Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9128C7F/3B7BDABE3FC711EDAC9B221DC4F9AE02/B38831A6903F11EDAA48825AC4F9AE02.roa
File:                     B38831A6903F11EDAA48825AC4F9AE02.roa (raw, json)
Hash identifier:          9xpKsfaHDrRgkVWPYE2L29YVwTR4FPLmPtqIBsf5NZo=
Subject key identifier:   0B:FA:F7:00:25:0A:40:E1:8B:F5:D3:B4:E6:B0:96:E8:FE:17:DE:65
Certificate issuer:       /CN=A9128C7F/serialNumber=8976B5FB48F2E4111D78D5A3CD5A2FCA1961397A
Certificate serial:       4B
Authority key identifier: 89:76:B5:FB:48:F2:E4:11:1D:78:D5:A3:CD:5A:2F:CA:19:61:39:7A
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/iXa1-0jy5BEdeNWjzVovyhlhOXo.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9128C7F/3B7BDABE3FC711EDAC9B221DC4F9AE02/B38831A6903F11EDAA48825AC4F9AE02.roa
Signing time:             Wed 11 Jan 2023 20:44:34 +0000
ROA not before:           Wed 11 Jan 2023 20:44:34 +0000
ROA not after:            Sat 30 Dec 2023 00:00:00 +0000
asID:                     150334
IP address blocks:        103.14.168.0/24 maxlen: 24
                          103.14.169.0/24 maxlen: 24
                          2001:df1:55c0::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 75 (0x4b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9128C7F/serialNumber=8976B5FB48F2E4111D78D5A3CD5A2FCA1961397A
        Validity
            Not Before: Jan 11 20:44:34 2023 GMT
            Not After : Dec 30 00:00:00 2023 GMT
        Subject: CN=63bf1fb1-66b7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:44:19:6f:e1:90:f8:b2:fc:76:11:98:32:77:
                    f2:8a:58:c5:d8:9e:03:39:1c:0c:90:d3:ca:31:ca:
                    ec:48:8c:58:ff:96:73:f3:ec:6a:67:ab:62:a4:01:
                    4b:80:26:81:4f:03:14:98:3b:d3:ba:2a:a6:fc:b7:
                    54:a4:9e:1c:40:1f:80:38:54:22:2c:d8:65:ae:91:
                    90:bd:50:7b:30:2f:8a:8d:78:c2:f3:d1:26:8d:ff:
                    a2:90:f1:d0:d1:1d:78:52:5f:36:85:79:d0:e2:fe:
                    cf:07:bc:68:c0:e9:84:60:f7:fa:be:f7:68:90:c9:
                    99:7c:0d:96:c6:fc:e7:d2:9c:9f:75:5b:c5:77:16:
                    3f:bb:15:d8:f4:fb:8c:09:4a:a9:e3:c6:e8:ad:cb:
                    df:3b:de:67:dc:4a:b3:94:fe:2d:e3:34:a4:34:ff:
                    e0:6c:d6:cf:85:9d:27:58:8d:bd:01:97:3e:d2:42:
                    62:c2:48:9c:da:8b:5f:8c:c7:c6:fa:db:6b:42:80:
                    3b:2f:cf:f6:4b:9f:0b:aa:39:6e:22:ff:84:ef:27:
                    67:46:d5:8b:1c:9c:44:8b:d8:a2:f4:1a:09:b3:54:
                    4f:82:50:d0:97:dd:dc:d2:dc:a1:0b:65:6a:fc:2b:
                    29:5e:f8:25:bd:be:6e:99:b7:03:1d:41:c2:8f:32:
                    bc:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:FA:F7:00:25:0A:40:E1:8B:F5:D3:B4:E6:B0:96:E8:FE:17:DE:65
            X509v3 Authority Key Identifier:
                keyid:89:76:B5:FB:48:F2:E4:11:1D:78:D5:A3:CD:5A:2F:CA:19:61:39:7A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9128C7F/3B7BDABE3FC711EDAC9B221DC4F9AE02/iXa1-0jy5BEdeNWjzVovyhlhOXo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/iXa1-0jy5BEdeNWjzVovyhlhOXo.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9128C7F/3B7BDABE3FC711EDAC9B221DC4F9AE02/B38831A6903F11EDAA48825AC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.14.168.0/23
                IPv6:
                  2001:df1:55c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         89:04:a1:f1:66:f8:e1:5a:51:7d:a9:c3:23:4b:67:39:96:ce:
         ec:20:06:7a:c4:87:08:24:b9:31:63:f0:bb:13:18:7f:05:2f:
         25:e7:39:ae:a9:2d:77:a8:d4:e5:57:01:bb:89:16:51:58:63:
         f0:73:23:42:8b:65:dc:bd:7a:90:7c:e1:8b:70:23:3a:38:1c:
         db:dd:61:11:d8:98:a6:aa:f6:d5:f8:a1:e3:70:82:ec:45:52:
         ab:86:f7:23:86:be:0e:4c:00:a4:f0:bb:cd:f0:f4:11:3e:c5:
         7a:e4:cf:ce:1b:56:60:ba:c1:f7:4b:94:2f:16:86:54:46:1b:
         0d:c9:8d:c7:ba:e0:02:08:6e:58:38:7f:1a:a7:84:9d:e0:b7:
         6c:99:5d:26:85:d2:2c:ca:70:47:1c:b7:c1:2d:6b:a3:c3:78:
         4a:22:54:f7:c2:1b:3e:ee:54:bd:fa:d1:96:c6:5c:28:46:2d:
         40:4e:3e:5b:6c:5b:be:51:ae:b3:e6:2f:b5:38:42:33:c9:78:
         30:99:64:b9:3b:bb:4a:ab:ba:72:74:46:b9:4b:0f:65:d2:2d:
         d9:90:48:60:58:e3:7e:3b:20:6f:0d:c4:7f:07:5c:39:1a:52:
         8a:9b:c7:d0:88:b0:11:a0:11:09:35:fe:9e:bb:a1:70:47:4d:
         d6:31:4c:ce
-----BEGIN CERTIFICATE-----
MIIFgTCCBGmgAwIBAgIBSzANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTEy
OEM3RjExMC8GA1UEBRMoODk3NkI1RkI0OEYyRTQxMTFENzhENUEzQ0Q1QTJGQ0Ex
OTYxMzk3QTAeFw0yMzAxMTEyMDQ0MzRaFw0yMzEyMzAwMDAwMDBaMBgxFjAUBgNV
BAMTDTYzYmYxZmIxLTY2YjcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQC7RBlv4ZD4svx2EZgyd/KKWMXYngM5HAyQ08oxyuxIjFj/lnPz7Gpnq2KkAUuA
JoFPAxSYO9O6Kqb8t1SknhxAH4A4VCIs2GWukZC9UHswL4qNeMLz0SaN/6KQ8dDR
HXhSXzaFedDi/s8HvGjA6YRg9/q+92iQyZl8DZbG/OfSnJ91W8V3Fj+7Fdj0+4wJ
Sqnjxuity9873mfcSrOU/i3jNKQ0/+Bs1s+FnSdYjb0Blz7SQmLCSJzai1+Mx8b6
22tCgDsvz/ZLnwuqOW4i/4TvJ2dG1YscnESL2KL0GgmzVE+CUNCX3dzS3KELZWr8
Kyle+CW9vm6ZtwMdQcKPMryHAgMBAAGjggKmMIICojAdBgNVHQ4EFgQUC/r3ACUK
QOGL9dO05rCW6P4X3mUwHwYDVR0jBBgwFoAUiXa1+0jy5BEdeNWjzVovyhlhOXow
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTI4QzdGLzNCN0JEQUJFM0ZD
NzExRURBQzlCMjIxREM0RjlBRTAyL2lYYTEtMGp5NUJFZGVOV2p6Vm92eWhsaE9Y
by5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvaVhhMS0wank1QkVkZU5XanpWb3Z5aGxoT1hvLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEy
OEM3Ri8zQjdCREFCRTNGQzcxMUVEQUM5QjIyMURDNEY5QUUwMi9CMzg4MzFBNjkw
M0YxMUVEQUE0ODgyNUFDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAwBggrBgEFBQcBBwEB/wQh
MB8wDAQCAAEwBgMEAWcOqDAPBAIAAjAJAwcAIAEN8VXAMA0GCSqGSIb3DQEBCwUA
A4IBAQCJBKHxZvjhWlF9qcMjS2c5ls7sIAZ6xIcIJLkxY/C7Exh/BS8l5zmuqS13
qNTlVwG7iRZRWGPwcyNCi2XcvXqQfOGLcCM6OBzb3WER2JimqvbV+KHjcILsRVKr
hvcjhr4OTACk8LvN8PQRPsV65M/OG1ZgusH3S5QvFoZURhsNyY3HuuACCG5YOH8a
p4Sd4LdsmV0mhdIsynBHHLfBLWujw3hKIlT3whs+7lS9+tGWxlwoRi1ATj5bbFu+
Ua6z5i+1OEIzyXgwmWS5O7tKq7pydEa5Sw9l0i3ZkEhgWON+OyBvDcR/B1w5GlKK
m8fQiLARoBEJNf6eu6FwR03WMUzO
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:04:49 2024 by rpki-client on console-ams.rpki-client.org