Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91E4EF7/C46FD7741B8F11E7AC4C7229C4F9AE02/068F51CE1B9111E794C4C72AC4F9AE02.roa
File:                     068F51CE1B9111E794C4C72AC4F9AE02.roa (raw, json)
Hash identifier:          4X5A5GvwVBGqbSbKdzowmcwjZOLEco7iTb2saZay99U=
Subject key identifier:   F8:1F:2C:BD:37:9B:C9:CD:00:3B:CA:E2:C9:55:37:1A:F6:FD:6C:A9
Certificate issuer:       /CN=A91E4EF7/serialNumber=AAB524E595A530E12C13AA211C2EF26B69DD9C9B
Certificate serial:       164A
Authority key identifier: AA:B5:24:E5:95:A5:30:E1:2C:13:AA:21:1C:2E:F2:6B:69:DD:9C:9B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/qrUk5ZWlMOEsE6ohHC7ya2ndnJs.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91E4EF7/C46FD7741B8F11E7AC4C7229C4F9AE02/068F51CE1B9111E794C4C72AC4F9AE02.roa
Signing time:             Fri 01 Oct 2021 17:43:21 +0000
ROA not before:           Fri 01 Oct 2021 17:43:21 +0000
ROA not after:            Thu 01 Dec 2022 00:00:00 +0000
asID:                     133326
IP address blocks:        103.38.120.0/22 maxlen: 22
                          103.38.120.0/23 maxlen: 23
                          103.38.120.0/24 maxlen: 24
                          103.38.121.0/24 maxlen: 24
                          103.38.122.0/23 maxlen: 23
                          103.38.122.0/24 maxlen: 24
                          103.38.123.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 5706 (0x164a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E4EF7/serialNumber=AAB524E595A530E12C13AA211C2EF26B69DD9C9B
        Validity
            Not Before: Oct  1 17:43:21 2021 GMT
            Not After : Dec  1 00:00:00 2022 GMT
        Subject: CN=615748b8-1c77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:c6:c4:2f:77:c9:3f:e6:ad:81:55:a6:22:f7:
                    9c:02:90:59:80:8b:8e:b6:72:37:ff:b2:73:f3:0e:
                    a5:27:6f:1f:e1:31:53:43:36:f0:16:ef:5a:a0:21:
                    c6:20:b9:57:18:49:31:fb:56:8f:be:7a:6b:0f:63:
                    59:d5:be:bd:dc:1e:87:fc:3a:9b:00:84:11:95:67:
                    ad:e1:16:4e:3d:49:29:30:66:ae:b4:ec:c4:5d:ae:
                    15:80:d5:b8:67:a3:5e:07:57:3d:45:8e:16:1d:79:
                    95:f1:0c:0e:82:ef:d9:da:c8:7e:e3:fb:92:6a:6c:
                    ee:2d:eb:ee:ee:3b:4b:3d:0d:90:69:24:73:53:90:
                    d5:58:cc:10:e0:79:8a:53:9a:83:50:f1:a0:88:86:
                    3f:09:33:70:3d:a3:69:88:f3:c8:93:e8:db:4d:3f:
                    15:e9:55:57:1d:50:92:e8:27:55:c6:53:0c:21:17:
                    4e:3b:2f:ea:e7:c9:54:84:a5:22:0e:4c:1e:cf:0a:
                    e8:56:4e:3e:64:93:32:8d:65:b8:e0:fb:3d:8a:35:
                    c4:50:96:55:25:bf:bb:24:37:de:83:a2:e0:26:1a:
                    c5:ae:fd:54:db:e6:a2:91:18:d7:21:24:40:82:9b:
                    e0:00:6f:78:76:7c:1f:4a:c5:f3:f7:4d:ff:64:fc:
                    f9:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F8:1F:2C:BD:37:9B:C9:CD:00:3B:CA:E2:C9:55:37:1A:F6:FD:6C:A9
            X509v3 Authority Key Identifier:
                keyid:AA:B5:24:E5:95:A5:30:E1:2C:13:AA:21:1C:2E:F2:6B:69:DD:9C:9B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91E4EF7/C46FD7741B8F11E7AC4C7229C4F9AE02/qrUk5ZWlMOEsE6ohHC7ya2ndnJs.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/qrUk5ZWlMOEsE6ohHC7ya2ndnJs.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91E4EF7/C46FD7741B8F11E7AC4C7229C4F9AE02/068F51CE1B9111E794C4C72AC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.38.120.0/22

    Signature Algorithm: sha256WithRSAEncryption
         76:98:46:b0:4c:37:0c:6f:aa:38:b8:35:83:d3:e8:8b:bc:e9:
         38:b5:3e:27:67:37:9e:9b:14:81:41:56:03:11:7c:78:40:73:
         c5:c3:de:66:0f:00:47:ee:99:33:3a:7c:8b:0c:3e:c0:be:31:
         9f:b5:00:25:41:78:9f:1b:84:70:30:cc:ed:d0:c7:a6:9e:a2:
         56:2a:3d:5b:9a:37:58:d8:4d:8f:1a:6f:6f:9a:60:c3:dc:1a:
         11:ea:c8:e1:8f:b1:a4:19:7f:c3:d1:48:b0:e5:2b:43:67:fb:
         bc:46:8b:13:01:5c:c7:59:da:40:ff:3c:4f:d1:11:89:86:b5:
         00:99:ca:c0:18:a5:7c:b8:1a:df:a5:f6:7f:49:04:36:df:d7:
         8e:52:be:ec:28:14:62:c8:9d:c3:40:05:75:a9:6b:61:59:f5:
         74:1d:ca:a5:32:a8:06:3e:05:a5:bc:9e:6f:5b:2f:da:40:d5:
         85:94:4d:f9:3a:b4:e2:67:6f:95:f5:7f:8a:00:8c:48:78:50:
         2f:29:59:d4:8b:e2:73:b9:df:33:c2:c7:5e:b9:61:59:1e:75:
         93:77:c8:94:c2:bd:54:80:7d:78:c9:a0:a1:0a:31:84:f2:dc:
         a8:d0:0f:ae:47:ae:9e:a1:8a:7b:17:bb:d0:97:f2:b2:72:e9:
         2f:d9:3a:a4
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICFkowDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RTRFRjcxMTAvBgNVBAUTKEFBQjUyNEU1OTVBNTMwRTEyQzEzQUEyMTFDMkVGMjZC
NjlERDlDOUIwHhcNMjExMDAxMTc0MzIxWhcNMjIxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MTU3NDhiOC0xYzc3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA5MbEL3fJP+atgVWmIvecApBZgIuOtnI3/7Jz8w6lJ28f4TFTQzbwFu9aoCHG
ILlXGEkx+1aPvnprD2NZ1b693B6H/DqbAIQRlWet4RZOPUkpMGautOzEXa4VgNW4
Z6NeB1c9RY4WHXmV8QwOgu/Z2sh+4/uSamzuLevu7jtLPQ2QaSRzU5DVWMwQ4HmK
U5qDUPGgiIY/CTNwPaNpiPPIk+jbTT8V6VVXHVCS6CdVxlMMIRdOOy/q58lUhKUi
DkwezwroVk4+ZJMyjWW44Ps9ijXEUJZVJb+7JDfeg6LgJhrFrv1U2+aikRjXISRA
gpvgAG94dnwfSsXz903/ZPz5NQIDAQABo4IClTCCApEwHQYDVR0OBBYEFPgfLL03
m8nNADvK4slVNxr2/WypMB8GA1UdIwQYMBaAFKq1JOWVpTDhLBOqIRwu8mtp3Zyb
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFNEVGNy9DNDZGRDc3NDFC
OEYxMUU3QUM0QzcyMjlDNEY5QUUwMi9xclVrNVpXbE1PRXNFNm9oSEM3eWEybmRu
SnMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3FyVWs1WldsTU9Fc0U2b2hIQzd5YTJuZG5Kcy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RTRFRjcvQzQ2RkQ3NzQxQjhGMTFFN0FDNEM3MjI5QzRGOUFFMDIvMDY4RjUxQ0Ux
QjkxMTFFNzk0QzRDNzJBQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAJnJngwDQYJKoZIhvcNAQELBQADggEBAHaYRrBMNwxvqji4
NYPT6Iu86Ti1PidnN56bFIFBVgMRfHhAc8XD3mYPAEfumTM6fIsMPsC+MZ+1ACVB
eJ8bhHAwzO3Qx6aeolYqPVuaN1jYTY8ab2+aYMPcGhHqyOGPsaQZf8PRSLDlK0Nn
+7xGixMBXMdZ2kD/PE/REYmGtQCZysAYpXy4Gt+l9n9JBDbf145SvuwoFGLIncNA
BXWpa2FZ9XQdyqUyqAY+BaW8nm9bL9pA1YWUTfk6tOJnb5X1f4oAjEh4UC8pWdSL
4nO53zPCx165YVkedZN3yJTCvVSAfXjJoKEKMYTy3KjQD65Hrp6hinsXu9CX8rJy
6S/ZOqQ=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:06:32 2024 by rpki-client on console-ams.rpki-client.org