Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A915E475/DA83AA7ACA1111EAA479C734C4F9AE02/D81D8D845E8111EEAC46A534C4F9AE02.roa
File:                     D81D8D845E8111EEAC46A534C4F9AE02.roa (raw, json)
Hash identifier:          tEfxOYBJaLrvJ3nR9g6hPzVMpYgZ2kkuqzupMneezWY=
Subject key identifier:   AB:18:7E:B0:AE:11:62:FA:EF:AF:18:E0:F6:2D:02:E0:82:A1:9C:0D
Certificate issuer:       /CN=A915E475/serialNumber=745FF4F063AB5D171E05251B31E294A4BC7973B1
Certificate serial:       088B
Authority key identifier: 74:5F:F4:F0:63:AB:5D:17:1E:05:25:1B:31:E2:94:A4:BC:79:73:B1
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/dF_08GOrXRceBSUbMeKUpLx5c7E.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A915E475/DA83AA7ACA1111EAA479C734C4F9AE02/D81D8D845E8111EEAC46A534C4F9AE02.roa
Signing time:             Fri 29 Sep 2023 04:37:07 +0000
ROA not before:           Fri 29 Sep 2023 04:37:07 +0000
ROA not after:            Sat 30 Dec 2023 00:00:00 +0000
asID:                     7631
IP address blocks:        123.176.112.0/22 maxlen: 22
                          123.176.112.0/23 maxlen: 23
                          123.176.112.0/24 maxlen: 24
                          123.176.113.0/24 maxlen: 24
                          123.176.114.0/23 maxlen: 23
                          123.176.115.0/24 maxlen: 24
                          123.176.116.0/22 maxlen: 22
                          123.176.116.0/23 maxlen: 23
                          123.176.116.0/24 maxlen: 24
                          125.253.36.0/23 maxlen: 23
                          203.189.4.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2187 (0x88b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A915E475/serialNumber=745FF4F063AB5D171E05251B31E294A4BC7973B1
        Validity
            Not Before: Sep 29 04:37:07 2023 GMT
            Not After : Dec 30 00:00:00 2023 GMT
        Subject: CN=65165472-87b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:47:26:f4:ee:0b:6c:1a:d4:58:52:6b:e0:93:
                    e1:79:ac:fe:97:58:bf:25:dc:4b:7e:69:2e:87:aa:
                    40:ea:3a:d9:8e:04:63:75:aa:37:40:91:f8:05:f4:
                    0c:ad:bb:86:0d:a2:c7:8b:51:5f:8a:4b:25:26:0c:
                    8a:fd:36:e8:af:51:fc:13:3f:e4:36:b0:10:9a:c6:
                    67:30:7f:73:9d:c3:16:ec:19:0a:8d:8a:b4:20:e3:
                    17:31:d3:fd:11:8e:80:5a:07:ea:1f:df:57:34:2b:
                    a8:cb:fc:ae:ec:53:25:3d:c3:6b:17:4a:2e:94:3b:
                    da:3c:28:80:5f:36:13:bd:b3:ad:fd:26:da:52:46:
                    47:28:76:3d:70:d9:e0:69:f3:a6:f9:c7:60:59:25:
                    0a:9a:4e:25:ac:57:cf:2a:75:f0:e4:6a:88:5b:67:
                    dd:aa:58:7c:29:b6:a3:c8:df:db:a1:0f:24:41:18:
                    26:e3:9a:55:ac:d6:f2:c1:d1:7c:10:f9:19:51:ab:
                    cc:5c:fb:3e:5e:51:f0:f2:14:dc:d7:a8:c9:1b:b3:
                    41:56:e8:94:e4:8a:59:d2:c2:65:71:a3:d4:68:66:
                    59:0b:dd:a4:b3:39:4c:97:d9:6e:fd:06:34:cb:bd:
                    cd:18:9f:71:fe:63:e7:39:64:96:3b:cb:a5:c0:a5:
                    ea:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:18:7E:B0:AE:11:62:FA:EF:AF:18:E0:F6:2D:02:E0:82:A1:9C:0D
            X509v3 Authority Key Identifier:
                keyid:74:5F:F4:F0:63:AB:5D:17:1E:05:25:1B:31:E2:94:A4:BC:79:73:B1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A915E475/DA83AA7ACA1111EAA479C734C4F9AE02/dF_08GOrXRceBSUbMeKUpLx5c7E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/dF_08GOrXRceBSUbMeKUpLx5c7E.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A915E475/DA83AA7ACA1111EAA479C734C4F9AE02/D81D8D845E8111EEAC46A534C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  123.176.112.0/21
                  125.253.36.0/23
                  203.189.4.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5e:5a:06:44:24:a1:0c:13:81:b8:a0:ff:78:fd:87:df:44:15:
         aa:3a:e2:e2:cc:f3:83:be:54:3a:ac:61:f7:bb:b3:89:ab:8f:
         b9:a6:b8:7b:da:17:e1:48:42:a6:d7:d0:79:9b:76:5b:78:75:
         fd:c2:c0:28:27:6f:12:40:83:5a:94:c9:fe:d4:f7:da:22:de:
         c6:0b:cb:17:78:80:1b:b9:a9:53:5a:c1:3d:16:e7:ea:13:7d:
         d3:6f:20:f4:23:e4:31:73:9b:f9:1d:4f:7e:3c:a0:f7:e3:f1:
         dd:c0:15:78:af:a1:50:9c:c9:54:97:47:41:a3:1e:c5:b8:33:
         38:c8:91:c8:02:6c:dd:bb:f1:fa:e7:79:fc:05:d3:93:a9:de:
         e3:61:85:e3:1d:b4:d2:28:e1:0a:6d:bb:5d:c9:89:a3:e8:05:
         16:61:5d:53:b4:56:37:92:9a:56:66:a6:21:dd:cb:4a:61:7d:
         f2:dd:67:83:5d:ce:24:7b:af:3a:24:5a:0e:89:a2:d8:cb:31:
         cd:39:b1:10:b4:05:a0:c9:e8:0e:07:a8:5c:c1:be:41:5c:a2:
         33:bb:db:33:48:03:31:39:9a:e3:4c:d3:db:6a:4c:c7:8c:af:
         72:a8:42:c4:a8:52:f4:73:05:f4:d8:73:41:39:5b:f6:74:cd:
         6d:a3:cd:5e
-----BEGIN CERTIFICATE-----
MIIFfTCCBGWgAwIBAgICCIswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NUU0NzUxMTAvBgNVBAUTKDc0NUZGNEYwNjNBQjVEMTcxRTA1MjUxQjMxRTI5NEE0
QkM3OTczQjEwHhcNMjMwOTI5MDQzNzA3WhcNMjMxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTE2NTQ3Mi04N2I2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA2Ecm9O4LbBrUWFJr4JPheaz+l1i/JdxLfmkuh6pA6jrZjgRjdao3QJH4BfQM
rbuGDaLHi1FfikslJgyK/Tbor1H8Ez/kNrAQmsZnMH9zncMW7BkKjYq0IOMXMdP9
EY6AWgfqH99XNCuoy/yu7FMlPcNrF0oulDvaPCiAXzYTvbOt/SbaUkZHKHY9cNng
afOm+cdgWSUKmk4lrFfPKnXw5GqIW2fdqlh8KbajyN/boQ8kQRgm45pVrNbywdF8
EPkZUavMXPs+XlHw8hTc16jJG7NBVuiU5IpZ0sJlcaPUaGZZC92kszlMl9lu/QY0
y73NGJ9x/mPnOWSWO8ulwKXqGQIDAQABo4ICoTCCAp0wHQYDVR0OBBYEFKsYfrCu
EWL6768Y4PYtAuCCoZwNMB8GA1UdIwQYMBaAFHRf9PBjq10XHgUlGzHilKS8eXOx
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1RTQ3NS9EQTgzQUE3QUNB
MTExMUVBQTQ3OUM3MzRDNEY5QUUwMi9kRl8wOEdPclhSY2VCU1ViTWVLVXBMeDVj
N0UuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2RGXzA4R09yWFJjZUJTVWJNZUtVcEx4NWM3RS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NUU0NzUvREE4M0FBN0FDQTExMTFFQUE0NzlDNzM0QzRGOUFFMDIvRDgxRDhEODQ1
RTgxMTFFRUFDNDZBNTM0QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwKwYIKwYBBQUHAQcBAf8E
HDAaMBgEAgABMBIDBAN7sHADBAF9/SQDBADLvQQwDQYJKoZIhvcNAQELBQADggEB
AF5aBkQkoQwTgbig/3j9h99EFao64uLM84O+VDqsYfe7s4mrj7mmuHvaF+FIQqbX
0Hmbdlt4df3CwCgnbxJAg1qUyf7U99oi3sYLyxd4gBu5qVNawT0W5+oTfdNvIPQj
5DFzm/kdT348oPfj8d3AFXivoVCcyVSXR0GjHsW4MzjIkcgCbN278frnefwF05Op
3uNhheMdtNIo4Qptu13JiaPoBRZhXVO0VjeSmlZmpiHdy0phffLdZ4NdziR7rzok
Wg6JotjLMc05sRC0BaDJ6A4HqFzBvkFcojO72zNIAzE5muNM09tqTMeMr3KoQsSo
UvRzBfTYc0E5W/Z0zW2jzV4=
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:08 2024 by rpki-client on console-fra.rpki-client.org