Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91F2B47/E88E9C7E33AF11EDB6107434C4F9AE02/09801CBA5CD011EE80BF6972C4F9AE02.roa
File:                     09801CBA5CD011EE80BF6972C4F9AE02.roa (raw, json)
Hash identifier:          qpt39JkHUDGKaIPbOK/u9rPygjMNuHRXmV7embXyrTA=
Subject key identifier:   2D:92:EE:8A:F6:9D:D0:50:3A:05:B2:C4:DC:FA:7E:A5:5A:6C:A0:8D
Certificate issuer:       /CN=A91F2B47/serialNumber=17D5FE323EBFD9A8D344E77B73799A8E75624352
Certificate serial:       F7
Authority key identifier: 17:D5:FE:32:3E:BF:D9:A8:D3:44:E7:7B:73:79:9A:8E:75:62:43:52
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/F9X-Mj6_2ajTROd7c3majnViQ1I.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91F2B47/E88E9C7E33AF11EDB6107434C4F9AE02/09801CBA5CD011EE80BF6972C4F9AE02.roa
Signing time:             Wed 27 Sep 2023 00:51:48 +0000
ROA not before:           Wed 27 Sep 2023 00:51:48 +0000
ROA not after:            Wed 01 May 2024 00:00:00 +0000
asID:                     3758
IP address blocks:        166.120.129.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 247 (0xf7)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F2B47/serialNumber=17D5FE323EBFD9A8D344E77B73799A8E75624352
        Validity
            Not Before: Sep 27 00:51:48 2023 GMT
            Not After : May  1 00:00:00 2024 GMT
        Subject: CN=65137ca4-cc8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:9b:23:ab:df:5d:e4:88:e6:9d:c7:01:3f:c5:
                    bb:95:19:62:c0:6a:3d:f3:cf:22:88:9f:2a:31:07:
                    bf:94:a4:1c:39:21:b5:2a:2c:b4:42:65:d8:7b:f4:
                    68:fd:5e:10:cb:3f:12:4b:e7:ea:43:43:51:e8:68:
                    ed:61:19:12:51:e3:38:f7:91:1e:65:17:87:53:94:
                    3d:05:ae:23:2a:b3:f6:79:5d:df:f3:0a:5a:68:49:
                    69:4f:87:94:0f:46:ce:9d:aa:79:24:fb:7d:20:87:
                    ba:9f:84:07:b9:35:4a:ca:4e:d8:37:ed:af:4d:0a:
                    a6:93:fd:dd:7a:17:cc:80:81:3b:0f:21:b6:98:a8:
                    31:c2:e6:0c:d9:8a:ca:08:3e:e8:54:f3:37:70:dc:
                    74:8e:41:72:69:5e:af:10:c9:cd:b2:d1:13:f7:9d:
                    f4:a2:00:c8:8d:cf:3e:05:f2:2b:31:ea:6c:ce:0b:
                    42:91:af:7a:27:c6:38:3d:04:0a:02:ca:07:20:44:
                    87:08:82:26:df:81:e4:fd:e1:43:e0:c1:96:e2:b9:
                    51:ae:25:e0:30:0e:b3:67:94:df:0d:95:1a:73:16:
                    a3:5b:d2:d4:a0:92:a8:11:17:15:3d:54:41:a6:20:
                    4e:68:14:8a:09:a0:07:5f:0a:c6:41:f5:2c:f4:af:
                    4b:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:92:EE:8A:F6:9D:D0:50:3A:05:B2:C4:DC:FA:7E:A5:5A:6C:A0:8D
            X509v3 Authority Key Identifier:
                keyid:17:D5:FE:32:3E:BF:D9:A8:D3:44:E7:7B:73:79:9A:8E:75:62:43:52

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91F2B47/E88E9C7E33AF11EDB6107434C4F9AE02/F9X-Mj6_2ajTROd7c3majnViQ1I.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/F9X-Mj6_2ajTROd7c3majnViQ1I.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91F2B47/E88E9C7E33AF11EDB6107434C4F9AE02/09801CBA5CD011EE80BF6972C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  166.120.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:fc:fe:f1:7e:57:cd:88:3c:ca:56:b6:36:5a:ce:12:65:81:
         6b:3d:5e:24:70:d5:f8:6b:42:f7:a2:56:60:64:2e:ae:25:49:
         59:5b:c7:38:66:d9:29:f2:b7:f5:a6:42:44:0c:5a:08:b7:16:
         c0:16:25:b4:60:0a:1e:bb:62:25:ee:c8:9b:d1:44:15:d5:86:
         4b:5a:16:24:ae:79:f0:ba:82:d8:a7:65:70:0b:03:22:95:e7:
         b7:b1:dc:b8:be:86:6c:e4:70:af:af:69:86:0e:ea:d6:7c:32:
         b3:0e:10:17:34:6f:78:6a:21:08:2e:f6:8d:36:a8:ce:24:79:
         bf:48:53:4c:52:d7:28:4d:94:57:dd:f5:41:3c:02:2f:db:19:
         a7:d5:e6:b5:bc:46:0b:5e:f3:1e:69:2d:0d:48:53:1a:14:1f:
         31:34:fe:9f:1b:05:00:b6:50:8d:b6:cf:5b:5e:ff:4e:c0:b8:
         c7:a4:be:8e:2d:ef:bc:d4:32:5d:30:03:7f:c5:be:49:3e:f4:
         b4:68:25:24:e0:b9:92:54:51:cc:3d:1d:d7:bb:ab:d5:e5:2a:
         6f:31:d1:ff:86:8c:31:ed:2d:dd:37:1c:3b:aa:65:85:3c:7f:
         da:ba:09:2a:b3:f2:f5:da:53:86:78:2b:70:a7:e8:bd:72:6b:
         4a:e6:b6:cd
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICAPcwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RjJCNDcxMTAvBgNVBAUTKDE3RDVGRTMyM0VCRkQ5QThEMzQ0RTc3QjczNzk5QThF
NzU2MjQzNTIwHhcNMjMwOTI3MDA1MTQ4WhcNMjQwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTEzN2NhNC1jYzhlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA8Jsjq99d5IjmnccBP8W7lRliwGo9888iiJ8qMQe/lKQcOSG1Kiy0QmXYe/Ro
/V4Qyz8SS+fqQ0NR6GjtYRkSUeM495EeZReHU5Q9Ba4jKrP2eV3f8wpaaElpT4eU
D0bOnap5JPt9IIe6n4QHuTVKyk7YN+2vTQqmk/3dehfMgIE7DyG2mKgxwuYM2YrK
CD7oVPM3cNx0jkFyaV6vEMnNstET9530ogDIjc8+BfIrMepszgtCka96J8Y4PQQK
AsoHIESHCIIm34Hk/eFD4MGW4rlRriXgMA6zZ5TfDZUacxajW9LUoJKoERcVPVRB
piBOaBSKCaAHXwrGQfUs9K9LUwIDAQABo4IClTCCApEwHQYDVR0OBBYEFC2S7or2
ndBQOgWyxNz6fqVabKCNMB8GA1UdIwQYMBaAFBfV/jI+v9mo00Tne3N5mo51YkNS
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGMkI0Ny9FODhFOUM3RTMz
QUYxMUVEQjYxMDc0MzRDNEY5QUUwMi9GOVgtTWo2XzJhalRST2Q3YzNtYWpuVmlR
MUkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL0Y5WC1NajZfMmFqVFJPZDdjM21ham5WaVExSS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RjJCNDcvRTg4RTlDN0UzM0FGMTFFREI2MTA3NDM0QzRGOUFFMDIvMDk4MDFDQkE1
Q0QwMTFFRTgwQkY2OTcyQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBACmeIEwDQYJKoZIhvcNAQELBQADggEBAEL8/vF+V82IPMpW
tjZazhJlgWs9XiRw1fhrQveiVmBkLq4lSVlbxzhm2Snyt/WmQkQMWgi3FsAWJbRg
Ch67YiXuyJvRRBXVhktaFiSuefC6gtinZXALAyKV57ex3Li+hmzkcK+vaYYO6tZ8
MrMOEBc0b3hqIQgu9o02qM4keb9IU0xS1yhNlFfd9UE8Ai/bGafV5rW8Rgte8x5p
LQ1IUxoUHzE0/p8bBQC2UI22z1te/07AuMekvo4t77zUMl0wA3/Fvkk+9LRoJSTg
uZJUUcw9Hde7q9XlKm8x0f+GjDHtLd03HDuqZYU8f9q6CSqz8vXaU4Z4K3Cn6L1y
a0rmts0=
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:48 2024 by rpki-client on console-fra.rpki-client.org