Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9143CB3/1DB7983C259D11E785D3250AC4F9AE02/DC687CA4012111EE9BBB0A1FC4F9AE02.roa
File:                     DC687CA4012111EE9BBB0A1FC4F9AE02.roa (raw, json)
Hash identifier:          jZj1ymk5T3buxHhkNui8W48eIcHX6Ia6WphWnDTVybE=
Subject key identifier:   0F:62:40:95:31:91:56:E2:90:FF:B8:63:9B:2D:09:A3:E6:7F:6F:B8
Certificate issuer:       /CN=A9143CB3/serialNumber=CBA197C04CAA9BD295F5788472A6A10AA3FBEF70
Certificate serial:       1976
Authority key identifier: CB:A1:97:C0:4C:AA:9B:D2:95:F5:78:84:72:A6:A1:0A:A3:FB:EF:70
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/y6GXwEyqm9KV9XiEcqahCqP773A.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9143CB3/1DB7983C259D11E785D3250AC4F9AE02/DC687CA4012111EE9BBB0A1FC4F9AE02.roa
Signing time:             Fri 02 Jun 2023 09:32:26 +0000
ROA not before:           Fri 02 Jun 2023 09:32:26 +0000
ROA not after:            Wed 31 Jan 2024 00:00:00 +0000
asID:                     136959
IP address blocks:        27.36.112.0/24 maxlen: 24
                          27.36.113.0/24 maxlen: 24
                          27.36.118.0/23 maxlen: 23
                          27.36.120.0/21 maxlen: 21
                          27.36.224.0/22 maxlen: 22
                          27.45.144.0/24 maxlen: 24
                          27.45.150.0/23 maxlen: 23
                          27.45.164.0/22 maxlen: 22
                          58.252.100.0/24 maxlen: 24
                          58.255.172.0/22 maxlen: 22
                          112.90.152.0/21 maxlen: 21
                          112.92.13.0/24 maxlen: 24
                          112.93.112.0/22 maxlen: 22
                          112.93.116.0/22 maxlen: 22
                          120.83.13.0/24 maxlen: 24
                          120.83.144.0/22 maxlen: 22
                          120.83.180.0/22 maxlen: 22
                          120.87.152.0/22 maxlen: 22
                          122.13.168.0/21 maxlen: 21
                          122.13.254.0/24 maxlen: 24
                          163.177.152.0/21 maxlen: 21
                          221.4.146.0/24 maxlen: 24
                          221.4.154.0/24 maxlen: 24
                          221.4.159.0/24 maxlen: 24
                          221.5.35.0/24 maxlen: 24
                          221.5.37.0/24 maxlen: 24
                          221.5.100.0/24 maxlen: 24
                          221.5.102.0/23 maxlen: 23
                          221.5.105.0/24 maxlen: 24
                          221.5.107.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 6518 (0x1976)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9143CB3/serialNumber=CBA197C04CAA9BD295F5788472A6A10AA3FBEF70
        Validity
            Not Before: Jun  2 09:32:26 2023 GMT
            Not After : Jan 31 00:00:00 2024 GMT
        Subject: CN=6479b72a-b125
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:d1:08:2c:10:83:4a:c8:d7:59:6d:32:2c:86:
                    24:4f:76:76:16:59:f6:36:d2:14:5d:0a:59:d7:64:
                    16:3b:14:e5:02:da:86:7f:ba:0c:7f:07:48:40:bc:
                    16:aa:bd:e4:9d:a5:5e:ea:92:53:c8:5f:a2:da:38:
                    87:cb:8b:53:24:7a:9d:71:54:29:f7:d8:9c:fd:09:
                    57:fd:e7:0c:e9:65:0b:49:2b:df:9f:36:7d:5d:1b:
                    80:ac:b6:a6:37:f8:e6:5e:49:2d:7a:0d:c6:b0:e5:
                    36:cc:78:d2:8a:25:04:f2:fc:e7:36:64:2a:36:06:
                    49:9e:23:f6:60:6e:39:61:79:79:91:f0:47:08:a8:
                    2c:7c:a4:fa:72:a7:7e:d8:2f:6c:29:92:6c:1f:de:
                    24:e1:74:da:e3:9e:a0:f2:90:34:fa:19:ac:41:a0:
                    f6:d8:ad:e0:a3:86:c8:30:10:c3:da:cd:ad:0d:ad:
                    ef:51:27:50:55:15:79:bc:42:46:d2:b4:eb:f5:71:
                    f5:d7:60:79:7e:75:21:70:42:3d:1b:1d:c7:e3:42:
                    c6:e0:8a:8d:28:60:f9:4f:79:06:a9:f9:af:1d:11:
                    1d:73:77:ff:a9:48:8f:86:08:4a:b1:c7:36:5e:d9:
                    a3:eb:1d:f1:e1:34:bc:2c:6d:2d:ff:ac:57:de:a9:
                    74:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0F:62:40:95:31:91:56:E2:90:FF:B8:63:9B:2D:09:A3:E6:7F:6F:B8
            X509v3 Authority Key Identifier:
                keyid:CB:A1:97:C0:4C:AA:9B:D2:95:F5:78:84:72:A6:A1:0A:A3:FB:EF:70

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9143CB3/1DB7983C259D11E785D3250AC4F9AE02/y6GXwEyqm9KV9XiEcqahCqP773A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/y6GXwEyqm9KV9XiEcqahCqP773A.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9143CB3/1DB7983C259D11E785D3250AC4F9AE02/DC687CA4012111EE9BBB0A1FC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  27.36.112.0/23
                  27.36.118.0-27.36.127.255
                  27.36.224.0/22
                  27.45.144.0/24
                  27.45.150.0/23
                  27.45.164.0/22
                  58.252.100.0/24
                  58.255.172.0/22
                  112.90.152.0/21
                  112.92.13.0/24
                  112.93.112.0/21
                  120.83.13.0/24
                  120.83.144.0/22
                  120.83.180.0/22
                  120.87.152.0/22
                  122.13.168.0/21
                  122.13.254.0/24
                  163.177.152.0/21
                  221.4.146.0/24
                  221.4.154.0/24
                  221.4.159.0/24
                  221.5.35.0/24
                  221.5.37.0/24
                  221.5.100.0/24
                  221.5.102.0/23
                  221.5.105.0/24
                  221.5.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b7:13:aa:2d:98:fe:1a:39:dc:a2:0a:50:6a:96:2f:38:aa:23:
         eb:f2:48:2a:63:c0:9d:67:73:47:84:ac:9d:da:15:dd:e8:88:
         f9:dd:fd:2b:58:1b:4e:42:47:4a:c9:66:50:6f:e2:5a:2d:47:
         d3:ee:72:d4:86:ef:1c:67:6f:1b:4d:81:5c:03:db:42:72:2b:
         28:a4:c2:0d:94:e3:28:65:cd:56:32:f1:da:7b:41:cc:5a:57:
         52:62:27:f5:d9:6b:37:14:2b:43:f8:0c:d6:91:0e:35:4f:86:
         d5:3b:6d:c8:1f:c0:e5:59:68:5b:83:a0:b4:80:02:13:e6:97:
         9a:11:74:02:3d:21:a7:84:99:d6:c4:ca:17:a5:28:e9:0f:93:
         b4:1a:ca:58:64:b2:17:b8:a5:ae:48:e3:fc:cf:ee:75:29:18:
         20:f6:d7:c5:10:08:1f:9f:12:b5:d7:35:9b:e3:ce:01:29:ac:
         57:2d:8f:1b:7a:9a:35:2f:b8:28:18:c5:f0:28:fb:05:e4:d0:
         df:3b:69:64:0d:47:0d:09:dc:e1:7e:35:a3:32:1d:48:9f:37:
         c2:29:ed:bc:88:b2:c6:18:d3:d8:cd:e9:75:c0:03:5f:25:50:
         24:7c:c9:6c:15:ea:45:88:60:38:77:ef:0c:b8:84:bb:2e:22:
         ee:ec:f3:bb
-----BEGIN CERTIFICATE-----
MIIGGjCCBQKgAwIBAgICGXYwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDNDQjMxMTAvBgNVBAUTKENCQTE5N0MwNENBQTlCRDI5NUY1Nzg4NDcyQTZBMTBB
QTNGQkVGNzAwHhcNMjMwNjAyMDkzMjI2WhcNMjQwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDc5YjcyYS1iMTI1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEApdEILBCDSsjXWW0yLIYkT3Z2Fln2NtIUXQpZ12QWOxTlAtqGf7oMfwdIQLwW
qr3knaVe6pJTyF+i2jiHy4tTJHqdcVQp99ic/QlX/ecM6WULSSvfnzZ9XRuArLam
N/jmXkkteg3GsOU2zHjSiiUE8vznNmQqNgZJniP2YG45YXl5kfBHCKgsfKT6cqd+
2C9sKZJsH94k4XTa456g8pA0+hmsQaD22K3go4bIMBDD2s2tDa3vUSdQVRV5vEJG
0rTr9XH112B5fnUhcEI9Gx3H40LG4IqNKGD5T3kGqfmvHREdc3f/qUiPhghKscc2
Xtmj6x3x4TS8LG0t/6xX3ql0QwIDAQABo4IDPjCCAzowHQYDVR0OBBYEFA9iQJUx
kVbikP+4Y5stCaPmf2+4MB8GA1UdIwQYMBaAFMuhl8BMqpvSlfV4hHKmoQqj++9w
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0M0NCMy8xREI3OTgzQzI1
OUQxMUU3ODVEMzI1MEFDNEY5QUUwMi95NkdYd0V5cW05S1Y5WGlFY3FhaENxUDc3
M0EuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3k2R1h3RXlxbTlLVjlYaUVjcWFoQ3FQNzczQS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDNDQjMvMURCNzk4M0MyNTlEMTFFNzg1RDMyNTBBQzRGOUFFMDIvREM2ODdDQTQw
MTIxMTFFRTlCQkIwQTFGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgccGCCsGAQUFBwEHAQH/
BIG3MIG0MIGxBAIAATCBqgMEARskcDAMAwQBGyR2AwQHGyQAAwQCGyTgAwQAGy2Q
AwQBGy2WAwQCGy2kAwQAOvxkAwQCOv+sAwQDcFqYAwQAcFwNAwQDcF1wAwQAeFMN
AwQCeFOQAwQCeFO0AwQCeFeYAwQDeg2oAwQAeg3+AwQDo7GYAwQA3QSSAwQA3QSa
AwQA3QSfAwQA3QUjAwQA3QUlAwQA3QVkAwQB3QVmAwQA3QVpAwQA3QVrMA0GCSqG
SIb3DQEBCwUAA4IBAQC3E6otmP4aOdyiClBqli84qiPr8kgqY8CdZ3NHhKyd2hXd
6Ij53f0rWBtOQkdKyWZQb+JaLUfT7nLUhu8cZ28bTYFcA9tCcisopMINlOMoZc1W
MvHae0HMWldSYif12Ws3FCtD+AzWkQ41T4bVO23IH8DlWWhbg6C0gAIT5peaEXQC
PSGnhJnWxMoXpSjpD5O0GspYZLIXuKWuSOP8z+51KRgg9tfFEAgfnxK11zWb484B
KaxXLY8bepo1L7goGMXwKPsF5NDfO2lkDUcNCdzhfjWjMh1InzfCKe28iLLGGNPY
zel1wANfJVAkfMlsFepFiGA4d+8MuIS7LiLu7PO7
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:04 2024 by rpki-client on console-fra.rpki-client.org