Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91CEAE0/AEF63760196811EF8FF7BE6FC4F9AE02/E8B8FA2219BE11EF92D20156C4F9AE02.roa
File:                     E8B8FA2219BE11EF92D20156C4F9AE02.roa (raw, json)
Hash identifier:          ZPrScMAlNCW6gg+9R0pZ2to9haVa5jxx3vXvy8pMJCc=
Subject key identifier:   12:75:67:7E:78:E5:26:67:48:42:EA:60:F4:19:A0:41:AF:6C:68:8E
Certificate issuer:       /CN=A91CEAE0/serialNumber=9DF4FEDFF92A9E7F6E02BFC054AD339853D9DD32
Certificate serial:       04
Authority key identifier: 9D:F4:FE:DF:F9:2A:9E:7F:6E:02:BF:C0:54:AD:33:98:53:D9:DD:32
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/nfT-3_kqnn9uAr_AVK0zmFPZ3TI.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91CEAE0/AEF63760196811EF8FF7BE6FC4F9AE02/E8B8FA2219BE11EF92D20156C4F9AE02.roa
Signing time:             Fri 24 May 2024 11:15:21 +0000
ROA not before:           Fri 24 May 2024 11:15:21 +0000
ROA not after:            Sun 31 Aug 2025 00:00:00 +0000
asID:                     216178
IP address blocks:        160.20.142.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Sat 01 Jun 2024 11:21:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4 (0x4)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91CEAE0/serialNumber=9DF4FEDFF92A9E7F6E02BFC054AD339853D9DD32
        Validity
            Not Before: May 24 11:15:21 2024 GMT
            Not After : Aug 31 00:00:00 2025 GMT
        Subject: CN=665076c9-a9ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:9a:0c:fa:5c:e4:a2:cf:ac:7d:39:63:a6:85:
                    53:c3:f5:88:1f:e4:ed:56:37:92:e2:c9:3b:e1:0b:
                    78:7c:35:fa:e4:9a:5a:a6:88:a8:6f:b0:d4:a3:8c:
                    40:fa:ee:fa:3e:fb:55:ae:25:2e:f6:70:9f:2f:fa:
                    28:16:40:2c:aa:46:64:6d:d5:18:db:78:1a:e2:18:
                    5e:cb:55:3c:4a:19:1f:47:ab:73:39:b1:49:36:5b:
                    aa:e8:18:d0:55:a5:cf:c2:c6:ff:60:0a:02:ab:92:
                    66:dd:a6:53:37:9d:59:f1:03:e8:d9:21:7d:36:47:
                    38:ba:dd:38:74:31:64:2a:36:13:e8:d5:58:e9:0d:
                    d9:68:00:f6:8c:46:e3:fe:5f:56:0a:74:6d:c1:35:
                    17:aa:45:c3:4f:26:5b:72:a6:db:e7:90:51:67:cd:
                    7c:89:4e:6b:3d:f1:06:dd:65:d8:9b:ae:85:32:fa:
                    c1:52:ca:06:33:f2:f3:9f:8d:f3:e4:87:f4:67:94:
                    37:4a:dd:ef:de:f6:22:41:03:c6:ce:5a:cd:aa:e3:
                    d1:a2:99:50:0d:f4:3c:30:4c:29:02:02:7b:eb:48:
                    d9:cb:ef:66:81:f0:50:dc:16:3c:96:a7:39:73:63:
                    86:df:19:62:d6:a7:6a:06:40:8f:9b:ce:72:bd:7a:
                    76:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                12:75:67:7E:78:E5:26:67:48:42:EA:60:F4:19:A0:41:AF:6C:68:8E
            X509v3 Authority Key Identifier:
                keyid:9D:F4:FE:DF:F9:2A:9E:7F:6E:02:BF:C0:54:AD:33:98:53:D9:DD:32

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91CEAE0/AEF63760196811EF8FF7BE6FC4F9AE02/nfT-3_kqnn9uAr_AVK0zmFPZ3TI.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/nfT-3_kqnn9uAr_AVK0zmFPZ3TI.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91CEAE0/AEF63760196811EF8FF7BE6FC4F9AE02/E8B8FA2219BE11EF92D20156C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.20.142.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a7:d4:40:65:82:ea:a4:ed:3f:bb:c8:d2:91:30:a9:3b:5e:2c:
         c4:30:e2:3d:cc:f6:58:7c:c2:8b:cb:df:a5:4a:b4:08:ee:ec:
         95:93:ad:0a:3f:de:b6:a9:10:38:5b:d3:40:ed:cd:cc:53:a8:
         08:25:cb:df:a7:77:3c:10:2e:e3:69:dc:cf:ce:19:1f:41:f1:
         81:62:66:bc:90:db:fb:fa:7e:4a:d7:2d:71:e4:01:ef:86:8c:
         dc:ac:1b:2b:12:72:45:ea:32:c4:48:e9:9b:ba:8f:bf:34:24:
         fe:58:8c:28:72:f1:70:60:5b:8f:a0:18:a2:b7:9d:c6:86:94:
         83:aa:ab:b9:f2:7b:ac:b9:a3:1e:56:c2:e8:37:6e:31:b8:ec:
         af:8e:a8:7f:96:6e:6e:39:3c:5e:d3:13:bc:cb:29:26:92:62:
         bb:61:34:8b:a3:c4:88:d7:57:f2:da:0a:b7:b8:c1:67:95:c5:
         f8:c3:c4:e9:c0:8c:06:a2:ff:4b:8f:7d:a7:3b:75:07:7a:8d:
         ac:57:7d:1e:1a:03:a6:5a:1a:80:c2:4e:a9:d9:4b:59:94:e9:
         f1:35:b9:10:d9:45:fe:6e:4b:3d:d5:0b:98:23:bd:f0:da:a1:
         24:cc:77:09:9d:84:8c:c9:67:35:6d:4f:3a:94:be:eb:47:f1:
         bb:65:58:f5
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgIBBDANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFD
RUFFMDExMC8GA1UEBRMoOURGNEZFREZGOTJBOUU3RjZFMDJCRkMwNTRBRDMzOTg1
M0Q5REQzMjAeFw0yNDA1MjQxMTE1MjFaFw0yNTA4MzEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY2NTA3NmM5LWE5ZWYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDMmgz6XOSiz6x9OWOmhVPD9Ygf5O1WN5LiyTvhC3h8NfrkmlqmiKhvsNSjjED6
7vo++1WuJS72cJ8v+igWQCyqRmRt1RjbeBriGF7LVTxKGR9Hq3M5sUk2W6roGNBV
pc/Cxv9gCgKrkmbdplM3nVnxA+jZIX02Rzi63Th0MWQqNhPo1VjpDdloAPaMRuP+
X1YKdG3BNReqRcNPJltyptvnkFFnzXyJTms98QbdZdibroUy+sFSygYz8vOfjfPk
h/RnlDdK3e/e9iJBA8bOWs2q49GimVAN9DwwTCkCAnvrSNnL72aB8FDcFjyWpzlz
Y4bfGWLWp2oGQI+bznK9enbbAgMBAAGjggKVMIICkTAdBgNVHQ4EFgQUEnVnfnjl
JmdIQupg9BmgQa9saI4wHwYDVR0jBBgwFoAUnfT+3/kqnn9uAr/AVK0zmFPZ3TIw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUNFQUUwL0FFRjYzNzYwMTk2
ODExRUY4RkY3QkU2RkM0RjlBRTAyL25mVC0zX2txbm45dUFyX0FWSzB6bUZQWjNU
SS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRGMjAxRDY2MTFFMjhBQzg4MzdDNzJG
RDFGRjIvbmZULTNfa3Fubjl1QXJfQVZLMHptRlBaM1RJLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFD
RUFFMC9BRUY2Mzc2MDE5NjgxMUVGOEZGN0JFNkZDNEY5QUUwMi9FOEI4RkEyMjE5
QkUxMUVGOTJEMjAxNTZDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEAKAUjjANBgkqhkiG9w0BAQsFAAOCAQEAp9RAZYLqpO0/u8jS
kTCpO14sxDDiPcz2WHzCi8vfpUq0CO7slZOtCj/etqkQOFvTQO3NzFOoCCXL36d3
PBAu42ncz84ZH0HxgWJmvJDb+/p+StctceQB74aM3KwbKxJyReoyxEjpm7qPvzQk
/liMKHLxcGBbj6AYoredxoaUg6qrufJ7rLmjHlbC6DduMbjsr46of5Zubjk8XtMT
vMspJpJiu2E0i6PEiNdX8toKt7jBZ5XF+MPE6cCMBqL/S499pzt1B3qNrFd9HhoD
ploagMJOqdlLWZTp8TW5ENlF/m5LPdULmCO98NqhJMx3CZ2EjMlnNW1POpS+60fx
u2VY9Q==
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:41 2024 by rpki-client on console-fra.rpki-client.org