Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91D4345/EC78CDDA053811EAB5897668C4F9AE02/67CCBA008BFA11EDA3542A22C4F9AE02.roa
File:                     67CCBA008BFA11EDA3542A22C4F9AE02.roa (raw, json)
Hash identifier:          mDfh4z0mGD2o/oVJurMrL4zfKnLskdKnuptJO6ep5vU=
Subject key identifier:   24:9D:04:F4:4C:2A:30:14:D9:CC:D5:D3:53:23:DF:94:79:5C:69:6F
Certificate issuer:       /CN=A91D4345/serialNumber=E537D0C348FD7DC49F5FC3B0066A31C584FAE1AB
Certificate serial:       0B44
Authority key identifier: E5:37:D0:C3:48:FD:7D:C4:9F:5F:C3:B0:06:6A:31:C5:84:FA:E1:AB
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/5TfQw0j9fcSfX8OwBmoxxYT64as.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91D4345/EC78CDDA053811EAB5897668C4F9AE02/67CCBA008BFA11EDA3542A22C4F9AE02.roa
Signing time:             Fri 22 Dec 2023 19:26:51 +0000
ROA not before:           Fri 22 Dec 2023 19:26:51 +0000
ROA not after:            Sun 02 Mar 2025 00:00:00 +0000
asID:                     17471
IP address blocks:        103.7.112.0/22 maxlen: 24
                          122.99.96.0/21 maxlen: 24
                          202.125.64.0/20 maxlen: 24
                          203.83.160.0/19 maxlen: 24
                          203.191.32.0/23 maxlen: 24
                          2407:f040::/32 maxlen: 34

Validation:               Failed, certificate revoked on Mon 08 Jan 2024 11:06:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2884 (0xb44)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91D4345/serialNumber=E537D0C348FD7DC49F5FC3B0066A31C584FAE1AB
        Validity
            Not Before: Dec 22 19:26:51 2023 GMT
            Not After : Mar  2 00:00:00 2025 GMT
        Subject: CN=6585e2fa-304e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9f:48:88:84:39:96:73:ce:d6:df:0c:60:cc:52:
                    5a:76:bb:a6:de:63:ee:02:bf:1f:a4:dd:ef:3f:c7:
                    e2:a9:89:d1:a4:03:2d:c3:8f:8e:47:b1:03:99:c2:
                    05:bb:20:5d:cd:7f:00:2d:b1:15:b7:81:0d:a5:8e:
                    29:77:7c:51:9b:71:d2:ee:02:a2:92:a7:6e:2d:ec:
                    28:14:38:16:75:6d:61:ed:04:e0:19:36:3a:dd:ec:
                    7c:a4:f0:c6:88:40:e7:4e:c5:26:b1:34:20:cf:01:
                    08:b4:57:73:94:cc:d8:7d:f8:1e:f5:05:8a:cf:5c:
                    5c:48:11:2a:57:c7:be:62:dc:71:e6:58:e0:82:e7:
                    82:73:c7:3f:db:1b:12:7f:78:48:e5:cf:a1:25:29:
                    d2:bd:9b:ba:f3:70:b5:c7:2d:68:73:f4:cb:ec:87:
                    3a:24:3c:05:17:17:bf:ca:a7:45:cb:5e:2d:60:35:
                    45:b1:a6:0c:85:59:18:61:0c:e9:e9:ea:8a:72:d9:
                    b7:c0:a2:8e:70:6d:8b:58:f9:36:b6:20:02:9b:d5:
                    6e:01:62:c0:1d:b5:01:53:16:da:11:af:81:24:0e:
                    06:d8:00:de:a9:c6:39:fc:92:8c:8f:f8:fa:3e:2a:
                    57:39:05:3d:48:13:e8:15:22:70:ff:7d:67:6b:83:
                    7e:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:9D:04:F4:4C:2A:30:14:D9:CC:D5:D3:53:23:DF:94:79:5C:69:6F
            X509v3 Authority Key Identifier:
                keyid:E5:37:D0:C3:48:FD:7D:C4:9F:5F:C3:B0:06:6A:31:C5:84:FA:E1:AB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91D4345/EC78CDDA053811EAB5897668C4F9AE02/5TfQw0j9fcSfX8OwBmoxxYT64as.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/5TfQw0j9fcSfX8OwBmoxxYT64as.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91D4345/EC78CDDA053811EAB5897668C4F9AE02/67CCBA008BFA11EDA3542A22C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.7.112.0/22
                  122.99.96.0/21
                  202.125.64.0/20
                  203.83.160.0/19
                  203.191.32.0/23
                IPv6:
                  2407:f040::/32

    Signature Algorithm: sha256WithRSAEncryption
         73:41:af:6e:93:6f:c2:7f:53:a7:d2:f2:64:fe:0f:f7:f4:17:
         9d:11:cf:24:38:99:2b:56:e4:74:d3:3a:b2:4d:64:bd:b8:a0:
         d0:23:5e:d0:58:22:8b:df:11:3b:93:24:2c:8d:3c:40:67:ab:
         d4:ac:80:b4:78:b1:30:30:78:01:d5:9d:2f:5f:e1:8d:1e:ce:
         1a:12:a5:b3:65:5a:3a:8c:98:10:fe:b6:d9:96:74:df:49:56:
         39:0e:ce:79:c3:0d:ce:d3:82:2b:be:55:86:ee:9e:fa:34:e3:
         b3:87:0b:0e:be:3f:a6:2d:f3:e2:59:71:c9:ac:a1:b2:f0:2b:
         de:19:e5:73:cf:be:36:bf:8b:5e:be:de:df:11:b3:b8:42:2f:
         7e:b1:70:26:9d:55:10:98:95:4b:cf:4e:bd:bc:bd:2a:02:bc:
         16:d7:b7:d8:53:24:29:bc:5a:04:27:da:31:5c:ea:29:a0:1e:
         d6:1b:db:de:37:c6:f0:f3:cd:bf:bb:7b:62:89:25:69:50:88:
         9b:59:bc:70:96:ab:67:42:9d:02:06:03:80:2c:f1:f9:1a:a9:
         d7:59:bb:89:eb:03:6d:5b:a1:af:ef:7e:72:82:bb:07:03:50:
         46:7f:75:44:fb:78:de:8c:9b:b7:8f:34:b3:57:90:e7:06:1f:
         59:b0:f5:a8
-----BEGIN CERTIFICATE-----
MIIFmDCCBICgAwIBAgICC0QwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RDQzNDUxMTAvBgNVBAUTKEU1MzdEMEMzNDhGRDdEQzQ5RjVGQzNCMDA2NkEzMUM1
ODRGQUUxQUIwHhcNMjMxMjIyMTkyNjUxWhcNMjUwMzAyMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTg1ZTJmYS0zMDRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAn0iIhDmWc87W3wxgzFJadrum3mPuAr8fpN3vP8fiqYnRpAMtw4+OR7EDmcIF
uyBdzX8ALbEVt4ENpY4pd3xRm3HS7gKikqduLewoFDgWdW1h7QTgGTY63ex8pPDG
iEDnTsUmsTQgzwEItFdzlMzYffge9QWKz1xcSBEqV8e+Ytxx5ljggueCc8c/2xsS
f3hI5c+hJSnSvZu683C1xy1oc/TL7Ic6JDwFFxe/yqdFy14tYDVFsaYMhVkYYQzp
6eqKctm3wKKOcG2LWPk2tiACm9VuAWLAHbUBUxbaEa+BJA4G2ADeqcY5/JKMj/j6
PipXOQU9SBPoFSJw/31na4N+awIDAQABo4ICvDCCArgwHQYDVR0OBBYEFCSdBPRM
KjAU2czV01Mj35R5XGlvMB8GA1UdIwQYMBaAFOU30MNI/X3En1/DsAZqMcWE+uGr
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFENDM0NS9FQzc4Q0REQTA1
MzgxMUVBQjU4OTc2NjhDNEY5QUUwMi81VGZRdzBqOWZjU2ZYOE93Qm1veHhZVDY0
YXMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzVUZlF3MGo5ZmNTZlg4T3dCbW94eFlUNjRhcy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RDQzNDUvRUM3OENEREEwNTM4MTFFQUI1ODk3NjY4QzRGOUFFMDIvNjdDQ0JBMDA4
QkZBMTFFREEzNTQyQTIyQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwRgYIKwYBBQUHAQcBAf8E
NzA1MCQEAgABMB4DBAJnB3ADBAN6Y2ADBATKfUADBAXLU6ADBAHLvyAwDQQCAAIw
BwMFACQH8EAwDQYJKoZIhvcNAQELBQADggEBAHNBr26Tb8J/U6fS8mT+D/f0F50R
zyQ4mStW5HTTOrJNZL24oNAjXtBYIovfETuTJCyNPEBnq9SsgLR4sTAweAHVnS9f
4Y0ezhoSpbNlWjqMmBD+ttmWdN9JVjkOznnDDc7Tgiu+VYbunvo047OHCw6+P6Yt
8+JZccmsobLwK94Z5XPPvja/i16+3t8Rs7hCL36xcCadVRCYlUvPTr28vSoCvBbX
t9hTJCm8WgQn2jFc6imgHtYb2943xvDzzb+7e2KJJWlQiJtZvHCWq2dCnQIGA4As
8fkaqddZu4nrA21boa/vfnKCuwcDUEZ/dUT7eN6Mm7ePNLNXkOcGH1mw9ag=
-----END CERTIFICATE-----