Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A911D834/DFBA50B81D8D11E2824DEDEB08B02CD2/490C6590F43211EBA188C86AC4F9AE02.roa
File:                     490C6590F43211EBA188C86AC4F9AE02.roa (raw, json)
Hash identifier:          +vUEUHiZ/WDtjeLHCCq2laWqC1FfZvS6vBDj0WYp9ok=
Subject key identifier:   CD:9C:86:90:FD:FA:E9:0A:AE:6E:00:66:85:19:BD:35:53:E1:F1:73
Certificate issuer:       /CN=A911D834/serialNumber=FDB2754D950630EB11DF84E2855CAAB7D1626F80
Certificate serial:       32CE
Authority key identifier: FD:B2:75:4D:95:06:30:EB:11:DF:84:E2:85:5C:AA:B7:D1:62:6F:80
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_bJ1TZUGMOsR34TihVyqt9Fib4A.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A911D834/DFBA50B81D8D11E2824DEDEB08B02CD2/490C6590F43211EBA188C86AC4F9AE02.roa
Signing time:             Fri 30 Sep 2022 14:50:52 +0000
ROA not before:           Fri 30 Sep 2022 14:50:52 +0000
ROA not after:            Fri 01 Dec 2023 00:00:00 +0000
asID:                     136762
IP address blocks:        103.232.152.0/22 maxlen: 24
                          110.34.0.0/19 maxlen: 24
                          116.66.192.0/21 maxlen: 24
                          163.47.148.0/22 maxlen: 22
                          163.47.148.0/24 maxlen: 24
                          163.47.149.0/24 maxlen: 24
                          163.47.150.0/24 maxlen: 24
                          163.47.151.0/24 maxlen: 24
                          182.93.64.0/19 maxlen: 24
                          202.63.240.0/21 maxlen: 24
                          2403:3800::/32 maxlen: 32
                          2403:3800:1200::/44 maxlen: 44

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 13006 (0x32ce)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A911D834/serialNumber=FDB2754D950630EB11DF84E2855CAAB7D1626F80
        Validity
            Not Before: Sep 30 14:50:52 2022 GMT
            Not After : Dec  1 00:00:00 2023 GMT
        Subject: CN=6337024c-4fc8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:9c:ae:75:cd:08:69:e5:62:2c:10:7e:c3:e9:
                    39:74:88:68:93:de:a0:bd:10:0f:7f:e0:83:eb:00:
                    a8:a1:dc:52:c4:e0:48:4e:4f:a4:fd:b1:06:38:3d:
                    18:9a:5f:88:fb:b6:74:5e:a3:1b:d7:66:b9:42:cd:
                    cd:e1:b6:95:7e:d3:40:e4:35:f9:c4:f8:32:56:af:
                    5f:95:51:6e:49:1b:08:ac:d4:7a:19:6c:d8:7b:6c:
                    af:8c:62:57:60:7e:f9:9f:d3:ff:34:74:31:03:1f:
                    b4:8c:7b:3f:bd:10:47:92:b1:1d:23:f7:4f:bf:bf:
                    03:50:bd:48:f6:8e:5f:b5:a3:25:24:4e:90:ea:46:
                    61:88:d1:7c:2f:da:52:31:8d:5d:47:d1:c1:11:26:
                    3c:ee:8a:b7:86:ca:fc:55:66:54:0c:db:cd:b2:f4:
                    9f:82:51:83:ca:74:c2:40:c5:da:19:2e:89:fc:50:
                    e5:96:65:eb:68:29:b1:60:c9:81:12:39:bc:cc:01:
                    7c:ea:91:2a:81:c3:5d:44:8a:d2:b3:c9:0d:95:07:
                    08:8c:a6:9b:a7:9e:e0:83:d0:3d:ad:cd:95:9c:06:
                    a1:d7:f9:fc:56:22:db:09:b6:ed:34:76:33:b4:34:
                    d3:85:48:0d:fa:6d:d7:a5:cd:57:0f:bd:9c:d4:ad:
                    db:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:9C:86:90:FD:FA:E9:0A:AE:6E:00:66:85:19:BD:35:53:E1:F1:73
            X509v3 Authority Key Identifier:
                keyid:FD:B2:75:4D:95:06:30:EB:11:DF:84:E2:85:5C:AA:B7:D1:62:6F:80

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A911D834/DFBA50B81D8D11E2824DEDEB08B02CD2/_bJ1TZUGMOsR34TihVyqt9Fib4A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_bJ1TZUGMOsR34TihVyqt9Fib4A.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A911D834/DFBA50B81D8D11E2824DEDEB08B02CD2/490C6590F43211EBA188C86AC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.232.152.0/22
                  110.34.0.0/19
                  116.66.192.0/21
                  163.47.148.0/22
                  182.93.64.0/19
                  202.63.240.0/21
                IPv6:
                  2403:3800::/32

    Signature Algorithm: sha256WithRSAEncryption
         b5:a9:4c:39:7f:13:cb:88:c5:89:ea:84:7a:75:cc:a5:17:92:
         07:0b:26:eb:29:97:5b:99:a2:dc:15:18:ad:9a:f1:f3:a1:c4:
         a5:01:45:4a:25:2b:75:df:ab:72:c5:ce:4b:b0:86:a6:17:72:
         1c:f2:82:d0:4c:1d:79:fd:85:75:2b:a5:ab:a9:04:30:c6:74:
         ef:25:86:1c:51:0a:4e:b3:74:40:49:6f:08:b4:b7:73:7f:92:
         32:4b:10:36:8a:58:e7:da:5c:df:1d:31:35:8f:29:32:67:55:
         59:22:91:09:43:4c:5a:22:c4:15:68:52:98:75:ea:ff:81:44:
         bd:bf:ab:82:18:04:fb:53:54:62:4f:fe:d8:3b:9d:6a:b4:05:
         45:1b:8b:a8:fd:eb:da:26:7e:fe:3e:a4:78:a0:97:74:a3:24:
         3d:77:47:fd:90:aa:12:81:da:b6:6d:65:33:c3:96:3e:b9:e6:
         17:e6:58:59:ea:33:8e:4a:ca:53:67:27:42:56:62:41:2c:9b:
         f2:7d:74:ed:f7:be:e1:88:63:30:66:2c:a2:8c:1e:b1:c2:60:
         e2:81:98:ed:6f:02:36:7e:e6:f0:5e:11:65:5a:36:d3:71:32:
         39:16:c3:1e:96:00:ab:50:e6:6a:11:43:0f:08:5b:fc:db:5d:
         75:b2:55:32
-----BEGIN CERTIFICATE-----
MIIFnjCCBIagAwIBAgICMs4wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MUQ4MzQxMTAvBgNVBAUTKEZEQjI3NTREOTUwNjMwRUIxMURGODRFMjg1NUNBQUI3
RDE2MjZGODAwHhcNMjIwOTMwMTQ1MDUyWhcNMjMxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MzM3MDI0Yy00ZmM4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAy5yudc0IaeViLBB+w+k5dIhok96gvRAPf+CD6wCoodxSxOBITk+k/bEGOD0Y
ml+I+7Z0XqMb12a5Qs3N4baVftNA5DX5xPgyVq9flVFuSRsIrNR6GWzYe2yvjGJX
YH75n9P/NHQxAx+0jHs/vRBHkrEdI/dPv78DUL1I9o5ftaMlJE6Q6kZhiNF8L9pS
MY1dR9HBESY87oq3hsr8VWZUDNvNsvSfglGDynTCQMXaGS6J/FDllmXraCmxYMmB
Ejm8zAF86pEqgcNdRIrSs8kNlQcIjKabp57gg9A9rc2VnAah1/n8ViLbCbbtNHYz
tDTThUgN+m3Xpc1XD72c1K3bwQIDAQABo4ICwjCCAr4wHQYDVR0OBBYEFM2chpD9
+ukKrm4AZoUZvTVT4fFzMB8GA1UdIwQYMBaAFP2ydU2VBjDrEd+E4oVcqrfRYm+A
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTExRDgzNC9ERkJBNTBCODFE
OEQxMUUyODI0REVERUIwOEIwMkNEMi9fYkoxVFpVR01Pc1IzNFRpaFZ5cXQ5Rmli
NEEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL19iSjFUWlVHTU9zUjM0VGloVnlxdDlGaWI0QS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MUQ4MzQvREZCQTUwQjgxRDhEMTFFMjgyNERFREVCMDhCMDJDRDIvNDkwQzY1OTBG
NDMyMTFFQkExODhDODZBQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwTAYIKwYBBQUHAQcBAf8E
PTA7MCoEAgABMCQDBAJn6JgDBAVuIgADBAN0QsADBAKjL5QDBAW2XUADBAPKP/Aw
DQQCAAIwBwMFACQDOAAwDQYJKoZIhvcNAQELBQADggEBALWpTDl/E8uIxYnqhHp1
zKUXkgcLJuspl1uZotwVGK2a8fOhxKUBRUolK3Xfq3LFzkuwhqYXchzygtBMHXn9
hXUrpaupBDDGdO8lhhxRCk6zdEBJbwi0t3N/kjJLEDaKWOfaXN8dMTWPKTJnVVki
kQlDTFoixBVoUph16v+BRL2/q4IYBPtTVGJP/tg7nWq0BUUbi6j969omfv4+pHig
l3SjJD13R/2QqhKB2rZtZTPDlj655hfmWFnqM45KylNnJ0JWYkEsm/J9dO33vuGI
YzBmLKKMHrHCYOKBmO1vAjZ+5vBeEWVaNtNxMjkWwx6WAKtQ5moRQw8IW/zbXXWy
VTI=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:04:47 2024 by rpki-client on console-ams.rpki-client.org