Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91D6444/DCC76F7490BB11EDB5B5FF57C4F9AE02/6F6AE85A916211EDA5BAB470C4F9AE02.roa
File:                     6F6AE85A916211EDA5BAB470C4F9AE02.roa (raw, json)
Hash identifier:          2XI4iXLvCDeubKgHL3haGypozNb3fumidhzKZP6RaWg=
Subject key identifier:   52:45:96:0C:90:84:02:BE:E2:0B:3E:56:DA:D1:4D:18:7E:31:2A:C7
Certificate issuer:       /CN=A91D6444/serialNumber=8D7D43B6FCB966E8E1A6583BDA07250157AC310F
Certificate serial:       07
Authority key identifier: 8D:7D:43:B6:FC:B9:66:E8:E1:A6:58:3B:DA:07:25:01:57:AC:31:0F
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/jX1Dtvy5Zujhplg72gclAVesMQ8.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91D6444/DCC76F7490BB11EDB5B5FF57C4F9AE02/6F6AE85A916211EDA5BAB470C4F9AE02.roa
Signing time:             Wed 11 Jan 2023 03:45:48 +0000
ROA not before:           Wed 11 Jan 2023 03:45:48 +0000
ROA not after:            Fri 01 Dec 2023 00:00:00 +0000
asID:                     17906
IP address blocks:        203.11.224.0/21 maxlen: 24
                          203.11.232.0/21 maxlen: 24
                          203.11.240.0/21 maxlen: 24
                          203.11.248.0/21 maxlen: 21
                          203.11.255.0/24 maxlen: 24
                          203.22.32.0/20 maxlen: 24
                          203.22.48.0/20 maxlen: 21
                          203.22.56.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 7 (0x7)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91D6444/serialNumber=8D7D43B6FCB966E8E1A6583BDA07250157AC310F
        Validity
            Not Before: Jan 11 03:45:48 2023 GMT
            Not After : Dec  1 00:00:00 2023 GMT
        Subject: CN=63be30ec-3a19
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:12:82:43:76:21:3c:66:2f:1b:05:3e:a8:e1:
                    c3:af:16:d7:c3:b2:18:5a:ef:57:b8:2a:f2:ad:ad:
                    18:7d:06:a4:40:7d:ee:cf:85:e3:f7:48:92:c0:75:
                    5c:26:5b:98:9f:fe:f2:3a:37:a4:e9:ec:44:67:b1:
                    75:b4:ba:e8:37:eb:80:3d:77:2d:69:58:80:d1:da:
                    c4:70:af:31:a2:e4:d2:dc:94:e7:2c:fe:3b:f9:d3:
                    9a:86:65:a9:2e:09:fe:a1:60:78:c6:47:0b:30:67:
                    cc:80:d6:18:d3:e6:52:73:34:d3:2e:27:1f:6b:71:
                    fc:9b:b1:c8:90:08:75:2b:b6:92:e7:1f:60:22:39:
                    53:9f:fe:53:e2:ea:30:3b:8d:7d:4d:5b:ff:9c:5c:
                    00:b8:eb:2a:ed:2e:b4:a6:46:56:54:dc:02:0e:52:
                    97:ba:f9:ab:55:17:f0:6a:ff:21:87:3d:9c:86:8d:
                    3b:bf:0e:fd:a7:ac:8f:5f:d6:d0:d0:8a:14:66:94:
                    14:7b:87:b3:c5:d9:60:65:74:90:3b:48:7f:e2:fd:
                    68:00:e4:b2:52:bf:e5:67:41:46:d2:f9:63:cd:d8:
                    63:46:fd:1f:be:ff:e4:d5:cb:e6:69:fb:59:ad:20:
                    b7:3a:0c:04:92:45:6a:8e:3b:7b:be:5b:ef:95:ef:
                    c5:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:45:96:0C:90:84:02:BE:E2:0B:3E:56:DA:D1:4D:18:7E:31:2A:C7
            X509v3 Authority Key Identifier:
                keyid:8D:7D:43:B6:FC:B9:66:E8:E1:A6:58:3B:DA:07:25:01:57:AC:31:0F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91D6444/DCC76F7490BB11EDB5B5FF57C4F9AE02/jX1Dtvy5Zujhplg72gclAVesMQ8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/jX1Dtvy5Zujhplg72gclAVesMQ8.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91D6444/DCC76F7490BB11EDB5B5FF57C4F9AE02/6F6AE85A916211EDA5BAB470C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.11.224.0/19
                  203.22.32.0/19

    Signature Algorithm: sha256WithRSAEncryption
         5d:d8:fc:df:74:9d:f7:b2:ed:2c:b1:69:ba:85:72:5f:af:5c:
         04:b6:2e:35:60:3a:eb:1e:93:90:d8:40:2f:b6:4e:f8:fe:69:
         57:c8:4d:39:06:e9:17:73:90:cb:6f:ca:23:7c:33:58:7d:da:
         2d:f7:52:58:53:50:ca:29:81:e1:83:c4:60:95:51:55:97:5a:
         6d:27:9e:ec:54:41:b0:99:2b:eb:f0:f4:ea:67:a5:04:2d:f8:
         8a:af:b9:22:95:7f:6d:78:9c:1f:af:36:e6:44:8e:29:b5:b5:
         85:de:d1:e5:31:09:9a:fc:3d:16:d9:40:a5:c7:22:bf:c0:bb:
         12:34:db:35:24:87:87:60:20:18:d5:63:8a:5b:c7:ce:26:63:
         4e:fc:1f:ff:0d:4a:9f:b2:13:0f:9a:01:4f:39:d2:78:8b:a8:
         df:8a:c7:ed:23:ec:2e:18:08:a4:42:d1:27:e9:51:21:c7:04:
         6b:06:cf:23:a8:79:03:7d:75:6f:8d:b8:ac:2d:d2:31:9d:e8:
         f0:7b:33:5c:93:c4:10:4d:6a:1c:97:0d:fa:91:d8:b2:b0:71:
         0f:a4:ed:37:fc:db:88:1f:99:27:1f:96:a1:ba:1d:d6:14:df:
         94:7a:7f:47:1b:b6:d6:e2:bf:41:a4:6d:0a:6d:3d:2d:df:1a:
         ba:65:1c:d4
-----BEGIN CERTIFICATE-----
MIIFdjCCBF6gAwIBAgIBBzANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFE
NjQ0NDExMC8GA1UEBRMoOEQ3RDQzQjZGQ0I5NjZFOEUxQTY1ODNCREEwNzI1MDE1
N0FDMzEwRjAeFw0yMzAxMTEwMzQ1NDhaFw0yMzEyMDEwMDAwMDBaMBgxFjAUBgNV
BAMTDTYzYmUzMGVjLTNhMTkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQC8EoJDdiE8Zi8bBT6o4cOvFtfDshha71e4KvKtrRh9BqRAfe7PheP3SJLAdVwm
W5if/vI6N6Tp7ERnsXW0uug364A9dy1pWIDR2sRwrzGi5NLclOcs/jv505qGZaku
Cf6hYHjGRwswZ8yA1hjT5lJzNNMuJx9rcfybsciQCHUrtpLnH2AiOVOf/lPi6jA7
jX1NW/+cXAC46yrtLrSmRlZU3AIOUpe6+atVF/Bq/yGHPZyGjTu/Dv2nrI9f1tDQ
ihRmlBR7h7PF2WBldJA7SH/i/WgA5LJSv+VnQUbS+WPN2GNG/R++/+TVy+Zp+1mt
ILc6DASSRWqOO3u+W++V78XbAgMBAAGjggKbMIIClzAdBgNVHQ4EFgQUUkWWDJCE
Ar7iCz5W2tFNGH4xKscwHwYDVR0jBBgwFoAUjX1Dtvy5Zujhplg72gclAVesMQ8w
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUQ2NDQ0L0RDQzc2Rjc0OTBC
QjExRURCNUI1RkY1N0M0RjlBRTAyL2pYMUR0dnk1WnVqaHBsZzcyZ2NsQVZlc01R
OC5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvalgxRHR2eTVadWpocGxnNzJnY2xBVmVzTVE4LmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFE
NjQ0NC9EQ0M3NkY3NDkwQkIxMUVEQjVCNUZGNTdDNEY5QUUwMi82RjZBRTg1QTkx
NjIxMUVEQTVCQUI0NzBDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAlBggrBgEFBQcBBwEB/wQW
MBQwEgQCAAEwDAMEBcsL4AMEBcsWIDANBgkqhkiG9w0BAQsFAAOCAQEAXdj833Sd
97LtLLFpuoVyX69cBLYuNWA66x6TkNhAL7ZO+P5pV8hNOQbpF3OQy2/KI3wzWH3a
LfdSWFNQyimB4YPEYJVRVZdabSee7FRBsJkr6/D06melBC34iq+5IpV/bXicH682
5kSOKbW1hd7R5TEJmvw9FtlApcciv8C7EjTbNSSHh2AgGNVjilvHziZjTvwf/w1K
n7ITD5oBTznSeIuo34rH7SPsLhgIpELRJ+lRIccEawbPI6h5A311b424rC3SMZ3o
8HszXJPEEE1qHJcN+pHYsrBxD6TtN/zbiB+ZJx+Wobod1hTflHp/Rxu21uK/QaRt
Cm09Ld8aumUc1A==
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:42 2024 by rpki-client on console-fra.rpki-client.org