Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9154AFB/78A04E4CE32F11E7B6CED42FC4F9AE02/5308CC9A216311EEB3384476C4F9AE02.roa
File:                     5308CC9A216311EEB3384476C4F9AE02.roa (raw, json)
Hash identifier:          hJAu1fG6TYl6xTZ3OMSPoF6RnGZa4qe9sZxjGyqiBwg=
Subject key identifier:   4D:BF:B9:BC:C2:A7:A4:A5:2B:20:1C:10:49:FA:A8:99:E2:C7:E9:CB
Certificate issuer:       /CN=A9154AFB/serialNumber=D4E3176CB9F4893E74C4E805FA7FB5D90A4A7B0A
Certificate serial:       15D3
Authority key identifier: D4:E3:17:6C:B9:F4:89:3E:74:C4:E8:05:FA:7F:B5:D9:0A:4A:7B:0A
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/1OMXbLn0iT50xOgF-n-12QpKewo.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9154AFB/78A04E4CE32F11E7B6CED42FC4F9AE02/5308CC9A216311EEB3384476C4F9AE02.roa
Signing time:             Fri 14 Jul 2023 14:55:35 +0000
ROA not before:           Fri 14 Jul 2023 14:55:35 +0000
ROA not after:            Wed 29 May 2024 00:00:00 +0000
asID:                     135003
IP address blocks:        103.86.132.0/22 maxlen: 24
                          203.6.208.0/22 maxlen: 24
                          2400:bf40::/32 maxlen: 32
                          2400:bf40:1::/48 maxlen: 48
                          2400:bf40:2::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 5587 (0x15d3)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9154AFB/serialNumber=D4E3176CB9F4893E74C4E805FA7FB5D90A4A7B0A
        Validity
            Not Before: Jul 14 14:55:35 2023 GMT
            Not After : May 29 00:00:00 2024 GMT
        Subject: CN=64b161e7-cbcf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:f9:d7:7a:63:e0:8f:3b:68:72:13:96:1e:0b:
                    23:96:19:44:ca:5f:78:a8:58:7d:d9:77:3a:82:40:
                    7a:df:d2:60:ca:79:ad:aa:24:9b:e8:de:7e:60:88:
                    79:82:4f:df:bd:39:b7:f6:d1:ed:54:03:75:96:73:
                    9c:42:74:db:41:bc:e6:24:eb:f9:4c:06:1c:31:11:
                    e2:17:83:2e:b6:4d:f2:af:71:73:3b:e5:2d:94:ba:
                    c5:f5:ff:78:27:36:08:43:b1:e5:4c:77:40:d4:92:
                    97:cc:5b:26:a4:63:e0:ee:e5:4f:07:30:6d:f4:4c:
                    96:44:ac:a2:80:f3:ea:26:75:8b:20:64:c8:ca:fe:
                    35:d3:e7:4a:b6:2e:0d:31:37:ab:ca:85:66:e1:46:
                    db:43:45:23:1c:94:6f:5c:c1:3d:50:1e:1c:fc:fb:
                    3b:35:a8:07:e7:8c:7d:d2:ff:bf:82:69:1a:73:70:
                    63:61:2a:45:af:cb:c1:91:a0:38:73:68:c1:95:13:
                    6d:4e:c6:a1:36:45:87:3e:af:dc:8e:51:25:ae:b8:
                    67:e2:84:1b:87:b3:d4:9c:29:41:81:b9:39:c6:69:
                    5b:44:3e:aa:e6:0b:8e:12:82:db:b3:14:bf:c0:7e:
                    be:52:11:aa:62:17:29:a9:e2:82:ea:85:5c:cd:b5:
                    a5:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:BF:B9:BC:C2:A7:A4:A5:2B:20:1C:10:49:FA:A8:99:E2:C7:E9:CB
            X509v3 Authority Key Identifier:
                keyid:D4:E3:17:6C:B9:F4:89:3E:74:C4:E8:05:FA:7F:B5:D9:0A:4A:7B:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9154AFB/78A04E4CE32F11E7B6CED42FC4F9AE02/1OMXbLn0iT50xOgF-n-12QpKewo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/1OMXbLn0iT50xOgF-n-12QpKewo.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9154AFB/78A04E4CE32F11E7B6CED42FC4F9AE02/5308CC9A216311EEB3384476C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.86.132.0/22
                  203.6.208.0/22
                IPv6:
                  2400:bf40::/32

    Signature Algorithm: sha256WithRSAEncryption
         16:bb:78:4b:4d:73:2b:43:56:cd:e4:5f:08:a5:72:c9:8c:fe:
         fe:cc:7a:49:b5:41:6f:86:2f:89:b2:88:3c:47:40:7c:1c:8a:
         52:40:39:b8:24:d8:f2:1d:45:eb:9b:de:92:13:f0:e3:0a:dc:
         56:0f:06:6a:f9:5e:a3:6a:c9:2b:a9:2a:2e:1a:d8:a1:85:3e:
         d8:31:0f:b8:e8:32:f7:10:3c:c9:af:b8:d5:b8:10:64:f2:57:
         25:19:1b:fe:26:be:1b:b0:06:29:df:dd:18:5b:c2:eb:b4:8d:
         a2:4f:05:d0:b0:99:f7:d1:74:59:c0:13:33:44:b2:d1:cf:9c:
         03:1a:83:b6:dd:81:06:2f:af:12:c3:0f:a8:b7:a8:35:5c:cd:
         ef:dd:93:22:db:bc:9b:e7:da:a7:e6:22:3b:97:03:90:e4:04:
         53:fa:f5:ec:84:4d:25:3d:dd:a9:62:57:50:23:f8:cc:b7:09:
         57:b0:bf:a0:a2:ba:19:c8:9f:57:59:31:3f:b3:75:f8:40:5c:
         f9:df:35:7a:1d:90:6f:71:21:53:b5:0b:37:06:fc:da:73:fa:
         93:31:b9:be:8f:04:af:12:e2:2d:30:3e:39:9f:b5:e8:1f:f7:
         b3:f1:70:d4:22:25:b6:6f:e6:cc:08:35:4a:3b:44:3f:a5:1a:
         7f:77:c7:e6
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgICFdMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NTRBRkIxMTAvBgNVBAUTKEQ0RTMxNzZDQjlGNDg5M0U3NEM0RTgwNUZBN0ZCNUQ5
MEE0QTdCMEEwHhcNMjMwNzE0MTQ1NTM1WhcNMjQwNTI5MDAwMDAwWjAYMRYwFAYD
VQQDEw02NGIxNjFlNy1jYmNmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA6fnXemPgjztochOWHgsjlhlEyl94qFh92Xc6gkB639JgynmtqiSb6N5+YIh5
gk/fvTm39tHtVAN1lnOcQnTbQbzmJOv5TAYcMRHiF4Mutk3yr3FzO+UtlLrF9f94
JzYIQ7HlTHdA1JKXzFsmpGPg7uVPBzBt9EyWRKyigPPqJnWLIGTIyv410+dKti4N
MTeryoVm4UbbQ0UjHJRvXME9UB4c/Ps7NagH54x90v+/gmkac3BjYSpFr8vBkaA4
c2jBlRNtTsahNkWHPq/cjlElrrhn4oQbh7PUnClBgbk5xmlbRD6q5guOEoLbsxS/
wH6+UhGqYhcpqeKC6oVczbWl5wIDAQABo4ICqjCCAqYwHQYDVR0OBBYEFE2/ubzC
p6SlKyAcEEn6qJnix+nLMB8GA1UdIwQYMBaAFNTjF2y59Ik+dMToBfp/tdkKSnsK
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1NEFGQi83OEEwNEU0Q0Uz
MkYxMUU3QjZDRUQ0MkZDNEY5QUUwMi8xT01YYkxuMGlUNTB4T2dGLW4tMTJRcEtl
d28uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzFPTVhiTG4waVQ1MHhPZ0Ytbi0xMlFwS2V3by5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NTRBRkIvNzhBMDRFNENFMzJGMTFFN0I2Q0VENDJGQzRGOUFFMDIvNTMwOENDOUEy
MTYzMTFFRUIzMzg0NDc2QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNAYIKwYBBQUHAQcBAf8E
JTAjMBIEAgABMAwDBAJnVoQDBALLBtAwDQQCAAIwBwMFACQAv0AwDQYJKoZIhvcN
AQELBQADggEBABa7eEtNcytDVs3kXwilcsmM/v7Mekm1QW+GL4myiDxHQHwcilJA
Obgk2PIdReub3pIT8OMK3FYPBmr5XqNqySupKi4a2KGFPtgxD7joMvcQPMmvuNW4
EGTyVyUZG/4mvhuwBinf3Rhbwuu0jaJPBdCwmffRdFnAEzNEstHPnAMag7bdgQYv
rxLDD6i3qDVcze/dkyLbvJvn2qfmIjuXA5DkBFP69eyETSU93aliV1Aj+My3CVew
v6CiuhnIn1dZMT+zdfhAXPnfNXodkG9xIVO1CzcG/Npz+pMxub6PBK8S4i0wPjmf
tegf97PxcNQiJbZv5swINUo7RD+lGn93x+Y=
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:07 2024 by rpki-client on console-fra.rpki-client.org