Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91DF93A/F7DFA72EE5F311EAB3A91561C4F9AE02/DC83E52CE12F11EEB059D53CC4F9AE02.roa
File:                     DC83E52CE12F11EEB059D53CC4F9AE02.roa (raw, json)
Hash identifier:          249vQRK+GvD/GCbeVcmTEXlgIHoMNFvIXLi9I4vUM34=
Subject key identifier:   63:86:CF:D2:FC:A8:39:E3:A4:CA:DF:80:9F:C8:29:37:37:66:5F:D9
Certificate issuer:       /CN=A91DF93A/serialNumber=7E244310D7A456EB127B926C42F26D79E9ACDB88
Certificate serial:       07A9
Authority key identifier: 7E:24:43:10:D7:A4:56:EB:12:7B:92:6C:42:F2:6D:79:E9:AC:DB:88
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/fiRDENekVusSe5JsQvJteems24g.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91DF93A/F7DFA72EE5F311EAB3A91561C4F9AE02/DC83E52CE12F11EEB059D53CC4F9AE02.roa
Signing time:             Wed 13 Mar 2024 11:50:17 +0000
ROA not before:           Wed 13 Mar 2024 11:50:17 +0000
ROA not after:            Sat 31 Aug 2024 00:00:00 +0000
asID:                     21859
IP address blocks:        169.136.82.0/24 maxlen: 24
                          169.136.85.0/24 maxlen: 24
                          169.136.105.0/24 maxlen: 24
                          169.136.109.0/24 maxlen: 24
                          169.136.120.0/24 maxlen: 24
                          169.136.122.0/24 maxlen: 24
                          169.136.128.0/24 maxlen: 24
                          169.136.129.0/24 maxlen: 24
                          169.136.130.0/24 maxlen: 24
                          169.136.134.0/24 maxlen: 24
                          169.136.135.0/24 maxlen: 24
                          169.136.138.0/24 maxlen: 24
                          169.136.142.0/24 maxlen: 24
                          169.136.143.0/24 maxlen: 24
                          169.136.146.0/24 maxlen: 24
                          169.136.191.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 07 May 2024 02:30:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1961 (0x7a9)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91DF93A/serialNumber=7E244310D7A456EB127B926C42F26D79E9ACDB88
        Validity
            Not Before: Mar 13 11:50:17 2024 GMT
            Not After : Aug 31 00:00:00 2024 GMT
        Subject: CN=65f192f9-6690
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:87:22:e3:2f:f1:22:b1:24:2a:e2:69:4a:15:
                    bd:5b:b4:aa:1d:d5:f0:cb:db:e3:77:6a:79:d8:f4:
                    57:76:7f:69:22:7e:9e:1f:0b:70:d4:cc:de:cb:b3:
                    fc:0a:ba:d3:10:a0:f6:01:6f:71:88:13:93:ee:ca:
                    dd:f8:84:5b:9b:40:41:d1:5e:32:04:22:2d:2a:ec:
                    2d:0f:05:8e:b0:6f:0e:30:98:c1:10:2e:27:65:f2:
                    94:ea:dc:c9:bb:68:6b:a2:5b:1c:6f:30:f1:22:4a:
                    42:78:3a:1f:1a:8e:90:16:bc:8c:60:33:23:97:e4:
                    74:5f:d0:bb:48:fb:06:f9:eb:c0:e0:5e:82:27:8a:
                    b0:51:78:bc:b6:2f:83:82:3c:53:cc:14:52:f2:2f:
                    59:93:bf:68:ca:69:04:a0:25:39:07:78:e8:8e:1e:
                    c1:6c:ca:ff:57:63:c5:2b:78:55:1c:f0:3e:0c:d1:
                    a2:d1:5c:2a:95:35:58:8b:21:c5:d1:e8:7f:a3:3b:
                    18:5f:4a:85:b7:4e:4b:a3:e0:bd:4a:ee:b0:ef:ec:
                    3b:5c:99:e9:27:25:3b:dd:e4:0e:7e:16:8a:eb:36:
                    de:39:c8:ed:48:a8:90:da:9f:1c:81:08:38:ac:fc:
                    d2:0a:57:55:11:e8:04:bf:8f:32:af:4e:4a:11:9c:
                    4d:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:86:CF:D2:FC:A8:39:E3:A4:CA:DF:80:9F:C8:29:37:37:66:5F:D9
            X509v3 Authority Key Identifier:
                keyid:7E:24:43:10:D7:A4:56:EB:12:7B:92:6C:42:F2:6D:79:E9:AC:DB:88

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91DF93A/F7DFA72EE5F311EAB3A91561C4F9AE02/fiRDENekVusSe5JsQvJteems24g.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/fiRDENekVusSe5JsQvJteems24g.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91DF93A/F7DFA72EE5F311EAB3A91561C4F9AE02/DC83E52CE12F11EEB059D53CC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  169.136.82.0/24
                  169.136.85.0/24
                  169.136.105.0/24
                  169.136.109.0/24
                  169.136.120.0/24
                  169.136.122.0/24
                  169.136.128.0-169.136.130.255
                  169.136.134.0/23
                  169.136.138.0/24
                  169.136.142.0/23
                  169.136.146.0/24
                  169.136.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         66:a5:91:1a:fe:cb:89:72:ac:a8:94:03:53:b6:9f:96:8f:63:
         0d:b5:1f:b7:70:8a:7e:6f:33:1a:61:80:bc:5d:cd:1f:cb:13:
         70:c4:a6:13:e4:89:22:fe:1d:e1:b1:91:85:85:da:d9:1e:39:
         52:6e:e9:41:10:f2:30:40:33:37:27:e8:bd:02:e8:58:94:b1:
         c9:eb:9b:b7:4d:37:8d:e2:0c:1d:28:ae:e3:c0:88:d4:86:fb:
         0f:fb:b2:53:5a:9e:c4:df:89:40:64:3c:fc:31:49:5d:68:e7:
         c9:95:fc:5f:ef:fa:9a:be:e4:99:10:6f:11:2e:96:03:8e:39:
         97:d1:af:25:33:e3:e6:e3:ca:bd:1e:db:b9:fa:4b:ab:75:05:
         bd:1d:09:54:cf:5c:a8:52:60:05:fb:79:e4:7e:cb:40:2c:ff:
         1c:a5:a5:e6:66:fc:3f:01:f7:fa:0b:b7:4b:ad:6c:d9:7b:08:
         c7:69:aa:5a:f0:24:14:1f:1a:df:b7:72:81:5d:db:8b:b0:3b:
         df:c7:80:a1:5c:80:82:05:0a:29:18:dd:09:fa:8d:77:4d:a3:
         32:c6:78:47:65:e8:df:33:f6:68:27:b6:46:82:35:8c:08:47:
         ec:0b:1c:ab:d2:0c:64:7f:ba:4e:77:19:7e:f6:e8:26:33:5d:
         11:b8:6a:94
-----BEGIN CERTIFICATE-----
MIIFuzCCBKOgAwIBAgICB6kwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
REY5M0ExMTAvBgNVBAUTKDdFMjQ0MzEwRDdBNDU2RUIxMjdCOTI2QzQyRjI2RDc5
RTlBQ0RCODgwHhcNMjQwMzEzMTE1MDE3WhcNMjQwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWYxOTJmOS02NjkwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA64ci4y/xIrEkKuJpShW9W7SqHdXwy9vjd2p52PRXdn9pIn6eHwtw1Mzey7P8
CrrTEKD2AW9xiBOT7srd+IRbm0BB0V4yBCItKuwtDwWOsG8OMJjBEC4nZfKU6tzJ
u2hrolscbzDxIkpCeDofGo6QFryMYDMjl+R0X9C7SPsG+evA4F6CJ4qwUXi8ti+D
gjxTzBRS8i9Zk79oymkEoCU5B3jojh7BbMr/V2PFK3hVHPA+DNGi0VwqlTVYiyHF
0eh/ozsYX0qFt05Lo+C9Su6w7+w7XJnpJyU73eQOfhaK6zbeOcjtSKiQ2p8cgQg4
rPzSCldVEegEv48yr05KEZxNtQIDAQABo4IC3zCCAtswHQYDVR0OBBYEFGOGz9L8
qDnjpMrfgJ/IKTc3Zl/ZMB8GA1UdIwQYMBaAFH4kQxDXpFbrEnuSbELybXnprNuI
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFERjkzQS9GN0RGQTcyRUU1
RjMxMUVBQjNBOTE1NjFDNEY5QUUwMi9maVJERU5la1Z1c1NlNUpzUXZKdGVlbXMy
NGcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL2ZpUkRFTmVrVnVzU2U1SnNRdkp0ZWVtczI0Zy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
REY5M0EvRjdERkE3MkVFNUYzMTFFQUIzQTkxNTYxQzRGOUFFMDIvREM4M0U1MkNF
MTJGMTFFRUIwNTlENTNDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwaQYIKwYBBQUHAQcBAf8E
WjBYMFYEAgABMFADBACpiFIDBACpiFUDBACpiGkDBACpiG0DBACpiHgDBACpiHow
DAMEB6mIgAMEAKmIggMEAamIhgMEAKmIigMEAamIjgMEAKmIkgMEAKmIvzANBgkq
hkiG9w0BAQsFAAOCAQEAZqWRGv7LiXKsqJQDU7aflo9jDbUft3CKfm8zGmGAvF3N
H8sTcMSmE+SJIv4d4bGRhYXa2R45Um7pQRDyMEAzNyfovQLoWJSxyeubt003jeIM
HSiu48CI1Ib7D/uyU1qexN+JQGQ8/DFJXWjnyZX8X+/6mr7kmRBvES6WA445l9Gv
JTPj5uPKvR7bufpLq3UFvR0JVM9cqFJgBft55H7LQCz/HKWl5mb8PwH3+gu3S61s
2XsIx2mqWvAkFB8a37dygV3bi7A738eAoVyAggUKKRjdCfqNd02jMsZ4R2Xo3zP2
aCe2RoI1jAhH7Ascq9IMZH+6TncZfvboJjNdEbhqlA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:06:31 2024 by rpki-client on console-ams.rpki-client.org