Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91B5D7E/ECA682341D8711E298322DE008B02CD2/992A2B70877911EE9DFAD854C4F9AE02.roa
File:                     992A2B70877911EE9DFAD854C4F9AE02.roa (raw, json)
Hash identifier:          tBS8XDUU1drdmVcw45IKh6K3bHgd6vL3LV3zjG3E6MU=
Subject key identifier:   FA:A8:7C:49:A1:23:A0:24:8E:02:AB:66:C5:D4:EB:3C:09:3D:48:7D
Certificate issuer:       /CN=A91B5D7E/serialNumber=4CAE3AEFB1AC8ABDDB99BCCEE4FA5A916D157B34
Certificate serial:       3427
Authority key identifier: 4C:AE:3A:EF:B1:AC:8A:BD:DB:99:BC:CE:E4:FA:5A:91:6D:15:7B:34
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/TK4677Gsir3bmbzO5PpakW0VezQ.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91B5D7E/ECA682341D8711E298322DE008B02CD2/992A2B70877911EE9DFAD854C4F9AE02.roa
Signing time:             Mon 20 Nov 2023 07:51:22 +0000
ROA not before:           Mon 20 Nov 2023 07:51:22 +0000
ROA not after:            Fri 01 Mar 2024 00:00:00 +0000
asID:                     23750
IP address blocks:        103.207.84.0/24 maxlen: 24
                          103.207.86.0/24 maxlen: 24
                          103.207.87.0/24 maxlen: 24
                          116.90.96.0/23 maxlen: 23
                          116.90.98.0/24 maxlen: 24
                          116.90.99.0/24 maxlen: 24
                          116.90.106.0/24 maxlen: 24
                          116.90.107.0/24 maxlen: 24
                          116.90.108.0/24 maxlen: 24
                          116.90.109.0/24 maxlen: 24
                          116.90.110.0/24 maxlen: 24
                          116.90.111.0/24 maxlen: 24
                          116.90.117.0/24 maxlen: 24
                          116.90.119.0/24 maxlen: 24
                          116.90.120.0/24 maxlen: 24
                          116.90.123.0/24 maxlen: 24
                          116.90.124.0/24 maxlen: 24
                          116.90.125.0/24 maxlen: 24
                          116.90.126.0/24 maxlen: 24
                          116.90.127.0/24 maxlen: 24
                          121.46.64.0/24 maxlen: 24
                          121.46.66.0/24 maxlen: 24
                          202.69.32.0/24 maxlen: 24
                          202.69.33.0/24 maxlen: 24
                          202.69.34.0/24 maxlen: 24
                          202.69.35.0/24 maxlen: 24
                          202.69.36.0/24 maxlen: 24
                          202.69.37.0/24 maxlen: 24
                          202.69.38.0/24 maxlen: 24
                          202.69.39.0/24 maxlen: 24
                          202.69.40.0/24 maxlen: 24
                          202.69.41.0/24 maxlen: 24
                          202.69.42.0/24 maxlen: 24
                          202.69.43.0/24 maxlen: 24
                          202.69.44.0/24 maxlen: 24
                          202.69.45.0/24 maxlen: 24
                          202.69.46.0/24 maxlen: 24
                          202.69.47.0/24 maxlen: 24
                          202.69.48.0/24 maxlen: 24
                          202.69.49.0/24 maxlen: 24
                          202.69.50.0/24 maxlen: 24
                          202.69.51.0/24 maxlen: 24
                          202.69.52.0/24 maxlen: 24
                          202.69.53.0/24 maxlen: 24
                          202.69.54.0/24 maxlen: 24
                          202.69.55.0/24 maxlen: 24
                          202.69.56.0/24 maxlen: 24
                          202.69.57.0/24 maxlen: 24
                          202.69.58.0/24 maxlen: 24
                          202.69.59.0/24 maxlen: 24
                          202.69.60.0/24 maxlen: 24
                          202.69.61.0/24 maxlen: 24
                          202.69.62.0/24 maxlen: 24
                          202.69.63.0/24 maxlen: 24
                          202.142.144.0/24 maxlen: 24
                          202.142.145.0/24 maxlen: 24
                          202.142.146.0/24 maxlen: 24
                          202.142.147.0/24 maxlen: 24
                          202.142.148.0/24 maxlen: 24
                          202.142.149.0/24 maxlen: 24
                          202.142.150.0/24 maxlen: 24
                          202.142.152.0/24 maxlen: 24
                          202.142.153.0/24 maxlen: 24
                          202.142.154.0/24 maxlen: 24
                          202.142.155.0/24 maxlen: 24
                          202.142.156.0/24 maxlen: 24
                          202.142.157.0/24 maxlen: 24
                          202.142.158.0/24 maxlen: 24
                          202.142.159.0/24 maxlen: 24
                          2406:ac00:1::/48 maxlen: 48
                          2406:ac00:2::/48 maxlen: 48
                          2406:ac00:203::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 13351 (0x3427)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91B5D7E/serialNumber=4CAE3AEFB1AC8ABDDB99BCCEE4FA5A916D157B34
        Validity
            Not Before: Nov 20 07:51:22 2023 GMT
            Not After : Mar  1 00:00:00 2024 GMT
        Subject: CN=655b0ffa-f17f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:cd:8f:38:0b:98:41:36:73:9f:c2:5f:a6:b9:
                    f6:db:5d:e3:06:e1:3b:86:4f:9e:80:c9:59:db:15:
                    5d:8c:54:a1:d6:27:e1:f1:4b:1f:0b:20:51:de:1f:
                    df:6c:e8:f9:1c:ee:4d:a8:cf:4d:d5:c9:f1:61:ba:
                    7b:be:0c:2b:b6:36:31:93:57:7a:81:e3:c0:22:b8:
                    86:f5:e3:31:22:86:36:66:56:21:99:bf:ec:dd:cd:
                    f4:e5:e2:7b:d6:59:e6:21:2c:c2:63:93:d4:67:56:
                    11:bc:d9:0b:f5:91:73:98:da:dd:7f:62:58:5a:56:
                    d5:b7:e9:9d:05:a6:a8:df:14:0c:4c:05:da:43:3d:
                    e3:f8:79:1e:ee:8f:40:8a:29:ec:1c:4b:8a:4a:01:
                    76:de:fc:74:21:0b:cc:6f:16:30:13:45:e8:46:53:
                    8c:9f:7d:b7:24:e5:01:89:80:a3:bc:da:f1:7b:ac:
                    e7:f0:ab:7b:d3:3e:7f:35:18:a7:be:ea:7c:1b:1e:
                    2a:5f:3f:c9:ac:ec:37:27:96:77:43:a8:ca:b5:32:
                    31:f4:78:7d:1c:c3:9e:53:3b:21:f1:a7:37:36:5a:
                    35:08:73:d7:1f:0e:0d:35:e7:6b:0b:e3:f4:fc:53:
                    71:cb:1f:d7:77:88:bc:2c:15:5c:3b:37:da:9a:56:
                    5a:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:A8:7C:49:A1:23:A0:24:8E:02:AB:66:C5:D4:EB:3C:09:3D:48:7D
            X509v3 Authority Key Identifier:
                keyid:4C:AE:3A:EF:B1:AC:8A:BD:DB:99:BC:CE:E4:FA:5A:91:6D:15:7B:34

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91B5D7E/ECA682341D8711E298322DE008B02CD2/TK4677Gsir3bmbzO5PpakW0VezQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/TK4677Gsir3bmbzO5PpakW0VezQ.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B5D7E/ECA682341D8711E298322DE008B02CD2/992A2B70877911EE9DFAD854C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.207.84.0/24
                  103.207.86.0/23
                  116.90.96.0/22
                  116.90.106.0-116.90.111.255
                  116.90.117.0/24
                  116.90.119.0-116.90.120.255
                  116.90.123.0-116.90.127.255
                  121.46.64.0/24
                  121.46.66.0/24
                  202.69.32.0/19
                  202.142.144.0-202.142.150.255
                  202.142.152.0/21
                IPv6:
                  2406:ac00:1::-2406:ac00:2:ffff:ffff:ffff:ffff:ffff
                  2406:ac00:203::/48

    Signature Algorithm: sha256WithRSAEncryption
         43:56:76:a1:0c:ac:ca:e8:e5:6b:be:4d:12:b2:37:1e:8c:97:
         18:e9:13:2a:ae:e9:43:a9:1e:0d:ca:79:d0:f0:74:39:b2:e4:
         b2:7d:e6:ff:08:68:83:0a:01:8d:88:cc:0e:d4:d1:64:1b:59:
         e4:29:e7:84:84:aa:cb:71:c4:f5:b1:67:74:5a:64:69:b1:22:
         fc:a2:08:14:2c:a5:dd:38:b5:2d:32:8f:72:8b:b6:9c:88:a6:
         96:f6:d9:c3:97:10:02:b5:69:37:42:53:97:a1:f0:e1:97:70:
         d0:0f:2c:d2:9b:5e:a8:98:ee:5e:66:b5:41:f9:90:98:41:3f:
         d8:12:c4:33:bd:25:41:3f:bc:f3:0b:45:27:2a:5e:5c:25:31:
         15:11:93:cd:50:e2:5c:4d:cd:1b:e1:53:74:73:8b:0f:4a:b9:
         21:0b:de:b5:8a:e6:07:94:da:73:56:4b:b0:f1:f5:07:18:3c:
         4f:57:28:bc:f9:e4:5a:c7:03:73:cd:7c:48:1b:92:f9:73:99:
         b4:de:7a:31:e8:38:65:eb:e6:67:39:95:06:d2:9b:c4:22:29:
         e3:44:fd:11:4a:60:b7:15:b6:34:5f:1b:ac:24:ec:ad:d5:ff:
         69:3e:71:cb:a3:81:a3:08:81:8a:a5:6d:d8:aa:62:d9:b0:58:
         d2:1d:04:55
-----BEGIN CERTIFICATE-----
MIIF+zCCBOOgAwIBAgICNCcwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QjVEN0UxMTAvBgNVBAUTKDRDQUUzQUVGQjFBQzhBQkREQjk5QkNDRUU0RkE1QTkx
NkQxNTdCMzQwHhcNMjMxMTIwMDc1MTIyWhcNMjQwMzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTViMGZmYS1mMTdmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAyc2POAuYQTZzn8Jfprn2213jBuE7hk+egMlZ2xVdjFSh1ifh8UsfCyBR3h/f
bOj5HO5NqM9N1cnxYbp7vgwrtjYxk1d6gePAIriG9eMxIoY2ZlYhmb/s3c305eJ7
1lnmISzCY5PUZ1YRvNkL9ZFzmNrdf2JYWlbVt+mdBaao3xQMTAXaQz3j+Hke7o9A
iinsHEuKSgF23vx0IQvMbxYwE0XoRlOMn323JOUBiYCjvNrxe6zn8Kt70z5/NRin
vup8Gx4qXz/JrOw3J5Z3Q6jKtTIx9Hh9HMOeUzsh8ac3Nlo1CHPXHw4NNedrC+P0
/FNxyx/Xd4i8LBVcOzfamlZaZQIDAQABo4IDHzCCAxswHQYDVR0OBBYEFPqofEmh
I6AkjgKrZsXU6zwJPUh9MB8GA1UdIwQYMBaAFEyuOu+xrIq925m8zuT6WpFtFXs0
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCNUQ3RS9FQ0E2ODIzNDFE
ODcxMUUyOTgzMjJERTAwOEIwMkNEMi9USzQ2NzdHc2lyM2JtYnpPNVBwYWtXMFZl
elEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1RLNDY3N0dzaXIzYm1iek81UHBha1cwVmV6US5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QjVEN0UvRUNBNjgyMzQxRDg3MTFFMjk4MzIyREUwMDhCMDJDRDIvOTkyQTJCNzA4
Nzc5MTFFRTlERkFEODU0QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgagGCCsGAQUFBwEHAQH/
BIGYMIGVMG4EAgABMGgDBABnz1QDBAFnz1YDBAJ0WmAwDAMEAXRaagMEBHRaYAME
AHRadTAMAwQAdFp3AwQAdFp4MAwDBAB0WnsDBAd0WgADBAB5LkADBAB5LkIDBAXK
RSAwDAMEBMqOkAMEAMqOlgMEA8qOmDAjBAIAAjAdMBIDBwAkBqwAAAEDBwAkBqwA
AAIDBwAkBqwAAgMwDQYJKoZIhvcNAQELBQADggEBAENWdqEMrMro5Wu+TRKyNx6M
lxjpEyqu6UOpHg3KedDwdDmy5LJ95v8IaIMKAY2IzA7U0WQbWeQp54SEqstxxPWx
Z3RaZGmxIvyiCBQspd04tS0yj3KLtpyIppb22cOXEAK1aTdCU5eh8OGXcNAPLNKb
XqiY7l5mtUH5kJhBP9gSxDO9JUE/vPMLRScqXlwlMRURk81Q4lxNzRvhU3Rziw9K
uSEL3rWK5geU2nNWS7Dx9QcYPE9XKLz55FrHA3PNfEgbkvlzmbTeejHoOGXr5mc5
lQbSm8QiKeNE/RFKYLcVtjRfG6wk7K3V/2k+ccujgaMIgYqlbdiqYtmwWNIdBFU=
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:38 2024 by rpki-client on console-fra.rpki-client.org