Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91EF17A/74BB24D23F5D11EF8BF7860EC4F9AE02/F407ECFE3F6A11EF9016A735C4F9AE02.roa
File:                     F407ECFE3F6A11EF9016A735C4F9AE02.roa (raw, json)
Hash identifier:          nLYc1tx+xEYrCA4prpmA7iDQ66W/T4be/jXCVP4DA70=
Subject key identifier:   CF:77:38:3E:E7:10:02:30:3A:FE:98:40:1F:62:3C:49:35:06:1E:D9
Certificate issuer:       /CN=A91EF17A/serialNumber=B3EFA7D6AE199D14582DD4ECB9163A3C9D841759
Certificate serial:       11
Authority key identifier: B3:EF:A7:D6:AE:19:9D:14:58:2D:D4:EC:B9:16:3A:3C:9D:84:17:59
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/s--n1q4ZnRRYLdTsuRY6PJ2EF1k.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91EF17A/74BB24D23F5D11EF8BF7860EC4F9AE02/F407ECFE3F6A11EF9016A735C4F9AE02.roa
Signing time:             Thu 11 Jul 2024 09:50:07 +0000
ROA not before:           Thu 11 Jul 2024 09:50:06 +0000
ROA not after:            Sun 31 Aug 2025 00:00:00 +0000
asID:                     152889
IP address blocks:        160.22.20.0/23 maxlen: 23
                          160.22.20.0/24 maxlen: 24
                          160.22.21.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Mon 29 Jul 2024 09:14:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 17 (0x11)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91EF17A/serialNumber=B3EFA7D6AE199D14582DD4ECB9163A3C9D841759
        Validity
            Not Before: Jul 11 09:50:06 2024 GMT
            Not After : Aug 31 00:00:00 2025 GMT
        Subject: CN=668faace-a7da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:ac:9d:61:22:dd:c7:d2:e6:84:49:79:b2:0d:
                    43:58:89:7a:28:a6:c1:f0:75:d0:22:ea:73:da:bc:
                    8b:7f:cd:f8:52:26:91:95:f7:bc:d5:87:b4:16:5b:
                    a0:73:eb:7a:72:dd:7d:40:c6:1e:4d:88:63:ab:92:
                    30:cb:78:3a:19:d0:31:35:77:b1:39:51:7c:42:2b:
                    72:95:cc:59:66:b8:38:0e:1b:ec:d4:72:7a:f6:02:
                    90:c1:ee:d4:a9:fd:e7:32:62:59:98:92:67:8d:4b:
                    cb:c6:d2:be:0c:48:3c:a5:0e:c0:8c:d2:c2:ea:07:
                    8b:0b:ae:09:28:b2:c3:ec:9e:d1:5e:62:2f:b9:a6:
                    81:a8:06:32:e1:81:05:02:00:29:89:f9:de:59:7c:
                    bf:b8:3e:99:73:84:1f:81:72:dd:83:9d:ae:31:62:
                    be:0f:4f:e1:81:95:36:51:6f:86:08:0b:a9:44:c9:
                    83:f5:69:48:95:1e:27:24:f3:44:ca:9a:8a:75:69:
                    8b:b6:62:ec:c3:1e:2a:32:d6:30:97:46:a8:86:f4:
                    9e:75:22:77:46:71:80:ac:34:c6:6b:57:9c:ff:57:
                    53:05:c5:8f:e2:da:3c:59:e4:94:0a:c3:e8:fe:24:
                    ef:c3:aa:52:e2:03:ab:f1:05:6d:3c:04:3b:34:39:
                    77:e1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CF:77:38:3E:E7:10:02:30:3A:FE:98:40:1F:62:3C:49:35:06:1E:D9
            X509v3 Authority Key Identifier:
                keyid:B3:EF:A7:D6:AE:19:9D:14:58:2D:D4:EC:B9:16:3A:3C:9D:84:17:59

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91EF17A/74BB24D23F5D11EF8BF7860EC4F9AE02/s--n1q4ZnRRYLdTsuRY6PJ2EF1k.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/s--n1q4ZnRRYLdTsuRY6PJ2EF1k.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91EF17A/74BB24D23F5D11EF8BF7860EC4F9AE02/F407ECFE3F6A11EF9016A735C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.22.20.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7a:a5:07:3f:e0:4f:f3:18:14:18:0d:c2:75:c2:91:13:86:e9:
         71:ef:92:84:14:cb:45:cf:af:7b:a2:ba:20:95:7a:5a:d3:05:
         1d:e5:5d:e3:c9:6b:b7:31:e8:12:e8:2c:a4:df:a3:df:fa:45:
         a3:38:44:03:c6:3f:63:cd:45:46:59:27:9d:52:2c:5c:c4:07:
         37:43:cf:d5:d6:45:50:c4:7b:6f:ac:1e:71:4c:3d:67:7a:b3:
         10:1c:0d:49:fa:74:6e:48:d0:45:a4:03:22:eb:2f:fe:2c:f6:
         e7:99:ca:25:10:a5:1a:6a:ca:79:a3:94:07:7b:3e:f5:c5:42:
         16:8f:ae:64:f2:ef:d9:8c:bc:2e:e8:66:17:a8:d2:27:9d:9b:
         9c:6d:51:6e:c7:7b:b4:ea:7d:14:71:22:ee:6f:4d:97:c5:1e:
         8e:80:9d:97:ef:2e:29:7b:0b:d8:d3:97:c7:23:f4:8c:b1:4c:
         55:2b:75:82:de:d2:bb:22:b2:46:89:de:3b:3e:9e:1a:73:82:
         06:14:a0:a9:fd:2a:d8:af:45:d1:53:66:e3:07:45:97:bb:1a:
         87:48:95:f5:b6:3b:0e:f3:d6:57:a8:83:e9:72:4b:8c:e4:d6:
         22:32:07:85:ae:4a:4b:1b:ed:20:9a:6d:c4:13:59:e2:ab:be:
         b1:9e:8d:a6
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgIBETANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFF
RjE3QTExMC8GA1UEBRMoQjNFRkE3RDZBRTE5OUQxNDU4MkRENEVDQjkxNjNBM0M5
RDg0MTc1OTAeFw0yNDA3MTEwOTUwMDZaFw0yNTA4MzEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY2OGZhYWNlLWE3ZGEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDZrJ1hIt3H0uaESXmyDUNYiXoopsHwddAi6nPavIt/zfhSJpGV97zVh7QWW6Bz
63py3X1Axh5NiGOrkjDLeDoZ0DE1d7E5UXxCK3KVzFlmuDgOG+zUcnr2ApDB7tSp
/ecyYlmYkmeNS8vG0r4MSDylDsCM0sLqB4sLrgkossPsntFeYi+5poGoBjLhgQUC
ACmJ+d5ZfL+4PplzhB+Bct2Dna4xYr4PT+GBlTZRb4YIC6lEyYP1aUiVHick80TK
mop1aYu2YuzDHioy1jCXRqiG9J51IndGcYCsNMZrV5z/V1MFxY/i2jxZ5JQKw+j+
JO/DqlLiA6vxBW08BDs0OXfhAgMBAAGjggKVMIICkTAdBgNVHQ4EFgQUz3c4PucQ
AjA6/phAH2I8STUGHtkwHwYDVR0jBBgwFoAUs++n1q4ZnRRYLdTsuRY6PJ2EF1kw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUVGMTdBLzc0QkIyNEQyM0Y1
RDExRUY4QkY3ODYwRUM0RjlBRTAyL3MtLW4xcTRablJSWUxkVHN1Ulk2UEoyRUYx
ay5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRGMjAxRDY2MTFFMjhBQzg4MzdDNzJG
RDFGRjIvcy0tbjFxNFpuUlJZTGRUc3VSWTZQSjJFRjFrLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFF
RjE3QS83NEJCMjREMjNGNUQxMUVGOEJGNzg2MEVDNEY5QUUwMi9GNDA3RUNGRTNG
NkExMUVGOTAxNkE3MzVDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEAaAWFDANBgkqhkiG9w0BAQsFAAOCAQEAeqUHP+BP8xgUGA3C
dcKRE4bpce+ShBTLRc+ve6K6IJV6WtMFHeVd48lrtzHoEugspN+j3/pFozhEA8Y/
Y81FRlknnVIsXMQHN0PP1dZFUMR7b6wecUw9Z3qzEBwNSfp0bkjQRaQDIusv/iz2
55nKJRClGmrKeaOUB3s+9cVCFo+uZPLv2Yy8LuhmF6jSJ52bnG1Rbsd7tOp9FHEi
7m9Nl8UejoCdl+8uKXsL2NOXxyP0jLFMVSt1gt7SuyKyRoneOz6eGnOCBhSgqf0q
2K9F0VNm4wdFl7sah0iV9bY7DvPWV6iD6XJLjOTWIjIHha5KSxvtIJptxBNZ4qu+
sZ6Npg==
-----END CERTIFICATE-----
Generated at Mon Jul 29 12:11:53 2024 by rpki-client on console-fra.rpki-client.org