Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9176AFD/5BB2230A92F811E784CA0E5CC4F9AE02/D7F5840CB98011EDA271347EC4F9AE02.roa
File:                     D7F5840CB98011EDA271347EC4F9AE02.roa (raw, json)
Hash identifier:          S/hRw1w//Ku+o6aFlhVCIUoqlwLksWEQj+hE29FUqzA=
Subject key identifier:   06:EA:FD:57:87:AC:57:8B:76:81:F7:B5:A0:EB:5C:D0:3F:2A:41:F5
Certificate issuer:       /CN=A9176AFD/serialNumber=0A422A6397D8EB6CB35775297CEB55A5E18FE1E2
Certificate serial:       1720
Authority key identifier: 0A:42:2A:63:97:D8:EB:6C:B3:57:75:29:7C:EB:55:A5:E1:8F:E1:E2
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/CkIqY5fY62yzV3UpfOtVpeGP4eI.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9176AFD/5BB2230A92F811E784CA0E5CC4F9AE02/D7F5840CB98011EDA271347EC4F9AE02.roa
Signing time:             Fri 03 Mar 2023 05:04:15 +0000
ROA not before:           Fri 03 Mar 2023 05:04:15 +0000
ROA not after:            Tue 31 Oct 2023 00:00:00 +0000
asID:                     9934
IP address blocks:        103.242.44.0/22 maxlen: 22
                          202.179.0.0/19 maxlen: 19
                          202.179.0.0/24 maxlen: 24
                          202.179.1.0/24 maxlen: 24
                          202.179.2.0/24 maxlen: 24
                          202.179.3.0/24 maxlen: 24
                          202.179.4.0/24 maxlen: 24
                          202.179.5.0/24 maxlen: 24
                          202.179.6.0/24 maxlen: 24
                          202.179.7.0/24 maxlen: 24
                          202.179.8.0/24 maxlen: 24
                          202.179.9.0/24 maxlen: 24
                          202.179.10.0/24 maxlen: 24
                          202.179.11.0/24 maxlen: 24
                          202.179.12.0/24 maxlen: 24
                          202.179.13.0/24 maxlen: 24
                          202.179.14.0/23 maxlen: 23
                          202.179.16.0/24 maxlen: 24
                          202.179.17.0/24 maxlen: 24
                          202.179.18.0/24 maxlen: 24
                          202.179.19.0/24 maxlen: 24
                          202.179.20.0/23 maxlen: 23
                          202.179.22.0/24 maxlen: 24
                          202.179.23.0/24 maxlen: 24
                          202.179.24.0/24 maxlen: 24
                          202.179.25.0/24 maxlen: 24
                          202.179.26.0/24 maxlen: 24
                          202.179.27.0/24 maxlen: 24
                          202.179.28.0/24 maxlen: 24
                          202.179.29.0/24 maxlen: 24
                          202.179.30.0/24 maxlen: 24
                          202.179.31.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 5920 (0x1720)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9176AFD/serialNumber=0A422A6397D8EB6CB35775297CEB55A5E18FE1E2
        Validity
            Not Before: Mar  3 05:04:15 2023 GMT
            Not After : Oct 31 00:00:00 2023 GMT
        Subject: CN=64017fcf-ec84
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:fe:40:fd:31:3b:c3:e3:7c:18:bb:72:71:64:
                    25:23:44:1c:13:4d:c0:ed:d1:9b:cb:7c:7f:4a:73:
                    d9:a3:15:9c:e3:54:d1:59:86:7e:0d:0e:1a:e1:97:
                    bb:1c:c3:4b:45:2f:02:45:9e:06:6d:92:e0:41:c8:
                    55:b0:fa:cb:17:a1:b7:fa:a1:ee:60:08:b5:c4:a0:
                    1e:b1:2a:bf:0b:3c:34:94:3f:52:74:1f:ec:32:a2:
                    ca:5a:86:b9:c7:6c:89:35:37:32:1b:14:78:b4:1b:
                    63:b1:43:2f:96:5f:6c:93:6b:cd:f2:c5:38:c7:ef:
                    d0:e6:72:c4:35:7b:09:40:4b:f1:0d:59:4b:ce:12:
                    df:8c:7a:4d:85:c1:2b:14:5e:26:33:6b:67:35:83:
                    38:76:2b:2e:29:6e:51:15:84:f3:d9:25:ac:8d:87:
                    51:45:ea:d5:4f:2f:bb:f0:87:c9:af:b8:86:17:a8:
                    fe:6d:da:1a:26:99:ec:6e:61:78:1f:ca:9f:86:ae:
                    0e:9a:02:22:69:21:15:eb:c1:11:df:4d:61:71:45:
                    bb:2b:3d:8e:c7:eb:11:5b:6a:f5:77:e9:d4:c1:59:
                    3d:32:18:bf:26:e4:16:8b:f0:6e:8e:65:d3:d3:92:
                    8c:9e:0a:65:b4:43:93:39:1f:da:93:6e:84:c2:4b:
                    ec:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:EA:FD:57:87:AC:57:8B:76:81:F7:B5:A0:EB:5C:D0:3F:2A:41:F5
            X509v3 Authority Key Identifier:
                keyid:0A:42:2A:63:97:D8:EB:6C:B3:57:75:29:7C:EB:55:A5:E1:8F:E1:E2

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9176AFD/5BB2230A92F811E784CA0E5CC4F9AE02/CkIqY5fY62yzV3UpfOtVpeGP4eI.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/CkIqY5fY62yzV3UpfOtVpeGP4eI.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9176AFD/5BB2230A92F811E784CA0E5CC4F9AE02/D7F5840CB98011EDA271347EC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.242.44.0/22
                  202.179.0.0/19

    Signature Algorithm: sha256WithRSAEncryption
         50:82:d8:4c:63:92:a4:d9:34:1d:4c:f6:f2:69:a8:f8:9a:c5:
         83:24:50:d9:0c:a1:db:50:40:46:1f:84:93:be:07:37:bc:25:
         09:e4:bb:03:64:60:65:a3:15:61:83:85:6b:cb:8b:d2:7a:83:
         36:59:ed:b8:b4:dc:fc:a9:a9:a4:a5:f6:e7:71:75:cc:af:c1:
         be:9d:57:54:0b:6e:2e:4b:92:05:e4:7d:a4:ee:32:6c:77:3d:
         c9:de:a3:52:ed:2f:80:a5:1d:7a:ec:fa:99:0f:a9:ce:81:ca:
         1c:e3:ea:d4:86:aa:2f:15:81:e5:70:a6:a4:85:c2:3e:40:2d:
         c5:09:eb:d0:5e:02:b0:57:e0:dc:e2:ee:2b:b4:75:ea:24:14:
         33:98:33:d9:c8:6e:f1:d2:60:e1:a7:05:d0:2f:d6:28:bd:e1:
         7f:2a:f7:75:1c:a9:21:25:53:ef:67:79:57:f0:8c:82:c9:69:
         cc:76:79:a4:30:7c:4d:52:21:27:fb:54:78:19:aa:47:5a:49:
         67:7f:d9:38:1c:1d:26:18:25:86:29:fb:88:b7:42:1e:90:c4:
         28:5a:f3:54:74:55:8b:b3:7c:ef:d8:72:27:f2:ba:2c:98:0f:
         34:27:3c:89:b8:37:7f:f3:c6:50:41:2f:5c:9c:22:0b:88:28:
         09:94:ca:df
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICFyAwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NzZBRkQxMTAvBgNVBAUTKDBBNDIyQTYzOTdEOEVCNkNCMzU3NzUyOTdDRUI1NUE1
RTE4RkUxRTIwHhcNMjMwMzAzMDUwNDE1WhcNMjMxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDAxN2ZjZi1lYzg0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAy/5A/TE7w+N8GLtycWQlI0QcE03A7dGby3x/SnPZoxWc41TRWYZ+DQ4a4Ze7
HMNLRS8CRZ4GbZLgQchVsPrLF6G3+qHuYAi1xKAesSq/Czw0lD9SdB/sMqLKWoa5
x2yJNTcyGxR4tBtjsUMvll9sk2vN8sU4x+/Q5nLENXsJQEvxDVlLzhLfjHpNhcEr
FF4mM2tnNYM4disuKW5RFYTz2SWsjYdRRerVTy+78IfJr7iGF6j+bdoaJpnsbmF4
H8qfhq4OmgIiaSEV68ER301hcUW7Kz2Ox+sRW2r1d+nUwVk9Mhi/JuQWi/BujmXT
05KMngpltEOTOR/ak26Ewkvs7wIDAQABo4ICmzCCApcwHQYDVR0OBBYEFAbq/VeH
rFeLdoH3taDrXNA/KkH1MB8GA1UdIwQYMBaAFApCKmOX2Otss1d1KXzrVaXhj+Hi
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3NkFGRC81QkIyMjMwQTky
RjgxMUU3ODRDQTBFNUNDNEY5QUUwMi9Da0lxWTVmWTYyeXpWM1VwZk90VnBlR1A0
ZUkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0NrSXFZNWZZNjJ5elYzVXBmT3RWcGVHUDRlSS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NzZBRkQvNUJCMjIzMEE5MkY4MTFFNzg0Q0EwRTVDQzRGOUFFMDIvRDdGNTg0MENC
OTgwMTFFREEyNzEzNDdFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBAJn8iwDBAXKswAwDQYJKoZIhvcNAQELBQADggEBAFCC2Exj
kqTZNB1M9vJpqPiaxYMkUNkModtQQEYfhJO+Bze8JQnkuwNkYGWjFWGDhWvLi9J6
gzZZ7bi03PypqaSl9udxdcyvwb6dV1QLbi5LkgXkfaTuMmx3Pcneo1LtL4ClHXrs
+pkPqc6Byhzj6tSGqi8VgeVwpqSFwj5ALcUJ69BeArBX4Nzi7iu0deokFDOYM9nI
bvHSYOGnBdAv1ii94X8q93UcqSElU+9neVfwjILJacx2eaQwfE1SISf7VHgZqkda
SWd/2TgcHSYYJYYp+4i3Qh6QxCha81R0VYuzfO/YcifyuiyYDzQnPIm4N3/zxlBB
L1ycIguIKAmUyt8=
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:12 2024 by rpki-client on console-fra.rpki-client.org