Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9143CB3/1516679E259D11E785D3250AC4F9AE02/5DFCC5E4012811EEA97F422EC4F9AE02.roa
File:                     5DFCC5E4012811EEA97F422EC4F9AE02.roa (raw, json)
Hash identifier:          BuCeckS+9w3By+8sZ340M6XZVeqOnQSVSF6oa3gbo+Y=
Subject key identifier:   2C:BE:5C:FF:6D:88:30:C4:1C:71:FF:01:59:2D:41:01:8A:20:4F:AB
Certificate issuer:       /CN=A9143CB3/serialNumber=3C5470E81FA4A19087021D0AD77D336CEBE2A68D
Certificate serial:       1964
Authority key identifier: 3C:54:70:E8:1F:A4:A1:90:87:02:1D:0A:D7:7D:33:6C:EB:E2:A6:8D
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/PFRw6B-koZCHAh0K130zbOvipo0.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9143CB3/1516679E259D11E785D3250AC4F9AE02/5DFCC5E4012811EEA97F422EC4F9AE02.roa
Signing time:             Fri 02 Jun 2023 09:32:18 +0000
ROA not before:           Fri 02 Jun 2023 09:32:18 +0000
ROA not after:            Wed 31 Jan 2024 00:00:00 +0000
asID:                     134543
IP address blocks:        157.122.216.0/21 maxlen: 21
                          157.255.120.0/21 maxlen: 21
                          157.255.120.0/24 maxlen: 24
                          157.255.128.0/19 maxlen: 19

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 6500 (0x1964)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9143CB3/serialNumber=3C5470E81FA4A19087021D0AD77D336CEBE2A68D
        Validity
            Not Before: Jun  2 09:32:18 2023 GMT
            Not After : Jan 31 00:00:00 2024 GMT
        Subject: CN=6479b722-65d8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:45:c9:f8:a1:82:7c:32:67:29:15:85:c3:c4:
                    78:c4:0c:b8:6c:53:d2:e5:7a:92:92:d2:f7:d5:01:
                    d0:7d:1e:04:b8:5a:b7:7e:c0:e9:dd:38:2c:73:c7:
                    ab:f1:8a:5e:c1:dd:ce:51:94:d7:f9:16:dd:c2:0e:
                    44:c9:4e:cf:5f:57:69:7c:3e:f7:92:37:20:c8:aa:
                    93:6d:bf:2a:ab:29:3e:1f:bd:c1:0b:fd:e9:f9:a0:
                    e0:10:da:c4:df:9a:9a:99:54:36:df:57:78:5b:34:
                    40:d6:72:ac:a3:42:93:ae:4a:b1:3b:cb:bb:f5:21:
                    5f:fc:a4:02:c7:c8:d1:ea:6b:a7:ea:3d:92:ff:f1:
                    ec:f0:c5:67:fe:0a:02:2c:16:17:7d:7c:ae:fc:af:
                    ca:1b:65:cc:35:61:54:71:70:6d:47:24:28:b4:5e:
                    1c:63:5a:7a:a3:43:8a:db:ad:03:03:c2:44:f2:d3:
                    a2:c7:a2:19:e8:77:a0:c5:fb:32:94:bd:f6:58:0b:
                    a4:b5:81:fe:34:c6:a1:31:53:1b:6a:b1:8b:64:62:
                    4d:fb:28:ae:c6:e8:3b:86:1f:6e:17:9b:0b:0c:ac:
                    52:81:6e:1a:87:81:21:78:e2:e0:87:4e:b4:1c:03:
                    56:4b:6b:52:80:71:20:5d:63:35:3c:b8:a5:57:37:
                    fa:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:BE:5C:FF:6D:88:30:C4:1C:71:FF:01:59:2D:41:01:8A:20:4F:AB
            X509v3 Authority Key Identifier:
                keyid:3C:54:70:E8:1F:A4:A1:90:87:02:1D:0A:D7:7D:33:6C:EB:E2:A6:8D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9143CB3/1516679E259D11E785D3250AC4F9AE02/PFRw6B-koZCHAh0K130zbOvipo0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/PFRw6B-koZCHAh0K130zbOvipo0.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9143CB3/1516679E259D11E785D3250AC4F9AE02/5DFCC5E4012811EEA97F422EC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.122.216.0/21
                  157.255.120.0-157.255.159.255

    Signature Algorithm: sha256WithRSAEncryption
         c7:dd:82:46:f4:14:e3:52:7e:64:b3:8e:8e:40:3d:18:96:8d:
         e2:07:0f:b4:40:ab:b6:ea:2d:a9:53:1b:81:9b:d1:5d:ce:5f:
         72:28:62:b3:ee:ed:47:70:61:46:94:7b:99:03:0c:8d:da:dd:
         91:ca:62:c3:6a:8c:d4:18:83:d6:68:50:ab:0e:ab:9e:bf:b9:
         8c:d9:1f:51:76:c7:c6:2b:a0:98:fa:ba:53:2b:82:5f:eb:c4:
         1c:ed:98:fc:17:09:3e:68:50:35:b4:20:8f:8f:8e:11:e3:ef:
         de:8f:8d:9f:d2:38:bb:21:c9:08:d7:1d:8c:bf:33:36:e4:ee:
         4c:c0:1e:73:4e:f7:d7:47:76:8d:6d:fd:48:fa:d5:95:b0:44:
         e5:51:fa:7f:3c:a9:08:1a:9b:59:95:17:6d:c5:bf:36:a6:4f:
         38:32:79:66:0d:bd:66:4b:82:f6:01:24:1c:23:a4:3f:1a:f8:
         cc:83:5a:9e:db:30:ed:6d:40:64:b9:47:cc:48:bc:13:c1:de:
         f0:7f:14:17:48:9a:1e:63:2d:da:b8:49:36:d0:3a:2a:16:60:
         ae:26:ac:d2:7c:e0:f1:75:d4:e7:4a:5d:5a:30:d1:d6:ec:fb:
         f8:42:d3:52:2a:ec:23:a6:cc:f2:78:a3:51:af:f6:69:e9:72:
         e2:ca:f1:99
-----BEGIN CERTIFICATE-----
MIIFfzCCBGegAwIBAgICGWQwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDNDQjMxMTAvBgNVBAUTKDNDNTQ3MEU4MUZBNEExOTA4NzAyMUQwQUQ3N0QzMzZD
RUJFMkE2OEQwHhcNMjMwNjAyMDkzMjE4WhcNMjQwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDc5YjcyMi02NWQ4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAqEXJ+KGCfDJnKRWFw8R4xAy4bFPS5XqSktL31QHQfR4EuFq3fsDp3Tgsc8er
8Ypewd3OUZTX+Rbdwg5EyU7PX1dpfD73kjcgyKqTbb8qqyk+H73BC/3p+aDgENrE
35qamVQ231d4WzRA1nKso0KTrkqxO8u79SFf/KQCx8jR6mun6j2S//Hs8MVn/goC
LBYXfXyu/K/KG2XMNWFUcXBtRyQotF4cY1p6o0OK260DA8JE8tOix6IZ6Hegxfsy
lL32WAuktYH+NMahMVMbarGLZGJN+yiuxug7hh9uF5sLDKxSgW4ah4EheOLgh060
HANWS2tSgHEgXWM1PLilVzf6tQIDAQABo4ICozCCAp8wHQYDVR0OBBYEFCy+XP9t
iDDEHHH/AVktQQGKIE+rMB8GA1UdIwQYMBaAFDxUcOgfpKGQhwIdCtd9M2zr4qaN
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0M0NCMy8xNTE2Njc5RTI1
OUQxMUU3ODVEMzI1MEFDNEY5QUUwMi9QRlJ3NkIta29aQ0hBaDBLMTMwemJPdmlw
bzAuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL1BGUnc2Qi1rb1pDSEFoMEsxMzB6Yk92aXBvMC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDNDQjMvMTUxNjY3OUUyNTlEMTFFNzg1RDMyNTBBQzRGOUFFMDIvNURGQ0M1RTQw
MTI4MTFFRUE5N0Y0MjJFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLQYIKwYBBQUHAQcBAf8E
HjAcMBoEAgABMBQDBAOdetgwDAMEA53/eAMEBZ3/gDANBgkqhkiG9w0BAQsFAAOC
AQEAx92CRvQU41J+ZLOOjkA9GJaN4gcPtECrtuotqVMbgZvRXc5fcihis+7tR3Bh
RpR7mQMMjdrdkcpiw2qM1BiD1mhQqw6rnr+5jNkfUXbHxiugmPq6UyuCX+vEHO2Y
/BcJPmhQNbQgj4+OEePv3o+Nn9I4uyHJCNcdjL8zNuTuTMAec07310d2jW39SPrV
lbBE5VH6fzypCBqbWZUXbcW/NqZPODJ5Zg29ZkuC9gEkHCOkPxr4zINantsw7W1A
ZLlHzEi8E8He8H8UF0iaHmMt2rhJNtA6KhZgrias0nzg8XXU50pdWjDR1uz7+ELT
UirsI6bM8nijUa/2aely4srxmQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:04:56 2024 by rpki-client on console-ams.rpki-client.org