Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A911BFB0/22C251466CC211E9A0D6AF67C4F9AE02/30299E9C894111EA9E641F6BC4F9AE02.roa
File:                     30299E9C894111EA9E641F6BC4F9AE02.roa (raw, json)
Hash identifier:          9jUXQDnQM1AeD9af1a+oq+Z3TLZL7qeTw7JwVNblDOE=
Subject key identifier:   92:14:67:28:C1:AE:49:EE:52:45:82:B1:C6:9D:FF:39:6C:B1:8C:D8
Certificate issuer:       /CN=A911BFB0/serialNumber=07FE4171DD50DCE7B64F76998967A571CF93C40B
Certificate serial:       0D55
Authority key identifier: 07:FE:41:71:DD:50:DC:E7:B6:4F:76:99:89:67:A5:71:CF:93:C4:0B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/B_5Bcd1Q3Oe2T3aZiWelcc-TxAs.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A911BFB0/22C251466CC211E9A0D6AF67C4F9AE02/30299E9C894111EA9E641F6BC4F9AE02.roa
Signing time:             Sat 01 Oct 2022 18:55:58 +0000
ROA not before:           Sat 01 Oct 2022 18:55:58 +0000
ROA not after:            Tue 31 Jan 2023 00:00:00 +0000
asID:                     132100
IP address blocks:        103.70.216.0/22 maxlen: 22
                          103.70.216.0/24 maxlen: 24
                          103.70.217.0/24 maxlen: 24
                          103.70.218.0/24 maxlen: 24
                          103.70.219.0/24 maxlen: 24
                          182.255.52.0/22 maxlen: 22
                          182.255.52.0/24 maxlen: 24
                          182.255.53.0/24 maxlen: 24
                          182.255.54.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3413 (0xd55)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A911BFB0/serialNumber=07FE4171DD50DCE7B64F76998967A571CF93C40B
        Validity
            Not Before: Oct  1 18:55:58 2022 GMT
            Not After : Jan 31 00:00:00 2023 GMT
        Subject: CN=63388d3e-27fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:3d:bb:1f:64:35:9b:b7:5d:7b:ec:25:10:ab:
                    56:93:00:4e:67:1e:53:1a:e1:b7:3d:e6:cc:25:6c:
                    28:8c:a9:4a:b8:c1:52:23:5f:6c:65:d4:41:6c:09:
                    38:e6:20:b7:a9:18:64:55:bf:df:16:93:47:92:f9:
                    1b:17:09:14:81:cc:85:9d:b4:3c:c8:cc:9d:13:5e:
                    90:f0:70:08:cf:de:d1:2e:d6:5b:16:33:7c:e7:44:
                    8e:2a:53:a9:f0:42:a5:a0:39:b5:b6:d1:08:68:e1:
                    7d:fe:87:2a:be:f1:a2:82:cc:ee:68:d7:cf:e0:b9:
                    61:77:62:0c:5e:37:16:a0:fd:a1:4f:d9:93:f4:72:
                    b0:40:65:22:2c:52:06:32:a5:aa:8e:cd:79:0e:86:
                    66:23:51:35:97:a7:04:1e:2b:99:96:83:c5:3e:0b:
                    2f:f4:27:d4:cb:f5:1e:6d:0a:c4:4f:8e:20:33:e3:
                    59:d3:38:af:cf:b8:28:b2:30:9f:29:95:54:c9:b9:
                    84:3d:da:3c:c5:e4:93:76:9d:c8:7d:bc:46:b5:34:
                    12:9a:4b:14:21:7c:98:be:2c:b2:c7:77:49:c3:89:
                    c2:65:af:e8:b3:68:47:4c:2c:68:c3:48:89:3f:36:
                    d0:d5:74:25:9b:cb:20:45:14:cf:e3:10:3b:fd:b1:
                    8d:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:14:67:28:C1:AE:49:EE:52:45:82:B1:C6:9D:FF:39:6C:B1:8C:D8
            X509v3 Authority Key Identifier:
                keyid:07:FE:41:71:DD:50:DC:E7:B6:4F:76:99:89:67:A5:71:CF:93:C4:0B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A911BFB0/22C251466CC211E9A0D6AF67C4F9AE02/B_5Bcd1Q3Oe2T3aZiWelcc-TxAs.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/B_5Bcd1Q3Oe2T3aZiWelcc-TxAs.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A911BFB0/22C251466CC211E9A0D6AF67C4F9AE02/30299E9C894111EA9E641F6BC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.70.216.0/22
                  182.255.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         c4:27:cf:6b:d9:6d:28:62:4a:8f:fe:80:de:4f:9a:1d:5e:04:
         42:96:85:8d:62:f0:53:f6:b4:64:15:f5:0d:f9:c4:48:4f:dd:
         65:79:0c:45:29:74:65:b0:b0:8d:86:97:09:83:10:7c:c7:64:
         28:cc:a2:9a:82:cf:6b:36:bd:06:4b:29:cb:ad:44:46:d3:71:
         0c:7c:f6:4d:12:80:c0:08:f1:fc:ab:ac:c8:34:57:4e:7b:8c:
         98:ab:6a:c6:ef:bc:07:d6:2f:49:a2:41:66:cd:91:21:90:3b:
         dc:64:b1:0a:0b:a7:a8:2d:64:de:4e:2d:af:f1:79:1b:51:47:
         f9:14:a1:da:ae:c0:03:58:2a:82:fa:14:e3:f5:37:d1:5c:bb:
         ed:ef:7d:8f:08:6e:44:f0:50:55:01:22:98:6a:31:13:f0:96:
         e2:08:a0:55:7a:3f:25:09:f9:d7:65:b1:ab:d3:0b:57:7a:96:
         15:10:ac:2d:52:6d:79:2b:a2:39:6b:61:66:88:3f:1f:6e:dd:
         91:22:5c:3a:dc:13:86:22:e0:3e:0f:0e:13:e2:99:35:a3:3d:
         4a:d9:c1:51:69:3a:56:1a:19:c7:ad:4a:77:49:c9:a7:c0:88:
         8b:61:cc:b1:7c:c8:a5:43:b9:0d:76:ce:8d:8b:c9:66:b4:27:
         c0:cd:31:09
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICDVUwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MUJGQjAxMTAvBgNVBAUTKDA3RkU0MTcxREQ1MERDRTdCNjRGNzY5OTg5NjdBNTcx
Q0Y5M0M0MEIwHhcNMjIxMDAxMTg1NTU4WhcNMjMwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MzM4OGQzZS0yN2ZlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAsT27H2Q1m7dde+wlEKtWkwBOZx5TGuG3PebMJWwojKlKuMFSI19sZdRBbAk4
5iC3qRhkVb/fFpNHkvkbFwkUgcyFnbQ8yMydE16Q8HAIz97RLtZbFjN850SOKlOp
8EKloDm1ttEIaOF9/ocqvvGigszuaNfP4Llhd2IMXjcWoP2hT9mT9HKwQGUiLFIG
MqWqjs15DoZmI1E1l6cEHiuZloPFPgsv9CfUy/UebQrET44gM+NZ0zivz7gosjCf
KZVUybmEPdo8xeSTdp3IfbxGtTQSmksUIXyYviyyx3dJw4nCZa/os2hHTCxow0iJ
PzbQ1XQlm8sgRRTP4xA7/bGNRwIDAQABo4ICmzCCApcwHQYDVR0OBBYEFJIUZyjB
rknuUkWCscad/zlssYzYMB8GA1UdIwQYMBaAFAf+QXHdUNzntk92mYlnpXHPk8QL
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTExQkZCMC8yMkMyNTE0NjZD
QzIxMUU5QTBENkFGNjdDNEY5QUUwMi9CXzVCY2QxUTNPZTJUM2FaaVdlbGNjLVR4
QXMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0JfNUJjZDFRM09lMlQzYVppV2VsY2MtVHhBcy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MUJGQjAvMjJDMjUxNDY2Q0MyMTFFOUEwRDZBRjY3QzRGOUFFMDIvMzAyOTlFOUM4
OTQxMTFFQTlFNjQxRjZCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBAJnRtgDBAK2/zQwDQYJKoZIhvcNAQELBQADggEBAMQnz2vZ
bShiSo/+gN5Pmh1eBEKWhY1i8FP2tGQV9Q35xEhP3WV5DEUpdGWwsI2GlwmDEHzH
ZCjMopqCz2s2vQZLKcutREbTcQx89k0SgMAI8fyrrMg0V057jJirasbvvAfWL0mi
QWbNkSGQO9xksQoLp6gtZN5OLa/xeRtRR/kUodquwANYKoL6FOP1N9Fcu+3vfY8I
bkTwUFUBIphqMRPwluIIoFV6PyUJ+ddlsavTC1d6lhUQrC1SbXkrojlrYWaIPx9u
3ZEiXDrcE4Yi4D4PDhPimTWjPUrZwVFpOlYaGcetSndJyafAiIthzLF8yKVDuQ12
zo2LyWa0J8DNMQk=
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:50:56 2024 by rpki-client on console-fra.rpki-client.org