Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9157D7A/5DDCCCC6991511EB96727243C4F9AE02/454897102FD811EEABB59B48C4F9AE02.roa
File:                     454897102FD811EEABB59B48C4F9AE02.roa (raw, json)
Hash identifier:          z871bYabxqw1QSfJqiYg1hTLgEM8hH1oIw6JNumL470=
Subject key identifier:   E1:BA:B4:6A:C8:0E:00:42:2D:28:2D:66:33:88:A5:9B:7A:79:5E:1C
Certificate issuer:       /CN=A9157D7A/serialNumber=401B429906C90EA03ECFC61B15BA4EF123903379
Certificate serial:       05A5
Authority key identifier: 40:1B:42:99:06:C9:0E:A0:3E:CF:C6:1B:15:BA:4E:F1:23:90:33:79
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QBtCmQbJDqA-z8YbFbpO8SOQM3k.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9157D7A/5DDCCCC6991511EB96727243C4F9AE02/454897102FD811EEABB59B48C4F9AE02.roa
Signing time:             Mon 20 Nov 2023 05:25:04 +0000
ROA not before:           Mon 20 Nov 2023 05:25:04 +0000
ROA not after:            Tue 28 May 2024 00:00:00 +0000
asID:                     45820
IP address blocks:        14.194.0.0/18 maxlen: 24
                          14.194.64.0/18 maxlen: 24
                          14.194.128.0/18 maxlen: 24
                          14.194.208.0/20 maxlen: 24
                          14.194.240.0/20 maxlen: 24
                          14.195.0.0/18 maxlen: 24
                          49.200.0.0/14 maxlen: 14
                          49.202.208.0/24 maxlen: 24
                          49.249.0.0/17 maxlen: 24
                          49.249.128.0/18 maxlen: 24
                          115.160.217.0/24 maxlen: 24
                          182.156.0.0/18 maxlen: 22
                          182.156.0.0/22 maxlen: 24
                          182.156.4.0/23 maxlen: 24
                          182.156.8.0/21 maxlen: 24
                          182.156.16.0/22 maxlen: 24
                          182.156.22.0/23 maxlen: 24
                          182.156.24.0/21 maxlen: 24
                          182.156.32.0/19 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1445 (0x5a5)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9157D7A/serialNumber=401B429906C90EA03ECFC61B15BA4EF123903379
        Validity
            Not Before: Nov 20 05:25:04 2023 GMT
            Not After : May 28 00:00:00 2024 GMT
        Subject: CN=655aedb0-cc32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:a1:6e:6c:85:7e:13:02:63:be:fe:30:4c:b8:
                    2b:5a:02:ba:76:b2:1a:56:32:d2:6a:10:73:4a:f6:
                    8d:7d:79:e7:3a:d5:47:9e:a2:0c:85:3d:b3:71:da:
                    d4:ed:65:44:98:67:bd:9c:39:70:cd:6e:9c:9c:44:
                    82:1a:6d:27:7d:32:90:fa:1d:78:32:eb:01:27:4b:
                    a7:c6:dc:bb:05:a4:8d:f7:cc:83:0c:a5:fb:74:a1:
                    79:74:c2:b7:2c:9d:3b:4b:5f:14:8f:4e:3c:c0:3f:
                    8b:87:d3:21:ad:44:a6:e6:1f:38:ef:8c:cf:c0:33:
                    ae:66:36:d4:c5:e7:3b:f3:25:a9:08:83:b3:44:63:
                    fa:28:24:64:93:d8:19:56:14:2e:ab:38:ff:3c:af:
                    55:b0:30:7e:56:08:f8:7f:f9:e7:a1:5e:e6:89:c5:
                    5a:fd:4b:44:c3:1a:17:28:43:cb:5f:00:32:38:7c:
                    58:b2:92:50:88:f0:7b:61:f9:1d:7b:be:6a:64:8c:
                    35:a3:7a:8a:84:05:74:5a:af:2b:ad:d7:aa:3a:24:
                    2b:ad:06:30:41:40:88:a3:61:84:e4:b7:77:5a:6b:
                    cc:a6:c9:d1:f3:fc:27:7c:07:81:a4:0d:7a:b3:86:
                    7e:d2:f4:50:08:bd:ef:8b:62:36:23:a8:1f:7d:5d:
                    c9:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:BA:B4:6A:C8:0E:00:42:2D:28:2D:66:33:88:A5:9B:7A:79:5E:1C
            X509v3 Authority Key Identifier:
                keyid:40:1B:42:99:06:C9:0E:A0:3E:CF:C6:1B:15:BA:4E:F1:23:90:33:79

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9157D7A/5DDCCCC6991511EB96727243C4F9AE02/QBtCmQbJDqA-z8YbFbpO8SOQM3k.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QBtCmQbJDqA-z8YbFbpO8SOQM3k.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9157D7A/5DDCCCC6991511EB96727243C4F9AE02/454897102FD811EEABB59B48C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  14.194.0.0-14.194.191.255
                  14.194.208.0/20
                  14.194.240.0-14.195.63.255
                  49.200.0.0/14
                  49.249.0.0-49.249.191.255
                  115.160.217.0/24
                  182.156.0.0/18

    Signature Algorithm: sha256WithRSAEncryption
         9a:45:90:85:8d:1b:7a:37:f9:13:73:8f:74:0e:ba:d3:bf:89:
         ca:38:ae:82:9b:5a:52:2c:3f:45:36:eb:74:f5:f1:96:de:bf:
         03:65:12:4b:cb:37:2c:eb:38:b9:45:80:c5:19:7d:6d:63:9f:
         55:79:0a:11:9d:08:93:c0:e6:6e:f1:2a:9b:89:d5:fa:90:93:
         9b:b8:a2:45:1b:58:86:bc:97:d1:64:d3:dd:9c:f4:7d:a2:a0:
         b0:7b:29:ad:98:28:8c:7a:1a:8d:84:28:39:55:d0:43:e4:75:
         e2:f0:33:a4:05:44:fb:9d:ed:3f:89:09:a9:88:3f:12:a2:0a:
         b6:f5:09:71:89:c6:35:67:7a:9f:9e:74:6b:ec:91:e9:4d:03:
         40:7a:27:76:90:b3:a6:87:53:f7:a9:1f:c1:04:dc:0c:92:6d:
         fe:f5:47:f9:8c:99:77:62:97:f1:d3:82:57:4d:84:a6:43:62:
         b3:4c:78:4e:f1:bb:cc:16:f0:37:8d:d5:fd:5d:d1:a8:36:63:
         24:37:a5:0f:9f:63:f2:eb:bc:06:af:9c:08:8f:25:79:01:04:
         21:c0:1f:0a:fa:25:95:32:f5:83:71:29:9f:87:4b:5c:3c:d6:
         6b:ad:e7:ae:4a:a4:e6:c3:9e:1b:b1:bd:93:33:e6:be:e5:fc:
         d8:fa:65:1d
-----BEGIN CERTIFICATE-----
MIIFqjCCBJKgAwIBAgICBaUwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NTdEN0ExMTAvBgNVBAUTKDQwMUI0Mjk5MDZDOTBFQTAzRUNGQzYxQjE1QkE0RUYx
MjM5MDMzNzkwHhcNMjMxMTIwMDUyNTA0WhcNMjQwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02NTVhZWRiMC1jYzMyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA9qFubIV+EwJjvv4wTLgrWgK6drIaVjLSahBzSvaNfXnnOtVHnqIMhT2zcdrU
7WVEmGe9nDlwzW6cnESCGm0nfTKQ+h14MusBJ0unxty7BaSN98yDDKX7dKF5dMK3
LJ07S18Uj048wD+Lh9MhrUSm5h8474zPwDOuZjbUxec78yWpCIOzRGP6KCRkk9gZ
VhQuqzj/PK9VsDB+Vgj4f/nnoV7micVa/UtEwxoXKEPLXwAyOHxYspJQiPB7Yfkd
e75qZIw1o3qKhAV0Wq8rrdeqOiQrrQYwQUCIo2GE5Ld3WmvMpsnR8/wnfAeBpA16
s4Z+0vRQCL3vi2I2I6gffV3J9wIDAQABo4ICzjCCAsowHQYDVR0OBBYEFOG6tGrI
DgBCLSgtZjOIpZt6eV4cMB8GA1UdIwQYMBaAFEAbQpkGyQ6gPs/GGxW6TvEjkDN5
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1N0Q3QS81RERDQ0NDNjk5
MTUxMUVCOTY3MjcyNDNDNEY5QUUwMi9RQnRDbVFiSkRxQS16OFliRmJwTzhTT1FN
M2suY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1FCdENtUWJKRHFBLXo4WWJGYnBPOFNPUU0zay5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NTdEN0EvNUREQ0NDQzY5OTE1MTFFQjk2NzI3MjQzQzRGOUFFMDIvNDU0ODk3MTAy
RkQ4MTFFRUFCQjU5QjQ4QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwWAYIKwYBBQUHAQcBAf8E
STBHMEUEAgABMD8wCwMDAQ7CAwQGDsKAAwQEDsLQMAwDBAQOwvADBAYOwwADAwIx
yDALAwMAMfkDBAYx+YADBABzoNkDBAa2nAAwDQYJKoZIhvcNAQELBQADggEBAJpF
kIWNG3o3+RNzj3QOutO/ico4roKbWlIsP0U263T18ZbevwNlEkvLNyzrOLlFgMUZ
fW1jn1V5ChGdCJPA5m7xKpuJ1fqQk5u4okUbWIa8l9Fk092c9H2ioLB7Ka2YKIx6
Go2EKDlV0EPkdeLwM6QFRPud7T+JCamIPxKiCrb1CXGJxjVnep+edGvskelNA0B6
J3aQs6aHU/epH8EE3AySbf71R/mMmXdil/HTgldNhKZDYrNMeE7xu8wW8DeN1f1d
0ag2YyQ3pQ+fY/LrvAavnAiPJXkBBCHAHwr6JZUy9YNxKZ+HS1w81mut565KpObD
nhuxvZMz5r7l/Nj6ZR0=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:06 2024 by rpki-client on console-ams.rpki-client.org