Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91DA389/B2170B74D3A311ED8806AC11C4F9AE02/89DBFCD8D3A711ED960DD917C4F9AE02.roa
File:                     89DBFCD8D3A711ED960DD917C4F9AE02.roa (raw, json)
Hash identifier:          suNwBP/CkvVXtsiRKgF7wV4McnXRnqjOYsVawOD250c=
Subject key identifier:   04:62:C0:0A:77:F2:A4:DF:0E:89:24:2B:49:AE:CF:84:BD:78:68:7E
Certificate issuer:       /CN=A91DA389/serialNumber=48F50E16B8305AA2C756D21C8F0FD509338A5C29
Certificate serial:       02
Authority key identifier: 48:F5:0E:16:B8:30:5A:A2:C7:56:D2:1C:8F:0F:D5:09:33:8A:5C:29
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/SPUOFrgwWqLHVtIcjw_VCTOKXCk.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91DA389/B2170B74D3A311ED8806AC11C4F9AE02/89DBFCD8D3A711ED960DD917C4F9AE02.roa
Signing time:             Wed 05 Apr 2023 11:46:45 +0000
ROA not before:           Wed 05 Apr 2023 11:46:45 +0000
ROA not after:            Sat 30 Sep 2023 00:00:00 +0000
asID:                     45352
IP address blocks:        43.228.244.0/22 maxlen: 22
                          43.228.244.0/24 maxlen: 24
                          43.228.245.0/24 maxlen: 24
                          43.228.246.0/24 maxlen: 24
                          43.228.247.0/24 maxlen: 24
                          103.67.36.0/22 maxlen: 22

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91DA389/serialNumber=48F50E16B8305AA2C756D21C8F0FD509338A5C29
        Validity
            Not Before: Apr  5 11:46:45 2023 GMT
            Not After : Sep 30 00:00:00 2023 GMT
        Subject: CN=642d5fa4-45b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:ee:26:00:f8:db:6c:26:5a:2e:dd:6b:3e:3f:
                    4a:aa:e0:1a:0a:b5:08:86:cb:6a:3c:e7:d4:67:27:
                    8d:aa:0b:65:57:91:67:ed:d8:88:6e:a2:57:cc:36:
                    4f:2b:ce:d2:2f:ad:d7:a2:89:02:4d:6e:59:9a:a2:
                    81:1c:80:13:e9:10:31:35:50:7f:a3:80:9c:b9:8b:
                    7c:6d:66:d1:46:d5:6f:4a:39:2d:92:16:45:f7:ed:
                    85:93:cf:59:4c:a9:bf:5c:4e:83:1a:6c:de:da:e4:
                    81:57:7a:97:c5:52:0d:5a:26:1a:72:af:d2:09:1e:
                    df:1d:ef:af:66:3f:58:82:03:18:ae:f2:bb:a5:66:
                    aa:fb:7f:77:93:70:8b:d0:ec:9d:ec:ab:3d:20:53:
                    fa:1b:1f:3f:5e:0b:19:65:0d:2e:3d:ba:5d:59:03:
                    f7:a3:17:07:c9:ae:eb:ff:4e:bd:6c:19:6a:cb:9a:
                    0f:73:27:f0:72:2b:5f:ac:15:20:52:4c:15:12:38:
                    ae:00:1e:31:69:2b:e2:d9:29:a6:28:78:04:54:dd:
                    94:b0:2e:9d:e8:46:5a:99:f7:00:ca:3d:fc:fc:d2:
                    9c:09:eb:8b:25:df:11:46:68:36:6a:2f:4f:ac:c5:
                    60:c0:f2:14:14:08:eb:b2:79:1f:2e:ca:02:db:28:
                    03:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:62:C0:0A:77:F2:A4:DF:0E:89:24:2B:49:AE:CF:84:BD:78:68:7E
            X509v3 Authority Key Identifier:
                keyid:48:F5:0E:16:B8:30:5A:A2:C7:56:D2:1C:8F:0F:D5:09:33:8A:5C:29

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91DA389/B2170B74D3A311ED8806AC11C4F9AE02/SPUOFrgwWqLHVtIcjw_VCTOKXCk.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/SPUOFrgwWqLHVtIcjw_VCTOKXCk.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91DA389/B2170B74D3A311ED8806AC11C4F9AE02/89DBFCD8D3A711ED960DD917C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.228.244.0/22
                  103.67.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         74:fc:a2:a6:6c:57:c2:84:87:ca:9a:e1:5e:95:cd:8a:15:0e:
         a7:c0:03:28:13:65:2b:fc:f6:d5:10:c2:ce:cf:8b:f8:12:5e:
         8b:d6:ad:8b:a7:bb:90:28:37:cd:76:ee:91:e7:f5:36:42:c0:
         e4:d7:63:a6:3c:2c:6d:8b:47:dc:b2:f0:1d:c2:b6:f6:d5:6b:
         d7:29:32:b6:ca:a0:c6:e7:30:15:32:b5:4f:43:b8:29:cd:ee:
         d5:45:d4:ef:38:15:73:45:97:20:4c:73:da:5c:cc:26:8b:22:
         ee:b9:df:8a:e8:aa:53:de:39:45:94:b5:2c:87:a0:93:7a:03:
         f7:ac:e0:49:50:a7:1a:16:96:6c:87:2c:4b:fa:67:6d:90:3e:
         f2:74:1e:14:fb:73:5b:80:37:db:99:5b:ad:b0:2d:77:b1:91:
         10:c8:24:ab:8e:eb:9f:85:e7:dd:13:18:23:8b:f5:e2:60:eb:
         5c:34:74:8d:9a:e8:ea:97:94:97:e6:aa:27:52:7b:53:d3:77:
         eb:21:44:df:40:71:b6:08:e5:81:71:84:de:24:bc:66:68:96:
         b7:73:dd:56:32:c2:62:99:36:ca:64:4f:bb:2e:a1:fd:05:cd:
         8e:dd:e9:e4:8b:79:b9:ec:97:e5:59:47:92:68:dd:77:51:5b:
         a9:57:04:9c
-----BEGIN CERTIFICATE-----
MIIFdjCCBF6gAwIBAgIBAjANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFE
QTM4OTExMC8GA1UEBRMoNDhGNTBFMTZCODMwNUFBMkM3NTZEMjFDOEYwRkQ1MDkz
MzhBNUMyOTAeFw0yMzA0MDUxMTQ2NDVaFw0yMzA5MzAwMDAwMDBaMBgxFjAUBgNV
BAMTDTY0MmQ1ZmE0LTQ1YjgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDQ7iYA+NtsJlou3Ws+P0qq4BoKtQiGy2o859RnJ42qC2VXkWft2IhuolfMNk8r
ztIvrdeiiQJNblmaooEcgBPpEDE1UH+jgJy5i3xtZtFG1W9KOS2SFkX37YWTz1lM
qb9cToMabN7a5IFXepfFUg1aJhpyr9IJHt8d769mP1iCAxiu8rulZqr7f3eTcIvQ
7J3sqz0gU/obHz9eCxllDS49ul1ZA/ejFwfJruv/Tr1sGWrLmg9zJ/ByK1+sFSBS
TBUSOK4AHjFpK+LZKaYoeARU3ZSwLp3oRlqZ9wDKPfz80pwJ64sl3xFGaDZqL0+s
xWDA8hQUCOuyeR8uygLbKAMnAgMBAAGjggKbMIIClzAdBgNVHQ4EFgQUBGLACnfy
pN8OiSQrSa7PhL14aH4wHwYDVR0jBBgwFoAUSPUOFrgwWqLHVtIcjw/VCTOKXCkw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MURBMzg5L0IyMTcwQjc0RDNB
MzExRUQ4ODA2QUMxMUM0RjlBRTAyL1NQVU9Gcmd3V3FMSFZ0SWNqd19WQ1RPS1hD
ay5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvU1BVT0ZyZ3dXcUxIVnRJY2p3X1ZDVE9LWENrLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFE
QTM4OS9CMjE3MEI3NEQzQTMxMUVEODgwNkFDMTFDNEY5QUUwMi84OURCRkNEOEQz
QTcxMUVEOTYwREQ5MTdDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAlBggrBgEFBQcBBwEB/wQW
MBQwEgQCAAEwDAMEAivk9AMEAmdDJDANBgkqhkiG9w0BAQsFAAOCAQEAdPyipmxX
woSHyprhXpXNihUOp8ADKBNlK/z21RDCzs+L+BJei9ati6e7kCg3zXbukef1NkLA
5NdjpjwsbYtH3LLwHcK29tVr1ykytsqgxucwFTK1T0O4Kc3u1UXU7zgVc0WXIExz
2lzMJosi7rnfiuiqU945RZS1LIegk3oD96zgSVCnGhaWbIcsS/pnbZA+8nQeFPtz
W4A325lbrbAtd7GREMgkq47rn4Xn3RMYI4v14mDrXDR0jZro6peUl+aqJ1J7U9N3
6yFE30BxtgjlgXGE3iS8ZmiWt3PdVjLCYpk2ymRPuy6h/QXNjt3p5It5ueyX5VlH
kmjdd1FbqVcEnA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:06:30 2024 by rpki-client on console-ams.rpki-client.org