Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/8EF33690903211ED8B20D674C4F9AE02.roa
File:                     8EF33690903211ED8B20D674C4F9AE02.roa (raw, json)
Hash identifier:          UKVtjyQUUAfzq7z+YPwmsgSacI7uCIrhX744/AMd6zo=
Subject key identifier:   28:C2:4B:B5:05:5B:A5:64:30:B8:A3:5C:32:3F:A7:40:CE:BA:17:70
Certificate issuer:       /CN=A91A560A/serialNumber=167C3B221775FEC05039468150CE814756AC6F0A
Certificate serial:       3D3D
Authority key identifier: 16:7C:3B:22:17:75:FE:C0:50:39:46:81:50:CE:81:47:56:AC:6F:0A
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/8EF33690903211ED8B20D674C4F9AE02.roa
Signing time:             Fri 07 Jul 2023 16:30:30 +0000
ROA not before:           Fri 07 Jul 2023 16:30:30 +0000
ROA not after:            Tue 31 Oct 2023 00:00:00 +0000
asID:                     135918
IP address blocks:        42.96.0.0/22 maxlen: 22
                          49.236.208.0/22 maxlen: 22
                          103.14.224.0/23 maxlen: 23
                          103.28.32.0/22 maxlen: 22
                          103.65.234.0/23 maxlen: 23
                          103.67.196.0/23 maxlen: 23
                          103.67.198.0/23 maxlen: 23
                          103.68.84.0/23 maxlen: 23
                          103.74.100.0/22 maxlen: 22
                          103.95.196.0/22 maxlen: 22
                          103.110.32.0/23 maxlen: 23
                          103.129.126.0/23 maxlen: 23
                          103.139.154.0/23 maxlen: 23
                          103.149.252.0/23 maxlen: 23
                          103.151.52.0/23 maxlen: 23
                          103.153.64.0/23 maxlen: 23
                          103.157.204.0/23 maxlen: 23
                          103.160.2.0/23 maxlen: 23
                          103.161.96.0/23 maxlen: 23
                          103.161.112.0/23 maxlen: 23
                          103.161.118.0/23 maxlen: 23
                          103.161.180.0/23 maxlen: 23
                          103.162.24.0/23 maxlen: 24
                          103.176.22.0/23 maxlen: 23
                          103.176.24.0/23 maxlen: 24
                          103.176.250.0/23 maxlen: 24
                          103.178.232.0/23 maxlen: 23
                          103.180.138.0/23 maxlen: 23
                          103.183.120.0/23 maxlen: 23
                          103.190.120.0/23 maxlen: 23
                          103.228.36.0/23 maxlen: 23
                          103.228.74.0/23 maxlen: 23
                          103.229.52.0/23 maxlen: 23
                          103.231.248.0/23 maxlen: 23
                          202.158.244.0/22 maxlen: 22

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 15677 (0x3d3d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91A560A/serialNumber=167C3B221775FEC05039468150CE814756AC6F0A
        Validity
            Not Before: Jul  7 16:30:30 2023 GMT
            Not After : Oct 31 00:00:00 2023 GMT
        Subject: CN=64a83da5-2e8f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f1:00:bc:6c:8e:e1:73:4b:35:e1:bf:19:90:63:
                    de:33:99:53:69:c4:ff:4a:3b:28:2e:6f:77:74:8d:
                    b4:f2:fb:23:d7:f6:2e:e2:0c:b4:92:75:a8:26:40:
                    0f:7a:65:5e:2b:f8:5e:f1:4e:34:11:a3:01:b2:c8:
                    14:6d:84:de:83:95:d0:e4:72:d8:e5:fd:d7:8b:f8:
                    52:f9:0c:4d:c5:84:b6:14:c3:1e:4a:06:35:0f:24:
                    47:87:93:52:2f:0d:1d:39:d7:ae:d7:f5:31:a0:f9:
                    d7:b9:f8:83:04:e5:01:e4:1e:06:ce:82:32:b2:67:
                    e8:c2:59:22:d2:0a:8a:62:1d:d1:59:3a:bb:6f:92:
                    21:da:98:d7:66:e8:65:23:2a:21:fe:55:92:58:21:
                    02:6f:a5:0e:85:b3:35:47:73:db:09:51:78:96:f9:
                    2a:f2:b6:52:cb:4c:ef:c7:c8:3e:be:33:d2:c1:40:
                    0a:2b:c1:f8:58:71:48:2f:05:07:f3:b9:df:4f:f4:
                    50:4a:2c:39:78:f8:03:c8:72:d4:2f:d1:3b:c2:fc:
                    4f:90:af:eb:a2:30:23:c7:00:1b:22:cd:ce:2a:f2:
                    d7:4f:29:99:a1:88:b3:07:ca:ab:a3:0b:66:f0:6f:
                    26:2a:bd:1e:4b:13:eb:ee:26:57:9f:56:cc:08:e5:
                    e0:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:C2:4B:B5:05:5B:A5:64:30:B8:A3:5C:32:3F:A7:40:CE:BA:17:70
            X509v3 Authority Key Identifier:
                keyid:16:7C:3B:22:17:75:FE:C0:50:39:46:81:50:CE:81:47:56:AC:6F:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/8EF33690903211ED8B20D674C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  42.96.0.0/22
                  49.236.208.0/22
                  103.14.224.0/23
                  103.28.32.0/22
                  103.65.234.0/23
                  103.67.196.0/22
                  103.68.84.0/23
                  103.74.100.0/22
                  103.95.196.0/22
                  103.110.32.0/23
                  103.129.126.0/23
                  103.139.154.0/23
                  103.149.252.0/23
                  103.151.52.0/23
                  103.153.64.0/23
                  103.157.204.0/23
                  103.160.2.0/23
                  103.161.96.0/23
                  103.161.112.0/23
                  103.161.118.0/23
                  103.161.180.0/23
                  103.162.24.0/23
                  103.176.22.0-103.176.25.255
                  103.176.250.0/23
                  103.178.232.0/23
                  103.180.138.0/23
                  103.183.120.0/23
                  103.190.120.0/23
                  103.228.36.0/23
                  103.228.74.0/23
                  103.229.52.0/23
                  103.231.248.0/23
                  202.158.244.0/22

    Signature Algorithm: sha256WithRSAEncryption
         38:71:4f:47:c5:ab:1b:3e:b6:57:3e:36:3a:57:a0:26:41:36:
         a1:0c:fb:b9:e8:71:03:0c:a2:85:bf:1c:a1:01:fb:db:c6:ad:
         61:d3:6b:77:1b:33:8e:8a:60:a6:18:1e:7c:60:64:64:ad:2a:
         42:91:48:f5:73:b7:c0:09:8a:2a:e6:98:f1:6f:d0:eb:0e:9d:
         90:ef:2f:32:55:e5:2d:3d:b4:ca:2d:41:a3:45:68:d1:8b:67:
         ca:8b:dd:b0:b5:a7:c6:60:bd:53:d5:65:13:49:d4:8f:5d:e0:
         dd:9b:4e:60:81:bf:24:46:67:e5:e4:b5:1b:10:e8:f6:bd:f4:
         1a:9a:d1:69:be:b2:51:30:38:44:7f:f3:1d:b2:76:97:d4:3a:
         07:15:fc:ba:f7:59:46:e8:0f:88:59:4f:e8:9e:a9:c0:25:02:
         33:38:72:33:15:34:9a:72:48:9e:9c:a8:de:f2:09:dd:cf:7c:
         bc:72:ca:53:8a:3f:54:ca:f1:18:c7:a8:51:e1:e1:5b:20:57:
         0f:3e:df:e9:72:d7:36:bb:e8:25:ce:4c:6a:90:6b:79:39:7e:
         9f:79:27:66:49:ac:b6:c2:ab:d4:a8:81:60:9d:69:6b:8f:82:
         63:18:50:53:d3:33:d6:22:c7:70:b1:21:93:35:9e:d4:56:8b:
         2e:c3:c4:78
-----BEGIN CERTIFICATE-----
MIIGPjCCBSagAwIBAgICPT0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTU2MEExMTAvBgNVBAUTKDE2N0MzQjIyMTc3NUZFQzA1MDM5NDY4MTUwQ0U4MTQ3
NTZBQzZGMEEwHhcNMjMwNzA3MTYzMDMwWhcNMjMxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NGE4M2RhNS0yZThmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA8QC8bI7hc0s14b8ZkGPeM5lTacT/SjsoLm93dI208vsj1/Yu4gy0knWoJkAP
emVeK/he8U40EaMBssgUbYTeg5XQ5HLY5f3Xi/hS+QxNxYS2FMMeSgY1DyRHh5NS
Lw0dOdeu1/UxoPnXufiDBOUB5B4GzoIysmfowlki0gqKYh3RWTq7b5Ih2pjXZuhl
Iyoh/lWSWCECb6UOhbM1R3PbCVF4lvkq8rZSy0zvx8g+vjPSwUAKK8H4WHFILwUH
87nfT/RQSiw5ePgDyHLUL9E7wvxPkK/rojAjxwAbIs3OKvLXTymZoYizB8qrowtm
8G8mKr0eSxPr7iZXn1bMCOXgQQIDAQABo4IDYjCCA14wHQYDVR0OBBYEFCjCS7UF
W6VkMLijXDI/p0DOuhdwMB8GA1UdIwQYMBaAFBZ8OyIXdf7AUDlGgVDOgUdWrG8K
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBNTYwQS9BQUVCMTkxQTFE
OEExMUUyQTM4N0QwRTQwOEIwMkNEMi9Gbnc3SWhkMV9zQlFPVWFCVU02QlIxYXNi
d28uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0ZudzdJaGQxX3NCUU9VYUJVTTZCUjFhc2J3by5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTU2MEEvQUFFQjE5MUExRDhBMTFFMkEzODdEMEU0MDhCMDJDRDIvOEVGMzM2OTA5
MDMyMTFFRDhCMjBENjc0QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgesGCCsGAQUFBwEHAQH/
BIHbMIHYMIHVBAIAATCBzgMEAipgAAMEAjHs0AMEAWcO4AMEAmccIAMEAWdB6gME
AmdDxAMEAWdEVAMEAmdKZAMEAmdfxAMEAWduIAMEAWeBfgMEAWeLmgMEAWeV/AME
AWeXNAMEAWeZQAMEAWedzAMEAWegAgMEAWehYAMEAWehcAMEAWehdgMEAWehtAME
AWeiGDAMAwQBZ7AWAwQBZ7AYAwQBZ7D6AwQBZ7LoAwQBZ7SKAwQBZ7d4AwQBZ754
AwQBZ+QkAwQBZ+RKAwQBZ+U0AwQBZ+f4AwQCyp70MA0GCSqGSIb3DQEBCwUAA4IB
AQA4cU9HxasbPrZXPjY6V6AmQTahDPu56HEDDKKFvxyhAfvbxq1h02t3GzOOimCm
GB58YGRkrSpCkUj1c7fACYoq5pjxb9DrDp2Q7y8yVeUtPbTKLUGjRWjRi2fKi92w
tafGYL1T1WUTSdSPXeDdm05ggb8kRmfl5LUbEOj2vfQamtFpvrJRMDhEf/MdsnaX
1DoHFfy691lG6A+IWU/onqnAJQIzOHIzFTSackienKje8gndz3y8cspTij9UyvEY
x6hR4eFbIFcPPt/pctc2u+glzkxqkGt5OX6feSdmSay2wqvUqIFgnWlrj4JjGFBT
0zPWIsdwsSGTNZ7UVosuw8R4
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:36 2024 by rpki-client on console-fra.rpki-client.org