Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91AF9A1/D26015CAD37E11E98A196B67C4F9AE02/CF8BD41ED37F11E9AD3E2A69C4F9AE02.roa
File:                     CF8BD41ED37F11E9AD3E2A69C4F9AE02.roa (raw, json)
Hash identifier:          cTfnwIWglTsMX5ItmOmljL/JKA3K64IClAJBOvzB5do=
Subject key identifier:   3B:E3:4B:37:2E:87:8A:AE:D8:8E:6A:6D:E5:94:39:62:72:4F:2D:61
Certificate issuer:       /CN=A91AF9A1/serialNumber=A7F9AF28D24A432493B4B2BA9B55729BC0977CC8
Certificate serial:       0ACE
Authority key identifier: A7:F9:AF:28:D2:4A:43:24:93:B4:B2:BA:9B:55:72:9B:C0:97:7C:C8
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/p_mvKNJKQySTtLK6m1Vym8CXfMg.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91AF9A1/D26015CAD37E11E98A196B67C4F9AE02/CF8BD41ED37F11E9AD3E2A69C4F9AE02.roa
Signing time:             Sun 31 Jul 2022 19:45:37 +0000
ROA not before:           Sun 31 Jul 2022 19:45:37 +0000
ROA not after:            Thu 01 Dec 2022 00:00:00 +0000
asID:                     137828
IP address blocks:        103.115.72.0/22 maxlen: 22
                          103.115.72.0/24 maxlen: 24
                          103.115.73.0/24 maxlen: 24
                          103.115.74.0/24 maxlen: 24
                          103.115.75.0/24 maxlen: 24
                          2402:e1c0::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2766 (0xace)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91AF9A1/serialNumber=A7F9AF28D24A432493B4B2BA9B55729BC0977CC8
        Validity
            Not Before: Jul 31 19:45:37 2022 GMT
            Not After : Dec  1 00:00:00 2022 GMT
        Subject: CN=62e6dbe0-80fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:40:ad:ad:f6:63:9b:5b:31:b8:ee:06:d6:87:
                    f2:c1:bb:c2:54:99:71:07:7c:7d:1e:43:71:5b:7e:
                    06:b9:5f:f1:7e:54:94:bd:da:b8:c9:df:83:b1:bb:
                    2c:7e:d3:16:00:32:d6:12:73:00:81:8b:85:bc:60:
                    00:1d:a4:84:9e:0a:70:2f:f6:94:d2:04:91:5b:c2:
                    33:2e:24:83:43:3b:0e:da:14:99:3f:63:43:ab:d3:
                    15:57:07:dd:ce:0c:0d:4f:3a:cc:6b:74:63:9b:35:
                    c6:2d:e0:47:a8:1e:18:ed:ff:70:20:15:85:4b:b4:
                    ab:89:d0:bd:13:3e:ec:1c:0f:04:c9:f3:76:27:ed:
                    a9:72:fd:a7:49:7d:1b:ec:b6:05:e7:10:2e:49:18:
                    8f:d6:b7:cb:54:84:74:61:5c:30:80:be:d7:3b:5b:
                    10:28:66:79:5a:70:80:7b:47:0e:0b:03:78:3b:ac:
                    44:de:8f:53:99:2b:62:4f:39:2b:d2:25:6a:57:95:
                    3d:ae:d1:3d:53:e4:54:b5:ac:1c:d1:71:7b:74:23:
                    9b:c5:13:61:f8:0f:b8:09:fb:e5:e9:33:59:44:97:
                    c7:5c:c9:3b:a1:71:65:fe:7c:39:87:5f:1c:ad:74:
                    8d:2a:36:9a:76:2c:a2:4a:fd:dc:15:1c:ac:15:28:
                    ae:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3B:E3:4B:37:2E:87:8A:AE:D8:8E:6A:6D:E5:94:39:62:72:4F:2D:61
            X509v3 Authority Key Identifier:
                keyid:A7:F9:AF:28:D2:4A:43:24:93:B4:B2:BA:9B:55:72:9B:C0:97:7C:C8

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91AF9A1/D26015CAD37E11E98A196B67C4F9AE02/p_mvKNJKQySTtLK6m1Vym8CXfMg.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/p_mvKNJKQySTtLK6m1Vym8CXfMg.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91AF9A1/D26015CAD37E11E98A196B67C4F9AE02/CF8BD41ED37F11E9AD3E2A69C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.115.72.0/22
                IPv6:
                  2402:e1c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         46:72:fb:2f:7f:d9:48:8c:01:02:5b:99:80:d2:3c:f9:b3:22:
         50:dc:1d:29:0a:9f:c7:6e:a5:fa:d5:21:b8:86:8d:67:06:ec:
         61:3c:1a:8a:8b:b2:c1:29:1e:a3:9c:de:8a:c1:87:89:0f:05:
         a6:be:58:1a:d1:a8:c6:44:8b:59:74:2e:f9:f7:0c:4f:77:aa:
         79:a5:01:07:00:45:95:7e:7e:97:19:46:5c:73:b7:59:48:7d:
         18:3c:c2:0e:b9:d5:88:21:73:eb:a1:82:b2:b9:97:5a:f7:bf:
         3a:9d:59:ae:45:f3:e4:b6:5a:f3:04:c5:25:5e:67:21:e6:06:
         53:99:e7:6d:b7:c5:1d:9b:48:43:45:b5:65:3f:6d:19:02:18:
         38:07:14:a7:6d:f7:0a:b4:60:91:ff:11:33:3b:da:d2:96:86:
         ed:4c:b2:25:b2:4d:0c:1f:4a:6c:17:94:e7:63:f6:b9:5d:2e:
         ff:13:82:ff:11:71:32:c0:dd:5e:20:dc:b3:79:9d:e3:0c:e9:
         26:9a:a4:d3:64:83:d4:77:e2:90:cb:2a:6f:d3:50:f8:eb:41:
         8b:5f:ce:6f:45:8b:a2:bd:ad:47:0c:b3:be:f2:e9:2b:35:ad:
         c1:13:90:8a:22:0c:01:30:17:13:d5:74:64:48:56:10:0e:df:
         f4:43:9c:ea
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICCs4wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QUY5QTExMTAvBgNVBAUTKEE3RjlBRjI4RDI0QTQzMjQ5M0I0QjJCQTlCNTU3MjlC
QzA5NzdDQzgwHhcNMjIwNzMxMTk0NTM3WhcNMjIxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MmU2ZGJlMC04MGZlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA50CtrfZjm1sxuO4G1ofywbvCVJlxB3x9HkNxW34GuV/xflSUvdq4yd+Dsbss
ftMWADLWEnMAgYuFvGAAHaSEngpwL/aU0gSRW8IzLiSDQzsO2hSZP2NDq9MVVwfd
zgwNTzrMa3RjmzXGLeBHqB4Y7f9wIBWFS7SridC9Ez7sHA8EyfN2J+2pcv2nSX0b
7LYF5xAuSRiP1rfLVIR0YVwwgL7XO1sQKGZ5WnCAe0cOCwN4O6xE3o9TmStiTzkr
0iVqV5U9rtE9U+RUtawc0XF7dCObxRNh+A+4Cfvl6TNZRJfHXMk7oXFl/nw5h18c
rXSNKjaadiyiSv3cFRysFSiujQIDAQABo4ICpDCCAqAwHQYDVR0OBBYEFDvjSzcu
h4qu2I5qbeWUOWJyTy1hMB8GA1UdIwQYMBaAFKf5ryjSSkMkk7SyuptVcpvAl3zI
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBRjlBMS9EMjYwMTVDQUQz
N0UxMUU5OEExOTZCNjdDNEY5QUUwMi9wX212S05KS1F5U1R0TEs2bTFWeW04Q1hm
TWcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3BfbXZLTkpLUXlTVHRMSzZtMVZ5bThDWGZNZy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QUY5QTEvRDI2MDE1Q0FEMzdFMTFFOThBMTk2QjY3QzRGOUFFMDIvQ0Y4QkQ0MUVE
MzdGMTFFOUFEM0UyQTY5QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLgYIKwYBBQUHAQcBAf8E
HzAdMAwEAgABMAYDBAJnc0gwDQQCAAIwBwMFACQC4cAwDQYJKoZIhvcNAQELBQAD
ggEBAEZy+y9/2UiMAQJbmYDSPPmzIlDcHSkKn8dupfrVIbiGjWcG7GE8GoqLssEp
HqOc3orBh4kPBaa+WBrRqMZEi1l0Lvn3DE93qnmlAQcARZV+fpcZRlxzt1lIfRg8
wg651Yghc+uhgrK5l1r3vzqdWa5F8+S2WvMExSVeZyHmBlOZ5223xR2bSENFtWU/
bRkCGDgHFKdt9wq0YJH/ETM72tKWhu1MsiWyTQwfSmwXlOdj9rldLv8Tgv8RcTLA
3V4g3LN5neMM6SaapNNkg9R34pDLKm/TUPjrQYtfzm9Fi6K9rUcMs77y6Ss1rcET
kIoiDAEwFxPVdGRIVhAO3/RDnOo=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:56 2024 by rpki-client on console-ams.rpki-client.org