Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91DF93A/F7DFA72EE5F311EAB3A91561C4F9AE02/CB74CBEC0C1911EF90D8414CC4F9AE02.roa
File:                     CB74CBEC0C1911EF90D8414CC4F9AE02.roa (raw, json)
Hash identifier:          iZVnbJC9L9Gx2r91Nufdy5eF7E8+JGi6wWvzi79w1E0=
Subject key identifier:   DB:79:75:46:74:4B:EA:4A:5D:98:73:89:28:6A:89:69:CA:FC:87:CD
Certificate issuer:       /CN=A91DF93A/serialNumber=7E244310D7A456EB127B926C42F26D79E9ACDB88
Certificate serial:       07E2
Authority key identifier: 7E:24:43:10:D7:A4:56:EB:12:7B:92:6C:42:F2:6D:79:E9:AC:DB:88
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/fiRDENekVusSe5JsQvJteems24g.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91DF93A/F7DFA72EE5F311EAB3A91561C4F9AE02/CB74CBEC0C1911EF90D8414CC4F9AE02.roa
Signing time:             Tue 28 May 2024 23:03:08 +0000
ROA not before:           Tue 28 May 2024 23:03:08 +0000
ROA not after:            Sun 31 Aug 2025 00:00:00 +0000
asID:                     21859
IP address blocks:        169.136.82.0/24 maxlen: 24
                          169.136.85.0/24 maxlen: 24
                          169.136.105.0/24 maxlen: 24
                          169.136.109.0/24 maxlen: 24
                          169.136.122.0/24 maxlen: 24
                          169.136.128.0/24 maxlen: 24
                          169.136.129.0/24 maxlen: 24
                          169.136.130.0/24 maxlen: 24
                          169.136.134.0/24 maxlen: 24
                          169.136.135.0/24 maxlen: 24
                          169.136.138.0/24 maxlen: 24
                          169.136.142.0/24 maxlen: 24
                          169.136.143.0/24 maxlen: 24
                          169.136.146.0/24 maxlen: 24
                          169.136.191.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Fri 20 Sep 2024 04:18:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2018 (0x7e2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91DF93A/serialNumber=7E244310D7A456EB127B926C42F26D79E9ACDB88
        Validity
            Not Before: May 28 23:03:08 2024 GMT
            Not After : Aug 31 00:00:00 2025 GMT
        Subject: CN=665662ac-3aba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:0c:e6:98:3e:ff:65:23:6f:b6:37:8e:f9:c4:
                    f3:12:da:5c:e2:e4:80:8a:40:ee:0b:74:50:e9:50:
                    59:5d:f2:f7:8a:b6:ff:a1:df:13:38:ca:a5:94:17:
                    d5:19:8f:d5:b7:26:5b:32:03:ed:c1:cc:ca:20:77:
                    e4:5f:22:7d:f1:25:ce:c7:17:f3:0c:94:4f:aa:66:
                    4e:d1:59:35:98:b6:74:42:77:d0:6f:e1:d5:2c:c2:
                    88:3d:e8:2c:f1:4b:1f:12:ee:7b:b4:11:f9:2a:3d:
                    f8:c1:fe:08:4c:af:e8:9e:4a:e0:d4:78:a0:28:af:
                    9e:0d:ec:06:6c:ff:72:b1:62:e2:07:d9:79:8c:83:
                    c8:c1:f1:6a:e6:0c:9a:aa:bd:6c:96:3b:4e:39:da:
                    b4:a8:1b:27:dd:e5:d0:99:41:1e:e0:6d:5e:f7:96:
                    00:44:3e:d2:bf:e4:c4:32:f8:96:e6:5d:08:5a:7a:
                    24:f6:b6:2e:5d:d2:91:45:8f:ff:0d:af:04:13:e8:
                    b3:0f:a9:99:34:1e:85:e1:8e:5f:f4:26:11:86:01:
                    90:da:58:24:f0:2d:1c:42:e2:81:30:4b:d7:e7:7f:
                    36:c7:de:95:fb:c9:31:c5:c2:78:d1:35:34:89:f3:
                    b7:e9:71:3e:fb:56:54:43:e2:f6:08:52:22:7a:f2:
                    72:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:79:75:46:74:4B:EA:4A:5D:98:73:89:28:6A:89:69:CA:FC:87:CD
            X509v3 Authority Key Identifier:
                keyid:7E:24:43:10:D7:A4:56:EB:12:7B:92:6C:42:F2:6D:79:E9:AC:DB:88

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91DF93A/F7DFA72EE5F311EAB3A91561C4F9AE02/fiRDENekVusSe5JsQvJteems24g.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/fiRDENekVusSe5JsQvJteems24g.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91DF93A/F7DFA72EE5F311EAB3A91561C4F9AE02/CB74CBEC0C1911EF90D8414CC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  169.136.82.0/24
                  169.136.85.0/24
                  169.136.105.0/24
                  169.136.109.0/24
                  169.136.122.0/24
                  169.136.128.0-169.136.130.255
                  169.136.134.0/23
                  169.136.138.0/24
                  169.136.142.0/23
                  169.136.146.0/24
                  169.136.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:c5:3d:04:44:dc:d2:8b:92:79:46:86:07:ed:e0:d4:fa:fa:
         cc:21:b0:ca:76:b2:a8:d6:1d:d4:91:81:2e:b8:03:b0:41:c0:
         a4:7e:7d:9a:db:8e:b7:74:4a:ad:36:1a:6e:6f:4d:62:f0:6e:
         7d:56:bf:35:f5:9a:ff:bd:30:1d:92:be:7c:5d:48:5f:48:56:
         23:dd:c8:15:ea:44:68:ba:96:19:a8:f2:8c:ed:8c:12:2e:6e:
         60:b4:39:3a:69:c6:fd:c1:d0:e2:83:60:f1:a5:e6:ed:17:49:
         fb:62:6a:2e:74:46:b9:e2:70:ce:71:4a:67:1f:88:f8:69:cd:
         ad:65:69:ed:19:87:7b:19:c7:11:bb:59:0b:d3:93:06:27:54:
         88:00:2c:d4:0d:1d:81:b5:77:38:58:6e:49:df:8a:38:7d:15:
         fb:79:d1:76:a2:a0:89:96:7e:33:4f:d6:b9:df:15:63:7b:38:
         46:36:5a:0b:d8:67:9d:85:06:c5:38:47:1f:f3:a6:55:db:ad:
         f9:01:61:39:5f:95:e4:87:88:5e:ee:02:fb:e6:88:7f:fa:f5:
         52:ad:a0:15:da:58:6b:bf:ae:63:ba:2e:8d:83:0c:a6:75:c9:
         19:a4:03:f1:73:63:aa:d9:f4:b5:49:ae:80:3d:d9:ec:66:eb:
         ec:65:ff:a9
-----BEGIN CERTIFICATE-----
MIIFtTCCBJ2gAwIBAgICB+IwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
REY5M0ExMTAvBgNVBAUTKDdFMjQ0MzEwRDdBNDU2RUIxMjdCOTI2QzQyRjI2RDc5
RTlBQ0RCODgwHhcNMjQwNTI4MjMwMzA4WhcNMjUwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjU2NjJhYy0zYWJhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA4wzmmD7/ZSNvtjeO+cTzEtpc4uSAikDuC3RQ6VBZXfL3irb/od8TOMqllBfV
GY/VtyZbMgPtwczKIHfkXyJ98SXOxxfzDJRPqmZO0Vk1mLZ0QnfQb+HVLMKIPegs
8UsfEu57tBH5Kj34wf4ITK/onkrg1HigKK+eDewGbP9ysWLiB9l5jIPIwfFq5gya
qr1sljtOOdq0qBsn3eXQmUEe4G1e95YARD7Sv+TEMviW5l0IWnok9rYuXdKRRY//
Da8EE+izD6mZNB6F4Y5f9CYRhgGQ2lgk8C0cQuKBMEvX5382x96V+8kxxcJ40TU0
ifO36XE++1ZUQ+L2CFIievJy0QIDAQABo4IC2TCCAtUwHQYDVR0OBBYEFNt5dUZ0
S+pKXZhziShqiWnK/IfNMB8GA1UdIwQYMBaAFH4kQxDXpFbrEnuSbELybXnprNuI
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFERjkzQS9GN0RGQTcyRUU1
RjMxMUVBQjNBOTE1NjFDNEY5QUUwMi9maVJERU5la1Z1c1NlNUpzUXZKdGVlbXMy
NGcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL2ZpUkRFTmVrVnVzU2U1SnNRdkp0ZWVtczI0Zy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
REY5M0EvRjdERkE3MkVFNUYzMTFFQUIzQTkxNTYxQzRGOUFFMDIvQ0I3NENCRUMw
QzE5MTFFRjkwRDg0MTRDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwYwYIKwYBBQUHAQcBAf8E
VDBSMFAEAgABMEoDBACpiFIDBACpiFUDBACpiGkDBACpiG0DBACpiHowDAMEB6mI
gAMEAKmIggMEAamIhgMEAKmIigMEAamIjgMEAKmIkgMEAKmIvzANBgkqhkiG9w0B
AQsFAAOCAQEAQsU9BETc0ouSeUaGB+3g1Pr6zCGwynayqNYd1JGBLrgDsEHApH59
mtuOt3RKrTYabm9NYvBufVa/NfWa/70wHZK+fF1IX0hWI93IFepEaLqWGajyjO2M
Ei5uYLQ5OmnG/cHQ4oNg8aXm7RdJ+2JqLnRGueJwznFKZx+I+GnNrWVp7RmHexnH
EbtZC9OTBidUiAAs1A0dgbV3OFhuSd+KOH0V+3nRdqKgiZZ+M0/Wud8VY3s4RjZa
C9hnnYUGxThHH/OmVdut+QFhOV+V5IeIXu4C++aIf/r1Uq2gFdpYa7+uY7oujYMM
pnXJGaQD8XNjqtn0tUmugD3Z7Gbr7GX/qQ==
-----END CERTIFICATE-----
Generated at Fri Sep 20 09:07:15 2024 by rpki-client on console-ams.rpki-client.org