Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91269B8/4ABAFEDE839411E5B01B591CC4F9AE02/28E49B00A51E11ECAF0E1866C4F9AE02.roa
File:                     28E49B00A51E11ECAF0E1866C4F9AE02.roa (raw, json)
Hash identifier:          93wnaGFSl5qaKqSnxzpxOCElnoxhq+QJ9MovMAgT14s=
Subject key identifier:   B1:64:AD:E4:9B:32:93:B7:05:D7:4C:69:21:6B:52:E2:CD:C3:E1:60
Certificate issuer:       /CN=A91269B8/serialNumber=6627CCAB6DC2E9586E2CC11B2795735A31FD9B8A
Certificate serial:       1FE1
Authority key identifier: 66:27:CC:AB:6D:C2:E9:58:6E:2C:C1:1B:27:95:73:5A:31:FD:9B:8A
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ZifMq23C6VhuLMEbJ5VzWjH9m4o.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91269B8/4ABAFEDE839411E5B01B591CC4F9AE02/28E49B00A51E11ECAF0E1866C4F9AE02.roa
Signing time:             Mon 28 Mar 2022 16:42:31 +0000
ROA not before:           Mon 28 Mar 2022 16:42:31 +0000
ROA not after:            Sun 28 May 2023 00:00:00 +0000
asID:                     9299
IP address blocks:        117.58.192.0/19 maxlen: 19
                          119.111.0.0/16 maxlen: 16
                          119.111.0.0/19 maxlen: 19
                          119.111.5.0/24 maxlen: 24
                          119.111.16.0/24 maxlen: 24
                          119.111.17.0/24 maxlen: 24
                          119.111.18.0/24 maxlen: 24
                          119.111.19.0/24 maxlen: 24
                          119.111.23.0/24 maxlen: 24
                          119.111.24.0/24 maxlen: 24
                          119.111.25.0/24 maxlen: 24
                          119.111.32.0/19 maxlen: 19
                          119.111.33.0/24 maxlen: 24
                          119.111.52.0/24 maxlen: 24
                          119.111.64.0/19 maxlen: 19
                          119.111.67.0/24 maxlen: 24
                          119.111.68.0/24 maxlen: 24
                          119.111.69.0/24 maxlen: 24
                          119.111.70.0/24 maxlen: 24
                          119.111.74.0/24 maxlen: 24
                          119.111.76.0/24 maxlen: 24
                          119.111.83.0/24 maxlen: 24
                          119.111.86.0/24 maxlen: 24
                          119.111.89.0/24 maxlen: 24
                          119.111.91.0/24 maxlen: 24
                          119.111.96.0/19 maxlen: 19
                          119.111.105.0/24 maxlen: 24
                          119.111.128.0/19 maxlen: 19
                          119.111.136.0/24 maxlen: 24
                          119.111.160.0/19 maxlen: 19
                          119.111.192.0/19 maxlen: 19
                          119.111.224.0/19 maxlen: 19
                          210.1.96.0/19 maxlen: 20
                          210.1.128.0/20 maxlen: 20
                          210.1.135.0/24 maxlen: 24
                          210.1.139.0/24 maxlen: 24
                          210.23.96.0/19 maxlen: 19
                          210.23.98.0/24 maxlen: 24
                          210.23.99.0/24 maxlen: 24
                          210.23.105.0/24 maxlen: 24
                          210.23.107.0/24 maxlen: 24
                          210.23.119.0/24 maxlen: 24
                          210.23.160.0/19 maxlen: 19
                          210.23.160.0/20 maxlen: 20
                          210.23.176.0/20 maxlen: 20
                          210.23.192.0/18 maxlen: 18
                          210.23.192.0/19 maxlen: 19
                          210.23.213.0/24 maxlen: 24
                          210.23.215.0/24 maxlen: 24
                          210.23.217.0/24 maxlen: 24
                          210.23.224.0/19 maxlen: 19
                          210.23.225.0/24 maxlen: 24
                          221.121.96.0/19 maxlen: 19
                          221.121.118.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 8161 (0x1fe1)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91269B8/serialNumber=6627CCAB6DC2E9586E2CC11B2795735A31FD9B8A
        Validity
            Not Before: Mar 28 16:42:31 2022 GMT
            Not After : May 28 00:00:00 2023 GMT
        Subject: CN=6241e577-ac31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:df:14:37:bd:36:f0:3d:83:f6:19:4f:84:35:
                    15:35:f6:20:da:4d:83:42:5b:44:0c:cd:72:e5:e6:
                    46:d3:2f:56:1e:44:9e:0a:9f:17:e5:19:db:db:7f:
                    aa:fc:44:b6:1e:0d:bc:cd:36:18:c6:de:bc:0a:95:
                    53:7b:4c:a5:28:35:4a:bd:af:67:3b:94:f3:19:b9:
                    bf:f7:f1:a9:63:d3:3c:92:87:2d:ed:23:97:a9:21:
                    ab:0f:f1:50:a5:93:08:dc:69:72:b1:f6:3a:0a:b4:
                    32:61:12:35:f3:9a:3a:84:9c:8c:7b:6b:87:41:ba:
                    90:13:30:70:75:97:9d:75:d3:5d:63:4d:db:47:80:
                    e8:8c:23:2e:be:59:5d:d8:ef:4a:71:46:9f:90:82:
                    2b:13:55:10:71:1e:ac:7e:a0:e8:e9:c8:3d:d4:ff:
                    e4:c9:5f:ac:dd:9d:36:0f:38:05:0a:64:b1:15:40:
                    86:25:97:f9:34:31:6f:3b:11:4c:57:eb:ab:a7:e8:
                    c1:69:fa:35:69:ce:be:ea:aa:d7:e5:88:3b:a9:a9:
                    e5:70:b4:96:57:86:8d:20:32:0e:96:f9:3b:70:24:
                    e4:ec:93:c1:4c:ba:1c:3c:60:19:7c:15:16:7f:94:
                    95:96:f9:fd:79:16:e9:70:57:8b:aa:97:5e:30:36:
                    ef:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B1:64:AD:E4:9B:32:93:B7:05:D7:4C:69:21:6B:52:E2:CD:C3:E1:60
            X509v3 Authority Key Identifier:
                keyid:66:27:CC:AB:6D:C2:E9:58:6E:2C:C1:1B:27:95:73:5A:31:FD:9B:8A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91269B8/4ABAFEDE839411E5B01B591CC4F9AE02/ZifMq23C6VhuLMEbJ5VzWjH9m4o.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ZifMq23C6VhuLMEbJ5VzWjH9m4o.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91269B8/4ABAFEDE839411E5B01B591CC4F9AE02/28E49B00A51E11ECAF0E1866C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  117.58.192.0/19
                  119.111.0.0/16
                  210.1.96.0-210.1.143.255
                  210.23.96.0/19
                  210.23.160.0-210.23.255.255
                  221.121.96.0/19

    Signature Algorithm: sha256WithRSAEncryption
         22:47:c9:35:66:af:07:32:3e:52:f0:65:ed:59:43:d7:94:f9:
         ec:d6:29:22:83:98:04:61:55:ea:65:15:74:ba:cb:08:34:87:
         37:1f:de:d0:5c:e3:e3:77:b2:1d:ea:5a:70:6e:ac:47:c3:de:
         f8:2d:11:a7:9c:fc:a2:57:4b:49:b6:b3:c7:d5:88:19:24:f8:
         a0:a1:65:8e:0b:2d:c7:d7:29:8b:71:c2:5f:3c:fc:f2:b3:ee:
         be:5f:d9:e8:a1:16:bb:5b:26:ef:e7:ad:59:45:80:41:b9:0c:
         1d:4c:b9:c3:68:01:e1:ed:32:b4:1b:ee:dd:c9:a3:6a:09:2c:
         55:4e:52:fd:8d:6a:3b:c0:0a:2b:b0:2e:43:e2:e2:27:7a:38:
         62:64:98:eb:5d:2c:6c:73:18:82:50:f3:68:4f:36:c1:14:fa:
         67:61:57:b8:f2:a7:49:f1:10:8d:3b:db:71:73:41:1b:06:e4:
         19:38:d8:72:88:7d:c1:3c:cc:00:56:4e:1e:a3:d7:c7:1c:3d:
         92:0d:29:24:94:4c:6d:19:c3:35:59:c0:ea:14:80:8a:82:92:
         17:68:55:8d:ba:bc:6a:20:fa:85:17:a1:4d:aa:01:8f:43:e7:
         bc:fc:3f:a9:01:c7:ca:79:1c:49:58:60:7b:97:ac:5c:3c:75:
         d2:3a:ed:2c
-----BEGIN CERTIFICATE-----
MIIFnTCCBIWgAwIBAgICH+EwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MjY5QjgxMTAvBgNVBAUTKDY2MjdDQ0FCNkRDMkU5NTg2RTJDQzExQjI3OTU3MzVB
MzFGRDlCOEEwHhcNMjIwMzI4MTY0MjMxWhcNMjMwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02MjQxZTU3Ny1hYzMxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAsd8UN7028D2D9hlPhDUVNfYg2k2DQltEDM1y5eZG0y9WHkSeCp8X5Rnb23+q
/ES2Hg28zTYYxt68CpVTe0ylKDVKva9nO5TzGbm/9/GpY9M8koct7SOXqSGrD/FQ
pZMI3GlysfY6CrQyYRI185o6hJyMe2uHQbqQEzBwdZedddNdY03bR4DojCMuvlld
2O9KcUafkIIrE1UQcR6sfqDo6cg91P/kyV+s3Z02DzgFCmSxFUCGJZf5NDFvOxFM
V+urp+jBafo1ac6+6qrX5Yg7qanlcLSWV4aNIDIOlvk7cCTk7JPBTLocPGAZfBUW
f5SVlvn9eRbpcFeLqpdeMDbvPwIDAQABo4ICwTCCAr0wHQYDVR0OBBYEFLFkreSb
MpO3BddMaSFrUuLNw+FgMB8GA1UdIwQYMBaAFGYnzKttwulYbizBGyeVc1ox/ZuK
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEyNjlCOC80QUJBRkVERTgz
OTQxMUU1QjAxQjU5MUNDNEY5QUUwMi9aaWZNcTIzQzZWaHVMTUViSjVWeldqSDlt
NG8uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1ppZk1xMjNDNlZodUxNRWJKNVZ6V2pIOW00by5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MjY5QjgvNEFCQUZFREU4Mzk0MTFFNUIwMUI1OTFDQzRGOUFFMDIvMjhFNDlCMDBB
NTFFMTFFQ0FGMEUxODY2QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwSwYIKwYBBQUHAQcBAf8E
PDA6MDgEAgABMDIDBAV1OsADAwB3bzAMAwQF0gFgAwQE0gGAAwQF0hdgMAsDBAXS
F6ADAwPSEAMEBd15YDANBgkqhkiG9w0BAQsFAAOCAQEAIkfJNWavBzI+UvBl7VlD
15T57NYpIoOYBGFV6mUVdLrLCDSHNx/e0Fzj43eyHepacG6sR8Pe+C0Rp5z8oldL
Sbazx9WIGST4oKFljgstx9cpi3HCXzz88rPuvl/Z6KEWu1sm7+etWUWAQbkMHUy5
w2gB4e0ytBvu3cmjagksVU5S/Y1qO8AKK7AuQ+LiJ3o4YmSY610sbHMYglDzaE82
wRT6Z2FXuPKnSfEQjTvbcXNBGwbkGTjYcoh9wTzMAFZOHqPXxxw9kg0pJJRMbRnD
NVnA6hSAioKSF2hVjbq8aiD6hRehTaoBj0PnvPw/qQHHynkcSVhge5esXDx10jrt
LA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:04:48 2024 by rpki-client on console-ams.rpki-client.org