Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A915370F/7346E8A2604911E2A307578D2979BB20/61135CC2D8FE11EDBE662B5BC4F9AE02.roa
File:                     61135CC2D8FE11EDBE662B5BC4F9AE02.roa (raw, json)
Hash identifier:          jDrsGYNyul3EAEM9Og+Kbx9BGlHYAGfzTv/pdD2jSZs=
Subject key identifier:   63:D4:55:4E:76:77:3F:91:11:8A:86:A4:0C:82:65:CB:8D:57:22:49
Certificate issuer:       /CN=A915370F/serialNumber=BB5B8156B037E5D22263EAC7F6A11C052FDF633F
Certificate serial:       3228
Authority key identifier: BB:5B:81:56:B0:37:E5:D2:22:63:EA:C7:F6:A1:1C:05:2F:DF:63:3F
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/u1uBVrA35dIiY-rH9qEcBS_fYz8.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A915370F/7346E8A2604911E2A307578D2979BB20/61135CC2D8FE11EDBE662B5BC4F9AE02.roa
Signing time:             Wed 12 Apr 2023 06:50:58 +0000
ROA not before:           Wed 12 Apr 2023 06:50:58 +0000
ROA not after:            Wed 29 May 2024 00:00:00 +0000
asID:                     1239
IP address blocks:        122.8.16.0/22 maxlen: 22
                          122.8.20.0/22 maxlen: 22
                          122.8.32.0/22 maxlen: 22
                          122.8.116.0/22 maxlen: 22

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 12840 (0x3228)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A915370F/serialNumber=BB5B8156B037E5D22263EAC7F6A11C052FDF633F
        Validity
            Not Before: Apr 12 06:50:58 2023 GMT
            Not After : May 29 00:00:00 2024 GMT
        Subject: CN=643654d2-9f5a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:18:a9:35:80:a3:b1:2a:e1:6f:86:11:52:31:
                    9c:08:1b:68:b9:b8:a4:eb:a6:cc:08:4e:bc:c2:b9:
                    5d:13:81:f5:50:af:7c:36:6a:90:cf:7c:d2:4e:72:
                    fb:39:16:47:c9:02:c2:73:24:42:da:cc:ec:d1:e6:
                    14:2a:11:8d:34:37:bd:29:11:0c:0d:3a:a0:8f:38:
                    b6:59:a4:85:11:90:62:e4:ac:a1:5c:86:7b:64:34:
                    36:b6:a6:41:17:e9:53:97:99:1c:d7:75:11:65:b6:
                    21:eb:f0:96:bf:d2:37:fd:39:45:ff:b7:2d:73:97:
                    a7:66:21:55:79:da:45:b6:25:91:6f:e9:af:d5:5a:
                    de:2c:3c:6f:a6:94:4a:b5:68:dc:cb:2c:02:6d:e6:
                    6a:ce:b0:cc:bf:cf:35:cf:cc:66:93:88:d4:c1:f0:
                    96:60:d8:23:ab:96:90:e8:1e:a5:1d:ba:bf:26:60:
                    55:25:25:7f:08:00:b4:25:53:b4:bf:20:4c:c3:08:
                    26:33:0c:cc:19:03:49:6a:57:b3:7e:77:58:9d:76:
                    3d:63:af:f2:15:b9:52:58:55:1f:ef:df:89:20:53:
                    6a:69:fb:f8:86:bd:70:4f:32:24:79:72:0d:20:8e:
                    1c:73:c9:92:69:05:60:a8:3f:54:15:76:c3:c8:d0:
                    ef:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:D4:55:4E:76:77:3F:91:11:8A:86:A4:0C:82:65:CB:8D:57:22:49
            X509v3 Authority Key Identifier:
                keyid:BB:5B:81:56:B0:37:E5:D2:22:63:EA:C7:F6:A1:1C:05:2F:DF:63:3F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A915370F/7346E8A2604911E2A307578D2979BB20/u1uBVrA35dIiY-rH9qEcBS_fYz8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/u1uBVrA35dIiY-rH9qEcBS_fYz8.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A915370F/7346E8A2604911E2A307578D2979BB20/61135CC2D8FE11EDBE662B5BC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  122.8.16.0/21
                  122.8.32.0/22
                  122.8.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ba:52:47:72:6e:59:96:3c:02:b9:7a:d7:3e:c4:36:19:77:ba:
         94:b9:af:3c:d4:14:52:f3:cc:ce:1b:52:92:73:f3:69:83:e5:
         0f:a2:95:d4:15:50:ae:3b:55:bb:12:b6:7e:42:b7:fd:d5:a2:
         de:df:f0:ec:0a:82:c7:4f:9e:6d:0e:e3:35:c7:24:5f:0b:f0:
         9b:78:51:0f:0b:b4:53:03:75:c5:16:51:f3:2f:bf:f9:9c:49:
         e8:7d:b1:58:08:f0:b2:1b:92:0c:c3:02:18:e1:c7:99:86:7a:
         37:5c:12:57:55:4f:b2:8d:47:da:40:45:c4:5e:5d:69:fc:f1:
         16:9f:22:7b:c1:ee:01:af:fc:9b:4c:22:b1:34:05:50:12:4e:
         12:23:bd:69:95:75:f6:0a:58:72:53:8c:4e:69:9f:c9:63:07:
         8b:2c:c7:b4:f2:56:79:50:c0:95:87:79:ed:05:85:16:8e:98:
         35:ce:cd:04:e5:37:5c:97:95:eb:f9:ec:b6:a8:19:2d:7c:12:
         3a:40:cc:e0:6e:d7:59:40:d9:10:10:94:6b:b6:10:25:d3:30:
         27:1f:a1:72:c4:04:d2:80:91:b7:9d:73:ea:b0:95:8d:9d:27:
         db:da:22:3a:51:51:1e:6d:32:45:12:72:6c:1e:ff:a1:eb:8e:
         70:14:4c:08
-----BEGIN CERTIFICATE-----
MIIFfTCCBGWgAwIBAgICMigwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NTM3MEYxMTAvBgNVBAUTKEJCNUI4MTU2QjAzN0U1RDIyMjYzRUFDN0Y2QTExQzA1
MkZERjYzM0YwHhcNMjMwNDEyMDY1MDU4WhcNMjQwNTI5MDAwMDAwWjAYMRYwFAYD
VQQDEw02NDM2NTRkMi05ZjVhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAvxipNYCjsSrhb4YRUjGcCBtoubik66bMCE68wrldE4H1UK98NmqQz3zSTnL7
ORZHyQLCcyRC2szs0eYUKhGNNDe9KREMDTqgjzi2WaSFEZBi5KyhXIZ7ZDQ2tqZB
F+lTl5kc13URZbYh6/CWv9I3/TlF/7ctc5enZiFVedpFtiWRb+mv1VreLDxvppRK
tWjcyywCbeZqzrDMv881z8xmk4jUwfCWYNgjq5aQ6B6lHbq/JmBVJSV/CAC0JVO0
vyBMwwgmMwzMGQNJalezfndYnXY9Y6/yFblSWFUf79+JIFNqafv4hr1wTzIkeXIN
II4cc8mSaQVgqD9UFXbDyNDv9QIDAQABo4ICoTCCAp0wHQYDVR0OBBYEFGPUVU52
dz+REYqGpAyCZcuNVyJJMB8GA1UdIwQYMBaAFLtbgVawN+XSImPqx/ahHAUv32M/
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1MzcwRi83MzQ2RThBMjYw
NDkxMUUyQTMwNzU3OEQyOTc5QkIyMC91MXVCVnJBMzVkSWlZLXJIOXFFY0JTX2ZZ
ejguY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3UxdUJWckEzNWRJaVktckg5cUVjQlNfZll6OC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NTM3MEYvNzM0NkU4QTI2MDQ5MTFFMkEzMDc1NzhEMjk3OUJCMjAvNjExMzVDQzJE
OEZFMTFFREJFNjYyQjVCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwKwYIKwYBBQUHAQcBAf8E
HDAaMBgEAgABMBIDBAN6CBADBAJ6CCADBAJ6CHQwDQYJKoZIhvcNAQELBQADggEB
ALpSR3JuWZY8Arl61z7ENhl3upS5rzzUFFLzzM4bUpJz82mD5Q+ildQVUK47VbsS
tn5Ct/3Vot7f8OwKgsdPnm0O4zXHJF8L8Jt4UQ8LtFMDdcUWUfMvv/mcSeh9sVgI
8LIbkgzDAhjhx5mGejdcEldVT7KNR9pARcReXWn88RafInvB7gGv/JtMIrE0BVAS
ThIjvWmVdfYKWHJTjE5pn8ljB4ssx7TyVnlQwJWHee0FhRaOmDXOzQTlN1yXlev5
7LaoGS18EjpAzOBu11lA2RAQlGu2ECXTMCcfoXLEBNKAkbedc+qwlY2dJ9vaIjpR
UR5tMkUScmwe/6HrjnAUTAg=
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:06 2024 by rpki-client on console-fra.rpki-client.org