Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91D1691/5AFC2692652B11E597A86881C4F9AE02/3D356A62C22811EDB97C851AC4F9AE02.roa
File:                     3D356A62C22811EDB97C851AC4F9AE02.roa (raw, json)
Hash identifier:          DLKErwZGz5V2rKR1mljoj+YWBLxlX/WjA/Zpj2rZHbk=
Subject key identifier:   47:49:B0:02:E4:D3:6E:06:F0:C4:F5:F6:45:E8:44:06:AD:07:94:D6
Certificate issuer:       /CN=A91D1691/serialNumber=7AC0C00F0FCA479EE465E4F7F545E8C94993D61C
Certificate serial:       22F0
Authority key identifier: 7A:C0:C0:0F:0F:CA:47:9E:E4:65:E4:F7:F5:45:E8:C9:49:93:D6:1C
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/esDADw_KR57kZeT39UXoyUmT1hw.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91D1691/5AFC2692652B11E597A86881C4F9AE02/3D356A62C22811EDB97C851AC4F9AE02.roa
Signing time:             Fri 22 Sep 2023 08:09:34 +0000
ROA not before:           Fri 22 Sep 2023 08:09:34 +0000
ROA not after:            Thu 31 Oct 2024 00:00:00 +0000
asID:                     45352
IP address blocks:        14.102.144.0/22 maxlen: 24
                          14.102.148.0/24 maxlen: 24
                          14.102.149.0/24 maxlen: 24
                          14.102.150.0/24 maxlen: 24
                          14.102.151.0/24 maxlen: 24
                          14.192.65.0/24 maxlen: 24
                          43.252.152.0/23 maxlen: 23
                          43.252.154.0/23 maxlen: 23
                          43.252.154.0/24 maxlen: 24
                          43.252.155.0/24 maxlen: 24
                          45.64.168.0/22 maxlen: 22
                          45.64.168.0/23 maxlen: 23
                          45.64.168.0/24 maxlen: 24
                          45.64.169.0/24 maxlen: 24
                          45.64.170.0/24 maxlen: 24
                          45.64.171.0/24 maxlen: 24
                          58.84.8.0/22 maxlen: 22
                          103.3.172.0/24 maxlen: 24
                          103.3.173.0/24 maxlen: 24
                          103.3.174.0/23 maxlen: 24
                          103.10.156.0/23 maxlen: 24
                          103.10.158.0/23 maxlen: 24
                          118.107.200.0/21 maxlen: 24
                          118.107.208.0/24 maxlen: 24
                          118.107.209.0/24 maxlen: 24
                          118.107.210.0/24 maxlen: 24
                          118.107.211.0/24 maxlen: 24
                          118.107.232.0/24 maxlen: 24
                          118.107.233.0/24 maxlen: 24
                          118.107.234.0/23 maxlen: 23
                          118.107.235.0/24 maxlen: 24
                          118.107.236.0/24 maxlen: 24
                          118.107.237.0/24 maxlen: 24
                          118.107.238.0/24 maxlen: 24
                          118.107.239.0/24 maxlen: 24
                          118.107.240.0/24 maxlen: 24
                          118.107.241.0/24 maxlen: 24
                          118.107.242.0/24 maxlen: 24
                          118.107.243.0/24 maxlen: 24
                          183.81.160.0/21 maxlen: 24
                          192.82.56.0/21 maxlen: 21
                          192.82.56.0/24 maxlen: 24
                          192.82.57.0/24 maxlen: 24
                          192.82.58.0/24 maxlen: 24
                          192.82.59.0/24 maxlen: 24
                          192.82.60.0/24 maxlen: 24
                          192.82.61.0/24 maxlen: 24
                          192.82.62.0/24 maxlen: 24
                          192.82.63.0/24 maxlen: 24
                          210.5.40.0/22 maxlen: 24
                          210.5.44.0/22 maxlen: 24
                          2401:3400::/32 maxlen: 48

Validation:               Failed, certificate revoked on Mon 20 Nov 2023 08:56:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 8944 (0x22f0)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91D1691/serialNumber=7AC0C00F0FCA479EE465E4F7F545E8C94993D61C
        Validity
            Not Before: Sep 22 08:09:34 2023 GMT
            Not After : Oct 31 00:00:00 2024 GMT
        Subject: CN=650d4bbe-af5f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fb:09:76:97:17:13:e2:91:b6:76:3c:e9:cf:9c:
                    36:a5:7f:cc:6d:a1:67:83:b1:5a:86:7a:07:6d:f7:
                    ea:f9:86:19:7a:53:93:1c:12:b5:66:9c:e0:ab:31:
                    c8:82:d7:aa:8a:6a:9e:06:00:7d:f3:c2:d1:da:93:
                    14:0c:e8:c9:4a:5c:12:21:cb:3f:2c:3d:c5:00:ce:
                    95:8c:64:f3:c3:7c:fd:b7:f3:2d:55:7d:37:c9:b7:
                    a0:5b:2d:9a:a4:b6:d8:22:28:a3:d7:6a:23:b9:13:
                    78:0d:c6:3b:ce:e0:30:d3:26:33:59:53:d9:b5:51:
                    2e:65:ac:4e:52:1f:78:bc:ea:28:b5:a3:0d:88:a0:
                    00:25:66:74:d7:be:6d:fc:8a:ef:7f:a4:01:f1:fd:
                    a3:b1:20:1e:09:72:97:8b:4f:6c:48:f4:3d:6a:0a:
                    ad:34:43:31:11:55:f9:8a:93:f3:2a:55:84:d4:a6:
                    8d:c2:d4:1a:5a:b9:1f:ac:c7:b8:72:98:d0:b6:f2:
                    6d:d5:7e:bf:72:9f:bd:86:80:0c:c0:b3:90:01:a1:
                    5c:e5:b9:a4:e4:da:01:64:97:79:b9:98:39:b6:ec:
                    bc:0b:20:0c:50:a4:af:5f:99:47:1b:df:76:e8:66:
                    11:16:f3:e5:5e:94:92:5a:b3:03:1b:59:54:9f:09:
                    b2:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:49:B0:02:E4:D3:6E:06:F0:C4:F5:F6:45:E8:44:06:AD:07:94:D6
            X509v3 Authority Key Identifier:
                keyid:7A:C0:C0:0F:0F:CA:47:9E:E4:65:E4:F7:F5:45:E8:C9:49:93:D6:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91D1691/5AFC2692652B11E597A86881C4F9AE02/esDADw_KR57kZeT39UXoyUmT1hw.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/esDADw_KR57kZeT39UXoyUmT1hw.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91D1691/5AFC2692652B11E597A86881C4F9AE02/3D356A62C22811EDB97C851AC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  14.102.144.0/21
                  14.192.65.0/24
                  43.252.152.0/22
                  45.64.168.0/22
                  58.84.8.0/22
                  103.3.172.0/22
                  103.10.156.0/22
                  118.107.200.0-118.107.211.255
                  118.107.232.0-118.107.243.255
                  183.81.160.0/21
                  192.82.56.0/21
                  210.5.40.0/21
                IPv6:
                  2401:3400::/32

    Signature Algorithm: sha256WithRSAEncryption
         09:e8:93:2d:76:12:d0:fb:41:30:fc:39:fe:91:6b:5b:3b:ed:
         22:22:d8:a9:85:b6:52:76:56:47:bd:9c:c9:62:d4:56:dd:23:
         32:c5:d8:c6:e3:54:e9:92:97:2d:a0:42:3f:49:d3:6f:d2:18:
         6d:73:dd:85:27:86:68:c1:b1:be:1d:57:22:51:aa:84:52:94:
         c6:ce:aa:2a:69:12:a1:52:c2:83:80:42:ea:4b:b0:66:20:2a:
         4f:a6:26:bd:e8:15:17:c5:f7:09:13:31:01:2a:74:4a:cc:89:
         a6:49:97:56:55:8c:eb:61:8a:30:28:fa:0a:16:1c:fa:d6:06:
         6c:24:ee:f8:cd:15:42:c6:ba:a2:75:6d:5a:92:73:f8:ef:bc:
         75:4d:6f:1f:b6:dc:a4:1b:21:ce:9e:ca:cb:35:00:77:57:71:
         55:ee:4e:eb:fe:45:e6:76:bf:41:52:52:7f:2e:26:61:b5:6a:
         7b:dc:7a:5b:a6:89:94:84:8f:0b:ce:1f:92:d1:13:cd:f8:14:
         bc:34:3a:ad:df:06:95:d8:9d:5f:76:1d:9a:37:f6:f2:59:b6:
         b3:18:71:48:49:a5:d5:e2:51:61:79:de:aa:e4:4e:91:8a:04:
         c5:d6:22:51:65:62:8b:5d:00:35:b8:92:7f:61:fb:e4:37:31:
         6c:86:b6:c1
-----BEGIN CERTIFICATE-----
MIIF0zCCBLugAwIBAgICIvAwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RDE2OTExMTAvBgNVBAUTKDdBQzBDMDBGMEZDQTQ3OUVFNDY1RTRGN0Y1NDVFOEM5
NDk5M0Q2MUMwHhcNMjMwOTIyMDgwOTM0WhcNMjQxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTBkNGJiZS1hZjVmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA+wl2lxcT4pG2djzpz5w2pX/MbaFng7FahnoHbffq+YYZelOTHBK1ZpzgqzHI
gteqimqeBgB988LR2pMUDOjJSlwSIcs/LD3FAM6VjGTzw3z9t/MtVX03ybegWy2a
pLbYIiij12ojuRN4DcY7zuAw0yYzWVPZtVEuZaxOUh94vOootaMNiKAAJWZ0175t
/Irvf6QB8f2jsSAeCXKXi09sSPQ9agqtNEMxEVX5ipPzKlWE1KaNwtQaWrkfrMe4
cpjQtvJt1X6/cp+9hoAMwLOQAaFc5bmk5NoBZJd5uZg5tuy8CyAMUKSvX5lHG992
6GYRFvPlXpSSWrMDG1lUnwmy2wIDAQABo4IC9zCCAvMwHQYDVR0OBBYEFEdJsALk
024G8MT19kXoRAatB5TWMB8GA1UdIwQYMBaAFHrAwA8Pykee5GXk9/VF6MlJk9Yc
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFEMTY5MS81QUZDMjY5MjY1
MkIxMUU1OTdBODY4ODFDNEY5QUUwMi9lc0RBRHdfS1I1N2taZVQzOVVYb3lVbVQx
aHcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2VzREFEd19LUjU3a1plVDM5VVhveVVtVDFody5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RDE2OTEvNUFGQzI2OTI2NTJCMTFFNTk3QTg2ODgxQzRGOUFFMDIvM0QzNTZBNjJD
MjI4MTFFREI5N0M4NTFBQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgYAGCCsGAQUFBwEHAQH/
BHEwbzBeBAIAATBYAwQDDmaQAwQADsBBAwQCK/yYAwQCLUCoAwQCOlQIAwQCZwOs
AwQCZwqcMAwDBAN2a8gDBAJ2a9AwDAMEA3Zr6AMEAnZr8AMEA7dRoAMEA8BSOAME
A9IFKDANBAIAAjAHAwUAJAE0ADANBgkqhkiG9w0BAQsFAAOCAQEACeiTLXYS0PtB
MPw5/pFrWzvtIiLYqYW2UnZWR72cyWLUVt0jMsXYxuNU6ZKXLaBCP0nTb9IYbXPd
hSeGaMGxvh1XIlGqhFKUxs6qKmkSoVLCg4BC6kuwZiAqT6YmvegVF8X3CRMxASp0
SsyJpkmXVlWM62GKMCj6ChYc+tYGbCTu+M0VQsa6onVtWpJz+O+8dU1vH7bcpBsh
zp7KyzUAd1dxVe5O6/5F5na/QVJSfy4mYbVqe9x6W6aJlISPC84fktETzfgUvDQ6
rd8GldidX3Ydmjf28lm2sxhxSEml1eJRYXnequROkYoExdYiUWVii10ANbiSf2H7
5DcxbIa2wQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:41 2024 by rpki-client on console-fra.rpki-client.org