Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A912FC73/0144CDF89F3411EC9CEBC670C4F9AE02/372FF47E9E9811ED950A5133C4F9AE02.roa
File:                     372FF47E9E9811ED950A5133C4F9AE02.roa (raw, json)
Hash identifier:          xlN5rORYSLeAVkTV3CyiXd4oGMyQRrIUu2adJNwjKeY=
Subject key identifier:   F3:BC:8A:85:C9:A3:6D:B1:AD:11:FE:6C:15:A2:EF:2E:8C:A2:C2:60
Certificate issuer:       /CN=A912FC73/serialNumber=CEE41601EEA9F51B3525DA55DD4AC95CEFAF5ABC
Certificate serial:       0209
Authority key identifier: CE:E4:16:01:EE:A9:F5:1B:35:25:DA:55:DD:4A:C9:5C:EF:AF:5A:BC
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/zuQWAe6p9Rs1JdpV3UrJXO-vWrw.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A912FC73/0144CDF89F3411EC9CEBC670C4F9AE02/372FF47E9E9811ED950A5133C4F9AE02.roa
Signing time:             Fri 27 Jan 2023 23:13:32 +0000
ROA not before:           Fri 27 Jan 2023 23:13:32 +0000
ROA not after:            Sat 30 Dec 2023 00:00:00 +0000
asID:                     7018
IP address blocks:        113.20.48.0/20 maxlen: 20

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 521 (0x209)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A912FC73/serialNumber=CEE41601EEA9F51B3525DA55DD4AC95CEFAF5ABC
        Validity
            Not Before: Jan 27 23:13:32 2023 GMT
            Not After : Dec 30 00:00:00 2023 GMT
        Subject: CN=63d45a9b-16ac
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:a3:0f:c7:f1:c2:05:3f:2d:d4:e4:b2:56:e5:
                    53:2c:fb:e9:dd:25:fb:ee:f9:29:5f:0d:52:7f:50:
                    f9:70:cc:07:e5:ce:3b:35:40:93:29:af:24:25:1b:
                    a6:cd:b3:98:3d:4f:1f:3d:56:81:ef:47:90:81:8a:
                    ae:aa:1b:13:c2:4f:32:56:17:aa:a9:ab:6f:8c:60:
                    b8:da:8e:90:51:3e:81:52:84:37:88:dd:b3:99:14:
                    6b:a2:cb:0b:dd:98:c4:b7:ce:9a:63:1f:cf:62:4e:
                    9c:8e:6f:6a:a7:90:68:eb:6f:b2:57:8e:43:49:aa:
                    c9:dd:5e:3a:8d:34:53:ae:cb:dc:99:a0:93:ff:12:
                    0e:94:84:81:4b:35:5c:2e:bf:50:b9:71:d6:fd:5b:
                    31:3f:14:ec:75:e1:24:00:82:d0:a3:44:46:62:d1:
                    76:e9:34:fd:c8:27:ce:fb:19:bb:16:a7:f0:11:1b:
                    12:10:8f:2a:75:05:8c:e8:cb:68:cc:a3:72:0e:24:
                    22:8b:00:75:a3:47:55:d5:07:b8:32:65:69:16:f9:
                    b1:12:5a:f3:81:0e:2d:f2:a6:30:5d:bf:f5:18:9f:
                    ca:e4:d8:83:4e:e3:6f:b0:60:ba:d2:47:51:fc:2b:
                    52:20:04:4d:0f:55:a8:e6:b0:dd:44:25:6a:1c:c5:
                    f0:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:BC:8A:85:C9:A3:6D:B1:AD:11:FE:6C:15:A2:EF:2E:8C:A2:C2:60
            X509v3 Authority Key Identifier:
                keyid:CE:E4:16:01:EE:A9:F5:1B:35:25:DA:55:DD:4A:C9:5C:EF:AF:5A:BC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A912FC73/0144CDF89F3411EC9CEBC670C4F9AE02/zuQWAe6p9Rs1JdpV3UrJXO-vWrw.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/zuQWAe6p9Rs1JdpV3UrJXO-vWrw.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A912FC73/0144CDF89F3411EC9CEBC670C4F9AE02/372FF47E9E9811ED950A5133C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  113.20.48.0/20

    Signature Algorithm: sha256WithRSAEncryption
         3a:2a:b0:ba:74:ce:cc:60:18:e0:6d:dd:b3:fe:97:e2:6d:ab:
         18:db:a5:ba:ab:93:d5:84:69:53:91:4f:b0:33:9f:7c:4c:77:
         39:d7:be:c3:e3:5c:cc:ab:d3:25:d4:3f:9a:0c:72:ce:a2:84:
         f5:54:b0:5a:95:e9:d7:19:db:fb:9c:2f:cc:24:b5:03:cd:f7:
         38:d2:26:d3:4c:78:fc:fa:90:44:fc:92:46:c9:36:0f:b6:21:
         8c:30:e9:49:ba:db:10:89:b0:9a:0b:f9:5d:31:20:a7:78:d0:
         46:dd:c7:5f:42:68:4e:5b:46:1c:77:36:ff:b5:f6:3d:29:bc:
         99:83:92:b0:c5:22:83:1a:2e:23:24:e8:c1:c2:1e:77:f9:85:
         38:fd:58:44:fd:de:af:de:95:5d:27:98:ed:a6:58:d0:e5:19:
         b7:d7:63:bf:a4:59:03:03:83:d9:bb:4d:58:7e:85:65:cc:1f:
         94:5f:75:94:ca:25:d5:61:7a:71:68:dc:98:51:a2:d3:04:3c:
         59:50:84:51:fe:5c:73:6e:98:be:5b:20:f1:f3:5f:48:ca:c7:
         37:f6:d3:7f:cf:8f:72:08:31:4c:4b:ed:54:a2:de:a0:42:2e:
         8e:43:ca:48:1e:7e:49:4c:ff:1c:ee:31:65:6f:99:b7:95:45:
         20:f1:b5:d1
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICAgkwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MkZDNzMxMTAvBgNVBAUTKENFRTQxNjAxRUVBOUY1MUIzNTI1REE1NURENEFDOTVD
RUZBRjVBQkMwHhcNMjMwMTI3MjMxMzMyWhcNMjMxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02M2Q0NWE5Yi0xNmFjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAyaMPx/HCBT8t1OSyVuVTLPvp3SX77vkpXw1Sf1D5cMwH5c47NUCTKa8kJRum
zbOYPU8fPVaB70eQgYquqhsTwk8yVheqqatvjGC42o6QUT6BUoQ3iN2zmRRrossL
3ZjEt86aYx/PYk6cjm9qp5Bo62+yV45DSarJ3V46jTRTrsvcmaCT/xIOlISBSzVc
Lr9QuXHW/VsxPxTsdeEkAILQo0RGYtF26TT9yCfO+xm7FqfwERsSEI8qdQWM6Mto
zKNyDiQiiwB1o0dV1Qe4MmVpFvmxElrzgQ4t8qYwXb/1GJ/K5NiDTuNvsGC60kdR
/CtSIARND1Wo5rDdRCVqHMXwbQIDAQABo4IClTCCApEwHQYDVR0OBBYEFPO8ioXJ
o22xrRH+bBWi7y6MosJgMB8GA1UdIwQYMBaAFM7kFgHuqfUbNSXaVd1KyVzvr1q8
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEyRkM3My8wMTQ0Q0RGODlG
MzQxMUVDOUNFQkM2NzBDNEY5QUUwMi96dVFXQWU2cDlSczFKZHBWM1VySlhPLXZX
cncuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3p1UVdBZTZwOVJzMUpkcFYzVXJKWE8tdldydy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MkZDNzMvMDE0NENERjg5RjM0MTFFQzlDRUJDNjcwQzRGOUFFMDIvMzcyRkY0N0U5
RTk4MTFFRDk1MEE1MTMzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBARxFDAwDQYJKoZIhvcNAQELBQADggEBADoqsLp0zsxgGOBt
3bP+l+Jtqxjbpbqrk9WEaVORT7Azn3xMdznXvsPjXMyr0yXUP5oMcs6ihPVUsFqV
6dcZ2/ucL8wktQPN9zjSJtNMePz6kET8kkbJNg+2IYww6Um62xCJsJoL+V0xIKd4
0Ebdx19CaE5bRhx3Nv+19j0pvJmDkrDFIoMaLiMk6MHCHnf5hTj9WET93q/elV0n
mO2mWNDlGbfXY7+kWQMDg9m7TVh+hWXMH5RfdZTKJdVhenFo3JhRotMEPFlQhFH+
XHNumL5bIPHzX0jKxzf203/Pj3IIMUxL7VSi3qBCLo5DykgefklM/xzuMWVvmbeV
RSDxtdE=
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:50:58 2024 by rpki-client on console-fra.rpki-client.org