Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91B5D7E/ECA682341D8711E298322DE008B02CD2/D56188BE1A4011EE83C49C1CC4F9AE02.roa
File:                     D56188BE1A4011EE83C49C1CC4F9AE02.roa (raw, json)
Hash identifier:          s9AjlpPXOD0IYtXFK2a1vflDCfEnGe+BdfjIyWw01ho=
Subject key identifier:   6D:27:84:91:57:C3:B0:61:85:5C:27:5E:56:C1:4F:C7:79:7A:7F:7D
Certificate issuer:       /CN=A91B5D7E/serialNumber=4CAE3AEFB1AC8ABDDB99BCCEE4FA5A916D157B34
Certificate serial:       33AC
Authority key identifier: 4C:AE:3A:EF:B1:AC:8A:BD:DB:99:BC:CE:E4:FA:5A:91:6D:15:7B:34
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/TK4677Gsir3bmbzO5PpakW0VezQ.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91B5D7E/ECA682341D8711E298322DE008B02CD2/D56188BE1A4011EE83C49C1CC4F9AE02.roa
Signing time:             Tue 04 Jul 2023 08:00:25 +0000
ROA not before:           Tue 04 Jul 2023 08:00:25 +0000
ROA not after:            Fri 01 Mar 2024 00:00:00 +0000
asID:                     140607
IP address blocks:        103.207.85.0/24 maxlen: 24
                          116.90.116.0/24 maxlen: 24
                          116.90.118.0/24 maxlen: 24
                          116.90.119.0/24 maxlen: 24
                          116.90.121.0/24 maxlen: 24
                          116.90.122.0/24 maxlen: 24
                          202.142.151.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 13228 (0x33ac)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91B5D7E/serialNumber=4CAE3AEFB1AC8ABDDB99BCCEE4FA5A916D157B34
        Validity
            Not Before: Jul  4 08:00:25 2023 GMT
            Not After : Mar  1 00:00:00 2024 GMT
        Subject: CN=64a3d199-e191
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:cb:16:5d:fd:07:6b:cc:58:f5:18:ae:34:ec:
                    60:ac:98:e1:74:be:7b:82:d4:3c:a9:79:e0:15:cb:
                    3b:94:c5:b0:74:39:43:c7:be:1b:fd:70:00:c9:5c:
                    52:92:88:34:14:9a:ae:b3:5d:77:c6:49:b8:bd:7d:
                    81:8f:8a:e2:aa:8c:ee:04:1e:6c:5e:e2:07:59:25:
                    cd:ee:37:3e:cf:45:a7:31:10:b5:de:f2:26:3e:be:
                    de:5e:d6:1c:fd:11:f7:ac:68:6f:e4:19:cf:84:34:
                    65:21:5d:80:65:14:83:61:05:00:df:94:65:2d:5d:
                    98:cc:23:c4:09:74:d0:4a:51:14:b2:3d:8b:8f:a1:
                    2d:60:68:c2:92:48:66:90:81:9f:53:c3:1f:1e:b8:
                    0a:4d:d1:ed:fe:28:ee:d5:4e:95:bd:e5:92:3d:a1:
                    93:d3:ac:c1:89:df:48:69:9d:dd:34:b0:04:7f:3d:
                    be:bd:5f:f0:cf:dd:0e:40:95:1a:1b:ae:39:e6:26:
                    c6:da:da:de:92:bd:c1:48:2c:ae:e9:a8:fd:d7:54:
                    a4:a5:79:1e:73:b7:b0:d4:cf:65:10:b4:a7:7f:1f:
                    d1:b2:7e:e8:58:69:bb:af:df:8c:8b:a3:b4:8d:e3:
                    cf:c3:f6:77:e8:0f:86:44:ad:16:b9:7a:af:8a:aa:
                    d0:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:27:84:91:57:C3:B0:61:85:5C:27:5E:56:C1:4F:C7:79:7A:7F:7D
            X509v3 Authority Key Identifier:
                keyid:4C:AE:3A:EF:B1:AC:8A:BD:DB:99:BC:CE:E4:FA:5A:91:6D:15:7B:34

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91B5D7E/ECA682341D8711E298322DE008B02CD2/TK4677Gsir3bmbzO5PpakW0VezQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/TK4677Gsir3bmbzO5PpakW0VezQ.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B5D7E/ECA682341D8711E298322DE008B02CD2/D56188BE1A4011EE83C49C1CC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.207.85.0/24
                  116.90.116.0/24
                  116.90.118.0/23
                  116.90.121.0-116.90.122.255
                  202.142.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         73:1e:d4:a2:a8:e2:8f:5e:96:84:41:3d:91:f8:cf:81:c2:a7:
         4c:ff:35:3a:a8:bb:81:e1:f8:9f:da:c7:49:c3:2d:0d:c5:2b:
         bf:22:56:63:ee:ef:92:22:44:2d:d5:c2:6d:f0:61:ff:9d:4a:
         a9:c9:16:78:80:1f:2f:34:35:e7:55:69:a4:37:70:4c:46:b4:
         e6:23:68:bf:35:d1:bb:b8:ab:f0:64:b5:4e:54:16:35:15:89:
         44:3f:64:85:c8:47:d9:86:8f:5a:17:3e:1b:82:8f:93:87:76:
         58:4e:2e:b4:33:f8:95:09:71:8b:a9:75:3d:53:d5:b5:7e:bb:
         5c:55:9b:60:58:d6:09:c7:52:bb:31:76:8a:5a:14:82:b7:d3:
         89:66:4b:8a:b1:d5:c3:7d:fa:e5:2d:49:fa:2b:21:6a:f9:32:
         86:76:d9:49:04:f6:a3:91:03:03:03:ac:16:a3:c8:cc:b4:0e:
         ec:0f:73:34:56:36:f2:48:f5:e1:16:c8:d9:69:56:a1:ac:0e:
         54:3a:57:91:88:44:e7:de:5c:70:f4:56:21:08:3c:c2:7f:5e:
         34:9d:8a:ab:c2:57:84:85:63:db:17:38:a6:ea:fc:1d:64:7f:
         b9:8a:5e:dd:6c:a3:3f:ef:74:5e:23:06:e2:3c:5b:db:2d:aa:
         1b:5a:a2:25
-----BEGIN CERTIFICATE-----
MIIFkTCCBHmgAwIBAgICM6wwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QjVEN0UxMTAvBgNVBAUTKDRDQUUzQUVGQjFBQzhBQkREQjk5QkNDRUU0RkE1QTkx
NkQxNTdCMzQwHhcNMjMwNzA0MDgwMDI1WhcNMjQwMzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NGEzZDE5OS1lMTkxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAucsWXf0Ha8xY9RiuNOxgrJjhdL57gtQ8qXngFcs7lMWwdDlDx74b/XAAyVxS
kog0FJqus113xkm4vX2Bj4riqozuBB5sXuIHWSXN7jc+z0WnMRC13vImPr7eXtYc
/RH3rGhv5BnPhDRlIV2AZRSDYQUA35RlLV2YzCPECXTQSlEUsj2Lj6EtYGjCkkhm
kIGfU8MfHrgKTdHt/iju1U6VveWSPaGT06zBid9IaZ3dNLAEfz2+vV/wz90OQJUa
G6455ibG2trekr3BSCyu6aj911SkpXkec7ew1M9lELSnfx/Rsn7oWGm7r9+Mi6O0
jePPw/Z36A+GRK0WuXqviqrQ5QIDAQABo4ICtTCCArEwHQYDVR0OBBYEFG0nhJFX
w7BhhVwnXlbBT8d5en99MB8GA1UdIwQYMBaAFEyuOu+xrIq925m8zuT6WpFtFXs0
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCNUQ3RS9FQ0E2ODIzNDFE
ODcxMUUyOTgzMjJERTAwOEIwMkNEMi9USzQ2NzdHc2lyM2JtYnpPNVBwYWtXMFZl
elEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1RLNDY3N0dzaXIzYm1iek81UHBha1cwVmV6US5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QjVEN0UvRUNBNjgyMzQxRDg3MTFFMjk4MzIyREUwMDhCMDJDRDIvRDU2MTg4QkUx
QTQwMTFFRTgzQzQ5QzFDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwPwYIKwYBBQUHAQcBAf8E
MDAuMCwEAgABMCYDBABnz1UDBAB0WnQDBAF0WnYwDAMEAHRaeQMEAHRaegMEAMqO
lzANBgkqhkiG9w0BAQsFAAOCAQEAcx7Uoqjij16WhEE9kfjPgcKnTP81Oqi7geH4
n9rHScMtDcUrvyJWY+7vkiJELdXCbfBh/51KqckWeIAfLzQ151VppDdwTEa05iNo
vzXRu7ir8GS1TlQWNRWJRD9khchH2YaPWhc+G4KPk4d2WE4utDP4lQlxi6l1PVPV
tX67XFWbYFjWCcdSuzF2iloUgrfTiWZLirHVw3365S1J+ishavkyhnbZSQT2o5ED
AwOsFqPIzLQO7A9zNFY28kj14RbI2WlWoawOVDpXkYhE595ccPRWIQg8wn9eNJ2K
q8JXhIVj2xc4pur8HWR/uYpe3WyjP+90XiMG4jxb2y2qG1qiJQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:57 2024 by rpki-client on console-ams.rpki-client.org