Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A911B412/C1EA033CD2EA11EBA206B178C4F9AE02/10B5490AECDD11EDBF51302FC4F9AE02.roa
File:                     10B5490AECDD11EDBF51302FC4F9AE02.roa (raw, json)
Hash identifier:          l0zqRW4W1WfgDJXEoaBhK41Tuqm2xTiKPRyxQtynIhI=
Subject key identifier:   5E:68:D3:B7:91:50:1F:EA:FE:49:8F:E7:0E:7C:97:EB:C1:29:A6:B7
Certificate issuer:       /CN=A911B412/serialNumber=873D595AF5569C20239F53DD80EB1177D80B0934
Certificate serial:       047E
Authority key identifier: 87:3D:59:5A:F5:56:9C:20:23:9F:53:DD:80:EB:11:77:D8:0B:09:34
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/hz1ZWvVWnCAjn1PdgOsRd9gLCTQ.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A911B412/C1EA033CD2EA11EBA206B178C4F9AE02/10B5490AECDD11EDBF51302FC4F9AE02.roa
Signing time:             Sun 07 May 2023 13:42:54 +0000
ROA not before:           Sun 07 May 2023 13:42:54 +0000
ROA not after:            Sat 30 Dec 2023 00:00:00 +0000
asID:                     137451
IP address blocks:        43.229.152.0/24 maxlen: 24
                          103.48.169.0/24 maxlen: 24
                          103.228.64.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1150 (0x47e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A911B412/serialNumber=873D595AF5569C20239F53DD80EB1177D80B0934
        Validity
            Not Before: May  7 13:42:54 2023 GMT
            Not After : Dec 30 00:00:00 2023 GMT
        Subject: CN=6457aadd-8ee2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:b8:99:eb:aa:82:bf:36:ba:7a:7c:a3:bd:0a:
                    fb:35:8c:29:ea:39:f3:46:6a:63:4e:dd:2a:40:d8:
                    97:a2:ea:58:02:a3:d8:39:3c:62:dc:a4:73:b7:7e:
                    46:e9:38:40:8a:9d:01:34:f5:54:6f:01:f2:b0:e3:
                    5c:68:a4:a7:46:f1:1e:57:20:e5:3d:21:4e:cd:96:
                    7f:94:6a:56:65:df:f0:81:c5:e7:80:0b:ee:06:d6:
                    eb:61:d8:48:a5:7f:22:1a:65:98:35:2e:ae:d5:d2:
                    7a:7a:d8:47:08:9b:5e:4d:10:5f:9c:fe:96:7d:5b:
                    96:bf:c0:41:19:8b:67:11:5d:03:d2:e1:fe:f0:cf:
                    23:93:f4:d9:2e:28:f7:c0:f8:ea:b2:0d:24:ca:62:
                    0b:63:e1:2d:52:dd:f1:d6:9d:42:b0:e5:2b:07:85:
                    ef:e3:22:0f:14:29:a5:59:cb:92:9c:1a:c4:1b:6e:
                    83:a4:74:d0:2e:17:1f:69:27:b4:b0:bf:55:af:fa:
                    fb:fc:67:52:5a:6c:d7:6a:d4:1e:e7:35:55:bf:03:
                    7e:37:b8:95:bb:d7:db:43:d7:48:39:2b:86:bb:c2:
                    72:74:d7:cd:67:2e:13:0d:c1:38:c2:2a:68:16:43:
                    2e:34:8a:9f:71:7b:17:02:da:c7:0e:34:41:4f:06:
                    72:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5E:68:D3:B7:91:50:1F:EA:FE:49:8F:E7:0E:7C:97:EB:C1:29:A6:B7
            X509v3 Authority Key Identifier:
                keyid:87:3D:59:5A:F5:56:9C:20:23:9F:53:DD:80:EB:11:77:D8:0B:09:34

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A911B412/C1EA033CD2EA11EBA206B178C4F9AE02/hz1ZWvVWnCAjn1PdgOsRd9gLCTQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/hz1ZWvVWnCAjn1PdgOsRd9gLCTQ.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A911B412/C1EA033CD2EA11EBA206B178C4F9AE02/10B5490AECDD11EDBF51302FC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.229.152.0/24
                  103.48.169.0/24
                  103.228.64.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:c6:29:06:14:d5:e0:53:88:b4:a5:ce:42:3f:d7:2c:3e:5a:
         da:67:e6:72:41:b1:32:72:1e:62:83:f9:2b:f2:a5:59:61:35:
         d3:4f:e0:72:59:53:dc:f9:16:33:17:70:7a:7a:58:58:b6:58:
         99:22:a6:e2:49:ae:01:7f:42:ba:dd:a4:3c:d3:c9:e4:cb:de:
         1e:fb:b3:12:ca:c6:3d:64:f5:de:58:57:a6:0a:dd:a3:96:e3:
         de:8f:4c:b1:e7:f1:1d:ab:52:1c:8d:30:2b:32:02:50:ee:df:
         23:80:41:fd:f5:58:c5:5d:1c:44:57:24:fb:9f:34:79:f5:e2:
         ec:ec:cd:1b:20:6e:64:29:13:4f:79:fe:fb:7f:5d:35:17:70:
         7b:6d:c1:b3:71:71:ad:9c:40:2d:68:82:cc:48:5d:35:54:67:
         4a:02:5c:52:7c:32:28:69:71:a9:5c:5a:34:20:0b:c7:b7:c2:
         a1:0f:25:ca:ab:f7:8d:ee:36:d9:5e:db:0f:1d:61:9b:c4:62:
         6a:10:5b:ac:a9:fb:2d:46:28:9c:c1:f0:3c:22:01:ae:a6:fa:
         73:7f:a5:ca:f1:33:05:ed:ee:d1:51:61:95:bc:50:9e:f6:9f:
         e6:18:eb:ef:5b:24:66:b3:33:2b:86:de:59:4e:86:f7:b2:15:
         cc:ec:53:b1
-----BEGIN CERTIFICATE-----
MIIFfTCCBGWgAwIBAgICBH4wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MUI0MTIxMTAvBgNVBAUTKDg3M0Q1OTVBRjU1NjlDMjAyMzlGNTNERDgwRUIxMTc3
RDgwQjA5MzQwHhcNMjMwNTA3MTM0MjU0WhcNMjMxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDU3YWFkZC04ZWUyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAsriZ66qCvza6enyjvQr7NYwp6jnzRmpjTt0qQNiXoupYAqPYOTxi3KRzt35G
6ThAip0BNPVUbwHysONcaKSnRvEeVyDlPSFOzZZ/lGpWZd/wgcXngAvuBtbrYdhI
pX8iGmWYNS6u1dJ6ethHCJteTRBfnP6WfVuWv8BBGYtnEV0D0uH+8M8jk/TZLij3
wPjqsg0kymILY+EtUt3x1p1CsOUrB4Xv4yIPFCmlWcuSnBrEG26DpHTQLhcfaSe0
sL9Vr/r7/GdSWmzXatQe5zVVvwN+N7iVu9fbQ9dIOSuGu8JydNfNZy4TDcE4wipo
FkMuNIqfcXsXAtrHDjRBTwZyJwIDAQABo4ICoTCCAp0wHQYDVR0OBBYEFF5o07eR
UB/q/kmP5w58l+vBKaa3MB8GA1UdIwQYMBaAFIc9WVr1VpwgI59T3YDrEXfYCwk0
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTExQjQxMi9DMUVBMDMzQ0Qy
RUExMUVCQTIwNkIxNzhDNEY5QUUwMi9oejFaV3ZWV25DQWpuMVBkZ09zUmQ5Z0xD
VFEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2h6MVpXdlZXbkNBam4xUGRnT3NSZDlnTENUUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MUI0MTIvQzFFQTAzM0NEMkVBMTFFQkEyMDZCMTc4QzRGOUFFMDIvMTBCNTQ5MEFF
Q0REMTFFREJGNTEzMDJGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwKwYIKwYBBQUHAQcBAf8E
HDAaMBgEAgABMBIDBAAr5ZgDBABnMKkDBABn5EAwDQYJKoZIhvcNAQELBQADggEB
AJXGKQYU1eBTiLSlzkI/1yw+Wtpn5nJBsTJyHmKD+SvypVlhNdNP4HJZU9z5FjMX
cHp6WFi2WJkipuJJrgF/QrrdpDzTyeTL3h77sxLKxj1k9d5YV6YK3aOW496PTLHn
8R2rUhyNMCsyAlDu3yOAQf31WMVdHERXJPufNHn14uzszRsgbmQpE095/vt/XTUX
cHttwbNxca2cQC1ogsxIXTVUZ0oCXFJ8MihpcalcWjQgC8e3wqEPJcqr943uNtle
2w8dYZvEYmoQW6yp+y1GKJzB8DwiAa6m+nN/pcrxMwXt7tFRYZW8UJ72n+YY6+9b
JGazMyuG3llOhveyFczsU7E=
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:50:55 2024 by rpki-client on console-fra.rpki-client.org