Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91406AA/8F5BB4F886C111EBBAB3184BC4F9AE02/B796B85CA72E11EDA708F167C4F9AE02.roa
File:                     B796B85CA72E11EDA708F167C4F9AE02.roa (raw, json)
Hash identifier:          4AeXykR0AK+XpdMVzODTS6IgVUdnSYQXoi1gN20VixA=
Subject key identifier:   6D:0C:A9:04:56:9F:74:95:50:E6:24:AA:09:8A:9E:A5:C8:C2:D5:2E
Certificate issuer:       /CN=A91406AA/serialNumber=315513E54AB0C99B8BCA84042E38358B60DB1B2C
Certificate serial:       0502
Authority key identifier: 31:55:13:E5:4A:B0:C9:9B:8B:CA:84:04:2E:38:35:8B:60:DB:1B:2C
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/MVUT5UqwyZuLyoQELjg1i2DbGyw.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91406AA/8F5BB4F886C111EBBAB3184BC4F9AE02/B796B85CA72E11EDA708F167C4F9AE02.roa
Signing time:             Mon 13 Feb 2023 15:31:19 +0000
ROA not before:           Mon 13 Feb 2023 15:31:19 +0000
ROA not after:            Fri 01 Dec 2023 00:00:00 +0000
asID:                     140220
IP address blocks:        60.234.181.0/24 maxlen: 24
                          60.234.182.0/23 maxlen: 24
                          60.234.184.0/23 maxlen: 24
                          60.234.186.0/24 maxlen: 24
                          60.234.190.0/24 maxlen: 24
                          60.234.192.0/23 maxlen: 24
                          60.234.194.0/23 maxlen: 24
                          60.234.196.0/23 maxlen: 24
                          60.234.198.0/23 maxlen: 24
                          60.234.201.0/24 maxlen: 24
                          60.234.202.0/23 maxlen: 24
                          60.234.204.0/24 maxlen: 24
                          60.234.207.0/24 maxlen: 24
                          60.234.208.0/20 maxlen: 24
                          60.234.224.0/19 maxlen: 24
                          202.127.8.0/22 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1282 (0x502)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91406AA/serialNumber=315513E54AB0C99B8BCA84042E38358B60DB1B2C
        Validity
            Not Before: Feb 13 15:31:19 2023 GMT
            Not After : Dec  1 00:00:00 2023 GMT
        Subject: CN=63ea57c6-1cb5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:d3:bb:27:d9:99:ea:81:8c:e1:8e:12:e9:94:
                    21:6c:c4:6d:05:e1:54:a6:db:a7:6f:dc:14:1b:e6:
                    ad:55:41:11:5e:22:cf:4a:99:09:06:19:95:ff:09:
                    39:fa:96:b4:b7:d1:a1:ec:cf:0a:76:db:56:a5:33:
                    ba:34:f0:e1:ad:c6:48:45:86:90:f2:aa:97:92:4b:
                    f6:87:08:d3:6b:65:ae:e0:1a:0e:b5:c5:58:5d:13:
                    de:13:87:68:c3:de:ee:bd:b1:e8:2a:66:07:61:6a:
                    20:29:73:86:f4:70:98:3e:c5:10:51:45:ed:26:76:
                    63:75:e0:90:17:02:b8:63:db:d1:ec:4e:90:e9:3d:
                    cd:c7:aa:f9:31:bc:73:a5:6c:c7:59:96:58:40:c2:
                    cc:06:80:e3:64:33:b3:75:d6:06:25:53:7c:3d:aa:
                    cc:43:6d:2d:bc:35:90:dd:08:48:e4:98:6f:e0:81:
                    59:47:b6:2a:1a:f1:13:22:0c:f4:9e:fd:3f:99:d5:
                    d0:92:a7:87:f1:c4:87:8c:5b:84:6b:8e:e8:1d:18:
                    8b:1d:c9:56:01:ef:e7:25:9f:f5:3f:a7:96:77:dc:
                    83:7f:76:15:31:e5:35:97:3e:e3:2d:ae:2c:0a:e1:
                    e3:5c:be:de:f8:44:a7:5a:e6:f0:2b:28:ef:02:86:
                    b0:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:0C:A9:04:56:9F:74:95:50:E6:24:AA:09:8A:9E:A5:C8:C2:D5:2E
            X509v3 Authority Key Identifier:
                keyid:31:55:13:E5:4A:B0:C9:9B:8B:CA:84:04:2E:38:35:8B:60:DB:1B:2C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91406AA/8F5BB4F886C111EBBAB3184BC4F9AE02/MVUT5UqwyZuLyoQELjg1i2DbGyw.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/MVUT5UqwyZuLyoQELjg1i2DbGyw.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91406AA/8F5BB4F886C111EBBAB3184BC4F9AE02/B796B85CA72E11EDA708F167C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  60.234.181.0-60.234.186.255
                  60.234.190.0/24
                  60.234.192.0/21
                  60.234.201.0-60.234.204.255
                  60.234.207.0-60.234.255.255
                  202.127.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         52:3c:82:9f:68:80:95:0c:12:ea:bc:cf:ac:fd:41:22:a4:81:
         44:3b:08:6a:f5:02:f7:57:71:3c:55:c0:f3:6f:5b:32:70:ba:
         42:46:0e:b6:4e:a4:18:e2:50:92:22:57:83:e3:9c:87:dd:e7:
         8f:72:76:37:5d:47:51:3d:e8:9b:64:0f:4d:a3:37:cb:a7:f1:
         a8:f4:7d:3d:fa:e8:00:a2:c6:f7:57:aa:40:49:76:7d:56:8b:
         69:73:29:77:82:0a:37:52:2a:f5:da:d8:3c:0f:42:ef:b1:70:
         a5:0e:d2:87:59:f6:18:cf:4e:ac:42:c4:7b:c7:8d:07:d2:36:
         92:6a:ac:f3:21:ab:ad:92:19:7e:22:6b:1d:08:87:d5:7f:84:
         50:7d:b9:8f:a6:d6:f8:6b:e8:bb:ef:07:64:6c:8d:bf:0a:73:
         93:2c:d4:92:57:b2:a4:c6:4c:d8:84:6c:ad:04:af:1a:0b:56:
         7c:bc:61:bf:0e:1b:0f:50:34:7c:c9:25:e3:e4:12:4f:e1:5b:
         69:76:c4:38:86:95:98:40:7b:74:ce:50:02:95:6e:7a:35:0b:
         fa:24:2a:f9:fb:3e:ec:b7:86:d0:e3:bf:00:0c:6d:e8:88:4e:
         a8:c9:91:12:e8:0e:a7:35:ea:6c:59:8d:bf:20:ce:83:72:25:
         9d:e2:fa:1d
-----BEGIN CERTIFICATE-----
MIIFpjCCBI6gAwIBAgICBQIwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDA2QUExMTAvBgNVBAUTKDMxNTUxM0U1NEFCMEM5OUI4QkNBODQwNDJFMzgzNThC
NjBEQjFCMkMwHhcNMjMwMjEzMTUzMTE5WhcNMjMxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02M2VhNTdjNi0xY2I1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA0NO7J9mZ6oGM4Y4S6ZQhbMRtBeFUptunb9wUG+atVUERXiLPSpkJBhmV/wk5
+pa0t9Gh7M8KdttWpTO6NPDhrcZIRYaQ8qqXkkv2hwjTa2Wu4BoOtcVYXRPeE4do
w97uvbHoKmYHYWogKXOG9HCYPsUQUUXtJnZjdeCQFwK4Y9vR7E6Q6T3Nx6r5Mbxz
pWzHWZZYQMLMBoDjZDOzddYGJVN8ParMQ20tvDWQ3QhI5Jhv4IFZR7YqGvETIgz0
nv0/mdXQkqeH8cSHjFuEa47oHRiLHclWAe/nJZ/1P6eWd9yDf3YVMeU1lz7jLa4s
CuHjXL7e+ESnWubwKyjvAoawOwIDAQABo4ICyjCCAsYwHQYDVR0OBBYEFG0MqQRW
n3SVUOYkqgmKnqXIwtUuMB8GA1UdIwQYMBaAFDFVE+VKsMmbi8qEBC44NYtg2xss
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0MDZBQS84RjVCQjRGODg2
QzExMUVCQkFCMzE4NEJDNEY5QUUwMi9NVlVUNVVxd3ladUx5b1FFTGpnMWkyRGJH
eXcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL01WVVQ1VXF3eVp1THlvUUVMamcxaTJEYkd5dy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDA2QUEvOEY1QkI0Rjg4NkMxMTFFQkJBQjMxODRCQzRGOUFFMDIvQjc5NkI4NUNB
NzJFMTFFREE3MDhGMTY3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwVAYIKwYBBQUHAQcBAf8E
RTBDMEEEAgABMDswDAMEADzqtQMEADzqugMEADzqvgMEAzzqwDAMAwQAPOrJAwQA
POrMMAsDBAA86s8DAwA86gMEAsp/CDANBgkqhkiG9w0BAQsFAAOCAQEAUjyCn2iA
lQwS6rzPrP1BIqSBRDsIavUC91dxPFXA829bMnC6QkYOtk6kGOJQkiJXg+Och93n
j3J2N11HUT3om2QPTaM3y6fxqPR9PfroAKLG91eqQEl2fVaLaXMpd4IKN1Iq9drY
PA9C77FwpQ7Sh1n2GM9OrELEe8eNB9I2kmqs8yGrrZIZfiJrHQiH1X+EUH25j6bW
+Gvou+8HZGyNvwpzkyzUkleypMZM2IRsrQSvGgtWfLxhvw4bD1A0fMkl4+QST+Fb
aXbEOIaVmEB7dM5QApVuejUL+iQq+fs+7LeG0OO/AAxt6IhOqMmREugOpzXqbFmN
vyDOg3IlneL6HQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:04:56 2024 by rpki-client on console-ams.rpki-client.org