Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91FA645/E0D9F3648C9511ECAE4F1D23C4F9AE02/7785F3008C9911ECB051A327C4F9AE02.roa
File:                     7785F3008C9911ECB051A327C4F9AE02.roa (raw, json)
Hash identifier:          Et8BuvzqFaCA9IfxFK1L3f+s8IVhEIRE5sz/0k1LUJo=
Subject key identifier:   A0:B4:6D:53:D2:10:E8:03:1B:E2:BB:E5:BF:B3:B0:B6:8D:59:2B:A6
Certificate issuer:       /CN=A91FA645/serialNumber=1D403E32301E58780A07057CB32B72ECAF46D7D9
Certificate serial:       0281
Authority key identifier: 1D:40:3E:32:30:1E:58:78:0A:07:05:7C:B3:2B:72:EC:AF:46:D7:D9
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/HUA-MjAeWHgKBwV8syty7K9G19k.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91FA645/E0D9F3648C9511ECAE4F1D23C4F9AE02/7785F3008C9911ECB051A327C4F9AE02.roa
Signing time:             Tue 05 Sep 2023 02:13:11 +0000
ROA not before:           Tue 05 Sep 2023 02:13:11 +0000
ROA not after:            Thu 31 Oct 2024 00:00:00 +0000
asID:                     38313
IP address blocks:        202.126.120.0/21 maxlen: 21
                          202.126.120.0/24 maxlen: 24
                          202.126.121.0/24 maxlen: 24
                          202.126.122.0/24 maxlen: 24
                          202.126.123.0/24 maxlen: 24
                          202.126.124.0/23 maxlen: 24
                          202.126.126.0/24 maxlen: 24
                          202.126.127.0/24 maxlen: 24

Validation:               Failed, certificate revoked on Tue 06 Aug 2024 08:23:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 641 (0x281)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91FA645/serialNumber=1D403E32301E58780A07057CB32B72ECAF46D7D9
        Validity
            Not Before: Sep  5 02:13:11 2023 GMT
            Not After : Oct 31 00:00:00 2024 GMT
        Subject: CN=64f68eb7-9976
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:ed:70:7f:56:05:52:25:54:2d:8a:b5:91:c6:
                    50:ce:f0:46:e9:12:8c:a2:c8:37:98:38:77:4d:00:
                    95:a9:98:e2:0a:6f:00:fe:6f:47:91:ef:78:af:1e:
                    f5:4f:e6:21:39:b5:30:43:24:21:52:15:31:6e:b7:
                    a2:25:d4:35:bd:68:db:42:84:22:ab:06:65:d9:28:
                    36:db:5f:00:c5:6f:da:c9:b8:ad:67:87:2f:ff:a9:
                    ea:27:16:3e:ef:22:16:a2:a4:0f:ae:e0:ee:14:80:
                    39:90:ec:b2:cd:00:07:e9:66:d4:ee:b9:ae:5e:59:
                    99:5e:d5:b0:47:fb:0c:4a:5e:df:a6:42:29:97:6c:
                    52:f5:89:16:88:b7:22:9c:01:00:02:f2:32:a3:15:
                    87:86:13:0a:2f:0d:8a:7b:13:df:ac:8f:0e:8f:87:
                    8d:60:52:10:2f:b9:80:97:a4:66:d5:10:66:53:91:
                    d6:02:6a:56:3e:30:9b:e3:41:25:d9:7d:36:b0:2b:
                    59:79:63:5e:f0:4d:9b:90:eb:08:9c:a9:3d:da:b4:
                    1a:e9:77:4b:1c:1d:74:66:01:34:1f:7c:99:cf:f2:
                    8b:5f:0c:fc:06:16:42:14:ef:f7:51:b5:ba:ca:c5:
                    c0:5f:38:bf:73:e7:dd:1f:0f:b8:4e:29:be:24:41:
                    ae:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:B4:6D:53:D2:10:E8:03:1B:E2:BB:E5:BF:B3:B0:B6:8D:59:2B:A6
            X509v3 Authority Key Identifier:
                keyid:1D:40:3E:32:30:1E:58:78:0A:07:05:7C:B3:2B:72:EC:AF:46:D7:D9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91FA645/E0D9F3648C9511ECAE4F1D23C4F9AE02/HUA-MjAeWHgKBwV8syty7K9G19k.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/HUA-MjAeWHgKBwV8syty7K9G19k.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91FA645/E0D9F3648C9511ECAE4F1D23C4F9AE02/7785F3008C9911ECB051A327C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.126.120.0/21

    Signature Algorithm: sha256WithRSAEncryption
         6a:ed:e7:fe:0c:b0:21:e1:d7:4a:42:59:32:f8:17:48:9d:b1:
         27:cc:61:d1:db:34:86:af:66:91:3d:08:6c:7c:86:33:04:f5:
         9d:b9:47:ea:b1:11:73:5a:89:9b:53:65:66:cd:d8:0b:d0:df:
         c4:ce:6f:c7:6a:b3:ea:ef:3b:7f:24:9b:d6:b5:87:c8:58:b8:
         70:46:f6:03:07:f3:33:52:d9:00:ae:47:c4:6f:7f:e7:52:85:
         3d:22:43:29:1e:04:4b:fc:1c:2c:49:0f:37:4c:a5:15:a2:ea:
         fe:1f:04:0f:88:b5:e0:56:ce:f7:bc:5b:bd:c1:ce:03:05:3e:
         89:05:c0:b9:8a:69:02:a6:d9:53:76:28:ad:3e:c0:2c:d4:a2:
         10:0e:3d:ea:5e:03:71:9e:0e:a3:85:f0:3c:6e:37:6b:ea:8f:
         b5:76:c7:e0:5c:ce:8d:b4:4e:e4:44:03:53:e6:38:fb:fe:42:
         ff:86:cd:e9:dc:5c:f2:c1:38:61:2e:eb:b3:68:69:0b:78:c8:
         1e:ca:3e:b8:fe:0e:9c:6a:60:2b:3c:e4:1e:0d:48:8c:a1:24:
         50:67:83:0b:de:90:51:40:06:ab:76:24:09:ce:50:bd:98:c2:
         4b:7d:dc:6a:0e:61:b9:1f:12:d6:4c:8d:60:cf:d5:ca:95:c4:
         43:8d:d5:0b
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICAoEwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RkE2NDUxMTAvBgNVBAUTKDFENDAzRTMyMzAxRTU4NzgwQTA3MDU3Q0IzMkI3MkVD
QUY0NkQ3RDkwHhcNMjMwOTA1MDIxMzExWhcNMjQxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NGY2OGViNy05OTc2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAzO1wf1YFUiVULYq1kcZQzvBG6RKMosg3mDh3TQCVqZjiCm8A/m9Hke94rx71
T+YhObUwQyQhUhUxbreiJdQ1vWjbQoQiqwZl2Sg2218AxW/aybitZ4cv/6nqJxY+
7yIWoqQPruDuFIA5kOyyzQAH6WbU7rmuXlmZXtWwR/sMSl7fpkIpl2xS9YkWiLci
nAEAAvIyoxWHhhMKLw2KexPfrI8Oj4eNYFIQL7mAl6Rm1RBmU5HWAmpWPjCb40El
2X02sCtZeWNe8E2bkOsInKk92rQa6XdLHB10ZgE0H3yZz/KLXwz8BhZCFO/3UbW6
ysXAXzi/c+fdHw+4Tim+JEGuvQIDAQABo4IClTCCApEwHQYDVR0OBBYEFKC0bVPS
EOgDG+K75b+zsLaNWSumMB8GA1UdIwQYMBaAFB1APjIwHlh4CgcFfLMrcuyvRtfZ
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGQTY0NS9FMEQ5RjM2NDhD
OTUxMUVDQUU0RjFEMjNDNEY5QUUwMi9IVUEtTWpBZVdIZ0tCd1Y4c3l0eTdLOUcx
OWsuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0hVQS1NakFlV0hnS0J3VjhzeXR5N0s5RzE5ay5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RkE2NDUvRTBEOUYzNjQ4Qzk1MTFFQ0FFNEYxRDIzQzRGOUFFMDIvNzc4NUYzMDA4
Qzk5MTFFQ0IwNTFBMzI3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAPKfngwDQYJKoZIhvcNAQELBQADggEBAGrt5/4MsCHh10pC
WTL4F0idsSfMYdHbNIavZpE9CGx8hjME9Z25R+qxEXNaiZtTZWbN2AvQ38TOb8dq
s+rvO38km9a1h8hYuHBG9gMH8zNS2QCuR8Rvf+dShT0iQykeBEv8HCxJDzdMpRWi
6v4fBA+IteBWzve8W73BzgMFPokFwLmKaQKm2VN2KK0+wCzUohAOPepeA3GeDqOF
8DxuN2vqj7V2x+Bczo20TuREA1PmOPv+Qv+GzencXPLBOGEu67NoaQt4yB7KPrj+
DpxqYCs85B4NSIyhJFBngwvekFFABqt2JAnOUL2Ywkt93GoOYbkfEtZMjWDP1cqV
xEON1Qs=
-----END CERTIFICATE-----
Generated at Tue Aug 6 12:12:40 2024 by rpki-client on console-ams.rpki-client.org