Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9158840/6177332A0B8211EA8041154BC4F9AE02/E938CA160B8311EABDDD354EC4F9AE02.roa
File:                     E938CA160B8311EABDDD354EC4F9AE02.roa (raw, json)
Hash identifier:          HRB1JoRuBr+oVC0UPxn9X2wdcW05mdECg1i3PrZVXBE=
Subject key identifier:   A0:80:17:37:71:F5:CB:20:AC:7A:CF:45:2F:DA:3E:C9:45:91:8C:45
Certificate issuer:       /CN=A9158840/serialNumber=FAE6201C666392340BEE138ED41799BA86DAA688
Certificate serial:       0BF8
Authority key identifier: FA:E6:20:1C:66:63:92:34:0B:EE:13:8E:D4:17:99:BA:86:DA:A6:88
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/-uYgHGZjkjQL7hOO1BeZuobapog.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9158840/6177332A0B8211EA8041154BC4F9AE02/E938CA160B8311EABDDD354EC4F9AE02.roa
Signing time:             Wed 05 Feb 2025 10:20:40 +0000
ROA not before:           Wed 05 Feb 2025 10:20:40 +0000
ROA not after:            Mon 01 Dec 2025 00:00:00 +0000
asID:                     138146
IP address blocks:        103.121.60.0/24 maxlen: 24
                          103.121.61.0/24 maxlen: 24
                          103.121.62.0/24 maxlen: 24
                          103.121.63.0/24 maxlen: 24
                          2403:6840::/32 maxlen: 32
                          2403:6840::/48 maxlen: 48
                          2403:6840:1::/48 maxlen: 48
                          2403:6840:2::/48 maxlen: 48
                          2403:6840:3::/48 maxlen: 48
                          2403:6840:4::/48 maxlen: 48
Validation:               Failed, certificate revoked on Wed 05 Feb 2025 10:22:17 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3064 (0xbf8)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9158840, serialNumber=FAE6201C666392340BEE138ED41799BA86DAA688
        Validity
            Not Before: Feb  5 10:20:40 2025 GMT
            Not After : Dec  1 00:00:00 2025 GMT
        Subject: CN=67a33b78-cb64
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:cd:3e:f0:19:cc:3e:f6:7a:27:8e:08:5a:37:
                    e9:6f:03:08:de:e7:ab:11:a8:a6:01:ac:56:0b:4c:
                    9b:3d:4b:7c:25:1e:e6:c4:61:46:81:dc:79:ac:28:
                    ea:2f:34:ae:2b:e7:ae:4e:5f:d0:51:59:81:90:5a:
                    da:66:14:c8:70:79:68:28:01:5c:3d:f8:65:2c:51:
                    48:b1:32:9b:fb:d2:dc:c3:c3:36:a1:6a:7b:75:4a:
                    8c:98:c5:ac:e4:3a:5f:ef:e1:c2:94:6a:29:e8:d3:
                    2b:93:fc:fb:05:e2:7c:70:de:db:d5:3c:39:bd:20:
                    f3:94:df:ee:3b:54:92:32:cd:6e:d9:59:84:e4:4f:
                    83:d0:b3:89:49:04:ba:43:52:bb:3c:55:67:ac:dc:
                    fa:62:26:ab:5b:11:0f:bd:22:47:c9:94:94:14:c6:
                    d3:44:f1:c4:75:fe:c4:bb:65:05:c8:47:f2:53:a3:
                    db:51:eb:4b:62:83:eb:41:68:0a:a7:60:a8:35:1c:
                    a4:6e:58:05:db:66:21:37:a7:38:39:8a:29:ed:e7:
                    74:56:96:f1:6e:cb:a2:fb:40:55:8a:53:48:82:41:
                    ba:a7:68:42:d0:fd:72:a7:6a:72:ef:3d:0c:a6:74:
                    38:ea:c6:fa:24:da:df:2b:7e:58:1d:69:46:ff:93:
                    4e:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:80:17:37:71:F5:CB:20:AC:7A:CF:45:2F:DA:3E:C9:45:91:8C:45
            X509v3 Authority Key Identifier:
                keyid:FA:E6:20:1C:66:63:92:34:0B:EE:13:8E:D4:17:99:BA:86:DA:A6:88

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9158840/6177332A0B8211EA8041154BC4F9AE02/-uYgHGZjkjQL7hOO1BeZuobapog.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/-uYgHGZjkjQL7hOO1BeZuobapog.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9158840/6177332A0B8211EA8041154BC4F9AE02/E938CA160B8311EABDDD354EC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.121.60.0/22
                IPv6:
                  2403:6840::/32

    Signature Algorithm: sha256WithRSAEncryption
         a0:c7:2a:40:ac:1f:e4:db:3f:9f:73:51:7c:bd:4e:e4:b9:36:
         a9:52:89:7b:a7:e1:c6:70:da:77:d9:ec:f6:0b:ec:18:11:49:
         44:0e:4e:ad:1f:4e:cc:78:8d:ed:b6:3e:20:df:49:85:75:40:
         34:a7:ee:cd:5d:61:b3:14:d6:07:9d:ea:92:85:6f:1a:c4:27:
         78:ef:ba:38:86:35:96:4e:e4:fe:61:28:b0:cb:a9:f1:38:27:
         d5:cd:77:57:82:53:71:81:9b:8a:b2:f6:37:ba:84:02:9f:3a:
         e4:68:6b:84:51:db:98:5c:2d:c8:85:96:bc:41:96:b4:1d:bc:
         b6:d4:0b:82:48:ed:be:83:6f:95:40:7e:9e:99:11:61:ac:cd:
         e0:dd:08:06:26:fc:fa:ca:50:ba:93:49:9e:dc:ea:ec:89:ff:
         5e:d4:47:47:52:e6:44:c4:2e:13:0d:ec:a6:4e:60:a1:18:d5:
         03:be:64:db:3f:e2:8d:b6:d7:a5:ba:79:16:11:65:81:a0:e5:
         c8:51:24:b8:8c:18:cc:99:d2:82:e9:1d:e9:d7:d5:64:fd:76:
         8a:de:cc:49:d3:8b:ae:4c:c8:7b:a0:05:3f:9d:4b:59:50:5b:
         67:37:86:c7:02:76:4e:13:86:ac:b2:93:d2:be:ec:d3:e7:8e:
         37:70:b2:1c
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICC/gwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NTg4NDAxMTAvBgNVBAUTKEZBRTYyMDFDNjY2MzkyMzQwQkVFMTM4RUQ0MTc5OUJB
ODZEQUE2ODgwHhcNMjUwMjA1MTAyMDQwWhcNMjUxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02N2EzM2I3OC1jYjY0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAss0+8BnMPvZ6J44IWjfpbwMI3uerEaimAaxWC0ybPUt8JR7mxGFGgdx5rCjq
LzSuK+euTl/QUVmBkFraZhTIcHloKAFcPfhlLFFIsTKb+9Lcw8M2oWp7dUqMmMWs
5Dpf7+HClGop6NMrk/z7BeJ8cN7b1Tw5vSDzlN/uO1SSMs1u2VmE5E+D0LOJSQS6
Q1K7PFVnrNz6YiarWxEPvSJHyZSUFMbTRPHEdf7Eu2UFyEfyU6PbUetLYoPrQWgK
p2CoNRykblgF22YhN6c4OYop7ed0Vpbxbsui+0BVilNIgkG6p2hC0P1yp2py7z0M
pnQ46sb6JNrfK35YHWlG/5NO1QIDAQABo4ICpDCCAqAwHQYDVR0OBBYEFKCAFzdx
9csgrHrPRS/aPslFkYxFMB8GA1UdIwQYMBaAFPrmIBxmY5I0C+4TjtQXmbqG2qaI
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1ODg0MC82MTc3MzMyQTBC
ODIxMUVBODA0MTE1NEJDNEY5QUUwMi8tdVlnSEdaamtqUUw3aE9PMUJlWnVvYmFw
b2cuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLy11WWdIR1pqa2pRTDdoT08xQmVadW9iYXBvZy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NTg4NDAvNjE3NzMzMkEwQjgyMTFFQTgwNDExNTRCQzRGOUFFMDIvRTkzOENBMTYw
QjgzMTFFQUJEREQzNTRFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLgYIKwYBBQUHAQcBAf8E
HzAdMAwEAgABMAYDBAJneTwwDQQCAAIwBwMFACQDaEAwDQYJKoZIhvcNAQELBQAD
ggEBAKDHKkCsH+TbP59zUXy9TuS5NqlSiXun4cZw2nfZ7PYL7BgRSUQOTq0fTsx4
je22PiDfSYV1QDSn7s1dYbMU1ged6pKFbxrEJ3jvujiGNZZO5P5hKLDLqfE4J9XN
d1eCU3GBm4qy9je6hAKfOuRoa4RR25hcLciFlrxBlrQdvLbUC4JI7b6Db5VAfp6Z
EWGszeDdCAYm/PrKULqTSZ7c6uyJ/17UR0dS5kTELhMN7KZOYKEY1QO+ZNs/4o22
16W6eRYRZYGg5chRJLiMGMyZ0oLpHenX1WT9dorezEnTi65MyHugBT+dS1lQW2c3
hscCdk4Thqyyk9K+7NPnjjdwshw=
-----END CERTIFICATE-----