:ca:ff:89:39:fa:c1:cf:42:ea:02:8d:86:
                    3c:20:c4:d9:23:28:5b:8a:6f:0b:b2:f2:fa:e2:5e:
                    89:c9:46:e5:0e:15:80:23:93:1c:09:08:6e:5c:0d:
                    40:ae:25:de:79:b9:c6:b4:1b:99:fe:9f:1d:2c:f5:
                    56:06:42:5a:8e:bd:ea:2d:21:8e:6b:4a:ed:9b:cd:
                    d0:7b:4e:89:26:2d:47:91:ab:5b:be:15:77:fa:60:
                    59:e3:64:09:53:f6:a8:a7:ca:ed:14:f0:6b:b5:66:
                    85:ab:63:da:6d:93:7a:a6:56:80:5d:d2:58:81:86:
                    a2:c4:fc:c0:6c:09:48:e5:1f:bc:51:98:60:df:6c:
                    bc:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:07:01:F5:AB:EA:72:3A:EA:4C:BC:2B:5E:AD:F2:95:B0:62:51:9D
            X509v3 Authority Key Identifier:
                keyid:9D:F4:FE:DF:F9:2A:9E:7F:6E:02:BF:C0:54:AD:33:98:53:D9:DD:32

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91CEAE0/AEF63760196811EF8FF7BE6FC4F9AE02/nfT-3_kqnn9uAr_AVK0zmFPZ3TI.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/nfT-3_kqnn9uAr_AVK0zmFPZ3TI.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91CEAE0/AEF63760196811EF8FF7BE6FC4F9AE02/3BEB4F96197011EF9CB16228C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.20.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:4b:95:1b:c2:fc:93:3e:11:d6:71:0b:73:88:ce:31:45:4d:
         52:ed:62:f8:9b:56:6e:26:e6:96:57:ff:6e:f9:be:b9:b1:0c:
         e9:7d:1f:83:88:8b:e2:9c:f6:f4:40:88:3c:c7:08:85:7b:ee:
         6d:91:c7:df:20:75:ac:f6:5f:dc:67:d2:c2:76:3a:b5:89:e1:
         74:d9:30:5e:bf:e5:c4:3c:13:54:92:d3:9d:b7:da:66:29:3b:
         2e:0c:1f:c2:62:c2:39:dc:ae:92:77:d0:89:a2:03:27:42:88:
         0f:8f:c4:e0:5a:af:eb:57:de:40:80:ee:6b:6f:b0:d5:9c:cd:
         bf:3c:8f:f0:30:48:e3:89:8d:2e:8c:b7:76:1a:fa:7d:52:93:
         6a:82:13:4a:95:7b:bc:df:92:9f:fb:bf:36:e7:9b:92:ad:c6:
         35:a9:fe:26:86:71:b9:75:d1:c0:1f:ed:4a:6f:ff:a6:ab:5a:
         9f:20:3f:2f:6e:39:a3:77:1f:ab:e3:f7:5e:09:a7:ed:52:71:
         70:b9:58:e6:ad:ab:e9:1b:17:32:8f:2b:4b:d5:8e:bb:72:b2:
         d7:98:9d:73:fa:04:28:4c:7e:fc:10:e2:ca:9a:f7:02:d8:bb:
         cc:3c:07:6a:c7:49:e2:7f:80:bb:fd:6a:3b:08:43:0b:8f:45:
         d2:4c:80:b3
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgIBAjANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFD
RUFFMDExMC8GA1UEBRMoOURGNEZFREZGOTJBOUU3RjZFMDJCRkMwNTRBRDMzOTg1
M0Q5REQzMjAeFw0yNDA1MjQwMTUyMTFaFw0yNTA4MzEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY2NGZmMmNhLThlNmMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDR4CmR6O1qHiFsNdnG76kMm71vNtiEBMeFXqCfYzWDU6XIzNqtXh6hMkhAsojO
7oBhHTPwUuXNLEg0G4YNFtSZQ04IXhwAAHg12C+HvOuMnoTx6sXYB60I3byqh4ap
5ALWhyVtEuJaXR5fvOKMk5uP4VAn+l9ExmyzPcr/iTn6wc9C6gKNhjwgxNkjKFuK
bwuy8vriXonJRuUOFYAjkxwJCG5cDUCuJd55uca0G5n+nx0s9VYGQlqOveotIY5r
Su2bzdB7TokmLUeRq1u+FXf6YFnjZAlT9qinyu0U8Gu1ZoWrY9ptk3qmVoBd0liB
hqLE/MBsCUjlH7xRmGDfbLyxAgMBAAGjggKVMIICkTAdBgNVHQ4EFgQUUQcB9avq
cjrqTLwrXq3ylbBiUZ0wHwYDVR0jBBgwFoAUnfT+3/kqnn9uAr/AVK0zmFPZ3TIw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUNFQUUwL0FFRjYzNzYwMTk2
ODExRUY4RkY3QkU2RkM0RjlBRTAyL25mVC0zX2txbm45dUFyX0FWSzB6bUZQWjNU
SS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRGMjAxRDY2MTFFMjhBQzg4MzdDNzJG
RDFGRjIvbmZULTNfa3Fubjl1QXJfQVZLMHptRlBaM1RJLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFD
RUFFMC9BRUY2Mzc2MDE5NjgxMUVGOEZGN0JFNkZDNEY5QUUwMi8zQkVCNEY5NjE5
NzAxMUVGOUNCMTYyMjhDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEAKAUjjANBgkqhkiG9w0BAQsFAAOCAQEAeEuVG8L8kz4R1nEL
c4jOMUVNUu1i+JtWbibmllf/bvm+ubEM6X0fg4iL4pz29ECIPMcIhXvubZHH3yB1
rPZf3GfSwnY6tYnhdNkwXr/lxDwTVJLTnbfaZik7LgwfwmLCOdyuknfQiaIDJ0KI
D4/E4Fqv61feQIDua2+w1ZzNvzyP8DBI44mNLoy3dhr6fVKTaoITSpV7vN+Sn/u/
Nuebkq3GNan+JoZxuXXRwB/tSm//pqtanyA/L245o3cfq+P3Xgmn7VJxcLlY5q2r
6RsXMo8rS9WOu3Ky15idc/oEKEx+/BDiypr3Ati7zDwHasdJ4n+Au/1qOwhDC49F
0kyAsw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:41 2024 by rpki-client on console-fra.rpki-client.org