Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91D462A/4CBD3F8450D511E79313AE12C4F9AE02/411D97D2D88511EBA5910C7DC4F9AE02.roa
File:                     411D97D2D88511EBA5910C7DC4F9AE02.roa (raw, json)
Hash identifier:          PAf9Qx6C2Xtc8yh8nJoI38hHwfStRkM9h/Zjnkc+gt0=
Subject key identifier:   26:7E:AF:3B:EB:49:BB:5C:AB:86:67:8B:B4:52:1C:44:F8:D6:C0:85
Certificate issuer:       /CN=A91D462A/serialNumber=CF712CB389EE84DA19CA981DE630F509FF44CD45
Certificate serial:       15B3
Authority key identifier: CF:71:2C:B3:89:EE:84:DA:19:CA:98:1D:E6:30:F5:09:FF:44:CD:45
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/z3Ess4nuhNoZypgd5jD1Cf9EzUU.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91D462A/4CBD3F8450D511E79313AE12C4F9AE02/411D97D2D88511EBA5910C7DC4F9AE02.roa
Signing time:             Tue 23 Nov 2021 05:23:43 +0000
ROA not before:           Tue 23 Nov 2021 05:23:43 +0000
ROA not after:            Tue 31 Jan 2023 00:00:00 +0000
asID:                     9484
IP address blocks:        45.117.32.0/22 maxlen: 22
                          45.117.32.0/24 maxlen: 24
                          45.117.33.0/24 maxlen: 24
                          45.117.34.0/24 maxlen: 24
                          45.117.35.0/24 maxlen: 24
                          202.21.96.0/19 maxlen: 19
                          202.21.96.0/24 maxlen: 24
                          202.21.97.0/24 maxlen: 24
                          202.21.98.0/24 maxlen: 24
                          202.21.99.0/24 maxlen: 24
                          202.21.100.0/24 maxlen: 24
                          202.21.101.0/24 maxlen: 24
                          202.21.102.0/24 maxlen: 24
                          202.21.103.0/24 maxlen: 24
                          202.21.104.0/24 maxlen: 24
                          202.21.105.0/24 maxlen: 24
                          202.21.106.0/24 maxlen: 24
                          202.21.107.0/24 maxlen: 24
                          202.21.108.0/24 maxlen: 24
                          202.21.109.0/24 maxlen: 24
                          202.21.110.0/24 maxlen: 24
                          202.21.111.0/24 maxlen: 24
                          202.21.112.0/24 maxlen: 24
                          202.21.113.0/24 maxlen: 24
                          202.21.114.0/24 maxlen: 24
                          202.21.115.0/24 maxlen: 24
                          202.21.116.0/24 maxlen: 24
                          202.21.117.0/24 maxlen: 24
                          202.21.118.0/24 maxlen: 24
                          202.21.119.0/24 maxlen: 24
                          202.21.120.0/24 maxlen: 24
                          202.21.121.0/24 maxlen: 24
                          202.21.122.0/23 maxlen: 24
                          202.21.124.0/22 maxlen: 22
                          202.21.124.0/24 maxlen: 24
                          202.21.125.0/24 maxlen: 24
                          202.21.126.0/24 maxlen: 24
                          202.21.127.0/24 maxlen: 24
                          202.126.92.0/22 maxlen: 24
                          202.131.224.0/19 maxlen: 19
                          202.131.224.0/24 maxlen: 24
                          202.131.225.0/24 maxlen: 24
                          202.131.226.0/24 maxlen: 24
                          202.131.227.0/24 maxlen: 24
                          202.131.228.0/24 maxlen: 24
                          202.131.229.0/24 maxlen: 24
                          202.131.230.0/24 maxlen: 24
                          202.131.231.0/24 maxlen: 24
                          202.131.232.0/24 maxlen: 24
                          202.131.233.0/24 maxlen: 24
                          202.131.234.0/24 maxlen: 24
                          202.131.235.0/24 maxlen: 24
                          202.131.236.0/24 maxlen: 24
                          202.131.237.0/24 maxlen: 24
                          202.131.238.0/24 maxlen: 24
                          202.131.239.0/24 maxlen: 24
                          202.131.240.0/24 maxlen: 24
                          202.131.241.0/24 maxlen: 24
                          202.131.242.0/24 maxlen: 24
                          202.131.243.0/24 maxlen: 24
                          202.131.244.0/24 maxlen: 24
                          202.131.245.0/24 maxlen: 24
                          202.131.246.0/24 maxlen: 24
                          202.131.247.0/24 maxlen: 24
                          202.131.248.0/24 maxlen: 24
                          202.131.249.0/24 maxlen: 24
                          202.131.250.0/24 maxlen: 24
                          202.131.251.0/24 maxlen: 24
                          202.131.252.0/24 maxlen: 24
                          202.131.253.0/24 maxlen: 24
                          202.131.254.0/24 maxlen: 24
                          202.131.255.0/24 maxlen: 24
                          2407:6400::/32 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 5555 (0x15b3)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91D462A/serialNumber=CF712CB389EE84DA19CA981DE630F509FF44CD45
        Validity
            Not Before: Nov 23 05:23:43 2021 GMT
            Not After : Jan 31 00:00:00 2023 GMT
        Subject: CN=619c7adf-a003
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:39:28:58:cf:a0:45:1e:dd:f3:df:48:8c:16:
                    aa:4f:e0:5a:f8:10:58:f7:8e:92:dc:3a:a0:d5:76:
                    9d:36:79:5c:4f:fc:5c:e8:5f:e3:be:02:7e:9d:68:
                    b6:27:a6:d2:83:42:60:f6:49:66:ca:ed:27:80:4c:
                    a8:d5:56:b8:d6:f4:23:ac:c5:3d:26:f7:ab:bf:20:
                    e3:36:93:22:42:28:b4:ef:be:33:a3:8d:89:f1:d4:
                    67:d3:21:0e:4b:ec:38:d8:e2:2c:f9:4f:c5:00:9c:
                    98:1e:5a:81:eb:9b:46:dc:0f:91:44:96:59:d0:db:
                    b9:1e:16:33:ea:8f:27:10:b0:67:ad:ba:d1:94:54:
                    a9:8c:5a:14:ac:8f:eb:7b:f0:e0:6f:71:e1:70:87:
                    56:a1:cf:fe:65:40:93:94:fe:7e:9e:6f:61:29:0b:
                    01:87:31:7b:06:93:a7:93:b4:47:51:44:1e:a9:65:
                    b0:c4:6b:cc:1c:89:c6:d0:25:50:d1:b2:31:da:06:
                    a6:97:39:3d:3c:05:bb:d5:9e:47:a3:23:bb:99:24:
                    97:61:bc:97:b2:9d:4e:eb:1f:a4:c8:3e:77:66:c1:
                    f9:e9:5c:bb:cc:f6:d7:c0:bd:55:d1:a1:e8:dc:58:
                    65:06:7f:f0:bc:7e:73:b0:66:58:5c:b5:db:8e:cc:
                    65:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:7E:AF:3B:EB:49:BB:5C:AB:86:67:8B:B4:52:1C:44:F8:D6:C0:85
            X509v3 Authority Key Identifier:
                keyid:CF:71:2C:B3:89:EE:84:DA:19:CA:98:1D:E6:30:F5:09:FF:44:CD:45

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91D462A/4CBD3F8450D511E79313AE12C4F9AE02/z3Ess4nuhNoZypgd5jD1Cf9EzUU.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/z3Ess4nuhNoZypgd5jD1Cf9EzUU.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91D462A/4CBD3F8450D511E79313AE12C4F9AE02/411D97D2D88511EBA5910C7DC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.117.32.0/22
                  202.21.96.0/19
                  202.126.92.0/22
                  202.131.224.0/19
                IPv6:
                  2407:6400::/32

    Signature Algorithm: sha256WithRSAEncryption
         29:28:38:82:af:f7:1f:0d:25:5e:9b:f6:1d:11:bf:67:2e:01:
         d5:0e:00:9e:30:98:51:bd:91:6f:b8:52:c4:18:66:60:89:bc:
         9d:72:c4:5c:3b:f9:27:dc:2f:84:9c:30:c7:ff:10:2f:49:44:
         fe:3b:3c:97:57:7b:c6:d0:93:17:70:fe:80:88:6d:f0:a3:c6:
         b5:c5:6a:97:c3:a9:2b:07:f7:71:15:51:01:2a:d1:f5:02:aa:
         a9:1a:08:6a:82:29:a3:dc:40:c1:d9:d8:46:f1:d7:03:61:7b:
         c5:16:70:1e:40:61:de:63:75:df:3e:be:f1:ad:70:11:a9:b9:
         65:fa:fe:83:88:6b:74:f0:66:be:87:c4:45:d3:59:ad:8c:6f:
         a0:81:ac:c5:71:74:60:d9:95:b9:d0:fd:41:a6:2e:43:ee:0a:
         b9:e5:d2:16:e5:f1:cd:cf:9a:d3:50:96:42:20:87:2f:aa:bf:
         5d:3f:c2:01:d1:00:ce:fd:d0:83:6b:5d:2c:96:49:9b:8d:72:
         2e:a0:70:0e:ab:8b:78:d6:aa:ae:59:6f:3a:eb:91:1b:f5:ae:
         70:3b:7e:c8:a9:49:0b:50:f8:a5:db:4d:27:65:df:1b:68:3e:
         b4:86:d1:8f:0e:a3:11:54:6b:c3:7c:8f:23:70:80:c7:c3:95:
         b7:6f:f1:2a
-----BEGIN CERTIFICATE-----
MIIFkjCCBHqgAwIBAgICFbMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RDQ2MkExMTAvBgNVBAUTKENGNzEyQ0IzODlFRTg0REExOUNBOTgxREU2MzBGNTA5
RkY0NENENDUwHhcNMjExMTIzMDUyMzQzWhcNMjMwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MTljN2FkZi1hMDAzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAszkoWM+gRR7d899IjBaqT+Ba+BBY946S3Dqg1XadNnlcT/xc6F/jvgJ+nWi2
J6bSg0Jg9klmyu0ngEyo1Va41vQjrMU9JvervyDjNpMiQii0774zo42J8dRn0yEO
S+w42OIs+U/FAJyYHlqB65tG3A+RRJZZ0Nu5HhYz6o8nELBnrbrRlFSpjFoUrI/r
e/Dgb3HhcIdWoc/+ZUCTlP5+nm9hKQsBhzF7BpOnk7RHUUQeqWWwxGvMHInG0CVQ
0bIx2gamlzk9PAW71Z5HoyO7mSSXYbyXsp1O6x+kyD53ZsH56Vy7zPbXwL1V0aHo
3FhlBn/wvH5zsGZYXLXbjsxl5QIDAQABo4ICtjCCArIwHQYDVR0OBBYEFCZ+rzvr
Sbtcq4Zni7RSHET41sCFMB8GA1UdIwQYMBaAFM9xLLOJ7oTaGcqYHeYw9Qn/RM1F
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFENDYyQS80Q0JEM0Y4NDUw
RDUxMUU3OTMxM0FFMTJDNEY5QUUwMi96M0VzczRudWhOb1p5cGdkNWpEMUNmOUV6
VVUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3ozRXNzNG51aE5vWnlwZ2Q1akQxQ2Y5RXpVVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RDQ2MkEvNENCRDNGODQ1MEQ1MTFFNzkzMTNBRTEyQzRGOUFFMDIvNDExRDk3RDJE
ODg1MTFFQkE1OTEwQzdEQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwQAYIKwYBBQUHAQcBAf8E
MTAvMB4EAgABMBgDBAItdSADBAXKFWADBALKflwDBAXKg+AwDQQCAAIwBwMFACQH
ZAAwDQYJKoZIhvcNAQELBQADggEBACkoOIKv9x8NJV6b9h0Rv2cuAdUOAJ4wmFG9
kW+4UsQYZmCJvJ1yxFw7+SfcL4ScMMf/EC9JRP47PJdXe8bQkxdw/oCIbfCjxrXF
apfDqSsH93EVUQEq0fUCqqkaCGqCKaPcQMHZ2Ebx1wNhe8UWcB5AYd5jdd8+vvGt
cBGpuWX6/oOIa3TwZr6HxEXTWa2Mb6CBrMVxdGDZlbnQ/UGmLkPuCrnl0hbl8c3P
mtNQlkIghy+qv10/wgHRAM790INrXSyWSZuNci6gcA6ri3jWqq5ZbzrrkRv1rnA7
fsipSQtQ+KXbTSdl3xtoPrSG0Y8OoxFUa8N8jyNwgMfDlbdv8So=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:06:29 2024 by rpki-client on console-ams.rpki-client.org