Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9143B09/3B367BCE33B711E9AD0F587AC4F9AE02/8993C094D12E11EB879C5D76C4F9AE02.roa
File:                     8993C094D12E11EB879C5D76C4F9AE02.roa (raw, json)
Hash identifier:          wvqCovAd0fmhY6Zydwfq98ZnA43PjeaiBR6eeHFDhK4=
Subject key identifier:   3D:B4:63:5B:A9:D3:58:27:9D:8C:CE:BF:1A:4D:64:47:98:2E:17:F1
Certificate issuer:       /CN=A9143B09/serialNumber=5329700B4DDDAD9E3FCDC3273F4D18D3E3045DC0
Certificate serial:       085F
Authority key identifier: 53:29:70:0B:4D:DD:AD:9E:3F:CD:C3:27:3F:4D:18:D3:E3:04:5D:C0
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/UylwC03drZ4_zcMnP00Y0-MEXcA.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9143B09/3B367BCE33B711E9AD0F587AC4F9AE02/8993C094D12E11EB879C5D76C4F9AE02.roa
Signing time:             Fri 29 Nov 2024 12:15:08 +0000
ROA not before:           Fri 29 Nov 2024 12:15:08 +0000
ROA not after:            Wed 28 May 2025 00:00:00 +0000
asID:                     133957
IP address blocks:        45.118.68.0/24 maxlen: 24
                          45.118.69.0/24 maxlen: 24
                          45.118.71.0/24 maxlen: 24
                          103.49.200.0/24 maxlen: 24
                          103.49.202.0/24 maxlen: 24
                          103.49.203.0/24 maxlen: 24
                          2402:1c80::/32 maxlen: 33
                          2402:1c80::/34 maxlen: 34
                          2402:1c80:4000::/34 maxlen: 34
                          2402:1c80:8000::/34 maxlen: 34
                          2402:1c80:8000::/36 maxlen: 36
                          2402:1c80:9000::/36 maxlen: 36
                          2402:1c80:a000::/36 maxlen: 36
                          2402:1c80:b000::/36 maxlen: 36
                          2402:1c80:c000::/34 maxlen: 40
Validation:               Failed, CRL has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2143 (0x85f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9143B09
        Validity
            Not Before: Nov 29 12:15:08 2024 GMT
            Not After : May 28 00:00:00 2025 GMT
        Subject: CN=6749b04c-9d08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:45:fb:c9:20:01:a4:66:b5:9c:38:96:b0:94:
                    90:9f:66:a7:92:d8:34:0f:7e:e1:4f:a8:9a:6f:1f:
                    34:8a:f9:b0:1d:e5:b2:77:e2:2b:2d:c2:c3:b8:84:
                    2e:47:83:25:ab:9c:75:b1:6a:25:45:76:be:41:e8:
                    59:48:77:1f:a3:b6:41:d6:b2:0a:12:ff:c1:45:ec:
                    01:2a:2d:c2:ee:1a:57:c8:6e:97:6e:d0:a5:ff:0f:
                    f3:cd:38:23:46:18:44:c9:b1:1e:97:f5:a3:cd:d2:
                    99:2c:e1:6a:b5:ad:e1:aa:0b:ec:d4:4c:20:1a:21:
                    15:c9:94:95:42:3e:45:75:ff:cf:1c:b6:20:b8:7c:
                    3c:ae:12:43:5e:27:82:26:ca:02:64:b8:16:49:35:
                    25:f6:43:9a:52:f4:36:6d:ec:5c:38:50:b7:3d:fb:
                    c3:df:4d:6c:0e:92:1f:90:a3:29:3a:8c:1b:a5:d4:
                    47:c3:51:03:f6:33:ff:b9:88:a9:97:2d:dd:23:89:
                    f1:9c:04:aa:41:88:6d:ac:81:eb:89:9c:da:36:6a:
                    f7:ce:a4:69:c3:f0:9b:69:e3:ff:ad:f8:96:0c:96:
                    92:ff:9f:6d:8f:3b:ee:e9:60:2f:83:63:32:c6:aa:
                    87:02:25:09:76:c3:d2:3f:a9:e4:05:16:6a:97:ed:
                    80:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3D:B4:63:5B:A9:D3:58:27:9D:8C:CE:BF:1A:4D:64:47:98:2E:17:F1
            X509v3 Authority Key Identifier:
                keyid:53:29:70:0B:4D:DD:AD:9E:3F:CD:C3:27:3F:4D:18:D3:E3:04:5D:C0

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9143B09/3B367BCE33B711E9AD0F587AC4F9AE02/UylwC03drZ4_zcMnP00Y0-MEXcA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/UylwC03drZ4_zcMnP00Y0-MEXcA.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9143B09/3B367BCE33B711E9AD0F587AC4F9AE02/8993C094D12E11EB879C5D76C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.118.68.0/23
                  45.118.71.0/24
                  103.49.200.0/24
                  103.49.202.0/23
                IPv6:
                  2402:1c80::/32

    Signature Algorithm: sha256WithRSAEncryption
         59:cd:30:4d:9e:2d:33:9f:62:c3:95:1f:6f:d7:0a:aa:f2:62:
         03:2e:79:72:b4:1a:b0:30:b4:48:e0:6b:07:19:27:77:e7:ce:
         11:9c:92:ff:47:71:bf:2c:4a:be:97:4f:2c:c3:6a:75:4d:b4:
         bc:d6:62:08:c1:13:3e:52:c4:22:8f:64:cd:f5:22:03:ba:ad:
         25:29:27:c9:de:44:3f:7d:ed:a1:15:0d:31:81:b1:81:15:c1:
         e4:d3:72:78:1c:da:b0:98:60:79:ca:73:96:8c:c8:d7:e1:a3:
         24:8d:47:70:45:c2:66:6f:88:61:62:09:ef:6b:4e:b4:31:21:
         46:47:4c:43:1c:4b:21:81:f9:5f:fd:80:22:de:65:51:33:2c:
         50:f3:0f:2e:02:e6:9f:68:0a:65:49:85:11:e5:b1:dd:14:c4:
         2d:b5:0a:96:fc:87:c4:2e:8e:35:3c:6c:f4:6b:b9:97:78:b0:
         50:7a:ec:31:6e:47:f9:19:0a:a6:5e:b5:85:b3:00:d0:14:fa:
         b3:f5:c4:97:e8:b8:b4:14:f9:a0:83:d7:4c:81:b9:11:53:07:
         dd:af:60:1a:79:b3:af:5f:19:29:2d:ee:a2:69:c3:c2:f9:a6:
         04:d6:22:6b:8d:6f:5e:0f:1f:0f:be:ef:a0:76:56:28:e6:4c:
         d9:f4:ed:a6
-----BEGIN CERTIFICATE-----
MIIFkjCCBHqgAwIBAgICCF8wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDNCMDkxMTAvBgNVBAUTKDUzMjk3MDBCNEREREFEOUUzRkNEQzMyNzNGNEQxOEQz
RTMwNDVEQzAwHhcNMjQxMTI5MTIxNTA4WhcNMjUwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02NzQ5YjA0Yy05ZDA4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAoUX7ySABpGa1nDiWsJSQn2anktg0D37hT6iabx80ivmwHeWyd+IrLcLDuIQu
R4Mlq5x1sWolRXa+QehZSHcfo7ZB1rIKEv/BRewBKi3C7hpXyG6XbtCl/w/zzTgj
RhhEybEel/WjzdKZLOFqta3hqgvs1EwgGiEVyZSVQj5Fdf/PHLYguHw8rhJDXieC
JsoCZLgWSTUl9kOaUvQ2bexcOFC3PfvD301sDpIfkKMpOowbpdRHw1ED9jP/uYip
ly3dI4nxnASqQYhtrIHriZzaNmr3zqRpw/CbaeP/rfiWDJaS/59tjzvu6WAvg2My
xqqHAiUJdsPSP6nkBRZql+2AXwIDAQABo4ICtjCCArIwHQYDVR0OBBYEFD20Y1up
01gnnYzOvxpNZEeYLhfxMB8GA1UdIwQYMBaAFFMpcAtN3a2eP83DJz9NGNPjBF3A
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0M0IwOS8zQjM2N0JDRTMz
QjcxMUU5QUQwRjU4N0FDNEY5QUUwMi9VeWx3QzAzZHJaNF96Y01uUDAwWTAtTUVY
Y0EuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1V5bHdDMDNkclo0X3pjTW5QMDBZMC1NRVhjQS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDNCMDkvM0IzNjdCQ0UzM0I3MTFFOUFEMEY1ODdBQzRGOUFFMDIvODk5M0MwOTRE
MTJFMTFFQjg3OUM1RDc2QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwQAYIKwYBBQUHAQcBAf8E
MTAvMB4EAgABMBgDBAEtdkQDBAAtdkcDBABnMcgDBAFnMcowDQQCAAIwBwMFACQC
HIAwDQYJKoZIhvcNAQELBQADggEBAFnNME2eLTOfYsOVH2/XCqryYgMueXK0GrAw
tEjgawcZJ3fnzhGckv9Hcb8sSr6XTyzDanVNtLzWYgjBEz5SxCKPZM31IgO6rSUp
J8neRD997aEVDTGBsYEVweTTcngc2rCYYHnKc5aMyNfhoySNR3BFwmZviGFiCe9r
TrQxIUZHTEMcSyGB+V/9gCLeZVEzLFDzDy4C5p9oCmVJhRHlsd0UxC21Cpb8h8Qu
jjU8bPRruZd4sFB67DFuR/kZCqZetYWzANAU+rP1xJfouLQU+aCD10yBuRFTB92v
YBp5s69fGSkt7qJpw8L5pgTWImuNb14PHw++76B2VijmTNn07aY=
-----END CERTIFICATE-----