Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A911D971/DE25B86856A411EDA8C00C3EC4F9AE02/BA7406AE8B8811EDABF72E0BC4F9AE02.roa
File:                     BA7406AE8B8811EDABF72E0BC4F9AE02.roa (raw, json)
Hash identifier:          1dFkMSldfxioE2k0V6fMnVdbbEWv4t+z1BUN0QKqq6Q=
Subject key identifier:   9F:9E:F6:49:55:9D:B9:EB:5D:9C:CC:75:5F:0B:69:EC:4F:81:0D:98
Certificate issuer:       /CN=A911D971/serialNumber=764D1CE6727D31BD8F39662E2004C4689DA6B7E5
Certificate serial:       C8
Authority key identifier: 76:4D:1C:E6:72:7D:31:BD:8F:39:66:2E:20:04:C4:68:9D:A6:B7:E5
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/dk0c5nJ9Mb2POWYuIATEaJ2mt-U.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A911D971/DE25B86856A411EDA8C00C3EC4F9AE02/BA7406AE8B8811EDABF72E0BC4F9AE02.roa
Signing time:             Fri 03 Nov 2023 04:54:59 +0000
ROA not before:           Fri 03 Nov 2023 04:54:59 +0000
ROA not after:            Fri 01 Mar 2024 00:00:00 +0000
asID:                     134495
IP address blocks:        2001:df1:6e40::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 200 (0xc8)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A911D971/serialNumber=764D1CE6727D31BD8F39662E2004C4689DA6B7E5
        Validity
            Not Before: Nov  3 04:54:59 2023 GMT
            Not After : Mar  1 00:00:00 2024 GMT
        Subject: CN=65447d23-c14f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:2c:f7:ff:76:ad:89:e6:3c:d9:95:4b:95:5f:
                    8b:89:13:ea:f6:51:f9:87:35:62:07:48:15:dc:78:
                    28:a8:fc:04:7e:07:18:da:46:25:90:40:a0:00:85:
                    f1:fa:10:f6:81:9e:28:ea:53:94:5e:cf:0b:3b:5c:
                    bb:ef:9c:9f:64:82:e4:44:1e:e3:1f:2a:ae:24:4e:
                    bd:f3:b8:95:cb:f9:72:b3:8f:c7:8e:35:ac:dc:1a:
                    7c:bc:03:f7:29:e8:52:a0:95:d8:e1:56:67:52:ae:
                    b6:48:18:b4:71:39:13:28:da:a4:79:85:dd:8a:43:
                    88:33:e6:a4:ed:fb:d2:76:bc:74:84:d7:5b:ba:44:
                    7d:d5:b3:15:63:d5:7f:e0:20:5c:91:37:2d:e8:38:
                    9d:bc:87:25:e8:41:ad:f9:cf:6b:57:ef:76:41:71:
                    5d:d1:c2:d7:4f:e4:5c:43:db:0e:0e:b1:84:bd:06:
                    ba:fe:43:cd:b1:05:9a:5f:4d:43:ce:62:71:41:2b:
                    86:0b:be:bf:e9:3b:7c:b0:c4:2d:b6:54:37:4e:78:
                    55:d0:d1:b8:4f:74:f7:3f:a0:53:aa:16:f6:62:66:
                    1d:d5:53:ea:db:2b:49:c9:8b:d4:91:be:25:e3:20:
                    19:e8:1f:5f:bf:c7:ec:46:ec:4b:3f:2a:b2:40:4e:
                    de:0d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9F:9E:F6:49:55:9D:B9:EB:5D:9C:CC:75:5F:0B:69:EC:4F:81:0D:98
            X509v3 Authority Key Identifier:
                keyid:76:4D:1C:E6:72:7D:31:BD:8F:39:66:2E:20:04:C4:68:9D:A6:B7:E5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A911D971/DE25B86856A411EDA8C00C3EC4F9AE02/dk0c5nJ9Mb2POWYuIATEaJ2mt-U.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/dk0c5nJ9Mb2POWYuIATEaJ2mt-U.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A911D971/DE25B86856A411EDA8C00C3EC4F9AE02/BA7406AE8B8811EDABF72E0BC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:df1:6e40::/48

    Signature Algorithm: sha256WithRSAEncryption
         cd:f3:27:0c:6b:ac:2f:6f:ae:59:84:a2:10:f3:e6:56:c9:27:
         22:ad:8a:c1:71:2e:38:d5:d0:f9:69:d3:6f:a4:5a:b3:51:4d:
         2d:2b:53:cb:dc:60:76:d7:bf:14:47:6b:5b:21:4c:2f:b8:2b:
         24:02:03:b3:60:04:69:de:b5:2f:33:23:15:a2:48:9f:ba:8e:
         f5:b3:b9:b1:59:a4:43:79:f0:0e:1a:59:0b:56:2e:e2:bc:f2:
         d3:f2:91:fd:0d:d6:3d:27:58:b9:dc:83:d9:3b:47:d5:06:db:
         c7:14:93:92:76:1d:ab:4e:17:41:ec:ab:6a:59:00:8b:e6:35:
         04:b0:e0:6c:61:3b:68:a1:66:e9:f7:7e:52:1b:7b:fe:51:bc:
         14:43:30:91:30:ed:56:ab:f9:46:24:e6:bb:17:b1:20:ff:c1:
         b8:62:72:b6:e6:bf:78:54:5d:bc:6c:a8:19:10:a6:dc:4e:a7:
         d3:ed:df:c4:44:24:27:48:e9:eb:7c:89:7b:2e:49:29:6d:93:
         bc:cf:d0:45:ac:85:88:7b:73:c5:d6:99:d4:22:0c:b2:ab:85:
         13:76:6f:12:1b:2c:cb:56:26:ad:b7:0d:be:2c:17:01:fc:18:
         f2:05:b4:99:1e:4c:7a:0c:69:22:77:73:70:66:7c:be:2a:fa:
         02:0f:76:54
-----BEGIN CERTIFICATE-----
MIIFdDCCBFygAwIBAgICAMgwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MUQ5NzExMTAvBgNVBAUTKDc2NEQxQ0U2NzI3RDMxQkQ4RjM5NjYyRTIwMDRDNDY4
OURBNkI3RTUwHhcNMjMxMTAzMDQ1NDU5WhcNMjQwMzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTQ0N2QyMy1jMTRmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAyyz3/3atieY82ZVLlV+LiRPq9lH5hzViB0gV3HgoqPwEfgcY2kYlkECgAIXx
+hD2gZ4o6lOUXs8LO1y775yfZILkRB7jHyquJE6987iVy/lys4/HjjWs3Bp8vAP3
KehSoJXY4VZnUq62SBi0cTkTKNqkeYXdikOIM+ak7fvSdrx0hNdbukR91bMVY9V/
4CBckTct6DidvIcl6EGt+c9rV+92QXFd0cLXT+RcQ9sODrGEvQa6/kPNsQWaX01D
zmJxQSuGC76/6Tt8sMQttlQ3TnhV0NG4T3T3P6BTqhb2YmYd1VPq2ytJyYvUkb4l
4yAZ6B9fv8fsRuxLPyqyQE7eDQIDAQABo4ICmDCCApQwHQYDVR0OBBYEFJ+e9klV
nbnrXZzMdV8LaexPgQ2YMB8GA1UdIwQYMBaAFHZNHOZyfTG9jzlmLiAExGidprfl
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTExRDk3MS9ERTI1Qjg2ODU2
QTQxMUVEQThDMDBDM0VDNEY5QUUwMi9kazBjNW5KOU1iMlBPV1l1SUFURWFKMm10
LVUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2RrMGM1bko5TWIyUE9XWXVJQVRFYUoybXQtVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MUQ5NzEvREUyNUI4Njg1NkE0MTFFREE4QzAwQzNFQzRGOUFFMDIvQkE3NDA2QUU4
Qjg4MTFFREFCRjcyRTBCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwIgYIKwYBBQUHAQcBAf8E
EzARMA8EAgACMAkDBwAgAQ3xbkAwDQYJKoZIhvcNAQELBQADggEBAM3zJwxrrC9v
rlmEohDz5lbJJyKtisFxLjjV0Plp02+kWrNRTS0rU8vcYHbXvxRHa1shTC+4KyQC
A7NgBGnetS8zIxWiSJ+6jvWzubFZpEN58A4aWQtWLuK88tPykf0N1j0nWLncg9k7
R9UG28cUk5J2HatOF0Hsq2pZAIvmNQSw4GxhO2ihZun3flIbe/5RvBRDMJEw7Var
+UYk5rsXsSD/wbhicrbmv3hUXbxsqBkQptxOp9Pt38REJCdI6et8iXsuSSltk7zP
0EWshYh7c8XWmdQiDLKrhRN2bxIbLMtWJq23Db4sFwH8GPIFtJkeTHoMaSJ3c3Bm
fL4q+gIPdlQ=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:04:47 2024 by rpki-client on console-ams.rpki-client.org