Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/961FD9EC05D411EE9ED75861C4F9AE02.roa
File:                     961FD9EC05D411EE9ED75861C4F9AE02.roa (raw, json)
Hash identifier:          4An8vc+VpxLpRLnMJJQCSfPvZw3ylyOJnQKknKR8Jas=
Subject key identifier:   18:16:B7:73:07:60:CD:4E:28:60:12:AC:7A:03:EE:30:1A:1B:D4:AC
Certificate issuer:       /CN=A914EAE4/serialNumber=AD56B67187A98BA314084405797BD9656E8AC8BA
Certificate serial:       1C4A
Authority key identifier: AD:56:B6:71:87:A9:8B:A3:14:08:44:05:79:7B:D9:65:6E:8A:C8:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/rVa2cYepi6MUCEQFeXvZZW6KyLo.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/961FD9EC05D411EE9ED75861C4F9AE02.roa
Signing time:             Thu 08 Jun 2023 08:15:11 +0000
ROA not before:           Thu 08 Jun 2023 08:15:11 +0000
ROA not after:            Fri 01 Dec 2023 00:00:00 +0000
asID:                     4812
IP address blocks:        116.232.0.0/16 maxlen: 22
                          124.74.0.0/17 maxlen: 24
                          124.74.128.0/17 maxlen: 24
                          124.75.0.0/16 maxlen: 16
                          124.76.0.0/15 maxlen: 22
                          124.78.0.0/15 maxlen: 22
                          202.96.194.0/24 maxlen: 24
                          202.101.0.0/19 maxlen: 24
                          202.101.32.0/19 maxlen: 19
                          202.109.0.0/18 maxlen: 18
                          202.109.64.0/18 maxlen: 18
                          202.109.72.0/23 maxlen: 23
                          218.1.0.0/16 maxlen: 24
                          218.30.132.0/24 maxlen: 24
                          222.68.240.0/20 maxlen: 20

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 7242 (0x1c4a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A914EAE4/serialNumber=AD56B67187A98BA314084405797BD9656E8AC8BA
        Validity
            Not Before: Jun  8 08:15:11 2023 GMT
            Not After : Dec  1 00:00:00 2023 GMT
        Subject: CN=64818e0e-3b31
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:8c:8a:f1:af:10:30:47:5c:84:1d:06:fa:53:
                    a2:a8:93:c6:06:42:fa:c2:db:2d:ce:50:d4:07:57:
                    05:9a:6a:54:1b:f1:09:43:9d:f1:0d:79:66:5d:af:
                    c7:79:e9:92:72:6d:af:9f:f8:be:c2:02:dd:8d:f9:
                    96:79:b4:9b:b9:4b:90:21:74:b8:eb:9a:04:2a:5f:
                    52:1c:c9:f3:13:f3:c0:b6:09:26:8d:50:b8:6d:d8:
                    08:73:1c:f6:ad:46:e5:54:17:28:88:a8:2e:23:d4:
                    2b:e1:f3:73:8f:64:c0:90:ae:0c:a1:ff:a3:80:de:
                    4a:4b:be:c6:04:89:54:0d:fe:91:72:06:73:55:7a:
                    97:41:da:a0:09:db:e6:a5:a1:2d:05:64:95:ca:e6:
                    42:05:eb:a2:fd:a7:4c:66:b1:5c:cf:12:ad:7e:e6:
                    97:31:dd:28:8e:91:a8:f0:cf:01:7c:1b:e5:fb:e2:
                    db:64:df:34:fb:fb:cb:3a:9b:4c:8f:be:2b:6d:4d:
                    fa:f2:7a:11:51:4b:18:97:66:8a:20:61:84:d9:af:
                    17:7d:09:f0:0a:30:52:4f:ad:5f:67:be:13:1f:dd:
                    72:02:c3:9b:8a:d9:4d:c3:b2:3d:95:e7:59:b7:6c:
                    1c:36:e5:31:c6:f1:f4:49:95:7c:76:af:5f:b6:aa:
                    cc:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:16:B7:73:07:60:CD:4E:28:60:12:AC:7A:03:EE:30:1A:1B:D4:AC
            X509v3 Authority Key Identifier:
                keyid:AD:56:B6:71:87:A9:8B:A3:14:08:44:05:79:7B:D9:65:6E:8A:C8:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/rVa2cYepi6MUCEQFeXvZZW6KyLo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/rVa2cYepi6MUCEQFeXvZZW6KyLo.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/961FD9EC05D411EE9ED75861C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  116.232.0.0/16
                  124.74.0.0-124.79.255.255
                  202.96.194.0/24
                  202.101.0.0/18
                  202.109.0.0/17
                  218.1.0.0/16
                  218.30.132.0/24
                  222.68.240.0/20

    Signature Algorithm: sha256WithRSAEncryption
         0f:e6:f1:eb:be:70:89:2c:63:19:b5:dd:73:77:24:e3:20:45:
         4b:0c:9a:84:49:42:58:20:0c:99:69:34:99:c9:e7:31:50:05:
         46:79:b0:9b:4f:bc:05:22:61:cd:39:0e:dc:05:3d:8c:1b:43:
         d3:0d:13:4f:81:ed:ba:55:92:3a:17:92:e5:32:10:f4:d6:36:
         a3:28:93:11:44:73:3c:b7:17:85:f7:44:f1:28:43:94:82:08:
         c7:bb:b5:51:bd:4b:1a:40:d5:13:c1:46:a5:5c:10:4d:4d:fb:
         87:81:89:0d:75:5b:98:f6:f4:a5:9d:96:b2:23:88:fe:88:d8:
         ad:5e:df:be:c3:c0:72:eb:ab:14:35:b2:9f:fd:cb:b5:ad:ee:
         ba:ce:71:b3:ce:03:da:ff:7a:c6:13:25:51:f5:50:e6:54:05:
         24:8a:fd:fc:c0:58:3a:45:7e:2a:84:1f:bf:e4:ff:78:5f:f6:
         92:3e:77:1d:43:96:b6:10:a4:39:dd:1a:87:7e:55:2b:a8:28:
         9d:f6:50:0f:c0:72:ca:4f:17:e8:6e:9b:63:20:5a:c2:9e:3e:
         4f:9d:f9:dd:e9:76:5b:39:62:e4:6f:81:bc:70:85:e0:c2:3d:
         ec:ac:72:e4:20:53:72:63:9d:32:07:cf:e2:0c:45:87:12:e4:
         49:df:b1:18
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgICHEowDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NEVBRTQxMTAvBgNVBAUTKEFENTZCNjcxODdBOThCQTMxNDA4NDQwNTc5N0JEOTY1
NkU4QUM4QkEwHhcNMjMwNjA4MDgxNTExWhcNMjMxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDgxOGUwZS0zYjMxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAu4yK8a8QMEdchB0G+lOiqJPGBkL6wtstzlDUB1cFmmpUG/EJQ53xDXlmXa/H
eemScm2vn/i+wgLdjfmWebSbuUuQIXS465oEKl9SHMnzE/PAtgkmjVC4bdgIcxz2
rUblVBcoiKguI9Qr4fNzj2TAkK4Mof+jgN5KS77GBIlUDf6RcgZzVXqXQdqgCdvm
paEtBWSVyuZCBeui/adMZrFczxKtfuaXMd0ojpGo8M8BfBvl++LbZN80+/vLOptM
j74rbU368noRUUsYl2aKIGGE2a8XfQnwCjBST61fZ74TH91yAsObitlNw7I9ledZ
t2wcNuUxxvH0SZV8dq9ftqrM0QIDAQABo4ICwzCCAr8wHQYDVR0OBBYEFBgWt3MH
YM1OKGASrHoD7jAaG9SsMB8GA1UdIwQYMBaAFK1WtnGHqYujFAhEBXl72WVuisi6
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0RUFFNC82NzUzQjhBRTI1
NzUxMUU3QUMwRDE3MkFDNEY5QUUwMi9yVmEyY1llcGk2TVVDRVFGZVh2WlpXNkt5
TG8uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3JWYTJjWWVwaTZNVUNFUUZlWHZaWlc2S3lMby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NEVBRTQvNjc1M0I4QUUyNTc1MTFFN0FDMEQxNzJBQzRGOUFFMDIvOTYxRkQ5RUMw
NUQ0MTFFRTlFRDc1ODYxQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwTQYIKwYBBQUHAQcBAf8E
PjA8MDoEAgABMDQDAwB06DAKAwMBfEoDAwR8QAMEAMpgwgMEBsplAAMEB8ptAAMD
ANoBAwQA2h6EAwQE3kTwMA0GCSqGSIb3DQEBCwUAA4IBAQAP5vHrvnCJLGMZtd1z
dyTjIEVLDJqESUJYIAyZaTSZyecxUAVGebCbT7wFImHNOQ7cBT2MG0PTDRNPge26
VZI6F5LlMhD01jajKJMRRHM8txeF90TxKEOUggjHu7VRvUsaQNUTwUalXBBNTfuH
gYkNdVuY9vSlnZayI4j+iNitXt++w8By66sUNbKf/cu1re66znGzzgPa/3rGEyVR
9VDmVAUkiv38wFg6RX4qhB+/5P94X/aSPncdQ5a2EKQ53RqHflUrqCid9lAPwHLK
TxfobptjIFrCnj5Pnfnd6XZbOWLkb4G8cIXgwj3srHLkIFNyY50yB8/iDEWHEuRJ
37EY
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:06 2024 by rpki-client on console-fra.rpki-client.org