Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9164390/0E9354FCDC5C11E68E915E32C4F9AE02/6D0080E49F6311ECB38A4826C4F9AE02.roa
File:                     6D0080E49F6311ECB38A4826C4F9AE02.roa (raw, json)
Hash identifier:          +c00pTgMr1fWKyrXzFMtnvDGqZ1BGcTGnMQbxWMMG/o=
Subject key identifier:   60:11:C7:0B:AE:25:F8:C8:75:0B:2A:34:4F:7B:BE:2F:D3:26:3E:D4
Certificate issuer:       /CN=A9164390/serialNumber=C6433C49E63CD92035B307E8F79637608FEADBF5
Certificate serial:       1908
Authority key identifier: C6:43:3C:49:E6:3C:D9:20:35:B3:07:E8:F7:96:37:60:8F:EA:DB:F5
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xkM8SeY82SA1swfo95Y3YI_q2_U.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9164390/0E9354FCDC5C11E68E915E32C4F9AE02/6D0080E49F6311ECB38A4826C4F9AE02.roa
Signing time:             Wed 09 Mar 2022 04:43:12 +0000
ROA not before:           Wed 09 Mar 2022 04:43:12 +0000
ROA not after:            Wed 31 Aug 2022 00:00:00 +0000
asID:                     38201
IP address blocks:        43.255.148.0/22 maxlen: 22
                          43.255.148.0/24 maxlen: 24
                          103.239.160.0/22 maxlen: 23
                          103.239.160.0/23 maxlen: 24
                          175.176.144.0/22 maxlen: 22
                          175.176.147.0/24 maxlen: 24
                          202.134.24.0/21 maxlen: 21
                          202.134.24.0/22 maxlen: 22
                          202.134.24.0/24 maxlen: 24
                          202.134.25.0/24 maxlen: 24
                          202.134.26.0/24 maxlen: 24
                          202.134.27.0/24 maxlen: 24
                          202.134.28.0/22 maxlen: 22
                          202.134.29.0/24 maxlen: 24
                          202.134.30.0/24 maxlen: 24
                          202.134.31.0/24 maxlen: 24
                          2400:6400::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 6408 (0x1908)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9164390/serialNumber=C6433C49E63CD92035B307E8F79637608FEADBF5
        Validity
            Not Before: Mar  9 04:43:12 2022 GMT
            Not After : Aug 31 00:00:00 2022 GMT
        Subject: CN=62283060-d294
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:6a:20:7c:a3:82:90:a7:54:03:f7:09:8a:31:
                    76:88:86:2b:66:54:d6:5a:04:12:0d:6d:c9:6b:e8:
                    16:9f:cd:89:7e:a1:36:a5:b4:a6:49:c7:56:58:ae:
                    80:56:23:73:96:4d:dc:cd:7d:b8:4b:20:e5:bb:c0:
                    b6:7b:e8:e2:9c:e5:75:12:72:86:7d:34:a2:88:97:
                    05:ae:73:79:31:73:4d:ec:b0:1a:42:77:d5:63:68:
                    6b:94:6a:f7:73:62:4d:8d:5b:25:86:29:5f:cc:8a:
                    f8:9f:67:aa:1a:a4:6f:65:4f:31:a9:a8:eb:12:a5:
                    0f:3a:69:b1:a7:22:fb:56:44:6f:ff:86:07:9c:dc:
                    2d:04:29:6d:c6:80:19:7b:84:7c:46:76:ba:15:ee:
                    25:01:9c:f4:32:bc:ff:fc:0c:7f:79:e4:3e:06:36:
                    13:e2:72:fc:4a:a7:ad:d6:70:83:af:f5:be:09:1a:
                    0f:2d:52:bc:d0:a4:d0:cd:a4:c9:5c:de:34:87:89:
                    f0:a8:b6:a7:3c:46:37:c6:54:9d:15:7f:09:e4:49:
                    de:1e:ef:aa:33:77:b5:47:6c:e9:da:4d:16:f8:eb:
                    00:e7:b0:4d:1d:9f:9e:59:e4:78:30:ea:12:79:ba:
                    84:19:78:bc:a2:15:07:fa:b3:83:6b:62:a0:5b:1c:
                    9c:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:11:C7:0B:AE:25:F8:C8:75:0B:2A:34:4F:7B:BE:2F:D3:26:3E:D4
            X509v3 Authority Key Identifier:
                keyid:C6:43:3C:49:E6:3C:D9:20:35:B3:07:E8:F7:96:37:60:8F:EA:DB:F5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9164390/0E9354FCDC5C11E68E915E32C4F9AE02/xkM8SeY82SA1swfo95Y3YI_q2_U.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xkM8SeY82SA1swfo95Y3YI_q2_U.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9164390/0E9354FCDC5C11E68E915E32C4F9AE02/6D0080E49F6311ECB38A4826C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.255.148.0/22
                  103.239.160.0/22
                  175.176.144.0/22
                  202.134.24.0/21
                IPv6:
                  2400:6400::/32

    Signature Algorithm: sha256WithRSAEncryption
         48:f7:57:e1:99:37:e2:ac:85:19:18:fa:3d:4c:77:71:72:c0:
         e0:5b:4d:54:e4:83:96:5d:06:51:8b:77:3a:83:c4:78:62:e6:
         cb:74:58:db:06:47:63:4b:ea:54:01:64:2d:8a:84:7c:48:44:
         82:74:c0:c8:0e:82:df:08:fc:fe:74:6c:7c:87:85:6c:80:2e:
         4a:f8:c8:62:50:c3:83:e4:f4:11:a9:a1:60:be:be:e4:b1:09:
         cf:1a:3a:13:5f:70:06:6d:46:6c:86:f8:d5:7e:a8:a0:9c:78:
         2e:e7:f6:ef:6e:45:0d:a4:e7:b2:93:9c:f1:98:84:6f:0d:e9:
         37:c5:d6:02:46:12:a8:9d:58:58:68:0b:1a:46:05:c2:e6:22:
         b0:dc:7c:b5:1b:20:21:a5:44:83:26:76:25:8f:05:6a:b4:b6:
         43:b3:cf:ed:59:1a:f7:4f:74:db:8c:4c:99:34:57:38:72:e1:
         ca:d8:c2:42:4e:d9:e4:dd:f4:c0:80:30:18:cf:fd:fb:c4:04:
         b0:f6:83:28:01:4e:21:f8:77:9f:3a:56:b0:e8:80:02:b4:e4:
         2d:7f:66:b4:a3:02:a9:c4:9d:b5:ca:51:95:95:22:67:ef:ab:
         1c:f4:9c:a8:ba:d1:c8:4a:a2:ff:51:e7:d7:37:63:f1:c4:3d:
         80:4d:4d:ed
-----BEGIN CERTIFICATE-----
MIIFkjCCBHqgAwIBAgICGQgwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NjQzOTAxMTAvBgNVBAUTKEM2NDMzQzQ5RTYzQ0Q5MjAzNUIzMDdFOEY3OTYzNzYw
OEZFQURCRjUwHhcNMjIwMzA5MDQ0MzEyWhcNMjIwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MjI4MzA2MC1kMjk0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA2GogfKOCkKdUA/cJijF2iIYrZlTWWgQSDW3Ja+gWn82JfqE2pbSmScdWWK6A
ViNzlk3czX24SyDlu8C2e+jinOV1EnKGfTSiiJcFrnN5MXNN7LAaQnfVY2hrlGr3
c2JNjVslhilfzIr4n2eqGqRvZU8xqajrEqUPOmmxpyL7VkRv/4YHnNwtBCltxoAZ
e4R8Rna6Fe4lAZz0Mrz//Ax/eeQ+BjYT4nL8Sqet1nCDr/W+CRoPLVK80KTQzaTJ
XN40h4nwqLanPEY3xlSdFX8J5EneHu+qM3e1R2zp2k0W+OsA57BNHZ+eWeR4MOoS
ebqEGXi8ohUH+rODa2KgWxyclQIDAQABo4ICtjCCArIwHQYDVR0OBBYEFGARxwuu
JfjIdQsqNE97vi/TJj7UMB8GA1UdIwQYMBaAFMZDPEnmPNkgNbMH6PeWN2CP6tv1
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE2NDM5MC8wRTkzNTRGQ0RD
NUMxMUU2OEU5MTVFMzJDNEY5QUUwMi94a004U2VZODJTQTFzd2ZvOTVZM1lJX3Ey
X1UuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3hrTThTZVk4MlNBMXN3Zm85NVkzWUlfcTJfVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NjQzOTAvMEU5MzU0RkNEQzVDMTFFNjhFOTE1RTMyQzRGOUFFMDIvNkQwMDgwRTQ5
RjYzMTFFQ0IzOEE0ODI2QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwQAYIKwYBBQUHAQcBAf8E
MTAvMB4EAgABMBgDBAIr/5QDBAJn76ADBAKvsJADBAPKhhgwDQQCAAIwBwMFACQA
ZAAwDQYJKoZIhvcNAQELBQADggEBAEj3V+GZN+KshRkY+j1Md3FywOBbTVTkg5Zd
BlGLdzqDxHhi5st0WNsGR2NL6lQBZC2KhHxIRIJ0wMgOgt8I/P50bHyHhWyALkr4
yGJQw4Pk9BGpoWC+vuSxCc8aOhNfcAZtRmyG+NV+qKCceC7n9u9uRQ2k57KTnPGY
hG8N6TfF1gJGEqidWFhoCxpGBcLmIrDcfLUbICGlRIMmdiWPBWq0tkOzz+1ZGvdP
dNuMTJk0Vzhy4crYwkJO2eTd9MCAMBjP/fvEBLD2gygBTiH4d586VrDogAK05C1/
ZrSjAqnEnbXKUZWVImfvqxz0nKi60chKov9R59c3Y/HEPYBNTe0=
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:09 2024 by rpki-client on console-fra.rpki-client.org