Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91BC966/A1952BA21C1111EAB6C3C76DC4F9AE02/7BAFAA8AB5C811ED94462587C4F9AE02.roa
File:                     7BAFAA8AB5C811ED94462587C4F9AE02.roa (raw, json)
Hash identifier:          AdG0i1SLXkw7ozDx7+w/V7QTYNlH/VZffOoqMFwaTtk=
Subject key identifier:   A0:D8:C7:06:EC:2D:B0:F7:C8:9C:74:16:37:D3:24:C8:8C:37:AC:73
Certificate issuer:       /CN=A91BC966/serialNumber=B2A25DDE1A9EC91B59986A532F78835436183248
Certificate serial:       0A4F
Authority key identifier: B2:A2:5D:DE:1A:9E:C9:1B:59:98:6A:53:2F:78:83:54:36:18:32:48
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/sqJd3hqeyRtZmGpTL3iDVDYYMkg.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91BC966/A1952BA21C1111EAB6C3C76DC4F9AE02/7BAFAA8AB5C811ED94462587C4F9AE02.roa
Signing time:             Sun 26 Feb 2023 12:27:17 +0000
ROA not before:           Sun 26 Feb 2023 12:27:17 +0000
ROA not after:            Sun 30 Jul 2023 00:00:00 +0000
asID:                     38565
IP address blocks:        36.252.0.0/15 maxlen: 23
                          43.243.96.0/22 maxlen: 24
                          49.126.0.0/16 maxlen: 20
                          103.38.196.0/22 maxlen: 24
                          116.68.208.0/21 maxlen: 24
                          2400:9500::/32 maxlen: 32
                          2400:9500:4000::/36 maxlen: 36
                          2400:9500:4140::/42 maxlen: 44
                          2400:9500:4180::/41 maxlen: 44

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2639 (0xa4f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91BC966/serialNumber=B2A25DDE1A9EC91B59986A532F78835436183248
        Validity
            Not Before: Feb 26 12:27:17 2023 GMT
            Not After : Jul 30 00:00:00 2023 GMT
        Subject: CN=63fb5025-92a9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:1a:78:9b:83:4a:7a:ff:ce:ac:29:2d:14:32:
                    68:aa:d8:e9:73:bb:7e:88:49:06:6b:ba:c5:7e:0b:
                    9b:36:d0:79:df:22:91:74:be:e6:e4:24:97:db:34:
                    c2:fb:82:25:2b:c1:bd:34:7d:76:7e:a3:17:8f:43:
                    db:8c:ce:76:27:3f:4a:f1:80:2a:1f:87:bd:42:10:
                    53:ae:10:65:9e:64:84:16:83:87:2f:03:42:51:18:
                    82:65:cd:d2:5f:5b:af:af:9e:44:fe:e1:5a:c2:06:
                    5c:e0:ac:97:91:f6:b8:a4:a7:79:9a:7d:27:4c:af:
                    2f:e9:ca:11:cb:7a:25:3a:00:f1:f1:45:2b:e4:1c:
                    ee:8b:d4:59:02:2c:1e:7f:67:4b:ed:c5:ce:3d:f9:
                    4c:d3:75:9a:41:41:f8:da:d1:de:6a:fe:bb:0a:f0:
                    cc:6b:96:1e:2d:33:a2:c1:36:08:8a:7f:10:ad:74:
                    fb:9a:48:9b:38:c2:ba:37:c2:ed:69:fa:75:bc:91:
                    15:16:5c:b2:00:ee:57:01:b9:ab:83:56:6a:df:72:
                    9a:73:48:4b:eb:84:49:a9:d6:26:2c:6f:cd:f3:2e:
                    b7:4c:85:ec:f6:3a:64:d7:31:72:81:a6:4d:e9:8a:
                    83:2b:cc:0f:bd:e2:d4:4b:35:b9:fc:75:2d:e1:7e:
                    8c:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:D8:C7:06:EC:2D:B0:F7:C8:9C:74:16:37:D3:24:C8:8C:37:AC:73
            X509v3 Authority Key Identifier:
                keyid:B2:A2:5D:DE:1A:9E:C9:1B:59:98:6A:53:2F:78:83:54:36:18:32:48

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91BC966/A1952BA21C1111EAB6C3C76DC4F9AE02/sqJd3hqeyRtZmGpTL3iDVDYYMkg.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/sqJd3hqeyRtZmGpTL3iDVDYYMkg.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91BC966/A1952BA21C1111EAB6C3C76DC4F9AE02/7BAFAA8AB5C811ED94462587C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  36.252.0.0/15
                  43.243.96.0/22
                  49.126.0.0/16
                  103.38.196.0/22
                  116.68.208.0/21
                IPv6:
                  2400:9500::/32

    Signature Algorithm: sha256WithRSAEncryption
         5f:af:c3:57:66:6f:d3:78:80:e1:b7:cc:75:75:b1:3c:8b:98:
         50:22:c4:14:d1:79:d3:bd:0d:69:fa:a4:8b:aa:02:50:c1:59:
         47:bb:21:30:66:bf:8b:e5:fa:67:b2:05:e9:95:b6:e6:d9:da:
         fd:2e:38:8a:8b:90:59:3e:b5:12:38:e3:6a:22:64:79:d7:4c:
         02:cc:2c:09:55:b0:61:b6:54:4d:7e:c0:ca:45:4d:8c:06:a8:
         51:2b:bd:e7:d9:bf:57:ef:42:6f:62:10:a4:3b:6a:10:83:86:
         b5:9b:1a:06:28:67:b1:12:36:df:9a:af:35:94:15:a5:14:ab:
         aa:2f:fb:cf:0f:c8:4d:36:cc:08:05:9a:3d:40:ba:2c:4a:62:
         a5:07:f2:fb:8a:07:30:35:5e:4f:9d:89:d8:17:e5:2b:0c:36:
         a6:b1:6e:32:0c:be:86:17:69:48:42:c4:3e:51:ca:10:62:5b:
         95:d0:f0:e5:2b:2c:63:4b:a3:d1:28:e1:11:06:dc:dd:de:c8:
         aa:b4:86:55:da:a3:db:ee:23:12:e5:51:79:ab:04:27:49:53:
         b5:e5:53:c2:c2:e8:b6:38:d1:ac:98:ec:3b:20:fe:77:ce:a5:
         58:c2:3f:a6:25:68:ab:8a:52:4d:a8:3f:59:e0:df:ac:58:65:
         b0:22:6e:57
-----BEGIN CERTIFICATE-----
MIIFljCCBH6gAwIBAgICCk8wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QkM5NjYxMTAvBgNVBAUTKEIyQTI1RERFMUE5RUM5MUI1OTk4NkE1MzJGNzg4MzU0
MzYxODMyNDgwHhcNMjMwMjI2MTIyNzE3WhcNMjMwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02M2ZiNTAyNS05MmE5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAxxp4m4NKev/OrCktFDJoqtjpc7t+iEkGa7rFfgubNtB53yKRdL7m5CSX2zTC
+4IlK8G9NH12fqMXj0PbjM52Jz9K8YAqH4e9QhBTrhBlnmSEFoOHLwNCURiCZc3S
X1uvr55E/uFawgZc4KyXkfa4pKd5mn0nTK8v6coRy3olOgDx8UUr5Bzui9RZAiwe
f2dL7cXOPflM03WaQUH42tHeav67CvDMa5YeLTOiwTYIin8QrXT7mkibOMK6N8Lt
afp1vJEVFlyyAO5XAbmrg1Zq33Kac0hL64RJqdYmLG/N8y63TIXs9jpk1zFygaZN
6YqDK8wPveLUSzW5/HUt4X6M7QIDAQABo4ICujCCArYwHQYDVR0OBBYEFKDYxwbs
LbD3yJx0FjfTJMiMN6xzMB8GA1UdIwQYMBaAFLKiXd4anskbWZhqUy94g1Q2GDJI
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCQzk2Ni9BMTk1MkJBMjFD
MTExMUVBQjZDM0M3NkRDNEY5QUUwMi9zcUpkM2hxZXlSdFptR3BUTDNpRFZEWVlN
a2cuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3NxSmQzaHFleVJ0Wm1HcFRMM2lEVkRZWU1rZy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QkM5NjYvQTE5NTJCQTIxQzExMTFFQUI2QzNDNzZEQzRGOUFFMDIvN0JBRkFBOEFC
NUM4MTFFRDk0NDYyNTg3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwRAYIKwYBBQUHAQcBAf8E
NTAzMCIEAgABMBwDAwEk/AMEAivzYAMDADF+AwQCZybEAwQDdETQMA0EAgACMAcD
BQAkAJUAMA0GCSqGSIb3DQEBCwUAA4IBAQBfr8NXZm/TeIDht8x1dbE8i5hQIsQU
0XnTvQ1p+qSLqgJQwVlHuyEwZr+L5fpnsgXplbbm2dr9LjiKi5BZPrUSOONqImR5
10wCzCwJVbBhtlRNfsDKRU2MBqhRK73n2b9X70JvYhCkO2oQg4a1mxoGKGexEjbf
mq81lBWlFKuqL/vPD8hNNswIBZo9QLosSmKlB/L7igcwNV5PnYnYF+UrDDamsW4y
DL6GF2lIQsQ+UcoQYluV0PDlKyxjS6PRKOERBtzd3siqtIZV2qPb7iMS5VF5qwQn
SVO15VPCwui2ONGsmOw7IP53zqVYwj+mJWirilJNqD9Z4N+sWGWwIm5X
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:39 2024 by rpki-client on console-fra.rpki-client.org