Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91FA024/D33A4794F18811EA9E80F71EC4F9AE02/2D8BEF9AF40411EABD8F6345C4F9AE02.roa
File:                     2D8BEF9AF40411EABD8F6345C4F9AE02.roa (raw, json)
Hash identifier:          L1oYApld6tix1mLlAiU1Q4nw+Sx1qNoFiIremk28hHQ=
Subject key identifier:   1A:41:4B:C6:A3:F0:10:98:8F:A4:E5:80:A4:A1:1E:E6:89:5E:74:5C
Certificate issuer:       /CN=A91FA024/serialNumber=A0AC427E957B374D0267FA7648DD3FF85702DAB1
Certificate serial:       0437
Authority key identifier: A0:AC:42:7E:95:7B:37:4D:02:67:FA:76:48:DD:3F:F8:57:02:DA:B1
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/oKxCfpV7N00CZ_p2SN0_-FcC2rE.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91FA024/D33A4794F18811EA9E80F71EC4F9AE02/2D8BEF9AF40411EABD8F6345C4F9AE02.roa
Signing time:             Tue 01 Mar 2022 12:10:20 +0000
ROA not before:           Tue 01 Mar 2022 12:10:20 +0000
ROA not after:            Sun 28 May 2023 00:00:00 +0000
asID:                     63962
IP address blocks:        43.231.112.0/22 maxlen: 22
                          103.50.204.0/22 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1079 (0x437)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91FA024/serialNumber=A0AC427E957B374D0267FA7648DD3FF85702DAB1
        Validity
            Not Before: Mar  1 12:10:20 2022 GMT
            Not After : May 28 00:00:00 2023 GMT
        Subject: CN=621e0d2b-8423
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:bb:a8:87:9e:5b:c6:0b:dc:d5:ec:5d:85:50:
                    c8:88:4a:8b:3f:4d:b9:ef:bf:97:0f:f0:90:42:0f:
                    ce:b6:b5:58:e7:c4:ce:d4:8d:ae:d1:45:45:dc:8a:
                    d7:16:3f:52:94:ba:8c:5e:ee:75:d3:ae:66:b9:a9:
                    22:97:10:0d:12:6d:45:6f:30:20:a9:51:f9:fd:84:
                    0c:3e:92:19:28:cb:94:a5:23:9a:d9:d5:ef:05:75:
                    f5:c4:3a:cd:1d:7f:db:24:ca:58:81:2f:4f:95:c3:
                    fc:77:92:0e:f4:fc:46:40:5d:2e:56:c7:a5:26:73:
                    9d:72:32:27:50:9a:8e:6d:37:fd:49:cb:6a:66:fd:
                    dd:c2:54:5f:f7:d8:4e:78:7f:ad:e4:ac:21:70:fb:
                    3b:69:a6:8f:95:48:f9:b2:c6:be:da:15:16:bc:e3:
                    6d:70:de:ae:0a:ac:35:0b:09:bb:98:03:7f:91:ce:
                    8c:d3:87:94:c5:e1:81:f6:9d:61:21:2d:74:0a:d1:
                    eb:e8:eb:d4:40:a7:1c:e7:9a:ca:e8:c2:1c:e3:df:
                    39:1a:ba:ea:1c:6a:11:ad:36:64:02:5a:82:cd:5e:
                    f0:ba:03:d7:fc:65:e4:48:5e:55:b1:8c:6b:af:46:
                    92:74:01:a5:b2:2c:24:7f:ec:1c:76:c3:46:19:8b:
                    29:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:41:4B:C6:A3:F0:10:98:8F:A4:E5:80:A4:A1:1E:E6:89:5E:74:5C
            X509v3 Authority Key Identifier:
                keyid:A0:AC:42:7E:95:7B:37:4D:02:67:FA:76:48:DD:3F:F8:57:02:DA:B1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91FA024/D33A4794F18811EA9E80F71EC4F9AE02/oKxCfpV7N00CZ_p2SN0_-FcC2rE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/oKxCfpV7N00CZ_p2SN0_-FcC2rE.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91FA024/D33A4794F18811EA9E80F71EC4F9AE02/2D8BEF9AF40411EABD8F6345C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.231.112.0/22
                  103.50.204.0/22

    Signature Algorithm: sha256WithRSAEncryption
         16:82:ed:2c:a2:2b:6f:8e:e2:c1:cf:a9:5c:10:16:9a:ea:50:
         e9:7d:73:6b:9c:c1:83:9f:91:ce:08:64:cb:44:20:06:b0:64:
         5d:ea:dd:00:f3:19:7f:7a:6e:47:58:ac:dd:a6:a9:08:0b:0f:
         3f:d9:1b:ba:9f:29:8b:9b:9e:2b:b9:f6:8a:b7:0c:60:2f:1b:
         54:c5:3b:e8:9c:06:b7:84:cc:a5:40:7d:d3:5d:dc:3d:f2:af:
         9f:33:a4:d8:50:2b:10:5f:6e:a1:f1:0d:91:c2:4b:ec:6b:e8:
         60:27:39:78:47:38:6d:c9:42:f3:b7:2c:b8:c9:e4:90:b6:e9:
         dd:f2:87:69:98:77:71:7e:03:11:0e:1e:d6:77:3e:2e:0b:86:
         2a:bb:0e:36:ae:fa:38:ea:62:fb:43:ba:3d:20:0c:d9:a5:02:
         35:91:7c:6c:6b:b0:8b:a9:03:b1:06:90:d9:ad:d6:b7:95:92:
         78:da:43:26:4c:ae:02:e4:54:08:1d:78:1d:08:4d:76:52:1f:
         68:2c:4a:29:92:08:1b:64:78:a6:2c:ed:06:23:dc:38:b8:74:
         bd:10:dd:c9:30:70:e4:31:ea:5b:85:35:56:c5:c7:37:ed:d2:
         5b:5f:0f:42:8f:54:b8:01:ba:b5:e0:25:a0:23:e5:0b:e1:20:
         b7:58:5f:20
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICBDcwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RkEwMjQxMTAvBgNVBAUTKEEwQUM0MjdFOTU3QjM3NEQwMjY3RkE3NjQ4REQzRkY4
NTcwMkRBQjEwHhcNMjIwMzAxMTIxMDIwWhcNMjMwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02MjFlMGQyYi04NDIzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAu7uoh55bxgvc1exdhVDIiEqLP02577+XD/CQQg/OtrVY58TO1I2u0UVF3IrX
Fj9SlLqMXu51065muakilxANEm1FbzAgqVH5/YQMPpIZKMuUpSOa2dXvBXX1xDrN
HX/bJMpYgS9PlcP8d5IO9PxGQF0uVselJnOdcjInUJqObTf9SctqZv3dwlRf99hO
eH+t5KwhcPs7aaaPlUj5ssa+2hUWvONtcN6uCqw1Cwm7mAN/kc6M04eUxeGB9p1h
IS10CtHr6OvUQKcc55rK6MIc4985GrrqHGoRrTZkAlqCzV7wugPX/GXkSF5VsYxr
r0aSdAGlsiwkf+wcdsNGGYspgQIDAQABo4ICmzCCApcwHQYDVR0OBBYEFBpBS8aj
8BCYj6TlgKShHuaJXnRcMB8GA1UdIwQYMBaAFKCsQn6VezdNAmf6dkjdP/hXAtqx
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGQTAyNC9EMzNBNDc5NEYx
ODgxMUVBOUU4MEY3MUVDNEY5QUUwMi9vS3hDZnBWN04wMENaX3AyU04wXy1GY0My
ckUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL29LeENmcFY3TjAwQ1pfcDJTTjBfLUZjQzJyRS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RkEwMjQvRDMzQTQ3OTRGMTg4MTFFQTlFODBGNzFFQzRGOUFFMDIvMkQ4QkVGOUFG
NDA0MTFFQUJEOEY2MzQ1QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBAIr53ADBAJnMswwDQYJKoZIhvcNAQELBQADggEBABaC7Syi
K2+O4sHPqVwQFprqUOl9c2ucwYOfkc4IZMtEIAawZF3q3QDzGX96bkdYrN2mqQgL
Dz/ZG7qfKYubniu59oq3DGAvG1TFO+icBreEzKVAfdNd3D3yr58zpNhQKxBfbqHx
DZHCS+xr6GAnOXhHOG3JQvO3LLjJ5JC26d3yh2mYd3F+AxEOHtZ3Pi4Lhiq7Djau
+jjqYvtDuj0gDNmlAjWRfGxrsIupA7EGkNmt1reVknjaQyZMrgLkVAgdeB0ITXZS
H2gsSimSCBtkeKYs7QYj3Di4dL0Q3ckwcOQx6luFNVbFxzft0ltfD0KPVLgBurXg
JaAj5QvhILdYXyA=
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:52 2024 by rpki-client on console-fra.rpki-client.org