Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9141B5B/8D57E17CDD9511EDAE8C6C7AC4F9AE02/9C2C10D2DD9B11ED95478E11C4F9AE02.roa
File:                     9C2C10D2DD9B11ED95478E11C4F9AE02.roa (raw, json)
Hash identifier:          bBzVuiLGekpSFxJAQ+gxRw/fVEWjjWQAFHmUC8cRVuM=
Subject key identifier:   A6:51:5D:F4:01:5A:77:DC:1A:98:E4:AA:FD:1D:6A:17:42:E8:89:50
Certificate issuer:       /CN=A9141B5B/serialNumber=28848DC3F19E7729FFE37EF7E4F0A5C9C5B490E9
Certificate serial:       02
Authority key identifier: 28:84:8D:C3:F1:9E:77:29:FF:E3:7E:F7:E4:F0:A5:C9:C5:B4:90:E9
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KISNw_Gedyn_43735PClycW0kOk.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9141B5B/8D57E17CDD9511EDAE8C6C7AC4F9AE02/9C2C10D2DD9B11ED95478E11C4F9AE02.roa
Signing time:             Tue 18 Apr 2023 03:46:33 +0000
ROA not before:           Tue 18 Apr 2023 03:46:33 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     3462
IP address blocks:        103.112.48.0/22 maxlen: 22

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9141B5B/serialNumber=28848DC3F19E7729FFE37EF7E4F0A5C9C5B490E9
        Validity
            Not Before: Apr 18 03:46:33 2023 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=643e1299-6fd7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:f1:56:6a:43:26:07:3a:5e:b6:3d:c2:d6:23:
                    36:b8:6c:f5:64:69:21:8a:4b:c2:ea:af:ed:8b:51:
                    b9:28:bb:54:46:b8:c8:41:94:5a:ee:41:ec:1f:ea:
                    3a:b6:44:f6:ed:9f:62:54:d4:12:50:2f:d4:35:ce:
                    8b:5c:51:42:0d:a4:34:3e:dd:23:d2:67:88:b6:d1:
                    7b:c2:d7:60:ae:f9:1b:98:5f:2f:54:99:a4:44:9c:
                    0d:ad:6b:d6:52:17:98:25:d6:49:2f:56:c5:1d:e4:
                    d8:f9:be:bc:47:22:03:b1:63:97:17:50:ea:e3:65:
                    d4:f3:d2:98:ae:ac:f5:43:65:66:16:9c:dc:26:6f:
                    bc:cb:8b:13:8c:63:bd:a6:bb:5c:75:cc:13:3a:19:
                    af:28:29:e4:4b:28:94:85:2e:ec:0a:ac:01:d2:41:
                    92:77:f6:3c:5e:8f:ec:2f:d2:b8:5f:0d:36:a8:58:
                    8e:d5:3f:2e:0f:c2:46:bf:74:48:83:f9:f0:8d:5f:
                    39:d5:7c:b1:a0:e4:9e:7d:37:9f:d2:0f:8d:cf:62:
                    44:3b:3c:33:2d:64:65:2e:03:f0:6c:e8:70:09:c8:
                    15:be:c6:4d:cc:2a:b1:f1:de:c4:02:db:de:5e:aa:
                    67:c3:83:2e:d6:f1:31:91:95:34:9e:e9:82:44:28:
                    2e:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:51:5D:F4:01:5A:77:DC:1A:98:E4:AA:FD:1D:6A:17:42:E8:89:50
            X509v3 Authority Key Identifier:
                keyid:28:84:8D:C3:F1:9E:77:29:FF:E3:7E:F7:E4:F0:A5:C9:C5:B4:90:E9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9141B5B/8D57E17CDD9511EDAE8C6C7AC4F9AE02/KISNw_Gedyn_43735PClycW0kOk.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KISNw_Gedyn_43735PClycW0kOk.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9141B5B/8D57E17CDD9511EDAE8C6C7AC4F9AE02/9C2C10D2DD9B11ED95478E11C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.112.48.0/22

    Signature Algorithm: sha256WithRSAEncryption
         83:0b:dd:1f:b8:94:59:7e:38:65:cd:06:86:5a:cc:17:3f:a2:
         a9:01:03:87:32:32:fb:2c:dc:c1:16:99:e7:5f:7f:8a:df:be:
         10:a7:dc:59:29:15:b9:41:0a:53:a9:43:c7:2e:ca:ce:56:bb:
         e6:71:24:76:d4:3f:2b:52:73:c0:3e:36:a6:5d:0a:60:94:c0:
         55:e2:78:ea:f9:fc:3a:62:6a:9a:06:8d:79:d0:5d:bb:f0:71:
         5c:2c:b9:b5:3d:93:2a:f2:71:1a:a3:bd:c4:fc:d9:0f:a1:e4:
         a8:f9:c0:04:23:40:fa:1b:01:68:ae:2b:5c:37:75:bc:66:b5:
         65:a5:c7:ec:eb:2b:13:3b:16:47:92:9a:b9:d1:55:b2:ae:92:
         ac:51:cd:1c:f9:fe:c7:0f:a4:34:5e:0b:a7:72:5b:f9:77:4a:
         ec:71:13:7a:8b:3e:4a:fe:45:93:7a:37:92:f6:15:20:f5:91:
         ef:c0:51:f3:b9:d7:0d:ce:8a:d9:d3:26:c4:44:22:22:95:7d:
         6d:1c:fe:56:0f:ad:3c:fc:77:2b:bb:1e:7a:5f:f6:84:82:2f:
         8b:1f:5d:5d:0d:49:cb:c1:d6:13:af:db:6f:a6:0d:71:28:ed:
         5b:36:3e:3e:6b:29:69:7f:1d:98:46:21:68:2b:f5:eb:1b:ac:
         3a:24:47:c1
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgIBAjANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTE0
MUI1QjExMC8GA1UEBRMoMjg4NDhEQzNGMTlFNzcyOUZGRTM3RUY3RTRGMEE1QzlD
NUI0OTBFOTAeFw0yMzA0MTgwMzQ2MzNaFw0yMzA3MDEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY0M2UxMjk5LTZmZDcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDI8VZqQyYHOl62PcLWIza4bPVkaSGKS8Lqr+2LUbkou1RGuMhBlFruQewf6jq2
RPbtn2JU1BJQL9Q1zotcUUINpDQ+3SPSZ4i20XvC12Cu+RuYXy9UmaREnA2ta9ZS
F5gl1kkvVsUd5Nj5vrxHIgOxY5cXUOrjZdTz0piurPVDZWYWnNwmb7zLixOMY72m
u1x1zBM6Ga8oKeRLKJSFLuwKrAHSQZJ39jxej+wv0rhfDTaoWI7VPy4Pwka/dEiD
+fCNXznVfLGg5J59N5/SD43PYkQ7PDMtZGUuA/Bs6HAJyBW+xk3MKrHx3sQC295e
qmfDgy7W8TGRlTSe6YJEKC5hAgMBAAGjggKVMIICkTAdBgNVHQ4EFgQUplFd9AFa
d9wamOSq/R1qF0LoiVAwHwYDVR0jBBgwFoAUKISNw/Gedyn/43735PClycW0kOkw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTQxQjVCLzhENTdFMTdDREQ5
NTExRURBRThDNkM3QUM0RjlBRTAyL0tJU053X0dlZHluXzQzNzM1UENseWNXMGtP
ay5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvS0lTTndfR2VkeW5fNDM3MzVQQ2x5Y1cwa09rLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0
MUI1Qi84RDU3RTE3Q0REOTUxMUVEQUU4QzZDN0FDNEY5QUUwMi85QzJDMTBEMkRE
OUIxMUVEOTU0NzhFMTFDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEAmdwMDANBgkqhkiG9w0BAQsFAAOCAQEAgwvdH7iUWX44Zc0G
hlrMFz+iqQEDhzIy+yzcwRaZ519/it++EKfcWSkVuUEKU6lDxy7Kzla75nEkdtQ/
K1JzwD42pl0KYJTAVeJ46vn8OmJqmgaNedBdu/BxXCy5tT2TKvJxGqO9xPzZD6Hk
qPnABCNA+hsBaK4rXDd1vGa1ZaXH7OsrEzsWR5KaudFVsq6SrFHNHPn+xw+kNF4L
p3Jb+XdK7HETeos+Sv5Fk3o3kvYVIPWR78BR87nXDc6K2dMmxEQiIpV9bRz+Vg+t
PPx3K7seel/2hIIvix9dXQ1Jy8HWE6/bb6YNcSjtWzY+PmspaX8dmEYhaCv16xus
OiRHwQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:03 2024 by rpki-client on console-fra.rpki-client.org