Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A912FC73/0144CDF89F3411EC9CEBC670C4F9AE02/8AC12EAC721311EDB3677D2DC4F9AE02.roa
File:                     8AC12EAC721311EDB3677D2DC4F9AE02.roa (raw, json)
Hash identifier:          NrmDKWmYGuHs5SG1ciOm9iVmC9xypsnX3vF/vKgcWKE=
Subject key identifier:   36:35:8D:EC:FF:FC:F3:FE:46:C5:68:C6:22:D2:13:2D:2A:E3:35:87
Certificate issuer:       /CN=A912FC73/serialNumber=CEE41601EEA9F51B3525DA55DD4AC95CEFAF5ABC
Certificate serial:       01DD
Authority key identifier: CE:E4:16:01:EE:A9:F5:1B:35:25:DA:55:DD:4A:C9:5C:EF:AF:5A:BC
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/zuQWAe6p9Rs1JdpV3UrJXO-vWrw.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A912FC73/0144CDF89F3411EC9CEBC670C4F9AE02/8AC12EAC721311EDB3677D2DC4F9AE02.roa
Signing time:             Thu 08 Dec 2022 11:54:17 +0000
ROA not before:           Thu 08 Dec 2022 11:54:17 +0000
ROA not after:            Sat 30 Dec 2023 00:00:00 +0000
asID:                     43350
IP address blocks:        113.20.52.0/22 maxlen: 22
                          113.20.60.0/22 maxlen: 22

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 477 (0x1dd)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A912FC73/serialNumber=CEE41601EEA9F51B3525DA55DD4AC95CEFAF5ABC
        Validity
            Not Before: Dec  8 11:54:17 2022 GMT
            Not After : Dec 30 00:00:00 2023 GMT
        Subject: CN=6391d069-90f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:50:8d:35:90:6e:4b:fd:19:f4:bc:f2:51:14:
                    76:a8:cc:a0:d5:47:62:d7:a5:7a:5f:c0:ea:5a:5f:
                    c2:c8:2e:00:d5:b8:4f:f9:6b:07:50:36:33:1c:88:
                    14:24:99:39:c9:80:cf:82:24:d5:a5:49:5d:02:63:
                    9d:5c:90:1a:e5:61:e4:cd:99:d4:f7:a8:a1:f4:1d:
                    a5:b6:05:99:eb:f0:14:10:2f:f1:b3:4f:51:55:71:
                    9a:20:02:b2:1c:59:37:06:3a:72:74:6f:85:2c:2d:
                    ab:c5:70:6b:92:ba:32:50:2a:ba:b3:99:85:9e:41:
                    54:59:88:84:11:26:13:53:92:d8:ce:7a:05:e0:87:
                    59:ed:1d:40:07:49:f5:60:ec:a5:6c:32:fd:2b:e8:
                    44:76:aa:af:28:28:bb:1e:15:be:94:7e:4b:5e:cd:
                    65:9f:a3:10:51:ed:e0:8f:6c:6b:a9:f5:da:5b:66:
                    8c:63:0f:f1:4b:f2:30:fe:08:1c:56:52:92:ff:b6:
                    5c:89:1c:6f:4a:9f:bd:6e:30:19:86:47:1c:50:0e:
                    11:30:a8:47:a0:8c:5a:4c:06:d2:48:d0:11:7c:f5:
                    d1:c9:b5:d9:b2:1d:2d:5f:b3:4b:29:79:1a:70:ac:
                    af:6b:da:d3:94:14:52:b2:6d:6d:a3:46:af:47:b0:
                    fc:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:35:8D:EC:FF:FC:F3:FE:46:C5:68:C6:22:D2:13:2D:2A:E3:35:87
            X509v3 Authority Key Identifier:
                keyid:CE:E4:16:01:EE:A9:F5:1B:35:25:DA:55:DD:4A:C9:5C:EF:AF:5A:BC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A912FC73/0144CDF89F3411EC9CEBC670C4F9AE02/zuQWAe6p9Rs1JdpV3UrJXO-vWrw.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/zuQWAe6p9Rs1JdpV3UrJXO-vWrw.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A912FC73/0144CDF89F3411EC9CEBC670C4F9AE02/8AC12EAC721311EDB3677D2DC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  113.20.52.0/22
                  113.20.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2d:54:27:aa:3b:82:2c:ac:f3:77:71:b7:38:25:83:cc:d4:79:
         db:9b:71:96:bc:32:b6:37:3e:0f:5a:e0:1f:f1:cf:9e:2b:0e:
         ce:6b:58:62:c0:09:21:5e:5c:e3:6c:72:e7:2a:9f:16:d8:41:
         92:37:27:97:d0:07:e0:2a:4e:8e:f1:7e:86:77:25:54:00:96:
         a2:08:dc:40:6b:4e:62:74:96:97:b8:9f:eb:ae:3d:6e:37:3a:
         fc:0a:a2:cc:b4:17:3d:3a:7e:24:0d:28:0f:ea:90:fd:ef:45:
         b5:eb:2f:47:f0:b6:28:35:01:f9:ca:be:fe:e1:8e:df:6d:ee:
         da:0e:c9:a4:06:e7:40:35:0c:df:ff:57:15:ac:fa:66:a2:ab:
         58:c0:c3:e2:49:c3:73:31:f1:8d:95:66:b9:0b:90:8b:f3:a5:
         c9:00:3c:74:70:da:a3:61:90:bc:5d:a1:df:41:ab:60:60:b0:
         db:4b:fc:21:9f:30:e2:43:54:e1:96:65:bb:34:b8:41:91:f8:
         9a:2e:22:a3:05:39:40:b7:74:6e:df:77:8c:de:6a:dc:25:ee:
         31:94:4c:69:4e:d7:8b:31:80:e1:69:a7:e9:46:96:46:05:e5:
         2a:89:51:d9:da:fd:43:48:1f:30:04:f5:c7:f5:e1:89:61:9b:
         2f:82:e2:81
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICAd0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MkZDNzMxMTAvBgNVBAUTKENFRTQxNjAxRUVBOUY1MUIzNTI1REE1NURENEFDOTVD
RUZBRjVBQkMwHhcNMjIxMjA4MTE1NDE3WhcNMjMxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02MzkxZDA2OS05MGYxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAuFCNNZBuS/0Z9LzyURR2qMyg1Udi16V6X8DqWl/CyC4A1bhP+WsHUDYzHIgU
JJk5yYDPgiTVpUldAmOdXJAa5WHkzZnU96ih9B2ltgWZ6/AUEC/xs09RVXGaIAKy
HFk3BjpydG+FLC2rxXBrkroyUCq6s5mFnkFUWYiEESYTU5LYznoF4IdZ7R1AB0n1
YOylbDL9K+hEdqqvKCi7HhW+lH5LXs1ln6MQUe3gj2xrqfXaW2aMYw/xS/Iw/ggc
VlKS/7ZciRxvSp+9bjAZhkccUA4RMKhHoIxaTAbSSNARfPXRybXZsh0tX7NLKXka
cKyva9rTlBRSsm1to0avR7D8dwIDAQABo4ICmzCCApcwHQYDVR0OBBYEFDY1jez/
/PP+RsVoxiLSEy0q4zWHMB8GA1UdIwQYMBaAFM7kFgHuqfUbNSXaVd1KyVzvr1q8
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEyRkM3My8wMTQ0Q0RGODlG
MzQxMUVDOUNFQkM2NzBDNEY5QUUwMi96dVFXQWU2cDlSczFKZHBWM1VySlhPLXZX
cncuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3p1UVdBZTZwOVJzMUpkcFYzVXJKWE8tdldydy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MkZDNzMvMDE0NENERjg5RjM0MTFFQzlDRUJDNjcwQzRGOUFFMDIvOEFDMTJFQUM3
MjEzMTFFREIzNjc3RDJEQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBAJxFDQDBAJxFDwwDQYJKoZIhvcNAQELBQADggEBAC1UJ6o7
giys83dxtzglg8zUedubcZa8MrY3Pg9a4B/xz54rDs5rWGLACSFeXONscucqnxbY
QZI3J5fQB+AqTo7xfoZ3JVQAlqII3EBrTmJ0lpe4n+uuPW43OvwKosy0Fz06fiQN
KA/qkP3vRbXrL0fwtig1AfnKvv7hjt9t7toOyaQG50A1DN//VxWs+maiq1jAw+JJ
w3Mx8Y2VZrkLkIvzpckAPHRw2qNhkLxdod9Bq2BgsNtL/CGfMOJDVOGWZbs0uEGR
+JouIqMFOUC3dG7fd4zeatwl7jGUTGlO14sxgOFpp+lGlkYF5SqJUdna/UNIHzAE
9cf14Ylhmy+C4oE=
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:50:58 2024 by rpki-client on console-fra.rpki-client.org