Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A918FC75/3AA5DEE0DD5811EC870FC20DC4F9AE02/0BDCCC74A13711EDAF0C1813C4F9AE02.roa
File:                     0BDCCC74A13711EDAF0C1813C4F9AE02.roa (raw, json)
Hash identifier:          z+3vGCK/VQEnDsXwu0FPc1JQkh6KLKMzuSi4pqm4r84=
Subject key identifier:   4F:4A:7E:59:AA:93:39:15:4E:1C:DD:6B:45:BC:5A:69:81:03:F2:4E
Certificate issuer:       /CN=A918FC75/serialNumber=482E5A6E0896A266A91A4066C06F4B4ED984649D
Certificate serial:       018C
Authority key identifier: 48:2E:5A:6E:08:96:A2:66:A9:1A:40:66:C0:6F:4B:4E:D9:84:64:9D
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/SC5abgiWomapGkBmwG9LTtmEZJ0.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A918FC75/3AA5DEE0DD5811EC870FC20DC4F9AE02/0BDCCC74A13711EDAF0C1813C4F9AE02.roa
Signing time:             Tue 31 Jan 2023 07:15:32 +0000
ROA not before:           Tue 31 Jan 2023 07:15:32 +0000
ROA not after:            Thu 31 Aug 2023 00:00:00 +0000
asID:                     9443
IP address blocks:        203.32.26.0/24 maxlen: 24
                          203.32.30.0/23 maxlen: 23
                          203.32.30.0/24 maxlen: 24
                          203.32.31.0/24 maxlen: 24
                          203.32.32.0/24 maxlen: 24
                          203.34.26.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 396 (0x18c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A918FC75/serialNumber=482E5A6E0896A266A91A4066C06F4B4ED984649D
        Validity
            Not Before: Jan 31 07:15:32 2023 GMT
            Not After : Aug 31 00:00:00 2023 GMT
        Subject: CN=63d8c013-3cbc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:9e:e1:d6:54:b5:a5:33:90:6e:ac:1a:90:c3:
                    1e:46:87:34:12:e6:3a:ee:83:95:74:54:40:6c:03:
                    bd:f3:ca:65:5e:4a:bd:7a:a6:35:d2:56:79:0f:0a:
                    99:7d:2b:8e:25:14:2a:e0:44:81:ef:09:31:dd:31:
                    14:ed:95:dc:78:8e:f0:07:c1:89:a4:32:63:a7:d4:
                    08:c0:42:ad:db:9e:5d:24:8b:f6:66:25:44:dc:50:
                    be:11:40:1b:b5:cb:06:aa:f9:03:ff:43:77:86:20:
                    1f:da:fe:84:c8:ee:d3:ae:8a:d7:fe:71:a7:95:fd:
                    69:ce:86:db:75:53:c6:1e:b6:40:59:67:fa:96:19:
                    fb:07:2b:d8:a2:2f:69:a0:8a:51:d1:bc:63:66:7b:
                    17:9b:32:68:67:9d:4a:6f:06:be:17:7b:7c:c3:e6:
                    6a:78:2f:64:88:c5:71:a5:23:91:65:8e:e4:81:c1:
                    57:77:8c:9d:6b:97:7c:5e:f5:12:4d:54:ee:c3:f4:
                    c8:1e:12:fa:9e:fe:29:38:9e:de:a2:8d:ed:5a:4a:
                    1b:2e:c3:f3:73:aa:ce:7a:03:c9:90:ac:94:f4:38:
                    dd:cd:6a:c3:57:ac:df:a9:25:c3:bf:54:64:fb:81:
                    85:28:25:43:3a:9d:f7:2a:0a:79:16:84:89:38:83:
                    da:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4F:4A:7E:59:AA:93:39:15:4E:1C:DD:6B:45:BC:5A:69:81:03:F2:4E
            X509v3 Authority Key Identifier:
                keyid:48:2E:5A:6E:08:96:A2:66:A9:1A:40:66:C0:6F:4B:4E:D9:84:64:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A918FC75/3AA5DEE0DD5811EC870FC20DC4F9AE02/SC5abgiWomapGkBmwG9LTtmEZJ0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/SC5abgiWomapGkBmwG9LTtmEZJ0.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918FC75/3AA5DEE0DD5811EC870FC20DC4F9AE02/0BDCCC74A13711EDAF0C1813C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.32.26.0/24
                  203.32.30.0-203.32.32.255
                  203.34.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7e:95:a9:22:f3:97:46:af:7f:b0:45:30:45:63:9e:30:ba:f6:
         71:26:3b:05:89:5b:de:86:f0:aa:08:2f:23:63:65:0f:81:09:
         65:ba:fb:37:73:20:c8:dd:69:8e:4a:bd:5f:0c:65:17:87:93:
         04:5f:44:9f:14:46:51:7e:92:19:2b:86:c9:7f:63:fd:ec:67:
         36:ce:7f:4d:84:fd:64:29:b2:d0:ae:8e:4a:eb:90:6c:f6:e7:
         d0:f7:34:42:51:23:b3:34:4d:a7:03:42:2b:e6:8d:cc:a7:50:
         d2:f1:95:11:5f:14:0c:8b:61:78:9d:22:6e:1e:f1:fa:d7:bf:
         f6:31:30:de:b9:1b:ca:b0:16:ac:b5:9c:d5:a0:30:29:56:fc:
         14:55:60:57:1d:68:f4:ce:cc:1c:5d:cf:f5:89:bf:c1:7e:eb:
         a4:2c:bb:3c:5b:9b:5b:9e:58:6e:71:f5:a7:6d:a3:eb:cc:97:
         d6:25:ca:64:aa:fc:08:9f:c9:43:71:48:57:fa:88:f5:02:9e:
         6e:87:65:60:f9:4f:37:c6:de:0e:8e:a6:c4:56:d8:8c:65:aa:
         62:31:48:10:02:ed:b0:b5:b6:bb:6a:e2:cf:62:43:bc:39:76:
         6c:7a:1f:be:c8:1b:b0:5f:64:1e:63:bd:41:a2:2b:b4:15:5b:
         cc:28:37:7c
-----BEGIN CERTIFICATE-----
MIIFhTCCBG2gAwIBAgICAYwwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OEZDNzUxMTAvBgNVBAUTKDQ4MkU1QTZFMDg5NkEyNjZBOTFBNDA2NkMwNkY0QjRF
RDk4NDY0OUQwHhcNMjMwMTMxMDcxNTMyWhcNMjMwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02M2Q4YzAxMy0zY2JjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA4Z7h1lS1pTOQbqwakMMeRoc0EuY67oOVdFRAbAO988plXkq9eqY10lZ5DwqZ
fSuOJRQq4ESB7wkx3TEU7ZXceI7wB8GJpDJjp9QIwEKt255dJIv2ZiVE3FC+EUAb
tcsGqvkD/0N3hiAf2v6EyO7TrorX/nGnlf1pzobbdVPGHrZAWWf6lhn7ByvYoi9p
oIpR0bxjZnsXmzJoZ51Kbwa+F3t8w+ZqeC9kiMVxpSORZY7kgcFXd4yda5d8XvUS
TVTuw/TIHhL6nv4pOJ7eoo3tWkobLsPzc6rOegPJkKyU9DjdzWrDV6zfqSXDv1Rk
+4GFKCVDOp33Kgp5FoSJOIPa0wIDAQABo4ICqTCCAqUwHQYDVR0OBBYEFE9Kflmq
kzkVThzda0W8WmmBA/JOMB8GA1UdIwQYMBaAFEguWm4IlqJmqRpAZsBvS07ZhGSd
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4RkM3NS8zQUE1REVFMERE
NTgxMUVDODcwRkMyMERDNEY5QUUwMi9TQzVhYmdpV29tYXBHa0Jtd0c5TFR0bUVa
SjAuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1NDNWFiZ2lXb21hcEdrQm13RzlMVHRtRVpKMC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OEZDNzUvM0FBNURFRTBERDU4MTFFQzg3MEZDMjBEQzRGOUFFMDIvMEJEQ0NDNzRB
MTM3MTFFREFGMEMxODEzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMwYIKwYBBQUHAQcBAf8E
JDAiMCAEAgABMBoDBADLIBowDAMEAcsgHgMEAMsgIAMEAMsiGjANBgkqhkiG9w0B
AQsFAAOCAQEAfpWpIvOXRq9/sEUwRWOeMLr2cSY7BYlb3obwqggvI2NlD4EJZbr7
N3MgyN1pjkq9XwxlF4eTBF9EnxRGUX6SGSuGyX9j/exnNs5/TYT9ZCmy0K6OSuuQ
bPbn0Pc0QlEjszRNpwNCK+aNzKdQ0vGVEV8UDItheJ0ibh7x+te/9jEw3rkbyrAW
rLWc1aAwKVb8FFVgVx1o9M7MHF3P9Ym/wX7rpCy7PFubW55YbnH1p22j68yX1iXK
ZKr8CJ/JQ3FIV/qI9QKebodlYPlPN8beDo6mxFbYjGWqYjFIEALtsLW2u2riz2JD
vDl2bHofvsgbsF9kHmO9QaIrtBVbzCg3fA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:46 2024 by rpki-client on console-ams.rpki-client.org