Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9143CB3/1DB7983C259D11E785D3250AC4F9AE02/60C28002012811EEA97F422EC4F9AE02.roa
File:                     60C28002012811EEA97F422EC4F9AE02.roa (raw, json)
Hash identifier:          WrHjE7o5dyJQcxBfG5JFcLVAbD6iy+E68fq7FCitBE0=
Subject key identifier:   D1:56:75:6C:B8:AE:C3:25:8B:7B:A7:80:5D:6D:10:B5:92:D3:5F:32
Certificate issuer:       /CN=A9143CB3/serialNumber=CBA197C04CAA9BD295F5788472A6A10AA3FBEF70
Certificate serial:       1973
Authority key identifier: CB:A1:97:C0:4C:AA:9B:D2:95:F5:78:84:72:A6:A1:0A:A3:FB:EF:70
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/y6GXwEyqm9KV9XiEcqahCqP773A.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9143CB3/1DB7983C259D11E785D3250AC4F9AE02/60C28002012811EEA97F422EC4F9AE02.roa
Signing time:             Fri 02 Jun 2023 09:32:23 +0000
ROA not before:           Fri 02 Jun 2023 09:32:23 +0000
ROA not after:            Wed 31 Jan 2024 00:00:00 +0000
asID:                     135061
IP address blocks:        58.250.87.0/24 maxlen: 24
                          58.250.124.0/22 maxlen: 22
                          58.250.129.0/24 maxlen: 24
                          58.250.132.0/22 maxlen: 22
                          58.250.136.0/22 maxlen: 22
                          58.250.140.0/24 maxlen: 24
                          58.251.56.0/21 maxlen: 21
                          58.251.64.0/24 maxlen: 24
                          58.251.103.0/24 maxlen: 24
                          58.251.106.0/23 maxlen: 23
                          58.251.123.0/24 maxlen: 24
                          58.251.124.0/23 maxlen: 23
                          58.251.139.0/24 maxlen: 24
                          58.251.148.0/23 maxlen: 23
                          58.251.150.0/24 maxlen: 24
                          112.90.72.0/24 maxlen: 24
                          112.90.76.0/23 maxlen: 23
                          112.90.81.0/24 maxlen: 24
                          112.90.84.0/22 maxlen: 22
                          112.90.136.0/21 maxlen: 21
                          112.95.139.0/24 maxlen: 24
                          112.95.140.0/24 maxlen: 24
                          112.95.234.0/24 maxlen: 24
                          112.95.237.0/24 maxlen: 24
                          112.95.240.0/22 maxlen: 22
                          120.80.96.0/24 maxlen: 24
                          120.80.98.0/23 maxlen: 23
                          122.13.32.0/24 maxlen: 24
                          122.13.152.0/23 maxlen: 23
                          163.177.63.0/24 maxlen: 24
                          163.177.75.0/24 maxlen: 24
                          163.177.76.0/22 maxlen: 22
                          163.177.81.0/24 maxlen: 24
                          163.177.84.0/23 maxlen: 23
                          163.177.86.0/24 maxlen: 24
                          163.177.95.0/24 maxlen: 24
                          210.22.12.0/22 maxlen: 22

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 6515 (0x1973)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9143CB3/serialNumber=CBA197C04CAA9BD295F5788472A6A10AA3FBEF70
        Validity
            Not Before: Jun  2 09:32:23 2023 GMT
            Not After : Jan 31 00:00:00 2024 GMT
        Subject: CN=6479b727-a876
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:d6:4b:46:c9:1e:67:86:c5:79:34:ed:3b:41:
                    07:f5:a4:65:1e:3b:71:ba:2e:0f:a2:cd:dd:1b:be:
                    61:3a:95:b6:c4:a9:ab:74:09:c1:e7:d1:97:93:19:
                    01:71:78:e3:f3:16:c4:94:a0:c0:48:42:6b:d1:8b:
                    cb:06:73:47:b8:16:bc:d6:94:83:26:41:c3:6e:22:
                    6f:35:db:67:c1:3d:1f:b1:9a:02:d0:5a:47:c8:d1:
                    3a:0d:e0:c0:eb:99:7c:85:5d:70:7b:e3:3d:fe:9e:
                    e7:db:96:af:cd:90:29:a5:78:7e:c5:09:5c:72:33:
                    51:55:36:c8:43:f7:fa:d0:42:41:73:61:5a:04:25:
                    52:21:54:ad:6e:a9:8f:c1:4d:55:21:8e:a5:3c:26:
                    44:28:ae:65:a6:33:47:d0:94:2e:9b:a1:07:0a:da:
                    07:08:57:dc:30:19:4d:9b:7f:1e:77:1a:85:76:fa:
                    33:55:7a:dc:06:21:25:f4:fe:e8:4f:2c:5e:2e:99:
                    b5:a7:73:66:b6:34:2f:cf:09:35:b3:51:fc:63:82:
                    99:74:87:88:0b:48:3d:21:d0:34:70:66:24:53:8e:
                    1f:a9:c6:66:95:36:cc:12:02:bb:a2:ee:f7:01:54:
                    3e:94:ca:ac:16:9e:a3:fd:3d:6f:cb:d9:08:b4:94:
                    b3:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:56:75:6C:B8:AE:C3:25:8B:7B:A7:80:5D:6D:10:B5:92:D3:5F:32
            X509v3 Authority Key Identifier:
                keyid:CB:A1:97:C0:4C:AA:9B:D2:95:F5:78:84:72:A6:A1:0A:A3:FB:EF:70

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9143CB3/1DB7983C259D11E785D3250AC4F9AE02/y6GXwEyqm9KV9XiEcqahCqP773A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/y6GXwEyqm9KV9XiEcqahCqP773A.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9143CB3/1DB7983C259D11E785D3250AC4F9AE02/60C28002012811EEA97F422EC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  58.250.87.0/24
                  58.250.124.0/22
                  58.250.129.0/24
                  58.250.132.0-58.250.140.255
                  58.251.56.0-58.251.64.255
                  58.251.103.0/24
                  58.251.106.0/23
                  58.251.123.0-58.251.125.255
                  58.251.139.0/24
                  58.251.148.0-58.251.150.255
                  112.90.72.0/24
                  112.90.76.0/23
                  112.90.81.0/24
                  112.90.84.0/22
                  112.90.136.0/21
                  112.95.139.0-112.95.140.255
                  112.95.234.0/24
                  112.95.237.0/24
                  112.95.240.0/22
                  120.80.96.0/24
                  120.80.98.0/23
                  122.13.32.0/24
                  122.13.152.0/23
                  163.177.63.0/24
                  163.177.75.0-163.177.79.255
                  163.177.81.0/24
                  163.177.84.0-163.177.86.255
                  163.177.95.0/24
                  210.22.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         18:95:5c:c8:6d:2d:3f:e3:49:b8:6d:5f:e4:ad:64:15:f0:3e:
         cf:8f:34:80:55:c3:25:98:fc:30:0c:da:42:5d:b4:b4:40:45:
         d2:92:9e:19:dc:70:1f:ab:22:4e:ff:8f:ff:cb:fd:f9:35:39:
         b3:09:a4:f3:03:7f:9d:7a:7f:de:26:0e:fc:b2:9f:6d:78:92:
         25:06:03:f2:87:68:6c:d9:cb:ef:a2:22:f9:54:dc:a4:26:bd:
         b2:89:a8:53:f5:a1:72:9a:9a:ca:d4:87:81:da:da:57:51:2e:
         62:c1:6d:36:ef:9f:3d:0a:9e:87:6a:ea:da:a1:86:db:d9:dd:
         e2:1a:50:58:25:8b:da:99:2e:c2:84:5e:d5:07:52:28:24:29:
         69:82:7d:81:ba:38:ee:e2:4e:94:f7:c9:b7:a8:7e:70:ff:cc:
         3c:59:76:20:88:44:1a:ef:12:37:82:e8:fc:44:5b:84:77:bf:
         96:b8:98:2f:65:b2:b9:a7:4b:92:83:18:d8:5f:fd:13:90:0e:
         94:8a:ce:cc:86:37:43:3f:81:02:d3:f5:b2:13:e6:ed:3c:d3:
         06:9c:6e:42:cb:00:17:fc:f4:28:14:aa:d7:bd:b9:89:36:a8:
         c3:e5:72:76:ac:d6:86:14:ef:d1:6d:67:d9:bf:6e:cd:77:df:
         d2:42:24:fc
-----BEGIN CERTIFICATE-----
MIIGVzCCBT+gAwIBAgICGXMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDNDQjMxMTAvBgNVBAUTKENCQTE5N0MwNENBQTlCRDI5NUY1Nzg4NDcyQTZBMTBB
QTNGQkVGNzAwHhcNMjMwNjAyMDkzMjIzWhcNMjQwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDc5YjcyNy1hODc2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAw9ZLRskeZ4bFeTTtO0EH9aRlHjtxui4Pos3dG75hOpW2xKmrdAnB59GXkxkB
cXjj8xbElKDASEJr0YvLBnNHuBa81pSDJkHDbiJvNdtnwT0fsZoC0FpHyNE6DeDA
65l8hV1we+M9/p7n25avzZAppXh+xQlccjNRVTbIQ/f60EJBc2FaBCVSIVStbqmP
wU1VIY6lPCZEKK5lpjNH0JQum6EHCtoHCFfcMBlNm38edxqFdvozVXrcBiEl9P7o
TyxeLpm1p3NmtjQvzwk1s1H8Y4KZdIeIC0g9IdA0cGYkU44fqcZmlTbMEgK7ou73
AVQ+lMqsFp6j/T1vy9kItJSztwIDAQABo4IDezCCA3cwHQYDVR0OBBYEFNFWdWy4
rsMli3ungF1tELWS018yMB8GA1UdIwQYMBaAFMuhl8BMqpvSlfV4hHKmoQqj++9w
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0M0NCMy8xREI3OTgzQzI1
OUQxMUU3ODVEMzI1MEFDNEY5QUUwMi95NkdYd0V5cW05S1Y5WGlFY3FhaENxUDc3
M0EuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3k2R1h3RXlxbTlLVjlYaUVjcWFoQ3FQNzczQS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDNDQjMvMURCNzk4M0MyNTlEMTFFNzg1RDMyNTBBQzRGOUFFMDIvNjBDMjgwMDIw
MTI4MTFFRUE5N0Y0MjJFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwggEDBggrBgEFBQcBBwEB
/wSB8zCB8DCB7QQCAAEwgeYDBAA6+lcDBAI6+nwDBAA6+oEwDAMEAjr6hAMEADr6
jDAMAwQDOvs4AwQAOvtAAwQAOvtnAwQBOvtqMAwDBAA6+3sDBAE6+3wDBAA6+4sw
DAMEAjr7lAMEADr7lgMEAHBaSAMEAXBaTAMEAHBaUQMEAnBaVAMEA3BaiDAMAwQA
cF+LAwQAcF+MAwQAcF/qAwQAcF/tAwQCcF/wAwQAeFBgAwQBeFBiAwQAeg0gAwQB
eg2YAwQAo7E/MAwDBACjsUsDBASjsUADBACjsVEwDAMEAqOxVAMEAKOxVgMEAKOx
XwMEAtIWDDANBgkqhkiG9w0BAQsFAAOCAQEAGJVcyG0tP+NJuG1f5K1kFfA+z480
gFXDJZj8MAzaQl20tEBF0pKeGdxwH6siTv+P/8v9+TU5swmk8wN/nXp/3iYO/LKf
bXiSJQYD8odobNnL76Ii+VTcpCa9somoU/WhcpqaytSHgdraV1EuYsFtNu+fPQqe
h2rq2qGG29nd4hpQWCWL2pkuwoRe1QdSKCQpaYJ9gbo47uJOlPfJt6h+cP/MPFl2
IIhEGu8SN4Lo/ERbhHe/lriYL2WyuadLkoMY2F/9E5AOlIrOzIY3Qz+BAtP1shPm
7TzTBpxuQssAF/z0KBSq1725iTaow+VydqzWhhTv0W1n2b9uzXff0kIk/A==
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:04 2024 by rpki-client on console-fra.rpki-client.org