Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91269B8/4ABAFEDE839411E5B01B591CC4F9AE02/CD46A9E2300E11ED88CE0615C4F9AE02.roa
File:                     CD46A9E2300E11ED88CE0615C4F9AE02.roa (raw, json)
Hash identifier:          krNE7WG2DbYS1MWEEcD4wy5SYqYmBOwItnU02l+J3gc=
Subject key identifier:   FD:77:E2:90:CB:BF:AD:4D:4C:C3:D4:C7:B0:E7:D5:64:E9:7A:84:ED
Certificate issuer:       /CN=A91269B8/serialNumber=6627CCAB6DC2E9586E2CC11B2795735A31FD9B8A
Certificate serial:       21BD
Authority key identifier: 66:27:CC:AB:6D:C2:E9:58:6E:2C:C1:1B:27:95:73:5A:31:FD:9B:8A
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ZifMq23C6VhuLMEbJ5VzWjH9m4o.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91269B8/4ABAFEDE839411E5B01B591CC4F9AE02/CD46A9E2300E11ED88CE0615C4F9AE02.roa
Signing time:             Thu 06 Apr 2023 16:33:40 +0000
ROA not before:           Thu 06 Apr 2023 16:33:40 +0000
ROA not after:            Wed 29 May 2024 00:00:00 +0000
asID:                     9299
IP address blocks:        117.58.192.0/19 maxlen: 19
                          119.111.0.0/16 maxlen: 16
                          119.111.0.0/19 maxlen: 20
                          119.111.5.0/24 maxlen: 24
                          119.111.16.0/24 maxlen: 24
                          119.111.17.0/24 maxlen: 24
                          119.111.18.0/24 maxlen: 24
                          119.111.19.0/24 maxlen: 24
                          119.111.23.0/24 maxlen: 24
                          119.111.24.0/24 maxlen: 24
                          119.111.25.0/24 maxlen: 24
                          119.111.32.0/19 maxlen: 20
                          119.111.33.0/24 maxlen: 24
                          119.111.52.0/24 maxlen: 24
                          119.111.64.0/19 maxlen: 20
                          119.111.67.0/24 maxlen: 24
                          119.111.68.0/24 maxlen: 24
                          119.111.69.0/24 maxlen: 24
                          119.111.70.0/24 maxlen: 24
                          119.111.74.0/24 maxlen: 24
                          119.111.76.0/24 maxlen: 24
                          119.111.83.0/24 maxlen: 24
                          119.111.86.0/24 maxlen: 24
                          119.111.89.0/24 maxlen: 24
                          119.111.91.0/24 maxlen: 24
                          119.111.96.0/19 maxlen: 20
                          119.111.105.0/24 maxlen: 24
                          119.111.128.0/19 maxlen: 20
                          119.111.136.0/24 maxlen: 24
                          119.111.160.0/19 maxlen: 20
                          119.111.192.0/19 maxlen: 20
                          119.111.224.0/19 maxlen: 20
                          210.1.96.0/19 maxlen: 20
                          210.1.128.0/20 maxlen: 20
                          210.1.135.0/24 maxlen: 24
                          210.1.139.0/24 maxlen: 24
                          210.23.96.0/19 maxlen: 19
                          210.23.98.0/24 maxlen: 24
                          210.23.99.0/24 maxlen: 24
                          210.23.105.0/24 maxlen: 24
                          210.23.107.0/24 maxlen: 24
                          210.23.119.0/24 maxlen: 24
                          210.23.160.0/19 maxlen: 19
                          210.23.160.0/20 maxlen: 20
                          210.23.176.0/20 maxlen: 20
                          210.23.192.0/18 maxlen: 18
                          210.23.192.0/19 maxlen: 19
                          210.23.213.0/24 maxlen: 24
                          210.23.215.0/24 maxlen: 24
                          210.23.217.0/24 maxlen: 24
                          210.23.224.0/19 maxlen: 19
                          210.23.225.0/24 maxlen: 24
                          221.121.96.0/19 maxlen: 19
                          221.121.118.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 8637 (0x21bd)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91269B8/serialNumber=6627CCAB6DC2E9586E2CC11B2795735A31FD9B8A
        Validity
            Not Before: Apr  6 16:33:40 2023 GMT
            Not After : May 29 00:00:00 2024 GMT
        Subject: CN=642ef464-285b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:43:4d:c1:cf:8c:c6:cd:64:7e:ab:3d:f9:d6:
                    19:7e:53:ee:2f:a7:32:4c:ae:90:28:eb:c4:6b:55:
                    a9:73:ab:88:7e:3f:d2:fb:d6:d0:42:0c:25:d3:b5:
                    03:2a:d0:c1:1a:4f:7d:25:73:87:a3:3b:62:81:ed:
                    31:d8:30:96:5c:07:5e:1d:76:c4:f8:1e:d3:77:8b:
                    99:da:37:69:d8:26:7d:35:3a:bf:34:51:be:9a:00:
                    ca:6c:d3:de:ed:17:20:5c:d0:e6:3e:29:be:37:f6:
                    00:05:5e:2d:42:7f:de:a5:4e:77:ca:32:f4:22:e4:
                    3b:1e:1c:71:8c:ae:70:36:a7:67:47:bb:ce:2d:e2:
                    a8:f1:65:a8:b7:a1:eb:57:34:21:86:1e:4b:37:bf:
                    df:02:6a:dc:42:e0:ba:35:81:ba:d5:ca:81:8b:15:
                    8f:f8:5f:90:c4:46:40:e6:31:5a:46:4e:8c:7d:21:
                    00:17:d4:93:71:06:d7:de:ae:75:2a:18:22:6a:2e:
                    d7:5d:84:33:1f:61:58:1a:ec:78:28:f6:8e:54:30:
                    ad:b6:6a:da:13:27:79:1e:0c:ec:f2:62:e7:1a:f6:
                    5a:56:28:01:2e:da:b8:97:c3:84:85:c6:1b:1e:98:
                    e1:bd:ee:cf:01:66:89:4c:23:7d:87:53:04:51:e4:
                    2f:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:77:E2:90:CB:BF:AD:4D:4C:C3:D4:C7:B0:E7:D5:64:E9:7A:84:ED
            X509v3 Authority Key Identifier:
                keyid:66:27:CC:AB:6D:C2:E9:58:6E:2C:C1:1B:27:95:73:5A:31:FD:9B:8A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91269B8/4ABAFEDE839411E5B01B591CC4F9AE02/ZifMq23C6VhuLMEbJ5VzWjH9m4o.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ZifMq23C6VhuLMEbJ5VzWjH9m4o.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91269B8/4ABAFEDE839411E5B01B591CC4F9AE02/CD46A9E2300E11ED88CE0615C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  117.58.192.0/19
                  119.111.0.0/16
                  210.1.96.0-210.1.143.255
                  210.23.96.0/19
                  210.23.160.0-210.23.255.255
                  221.121.96.0/19

    Signature Algorithm: sha256WithRSAEncryption
         2f:61:40:02:81:ba:17:d1:6c:25:96:93:55:0c:ba:96:db:3b:
         93:4d:ae:56:19:b1:f8:be:28:fa:24:65:34:9f:16:63:65:0a:
         aa:d1:a0:1a:aa:09:bf:7a:e5:19:ed:c3:c1:4a:61:cd:49:7e:
         77:d8:ba:83:9f:d1:00:69:d7:53:60:0f:e9:18:16:f7:de:4d:
         3e:6f:21:c8:62:9d:8b:af:76:c0:a9:1b:64:51:6d:ff:db:6b:
         90:a0:0b:33:f4:c5:03:49:5e:d2:d0:58:5a:2e:6c:71:85:ee:
         e7:30:2d:db:76:08:36:e3:6b:07:f3:d6:86:0e:02:e7:fe:f0:
         e9:2f:8a:bc:bb:1a:96:08:bd:76:2f:b1:2f:14:63:79:05:bb:
         d4:f5:9b:90:d1:82:cd:ec:fa:b2:44:f4:aa:b6:12:9c:7d:30:
         7b:b8:5b:1f:54:bb:2c:94:fd:6a:36:68:b5:c4:98:80:c8:fa:
         99:42:40:0d:18:26:23:7d:8e:88:06:2b:d3:0b:69:b4:f9:02:
         0c:1c:27:bb:41:5b:34:ca:48:96:b8:ee:47:24:b5:19:31:32:
         f6:1b:51:16:7e:26:2a:07:5a:09:10:dc:bc:fc:f1:c4:a7:cb:
         b0:0d:8e:ac:e7:cc:a8:cb:ef:d1:e6:39:9c:6b:a2:cf:04:0d:
         ef:8e:ef:23
-----BEGIN CERTIFICATE-----
MIIFnTCCBIWgAwIBAgICIb0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MjY5QjgxMTAvBgNVBAUTKDY2MjdDQ0FCNkRDMkU5NTg2RTJDQzExQjI3OTU3MzVB
MzFGRDlCOEEwHhcNMjMwNDA2MTYzMzQwWhcNMjQwNTI5MDAwMDAwWjAYMRYwFAYD
VQQDEw02NDJlZjQ2NC0yODViMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA5UNNwc+Mxs1kfqs9+dYZflPuL6cyTK6QKOvEa1Wpc6uIfj/S+9bQQgwl07UD
KtDBGk99JXOHoztige0x2DCWXAdeHXbE+B7Td4uZ2jdp2CZ9NTq/NFG+mgDKbNPe
7RcgXNDmPim+N/YABV4tQn/epU53yjL0IuQ7HhxxjK5wNqdnR7vOLeKo8WWot6Hr
VzQhhh5LN7/fAmrcQuC6NYG61cqBixWP+F+QxEZA5jFaRk6MfSEAF9STcQbX3q51
Khgiai7XXYQzH2FYGux4KPaOVDCttmraEyd5Hgzs8mLnGvZaVigBLtq4l8OEhcYb
Hpjhve7PAWaJTCN9h1MEUeQv1QIDAQABo4ICwTCCAr0wHQYDVR0OBBYEFP134pDL
v61NTMPUx7Dn1WTpeoTtMB8GA1UdIwQYMBaAFGYnzKttwulYbizBGyeVc1ox/ZuK
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEyNjlCOC80QUJBRkVERTgz
OTQxMUU1QjAxQjU5MUNDNEY5QUUwMi9aaWZNcTIzQzZWaHVMTUViSjVWeldqSDlt
NG8uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1ppZk1xMjNDNlZodUxNRWJKNVZ6V2pIOW00by5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MjY5QjgvNEFCQUZFREU4Mzk0MTFFNUIwMUI1OTFDQzRGOUFFMDIvQ0Q0NkE5RTIz
MDBFMTFFRDg4Q0UwNjE1QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwSwYIKwYBBQUHAQcBAf8E
PDA6MDgEAgABMDIDBAV1OsADAwB3bzAMAwQF0gFgAwQE0gGAAwQF0hdgMAsDBAXS
F6ADAwPSEAMEBd15YDANBgkqhkiG9w0BAQsFAAOCAQEAL2FAAoG6F9FsJZaTVQy6
lts7k02uVhmx+L4o+iRlNJ8WY2UKqtGgGqoJv3rlGe3DwUphzUl+d9i6g5/RAGnX
U2AP6RgW995NPm8hyGKdi692wKkbZFFt/9trkKALM/TFA0le0tBYWi5scYXu5zAt
23YINuNrB/PWhg4C5/7w6S+KvLsalgi9di+xLxRjeQW71PWbkNGCzez6skT0qrYS
nH0we7hbH1S7LJT9ajZotcSYgMj6mUJADRgmI32OiAYr0wtptPkCDBwnu0FbNMpI
lrjuRyS1GTEy9htRFn4mKgdaCRDcvPzxxKfLsA2OrOfMqMvv0eY5nGuizwQN747v
Iw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:50:57 2024 by rpki-client on console-fra.rpki-client.org