Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/6FE7542490C911EDBA7B882AC4F9AE02.roa
File:                     6FE7542490C911EDBA7B882AC4F9AE02.roa (raw, json)
Hash identifier:          5olHK+e0OwHcwQfz4CdprrM2IFj65w3PdFaEn4wK2uA=
Subject key identifier:   6E:66:74:41:84:AB:F4:73:73:03:EA:8F:9B:19:27:C4:31:09:DF:E3
Certificate issuer:       /CN=A91A560A/serialNumber=167C3B221775FEC05039468150CE814756AC6F0A
Certificate serial:       3BB0
Authority key identifier: 16:7C:3B:22:17:75:FE:C0:50:39:46:81:50:CE:81:47:56:AC:6F:0A
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/6FE7542490C911EDBA7B882AC4F9AE02.roa
Signing time:             Tue 10 Jan 2023 09:30:36 +0000
ROA not before:           Tue 10 Jan 2023 09:30:36 +0000
ROA not after:            Tue 31 Oct 2023 00:00:00 +0000
asID:                     149064
IP address blocks:        2001:df0:2040::/48 maxlen: 48
                          2001:df6:fc80::/48 maxlen: 48
                          2407:34c0::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 15280 (0x3bb0)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91A560A/serialNumber=167C3B221775FEC05039468150CE814756AC6F0A
        Validity
            Not Before: Jan 10 09:30:36 2023 GMT
            Not After : Oct 31 00:00:00 2023 GMT
        Subject: CN=63bd303c-354a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:dc:c3:65:ab:15:73:75:6e:6b:98:6e:09:73:
                    68:f7:9e:42:bb:05:54:7f:68:b9:cd:b8:57:c6:d7:
                    f3:ff:33:a4:89:ef:1b:89:8c:ee:03:67:c2:78:25:
                    8d:83:9c:3e:43:d4:02:97:e5:07:22:13:35:af:0f:
                    13:04:8c:0f:f0:c3:af:72:35:56:6a:19:9c:dd:3b:
                    a3:36:2a:c9:69:7d:f1:23:2f:17:13:8d:ba:61:ef:
                    ba:6f:25:2b:ee:61:24:c9:31:72:d2:47:99:65:97:
                    3d:e5:07:b4:fe:6f:92:29:50:9e:b1:ad:0a:86:16:
                    1b:ae:7c:9d:0f:2f:27:03:42:8a:b4:41:d1:d0:67:
                    da:c3:3c:51:2f:9f:fc:f2:df:ba:0d:81:d2:41:48:
                    e4:b7:56:98:9b:ff:2c:69:84:a5:49:7f:e9:4d:c6:
                    b4:f1:49:a5:5d:56:61:c8:6d:10:67:c2:01:6f:9c:
                    87:e9:87:2d:8c:74:d5:79:b4:34:1c:46:77:d1:74:
                    63:64:61:08:8e:95:3e:8d:9d:70:ac:11:c4:48:22:
                    0d:59:e5:c0:61:f1:09:9a:08:05:30:3f:05:4a:70:
                    fe:1a:d4:c2:94:e0:28:7c:75:18:e1:1b:bc:b4:64:
                    4e:dc:fd:ca:4c:6f:b8:04:b8:03:31:f5:99:92:fb:
                    af:e7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:66:74:41:84:AB:F4:73:73:03:EA:8F:9B:19:27:C4:31:09:DF:E3
            X509v3 Authority Key Identifier:
                keyid:16:7C:3B:22:17:75:FE:C0:50:39:46:81:50:CE:81:47:56:AC:6F:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/6FE7542490C911EDBA7B882AC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:df0:2040::/48
                  2001:df6:fc80::/48
                  2407:34c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         3f:41:8a:f6:40:7e:a1:5f:23:04:41:36:ca:c7:d1:da:b6:ed:
         81:51:8b:cd:cf:19:f0:d1:17:10:aa:4c:f3:e2:f4:32:25:2e:
         3b:e7:bb:73:87:88:58:a0:ca:cf:c6:36:fc:3d:97:88:c3:35:
         f6:a2:5d:fe:51:3a:a4:82:55:f2:74:ca:3a:16:26:05:29:0a:
         94:5d:c0:32:13:df:b9:eb:71:76:4f:f8:2c:73:f2:d7:28:b5:
         14:b9:94:5d:dd:04:36:29:d7:ac:39:a3:b5:76:51:be:d3:d9:
         f2:0d:fa:5a:bc:ff:6e:85:75:12:37:d6:0b:a1:17:81:4d:14:
         f4:da:93:7c:9f:4f:0d:2a:3a:7d:a6:a3:5a:88:d3:21:69:57:
         aa:f4:dd:60:0d:97:67:2a:87:b3:e0:71:2e:36:a3:c3:72:67:
         88:5a:c8:9e:8e:8f:bf:68:58:31:2d:e4:81:bb:46:88:75:35:
         e4:00:6e:ad:fc:fa:a7:cd:28:ec:ad:c9:7a:7c:eb:94:8f:e0:
         80:e6:5c:6a:25:a1:d3:48:c7:fe:3d:b7:fb:28:27:ea:53:77:
         88:fd:14:3c:32:31:84:94:2b:4f:a8:a2:45:c7:ab:6c:eb:5f:
         34:bd:5f:7c:b9:b4:27:10:2d:ba:ab:59:b6:cf:57:2c:b5:2f:
         89:f7:fd:6b
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgICO7AwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTU2MEExMTAvBgNVBAUTKDE2N0MzQjIyMTc3NUZFQzA1MDM5NDY4MTUwQ0U4MTQ3
NTZBQzZGMEEwHhcNMjMwMTEwMDkzMDM2WhcNMjMxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02M2JkMzAzYy0zNTRhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAxNzDZasVc3Vua5huCXNo955CuwVUf2i5zbhXxtfz/zOkie8biYzuA2fCeCWN
g5w+Q9QCl+UHIhM1rw8TBIwP8MOvcjVWahmc3TujNirJaX3xIy8XE426Ye+6byUr
7mEkyTFy0keZZZc95Qe0/m+SKVCesa0KhhYbrnydDy8nA0KKtEHR0GfawzxRL5/8
8t+6DYHSQUjkt1aYm/8saYSlSX/pTca08UmlXVZhyG0QZ8IBb5yH6YctjHTVebQ0
HEZ30XRjZGEIjpU+jZ1wrBHESCINWeXAYfEJmggFMD8FSnD+GtTClOAofHUY4Ru8
tGRO3P3KTG+4BLgDMfWZkvuv5wIDAQABo4ICqjCCAqYwHQYDVR0OBBYEFG5mdEGE
q/RzcwPqj5sZJ8QxCd/jMB8GA1UdIwQYMBaAFBZ8OyIXdf7AUDlGgVDOgUdWrG8K
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBNTYwQS9BQUVCMTkxQTFE
OEExMUUyQTM4N0QwRTQwOEIwMkNEMi9Gbnc3SWhkMV9zQlFPVWFCVU02QlIxYXNi
d28uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0ZudzdJaGQxX3NCUU9VYUJVTTZCUjFhc2J3by5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTU2MEEvQUFFQjE5MUExRDhBMTFFMkEzODdEMEU0MDhCMDJDRDIvNkZFNzU0MjQ5
MEM5MTFFREJBN0I4ODJBQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNAYIKwYBBQUHAQcBAf8E
JTAjMCEEAgACMBsDBwAgAQ3wIEADBwAgAQ32/IADBwAkBzTAAAAwDQYJKoZIhvcN
AQELBQADggEBAD9BivZAfqFfIwRBNsrH0dq27YFRi83PGfDRFxCqTPPi9DIlLjvn
u3OHiFigys/GNvw9l4jDNfaiXf5ROqSCVfJ0yjoWJgUpCpRdwDIT37nrcXZP+Cxz
8tcotRS5lF3dBDYp16w5o7V2Ub7T2fIN+lq8/26FdRI31guhF4FNFPTak3yfTw0q
On2mo1qI0yFpV6r03WANl2cqh7PgcS42o8NyZ4hayJ6Oj79oWDEt5IG7Roh1NeQA
bq38+qfNKOytyXp865SP4IDmXGolodNIx/49t/soJ+pTd4j9FDwyMYSUK0+ookXH
q2zrXzS9X3y5tCcQLbqrWbbPVyy1L4n3/Ws=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:54 2024 by rpki-client on console-ams.rpki-client.org