Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91510AD/8B5E75FE1D8711E284B383DF08B02CD2/AAC7AC82CFA611EB9BED0A35C4F9AE02.roa
File:                     AAC7AC82CFA611EB9BED0A35C4F9AE02.roa (raw, json)
Hash identifier:          5f2Yckeql1H5ai31Qut8yXfw6Ud+UVn/siFWvyu6CbI=
Subject key identifier:   47:0A:45:7E:B4:42:7B:DC:E3:16:20:03:A2:C8:93:79:01:B4:2F:C8
Certificate issuer:       /CN=A91510AD/serialNumber=E1E6908A16EC813DAA0BD64797AE9DBDEB092257
Certificate serial:       3264
Authority key identifier: E1:E6:90:8A:16:EC:81:3D:AA:0B:D6:47:97:AE:9D:BD:EB:09:22:57
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/4eaQihbsgT2qC9ZHl66dvesJIlc.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91510AD/8B5E75FE1D8711E284B383DF08B02CD2/AAC7AC82CFA611EB9BED0A35C4F9AE02.roa
Signing time:             Thu 16 Jun 2022 07:50:24 +0000
ROA not before:           Thu 16 Jun 2022 07:50:24 +0000
ROA not after:            Fri 30 Dec 2022 00:00:00 +0000
asID:                     17469
IP address blocks:        175.29.124.0/22 maxlen: 24
                          175.29.140.0/22 maxlen: 24
                          175.29.144.0/22 maxlen: 24
                          175.29.152.0/21 maxlen: 21
                          175.29.160.0/20 maxlen: 24
                          175.29.176.0/20 maxlen: 24
                          175.29.192.0/21 maxlen: 24
                          175.29.224.0/19 maxlen: 24
                          202.22.192.0/20 maxlen: 24
                          203.76.144.0/21 maxlen: 24
                          203.82.192.0/20 maxlen: 24
                          2404:150::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 12900 (0x3264)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91510AD/serialNumber=E1E6908A16EC813DAA0BD64797AE9DBDEB092257
        Validity
            Not Before: Jun 16 07:50:24 2022 GMT
            Not After : Dec 30 00:00:00 2022 GMT
        Subject: CN=62aae0bf-dca7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:62:21:47:57:64:99:9f:37:24:f1:3d:45:71:
                    11:64:f2:98:84:e4:e5:05:52:19:cf:c4:dd:dc:cf:
                    14:00:b4:b6:01:2b:f4:70:52:0c:1f:62:83:f3:97:
                    56:a8:76:9f:5e:a3:fc:0c:3f:63:b9:4c:f1:91:c2:
                    b0:bf:20:d7:c5:ca:50:39:fb:56:05:d6:c6:2c:ef:
                    8a:87:99:dc:60:08:4d:53:db:16:ee:83:45:68:c3:
                    33:7f:0a:4f:11:8c:47:e3:6f:0f:2f:8b:b1:f1:cb:
                    5c:01:8b:8c:5c:b7:35:5b:e4:1d:00:74:39:cf:13:
                    b4:05:0a:c1:a4:8e:c5:b5:d5:5c:2e:c6:8a:d0:da:
                    f9:66:cb:ff:d2:b0:9b:4e:24:78:88:38:22:6e:14:
                    ed:c2:9b:12:51:a9:6a:2e:d2:63:7d:40:e0:2c:54:
                    d1:7e:81:fb:30:c6:e2:30:05:a0:ce:d2:ba:2f:d2:
                    54:39:6e:c7:01:fb:26:1e:9c:ab:dc:b8:8a:1e:56:
                    af:04:f2:cf:2f:ba:ce:32:96:b5:e5:23:dd:f8:ce:
                    e7:e4:69:d7:75:c6:ce:9f:f4:22:44:2a:14:2e:32:
                    0f:e8:8a:51:c4:16:7c:7c:89:71:15:ab:cd:8c:07:
                    3d:f8:e2:35:be:eb:82:72:d4:d8:a9:80:97:cf:2a:
                    5e:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:0A:45:7E:B4:42:7B:DC:E3:16:20:03:A2:C8:93:79:01:B4:2F:C8
            X509v3 Authority Key Identifier:
                keyid:E1:E6:90:8A:16:EC:81:3D:AA:0B:D6:47:97:AE:9D:BD:EB:09:22:57

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91510AD/8B5E75FE1D8711E284B383DF08B02CD2/4eaQihbsgT2qC9ZHl66dvesJIlc.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/4eaQihbsgT2qC9ZHl66dvesJIlc.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91510AD/8B5E75FE1D8711E284B383DF08B02CD2/AAC7AC82CFA611EB9BED0A35C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  175.29.124.0/22
                  175.29.140.0-175.29.147.255
                  175.29.152.0-175.29.199.255
                  175.29.224.0/19
                  202.22.192.0/20
                  203.76.144.0/21
                  203.82.192.0/20
                IPv6:
                  2404:150::/32

    Signature Algorithm: sha256WithRSAEncryption
         21:9d:02:5a:2d:29:4b:0a:d4:65:70:3b:58:b6:d1:fc:b6:8e:
         cc:00:76:41:80:8f:7b:de:22:42:53:6e:96:fc:7b:9d:b3:b2:
         b9:06:f5:6d:e8:f0:0f:83:0f:06:0a:0e:79:e6:48:ab:2a:ff:
         15:ab:74:27:3a:b8:25:ca:a1:d8:4f:24:2d:c8:6e:1c:9d:b2:
         fe:5a:7f:ff:f8:8d:33:31:6d:23:95:67:0a:d5:6e:16:bd:ad:
         57:75:62:4a:12:46:42:e7:e5:82:31:99:4c:43:cf:54:f5:b5:
         25:8e:98:e0:4e:0e:94:5c:6f:0d:33:12:b9:d2:f9:80:cf:51:
         19:6e:2f:22:48:2d:a6:31:93:d0:1d:24:97:12:ce:ce:c0:67:
         60:f0:32:90:97:b0:d1:de:b4:49:12:7b:18:4d:45:ad:0b:34:
         f1:0e:47:c0:91:98:98:56:c5:c1:8b:9a:aa:c1:98:17:da:d0:
         a0:81:8d:df:b8:bb:da:03:95:82:64:e9:b1:69:bb:82:12:2a:
         37:52:37:b6:03:45:65:32:b9:67:74:ec:2c:0f:86:0f:77:e8:
         1c:ec:8d:b6:69:67:e4:0b:4f:d0:09:bc:9e:c0:f8:49:6a:70:
         88:b0:0e:c3:ec:6b:6c:16:21:72:d5:fb:4c:58:76:cd:a5:1d:
         df:3f:cd:d0
-----BEGIN CERTIFICATE-----
MIIFtDCCBJygAwIBAgICMmQwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NTEwQUQxMTAvBgNVBAUTKEUxRTY5MDhBMTZFQzgxM0RBQTBCRDY0Nzk3QUU5REJE
RUIwOTIyNTcwHhcNMjIwNjE2MDc1MDI0WhcNMjIxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02MmFhZTBiZi1kY2E3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA0mIhR1dkmZ83JPE9RXERZPKYhOTlBVIZz8Td3M8UALS2ASv0cFIMH2KD85dW
qHafXqP8DD9juUzxkcKwvyDXxcpQOftWBdbGLO+Kh5ncYAhNU9sW7oNFaMMzfwpP
EYxH428PL4ux8ctcAYuMXLc1W+QdAHQ5zxO0BQrBpI7FtdVcLsaK0Nr5Zsv/0rCb
TiR4iDgibhTtwpsSUalqLtJjfUDgLFTRfoH7MMbiMAWgztK6L9JUOW7HAfsmHpyr
3LiKHlavBPLPL7rOMpa15SPd+M7n5GnXdcbOn/QiRCoULjIP6IpRxBZ8fIlxFavN
jAc9+OI1vuuCctTYqYCXzypenwIDAQABo4IC2DCCAtQwHQYDVR0OBBYEFEcKRX60
Qnvc4xYgA6LIk3kBtC/IMB8GA1UdIwQYMBaAFOHmkIoW7IE9qgvWR5eunb3rCSJX
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1MTBBRC84QjVFNzVGRTFE
ODcxMUUyODRCMzgzREYwOEIwMkNEMi80ZWFRaWhic2dUMnFDOVpIbDY2ZHZlc0pJ
bGMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzRlYVFpaGJzZ1QycUM5WkhsNjZkdmVzSklsYy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NTEwQUQvOEI1RTc1RkUxRDg3MTFFMjg0QjM4M0RGMDhCMDJDRDIvQUFDN0FDODJD
RkE2MTFFQjlCRUQwQTM1QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwYgYIKwYBBQUHAQcBAf8E
UzBRMEAEAgABMDoDBAKvHXwwDAMEAq8djAMEAq8dkDAMAwQDrx2YAwQDrx3AAwQF
rx3gAwQEyhbAAwQDy0yQAwQEy1LAMA0EAgACMAcDBQAkBAFQMA0GCSqGSIb3DQEB
CwUAA4IBAQAhnQJaLSlLCtRlcDtYttH8to7MAHZBgI973iJCU26W/Huds7K5BvVt
6PAPgw8GCg555kirKv8Vq3QnOrglyqHYTyQtyG4cnbL+Wn//+I0zMW0jlWcK1W4W
va1XdWJKEkZC5+WCMZlMQ89U9bUljpjgTg6UXG8NMxK50vmAz1EZbi8iSC2mMZPQ
HSSXEs7OwGdg8DKQl7DR3rRJEnsYTUWtCzTxDkfAkZiYVsXBi5qqwZgX2tCggY3f
uLvaA5WCZOmxabuCEio3Uje2A0VlMrlndOwsD4YPd+gc7I22aWfkC0/QCbyewPhJ
anCIsA7D7GtsFiFy1ftMWHbNpR3fP83Q
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:06 2024 by rpki-client on console-fra.rpki-client.org