Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A918FC75/3AA5DEE0DD5811EC870FC20DC4F9AE02/F7906402CF4D11EDABC2FC2DC4F9AE02.roa
File:                     F7906402CF4D11EDABC2FC2DC4F9AE02.roa (raw, json)
Hash identifier:          ofbhid4y2cvtJ5cLWmQANiOnd9llVO0iV9QH56+AXko=
Subject key identifier:   6C:33:52:57:E4:F2:D5:25:1D:E9:69:94:DD:66:4F:D0:33:84:58:7A
Certificate issuer:       /CN=A918FC75/serialNumber=482E5A6E0896A266A91A4066C06F4B4ED984649D
Certificate serial:       01C0
Authority key identifier: 48:2E:5A:6E:08:96:A2:66:A9:1A:40:66:C0:6F:4B:4E:D9:84:64:9D
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/SC5abgiWomapGkBmwG9LTtmEZJ0.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A918FC75/3AA5DEE0DD5811EC870FC20DC4F9AE02/F7906402CF4D11EDABC2FC2DC4F9AE02.roa
Signing time:             Thu 30 Mar 2023 23:15:30 +0000
ROA not before:           Thu 30 Mar 2023 23:15:30 +0000
ROA not after:            Thu 31 Aug 2023 00:00:00 +0000
asID:                     9443
IP address blocks:        203.32.21.0/24 maxlen: 24
                          203.32.22.0/23 maxlen: 24
                          203.32.25.0/24 maxlen: 24
                          203.32.26.0/24 maxlen: 24
                          203.32.28.0/24 maxlen: 24
                          203.32.32.0/24 maxlen: 24
                          203.32.38.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 448 (0x1c0)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A918FC75/serialNumber=482E5A6E0896A266A91A4066C06F4B4ED984649D
        Validity
            Not Before: Mar 30 23:15:30 2023 GMT
            Not After : Aug 31 00:00:00 2023 GMT
        Subject: CN=64261812-9d78
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:1d:c8:8b:83:34:e1:01:ab:aa:b0:7e:22:57:
                    4c:1b:53:ad:95:d1:6b:92:79:b4:8f:6a:87:b1:e5:
                    d3:b9:55:b7:96:a9:d0:62:fe:ff:c6:fa:34:8c:d1:
                    82:33:58:5a:5c:20:52:0a:92:7a:fb:40:77:99:8a:
                    69:d9:93:a2:d9:3a:e3:ce:03:90:aa:bc:6d:d1:5b:
                    e6:cc:13:ee:94:37:87:1d:4d:28:1e:54:3c:c6:2c:
                    9a:52:fc:43:99:98:c0:12:e2:0e:dd:77:c8:1e:aa:
                    0d:db:38:ab:83:ce:fd:85:af:5a:a4:05:4e:0c:3f:
                    aa:79:57:25:42:77:e8:61:09:6b:e9:03:06:a1:e9:
                    67:d4:cb:85:2f:1e:d7:55:97:39:56:25:4a:47:7f:
                    50:b2:16:ca:f7:6d:0c:af:f2:33:b6:41:c1:ea:1d:
                    8d:66:ea:d4:50:b2:b1:6a:3e:55:5b:15:b0:63:79:
                    6d:e7:7c:71:d4:b5:cd:3c:86:80:bd:65:70:04:24:
                    65:c6:b8:e5:2a:6b:20:84:9b:d8:d5:ff:b7:36:30:
                    90:aa:e0:35:a0:5d:46:e1:6a:7c:36:3f:cb:3a:d3:
                    16:60:99:1b:71:1d:66:ea:2a:f4:52:f4:c6:38:75:
                    17:dd:b6:0c:82:42:ff:cb:93:8a:e9:1c:3a:52:89:
                    69:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:33:52:57:E4:F2:D5:25:1D:E9:69:94:DD:66:4F:D0:33:84:58:7A
            X509v3 Authority Key Identifier:
                keyid:48:2E:5A:6E:08:96:A2:66:A9:1A:40:66:C0:6F:4B:4E:D9:84:64:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A918FC75/3AA5DEE0DD5811EC870FC20DC4F9AE02/SC5abgiWomapGkBmwG9LTtmEZJ0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/SC5abgiWomapGkBmwG9LTtmEZJ0.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918FC75/3AA5DEE0DD5811EC870FC20DC4F9AE02/F7906402CF4D11EDABC2FC2DC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.32.21.0-203.32.23.255
                  203.32.25.0-203.32.26.255
                  203.32.28.0/24
                  203.32.32.0/24
                  203.32.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         36:17:85:2e:04:e3:92:ea:29:62:6e:ef:80:47:4e:82:d8:c9:
         79:a5:94:4a:c7:5a:45:61:84:eb:0f:61:aa:f3:2c:8b:12:1b:
         7f:a9:e9:e2:82:0d:91:cb:07:b1:f7:c9:3f:a6:5f:3b:ac:06:
         9a:8d:d9:ce:dc:e4:5a:13:ae:f6:08:2c:ad:83:81:9b:e0:55:
         30:aa:99:20:0f:54:17:08:3a:c2:cb:6f:6e:96:3f:fa:0a:54:
         90:29:36:51:f8:19:65:9a:9a:d1:09:ad:da:f2:de:2d:de:d6:
         cd:b7:8b:c6:7e:8e:c4:4e:e6:49:5b:f0:d4:b0:cb:15:75:2d:
         ad:e5:27:44:60:df:b7:f2:f6:b3:71:74:f2:a1:bb:5a:7f:0a:
         54:7b:28:c9:de:41:95:1a:3a:74:bf:57:92:70:d7:8e:84:ea:
         c8:bd:a2:53:70:f5:d2:41:67:8e:03:00:8c:72:4c:e9:66:96:
         fe:e9:11:86:9d:3f:35:cf:d8:b1:6b:d1:ec:74:05:b3:c6:69:
         a4:06:b0:bf:e4:9e:15:84:64:37:27:09:36:31:c5:e6:a5:6e:
         a1:f6:de:ae:c0:68:63:95:08:9a:ef:9e:70:2f:0f:f6:98:e6:
         40:95:46:54:d5:c2:e7:1e:74:cf:3a:0b:b5:98:af:c0:50:4c:
         51:8e:bb:c1
-----BEGIN CERTIFICATE-----
MIIFmTCCBIGgAwIBAgICAcAwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OEZDNzUxMTAvBgNVBAUTKDQ4MkU1QTZFMDg5NkEyNjZBOTFBNDA2NkMwNkY0QjRF
RDk4NDY0OUQwHhcNMjMwMzMwMjMxNTMwWhcNMjMwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDI2MTgxMi05ZDc4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA5h3Ii4M04QGrqrB+IldMG1OtldFrknm0j2qHseXTuVW3lqnQYv7/xvo0jNGC
M1haXCBSCpJ6+0B3mYpp2ZOi2TrjzgOQqrxt0VvmzBPulDeHHU0oHlQ8xiyaUvxD
mZjAEuIO3XfIHqoN2zirg879ha9apAVODD+qeVclQnfoYQlr6QMGoeln1MuFLx7X
VZc5ViVKR39QshbK920Mr/IztkHB6h2NZurUULKxaj5VWxWwY3lt53xx1LXNPIaA
vWVwBCRlxrjlKmsghJvY1f+3NjCQquA1oF1G4Wp8Nj/LOtMWYJkbcR1m6ir0UvTG
OHUX3bYMgkL/y5OK6Rw6UolpQQIDAQABo4ICvTCCArkwHQYDVR0OBBYEFGwzUlfk
8tUlHelplN1mT9AzhFh6MB8GA1UdIwQYMBaAFEguWm4IlqJmqRpAZsBvS07ZhGSd
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4RkM3NS8zQUE1REVFMERE
NTgxMUVDODcwRkMyMERDNEY5QUUwMi9TQzVhYmdpV29tYXBHa0Jtd0c5TFR0bUVa
SjAuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1NDNWFiZ2lXb21hcEdrQm13RzlMVHRtRVpKMC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OEZDNzUvM0FBNURFRTBERDU4MTFFQzg3MEZDMjBEQzRGOUFFMDIvRjc5MDY0MDJD
RjREMTFFREFCQzJGQzJEQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwRwYIKwYBBQUHAQcBAf8E
ODA2MDQEAgABMC4wDAMEAMsgFQMEA8sgEDAMAwQAyyAZAwQAyyAaAwQAyyAcAwQA
yyAgAwQAyyAmMA0GCSqGSIb3DQEBCwUAA4IBAQA2F4UuBOOS6ilibu+AR06C2Ml5
pZRKx1pFYYTrD2Gq8yyLEht/qenigg2Rywex98k/pl87rAaajdnO3ORaE672CCyt
g4Gb4FUwqpkgD1QXCDrCy29ulj/6ClSQKTZR+BllmprRCa3a8t4t3tbNt4vGfo7E
TuZJW/DUsMsVdS2t5SdEYN+38vazcXTyobtafwpUeyjJ3kGVGjp0v1eScNeOhOrI
vaJTcPXSQWeOAwCMckzpZpb+6RGGnT81z9ixa9HsdAWzxmmkBrC/5J4VhGQ3Jwk2
McXmpW6h9t6uwGhjlQia755wLw/2mOZAlUZU1cLnHnTPOgu1mK/AUExRjrvB
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:33 2024 by rpki-client on console-fra.rpki-client.org