Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A911B412/C1EA033CD2EA11EBA206B178C4F9AE02/1BEE79CEF30C11ED94750772C4F9AE02.roa
File:                     1BEE79CEF30C11ED94750772C4F9AE02.roa (raw, json)
Hash identifier:          7VneyLF9jotfhG+EDgHC9UvexlN+uj6pFe53VaNCo6A=
Subject key identifier:   04:FC:27:14:A7:0E:2A:32:C6:C4:28:D7:1D:5D:D2:B1:DD:DD:D2:A7
Certificate issuer:       /CN=A911B412/serialNumber=873D595AF5569C20239F53DD80EB1177D80B0934
Certificate serial:       04B7
Authority key identifier: 87:3D:59:5A:F5:56:9C:20:23:9F:53:DD:80:EB:11:77:D8:0B:09:34
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/hz1ZWvVWnCAjn1PdgOsRd9gLCTQ.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A911B412/C1EA033CD2EA11EBA206B178C4F9AE02/1BEE79CEF30C11ED94750772C4F9AE02.roa
Signing time:             Wed 26 Jul 2023 08:05:46 +0000
ROA not before:           Wed 26 Jul 2023 08:05:46 +0000
ROA not after:            Sat 30 Dec 2023 00:00:00 +0000
asID:                     64021
IP address blocks:        43.229.152.0/24 maxlen: 24
                          103.228.64.0/24 maxlen: 24
                          103.228.66.0/23 maxlen: 23

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1207 (0x4b7)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A911B412/serialNumber=873D595AF5569C20239F53DD80EB1177D80B0934
        Validity
            Not Before: Jul 26 08:05:46 2023 GMT
            Not After : Dec 30 00:00:00 2023 GMT
        Subject: CN=64c0d3da-cab2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:e6:f8:04:10:a4:ba:92:ff:bf:be:a1:2b:76:
                    97:b5:65:21:4f:61:be:5f:32:00:82:a6:bb:c3:24:
                    d9:fb:ed:01:32:8e:f8:0b:9e:d9:28:e1:30:b4:8f:
                    07:06:88:97:2e:6d:75:5c:52:fd:bd:e2:79:b4:3d:
                    42:2c:0a:e1:c4:2e:3b:31:35:76:24:5e:fa:1d:5d:
                    84:5c:cc:17:88:bc:fe:ab:14:a8:c9:af:14:4d:64:
                    a8:aa:01:a8:bb:05:93:48:f9:c8:3e:a0:b3:0d:28:
                    1c:84:30:ee:0b:33:a2:86:af:4a:6f:4f:b0:c4:e3:
                    8b:a2:f5:90:7c:78:46:0c:9b:51:06:e7:32:c5:6f:
                    61:d4:9a:45:fd:90:38:c9:df:38:f4:92:f5:7f:58:
                    92:10:7f:72:c3:ce:24:43:75:91:8e:f4:f3:cc:47:
                    a0:36:1d:4e:d2:aa:d2:fe:8e:78:e6:64:cf:a8:b3:
                    d7:d9:f1:09:41:7c:07:dd:8b:da:94:17:d0:ca:38:
                    3f:67:95:ef:31:f4:ac:39:59:15:40:40:28:54:5d:
                    2f:69:b1:59:40:2a:c0:29:9e:c2:66:d7:6d:e7:c5:
                    87:19:02:81:f9:98:7d:9b:70:79:19:a2:5d:dd:64:
                    fd:30:8e:f1:35:34:f2:c3:89:c5:56:43:bd:a8:94:
                    76:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                04:FC:27:14:A7:0E:2A:32:C6:C4:28:D7:1D:5D:D2:B1:DD:DD:D2:A7
            X509v3 Authority Key Identifier:
                keyid:87:3D:59:5A:F5:56:9C:20:23:9F:53:DD:80:EB:11:77:D8:0B:09:34

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A911B412/C1EA033CD2EA11EBA206B178C4F9AE02/hz1ZWvVWnCAjn1PdgOsRd9gLCTQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/hz1ZWvVWnCAjn1PdgOsRd9gLCTQ.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A911B412/C1EA033CD2EA11EBA206B178C4F9AE02/1BEE79CEF30C11ED94750772C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.229.152.0/24
                  103.228.64.0/24
                  103.228.66.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3b:e1:1d:6a:4a:aa:c6:83:eb:08:e7:5f:e4:51:50:4d:73:02:
         77:57:9a:06:05:f5:16:42:96:f2:6f:9f:08:6d:32:ec:b9:b3:
         65:62:05:dc:f3:2f:1c:b0:f6:0b:de:0c:72:04:46:aa:47:7a:
         a8:ab:d0:69:a3:cf:53:9e:9d:30:db:e1:af:9c:02:f9:fe:b0:
         1c:a1:5c:53:10:56:40:56:5d:f2:de:03:fe:9e:8e:10:72:ae:
         20:5a:41:c2:f6:f8:d5:8f:57:fe:27:3e:e7:e9:1a:ac:f3:2e:
         db:fd:39:02:1a:bb:6d:53:6a:c0:18:9d:e8:26:27:dd:28:3c:
         55:ac:c4:d7:fb:bd:69:d9:24:0f:25:fa:f2:85:6b:5d:a2:c4:
         02:1d:27:22:14:dc:da:64:64:9f:7a:f9:3e:aa:8a:d7:f5:70:
         c1:e6:43:4f:6f:6c:56:9d:ff:2d:06:ae:10:f3:dd:cb:a8:67:
         20:d1:fe:9f:f0:37:3d:81:c9:d7:1f:cc:c4:5e:fc:3a:93:9f:
         aa:43:ad:91:6d:bb:27:6f:93:ef:93:9c:d7:3f:8c:93:d1:ed:
         62:b8:0c:93:e6:ff:d5:66:33:9a:18:29:79:37:a0:3b:ae:18:
         ed:f0:89:cc:a6:8d:52:7b:e0:b4:d8:19:46:39:29:bb:12:f8:
         b5:92:82:91
-----BEGIN CERTIFICATE-----
MIIFfTCCBGWgAwIBAgICBLcwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MUI0MTIxMTAvBgNVBAUTKDg3M0Q1OTVBRjU1NjlDMjAyMzlGNTNERDgwRUIxMTc3
RDgwQjA5MzQwHhcNMjMwNzI2MDgwNTQ2WhcNMjMxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NGMwZDNkYS1jYWIyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA0+b4BBCkupL/v76hK3aXtWUhT2G+XzIAgqa7wyTZ++0BMo74C57ZKOEwtI8H
BoiXLm11XFL9veJ5tD1CLArhxC47MTV2JF76HV2EXMwXiLz+qxSoya8UTWSoqgGo
uwWTSPnIPqCzDSgchDDuCzOihq9Kb0+wxOOLovWQfHhGDJtRBucyxW9h1JpF/ZA4
yd849JL1f1iSEH9yw84kQ3WRjvTzzEegNh1O0qrS/o545mTPqLPX2fEJQXwH3Yva
lBfQyjg/Z5XvMfSsOVkVQEAoVF0vabFZQCrAKZ7CZtdt58WHGQKB+Zh9m3B5GaJd
3WT9MI7xNTTyw4nFVkO9qJR2awIDAQABo4ICoTCCAp0wHQYDVR0OBBYEFAT8JxSn
DioyxsQo1x1d0rHd3dKnMB8GA1UdIwQYMBaAFIc9WVr1VpwgI59T3YDrEXfYCwk0
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTExQjQxMi9DMUVBMDMzQ0Qy
RUExMUVCQTIwNkIxNzhDNEY5QUUwMi9oejFaV3ZWV25DQWpuMVBkZ09zUmQ5Z0xD
VFEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2h6MVpXdlZXbkNBam4xUGRnT3NSZDlnTENUUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MUI0MTIvQzFFQTAzM0NEMkVBMTFFQkEyMDZCMTc4QzRGOUFFMDIvMUJFRTc5Q0VG
MzBDMTFFRDk0NzUwNzcyQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwKwYIKwYBBQUHAQcBAf8E
HDAaMBgEAgABMBIDBAAr5ZgDBABn5EADBAFn5EIwDQYJKoZIhvcNAQELBQADggEB
ADvhHWpKqsaD6wjnX+RRUE1zAndXmgYF9RZClvJvnwhtMuy5s2ViBdzzLxyw9gve
DHIERqpHeqir0Gmjz1OenTDb4a+cAvn+sByhXFMQVkBWXfLeA/6ejhByriBaQcL2
+NWPV/4nPufpGqzzLtv9OQIau21TasAYnegmJ90oPFWsxNf7vWnZJA8l+vKFa12i
xAIdJyIU3NpkZJ96+T6qitf1cMHmQ09vbFad/y0GrhDz3cuoZyDR/p/wNz2Bydcf
zMRe/DqTn6pDrZFtuydvk++TnNc/jJPR7WK4DJPm/9VmM5oYKXk3oDuuGO3wicym
jVJ74LTYGUY5KbsS+LWSgpE=
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:50:55 2024 by rpki-client on console-fra.rpki-client.org