Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9153646/6B8EFA5AFF9811E987C80A6AC4F9AE02/CAD18434DE8711EDB3954136C4F9AE02.roa
File:                     CAD18434DE8711EDB3954136C4F9AE02.roa (raw, json)
Hash identifier:          UxwI8tZ2rIj7FoLh76Kic9+fxLBTgEtaSUCkjJRnqD8=
Subject key identifier:   FA:5E:2C:BD:D4:8C:3E:B6:C8:CC:CB:15:10:D0:C0:51:FC:95:EB:97
Certificate issuer:       /CN=A9153646/serialNumber=3492EFFE9622B1FFF881597003763C1BA24A1E06
Certificate serial:       0548
Authority key identifier: 34:92:EF:FE:96:22:B1:FF:F8:81:59:70:03:76:3C:1B:A2:4A:1E:06
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/NJLv_pYisf_4gVlwA3Y8G6JKHgY.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9153646/6B8EFA5AFF9811E987C80A6AC4F9AE02/CAD18434DE8711EDB3954136C4F9AE02.roa
Signing time:             Wed 19 Apr 2023 07:57:13 +0000
ROA not before:           Wed 19 Apr 2023 07:57:12 +0000
ROA not after:            Wed 31 Jan 2024 00:00:00 +0000
asID:                     64074
IP address blocks:        103.203.176.0/24 maxlen: 24
                          103.203.179.0/24 maxlen: 24
                          223.29.212.0/24 maxlen: 24
                          223.29.215.0/24 maxlen: 24
                          2401:b8c0::/32 maxlen: 32
                          2401:b8c0::/48 maxlen: 48
                          2401:b8c0:1::/48 maxlen: 48
                          2401:b8c0:2::/48 maxlen: 48
                          2401:b8c0:3::/48 maxlen: 48
                          2401:b8c0:4::/48 maxlen: 48
                          2401:b8c0:5::/48 maxlen: 48
                          2401:b8c0:6::/48 maxlen: 48
                          2401:b8c0:7::/48 maxlen: 48
                          2401:b8c0:8::/48 maxlen: 48
                          2401:b8c0:9::/48 maxlen: 48
                          2401:b8c0:b::/48 maxlen: 48
                          2401:b8c0:c::/48 maxlen: 48
                          2401:b8c0:e::/48 maxlen: 48
                          2401:b8c0:f::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1352 (0x548)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9153646/serialNumber=3492EFFE9622B1FFF881597003763C1BA24A1E06
        Validity
            Not Before: Apr 19 07:57:12 2023 GMT
            Not After : Jan 31 00:00:00 2024 GMT
        Subject: CN=643f9ed8-7391
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:35:ee:e7:1e:6b:5e:49:0f:c0:91:56:bf:c2:
                    91:cb:d0:1e:59:f3:e7:42:63:58:1e:ab:e9:0e:7e:
                    30:ff:26:3f:0f:86:46:19:52:ca:48:ea:0f:eb:ed:
                    b2:b5:a9:a5:59:7d:e2:86:3b:00:71:4d:62:a9:32:
                    03:26:50:54:85:e0:b6:1b:3f:b4:90:87:e7:77:ec:
                    29:80:5a:43:1e:2f:66:41:f0:9c:05:1a:df:23:de:
                    c5:a6:5d:2a:67:9a:6b:13:78:81:ac:da:cd:13:d6:
                    f4:ed:e6:5c:99:41:72:da:50:7c:a4:17:7f:e2:64:
                    4c:eb:44:ac:33:a1:24:d8:69:46:f4:cd:75:9d:25:
                    f5:03:5e:eb:00:bc:d6:05:ae:9a:b3:ec:8c:77:43:
                    18:51:ec:5b:bd:16:60:2b:b5:4d:c8:b5:e6:41:b8:
                    39:41:81:da:45:d7:19:32:9e:00:52:64:e9:41:46:
                    be:ba:d0:c5:da:6d:8d:6d:75:84:3a:a4:d6:4e:c0:
                    3e:7e:49:b6:11:37:e2:9c:c0:ee:60:a6:d6:85:0d:
                    8c:b2:c6:bf:61:49:78:4f:72:94:2b:68:c9:c1:66:
                    cd:6f:ea:0d:97:6f:9d:48:3d:40:6d:30:f5:82:53:
                    ad:62:17:98:7d:f4:e4:c9:23:e2:21:6a:c1:dc:00:
                    94:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FA:5E:2C:BD:D4:8C:3E:B6:C8:CC:CB:15:10:D0:C0:51:FC:95:EB:97
            X509v3 Authority Key Identifier:
                keyid:34:92:EF:FE:96:22:B1:FF:F8:81:59:70:03:76:3C:1B:A2:4A:1E:06

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9153646/6B8EFA5AFF9811E987C80A6AC4F9AE02/NJLv_pYisf_4gVlwA3Y8G6JKHgY.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/NJLv_pYisf_4gVlwA3Y8G6JKHgY.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9153646/6B8EFA5AFF9811E987C80A6AC4F9AE02/CAD18434DE8711EDB3954136C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.203.176.0/24
                  103.203.179.0/24
                  223.29.212.0/24
                  223.29.215.0/24
                IPv6:
                  2401:b8c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         42:40:db:70:2d:63:0c:d2:c8:98:21:df:57:ee:58:7f:ce:ea:
         8d:58:3f:80:40:cd:8b:07:f1:a4:22:b4:98:96:7a:29:23:d4:
         5b:2d:6a:ea:db:81:5c:24:39:4b:ce:27:60:27:19:61:41:0d:
         36:d5:b5:c1:73:a4:b8:60:52:f3:7e:a4:28:9c:ff:66:70:35:
         f2:a1:1f:a4:5a:f6:73:b4:a0:94:50:ab:d5:9b:a3:59:f7:4e:
         62:26:3b:38:d5:f5:97:89:f1:6c:f4:01:d5:1f:14:c4:4d:6a:
         8a:f4:6d:de:f6:07:ad:01:cb:3f:f8:3d:fd:32:78:62:eb:79:
         72:4b:2a:14:25:b0:5d:99:f3:b7:a8:4d:ff:dc:bc:5f:61:cd:
         80:3e:3f:c0:49:33:c0:94:10:a0:01:ef:ff:03:2f:3a:01:25:
         1b:49:09:76:76:01:13:07:f7:81:e3:82:1b:2e:35:4b:c4:36:
         a2:13:90:18:e5:53:07:80:b6:a4:d6:94:3a:d4:3f:81:83:ae:
         3a:45:87:5d:78:86:1e:4a:0e:b7:5c:60:e3:98:b0:31:e3:9a:
         fc:f3:7d:24:c4:26:09:07:67:54:1f:11:3a:f4:39:cc:95:e8:
         1f:12:e9:43:c7:7b:d4:51:ff:1e:ab:55:66:6a:4c:0b:8f:fc:
         06:00:b1:4f
-----BEGIN CERTIFICATE-----
MIIFkjCCBHqgAwIBAgICBUgwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NTM2NDYxMTAvBgNVBAUTKDM0OTJFRkZFOTYyMkIxRkZGODgxNTk3MDAzNzYzQzFC
QTI0QTFFMDYwHhcNMjMwNDE5MDc1NzEyWhcNMjQwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDNmOWVkOC03MzkxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAwDXu5x5rXkkPwJFWv8KRy9AeWfPnQmNYHqvpDn4w/yY/D4ZGGVLKSOoP6+2y
tamlWX3ihjsAcU1iqTIDJlBUheC2Gz+0kIfnd+wpgFpDHi9mQfCcBRrfI97Fpl0q
Z5prE3iBrNrNE9b07eZcmUFy2lB8pBd/4mRM60SsM6Ek2GlG9M11nSX1A17rALzW
Ba6as+yMd0MYUexbvRZgK7VNyLXmQbg5QYHaRdcZMp4AUmTpQUa+utDF2m2NbXWE
OqTWTsA+fkm2ETfinMDuYKbWhQ2Mssa/YUl4T3KUK2jJwWbNb+oNl2+dSD1AbTD1
glOtYheYffTkySPiIWrB3ACUmwIDAQABo4ICtjCCArIwHQYDVR0OBBYEFPpeLL3U
jD62yMzLFRDQwFH8leuXMB8GA1UdIwQYMBaAFDSS7/6WIrH/+IFZcAN2PBuiSh4G
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1MzY0Ni82QjhFRkE1QUZG
OTgxMUU5ODdDODBBNkFDNEY5QUUwMi9OSkx2X3BZaXNmXzRnVmx3QTNZOEc2SktI
Z1kuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL05KTHZfcFlpc2ZfNGdWbHdBM1k4RzZKS0hnWS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NTM2NDYvNkI4RUZBNUFGRjk4MTFFOTg3QzgwQTZBQzRGOUFFMDIvQ0FEMTg0MzRE
RTg3MTFFREIzOTU0MTM2QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwQAYIKwYBBQUHAQcBAf8E
MTAvMB4EAgABMBgDBABny7ADBABny7MDBADfHdQDBADfHdcwDQQCAAIwBwMFACQB
uMAwDQYJKoZIhvcNAQELBQADggEBAEJA23AtYwzSyJgh31fuWH/O6o1YP4BAzYsH
8aQitJiWeikj1FstaurbgVwkOUvOJ2AnGWFBDTbVtcFzpLhgUvN+pCic/2ZwNfKh
H6Ra9nO0oJRQq9Wbo1n3TmImOzjV9ZeJ8Wz0AdUfFMRNaor0bd72B60Byz/4Pf0y
eGLreXJLKhQlsF2Z87eoTf/cvF9hzYA+P8BJM8CUEKAB7/8DLzoBJRtJCXZ2ARMH
94HjghsuNUvENqITkBjlUweAtqTWlDrUP4GDrjpFh114hh5KDrdcYOOYsDHjmvzz
fSTEJgkHZ1QfETr0OcyV6B8S6UPHe9RR/x6rVWZqTAuP/AYAsU8=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:06 2024 by rpki-client on console-ams.rpki-client.org