Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91580D2/EBC1AC2C184F11EDADBC3C65C4F9AE02/669326E68A3911ED93F4BA70C4F9AE02.roa
File:                     669326E68A3911ED93F4BA70C4F9AE02.roa (raw, json)
Hash identifier:          gQxuhrlj4qTTxy6At49F8r6q4TLiqNarjlRVslPZNE4=
Subject key identifier:   08:E3:64:88:42:CB:88:11:25:AB:2B:5D:17:01:F9:CD:25:97:7C:40
Certificate issuer:       /CN=A91580D2/serialNumber=CA90D4D2125F0336B5398EE09977296F2E4092B4
Certificate serial:       AC
Authority key identifier: CA:90:D4:D2:12:5F:03:36:B5:39:8E:E0:99:77:29:6F:2E:40:92:B4
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ypDU0hJfAza1OY7gmXcpby5AkrQ.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91580D2/EBC1AC2C184F11EDADBC3C65C4F9AE02/669326E68A3911ED93F4BA70C4F9AE02.roa
Signing time:             Mon 02 Jan 2023 01:04:26 +0000
ROA not before:           Mon 02 Jan 2023 01:04:26 +0000
ROA not after:            Wed 31 Jan 2024 00:00:00 +0000
asID:                     398343
IP address blocks:        103.102.124.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 172 (0xac)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91580D2/serialNumber=CA90D4D2125F0336B5398EE09977296F2E4092B4
        Validity
            Not Before: Jan  2 01:04:26 2023 GMT
            Not After : Jan 31 00:00:00 2024 GMT
        Subject: CN=63b22d9a-a9b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:3e:7c:08:14:a3:e1:52:96:6b:23:5e:e4:ef:
                    7d:d7:f8:39:f3:24:b1:b5:18:f9:73:1d:f3:75:fb:
                    84:ad:68:5f:90:15:af:9e:a8:2c:46:66:cb:cd:3c:
                    55:e9:3e:1f:fc:c0:d5:8b:8d:2b:ce:89:da:15:a0:
                    f9:bf:ed:86:5f:3c:8f:ba:61:33:3b:d8:a0:34:af:
                    26:6f:45:ee:71:71:07:7f:07:fa:ea:dd:2f:66:51:
                    c1:fe:22:d7:ac:3b:00:57:ad:b8:8e:e9:d7:49:1c:
                    0d:a7:1b:29:35:0f:67:7b:3f:8f:79:b1:a7:b4:9c:
                    dc:b5:26:2b:65:cc:ea:6a:e8:20:81:9b:a9:9a:85:
                    50:41:c0:08:e6:1d:e1:81:2c:50:88:d3:48:bb:c7:
                    99:4a:9c:59:de:3f:f3:12:19:7e:1e:75:7e:92:0c:
                    99:b6:64:a2:f6:c2:af:45:8d:84:06:9f:b2:2d:81:
                    4b:a1:da:58:f7:31:e9:37:e7:f7:8b:33:4a:d4:eb:
                    07:05:f0:82:0e:15:fb:71:22:e6:19:50:18:a9:e8:
                    81:58:10:9d:92:3d:e5:c0:88:74:14:58:68:8f:d5:
                    f5:3c:28:40:c1:5d:7a:10:36:39:bb:e4:a3:f6:1a:
                    cd:40:26:9d:a1:dd:0d:07:ce:4c:8e:d4:4b:8d:91:
                    56:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:E3:64:88:42:CB:88:11:25:AB:2B:5D:17:01:F9:CD:25:97:7C:40
            X509v3 Authority Key Identifier:
                keyid:CA:90:D4:D2:12:5F:03:36:B5:39:8E:E0:99:77:29:6F:2E:40:92:B4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91580D2/EBC1AC2C184F11EDADBC3C65C4F9AE02/ypDU0hJfAza1OY7gmXcpby5AkrQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ypDU0hJfAza1OY7gmXcpby5AkrQ.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91580D2/EBC1AC2C184F11EDADBC3C65C4F9AE02/669326E68A3911ED93F4BA70C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.102.124.0/24

    Signature Algorithm: sha256WithRSAEncryption
         99:21:75:ab:ab:e9:76:cd:c6:78:c2:22:e4:f8:c7:ef:ee:aa:
         bf:26:82:ac:b9:50:c2:05:79:47:ef:76:de:0c:71:58:c5:43:
         c6:56:22:58:52:07:01:32:67:7a:b5:94:66:82:d3:5b:64:a2:
         2c:1a:31:02:8e:f7:37:07:ca:0b:44:ea:57:c0:e9:e8:0f:2f:
         60:d9:71:91:f8:1a:82:4d:29:bd:7f:36:69:24:41:7d:f4:f9:
         7b:fa:96:c3:b9:f5:93:32:8b:13:30:0b:16:a1:68:90:32:02:
         36:94:ab:61:f7:df:1e:d1:c0:1c:6a:db:f9:c4:d8:d3:0b:62:
         6c:bc:50:0d:9d:9a:ce:66:70:b6:11:4d:e9:6e:5c:a0:cf:ee:
         1e:24:8b:d3:83:59:c8:e8:50:f6:2b:ec:ad:64:05:6f:5b:1c:
         30:eb:b9:f1:e8:62:91:de:b7:1c:2e:61:75:f8:ae:8a:7f:33:
         87:94:83:6f:f3:ae:68:18:6d:36:60:5f:fd:6f:f9:2b:d0:bf:
         99:c8:a7:d0:9f:c0:f7:af:14:9e:45:c1:eb:a9:79:e1:22:14:
         d2:d6:5b:21:ec:4f:48:bd:d4:ac:66:b6:dc:69:98:d1:90:80:
         d7:bf:e9:ed:13:01:89:be:49:16:5e:08:17:e9:90:ca:7b:96:
         a0:b0:4b:8e
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICAKwwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NTgwRDIxMTAvBgNVBAUTKENBOTBENEQyMTI1RjAzMzZCNTM5OEVFMDk5NzcyOTZG
MkU0MDkyQjQwHhcNMjMwMTAyMDEwNDI2WhcNMjQwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02M2IyMmQ5YS1hOWI4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAoj58CBSj4VKWayNe5O991/g58ySxtRj5cx3zdfuErWhfkBWvnqgsRmbLzTxV
6T4f/MDVi40rzonaFaD5v+2GXzyPumEzO9igNK8mb0XucXEHfwf66t0vZlHB/iLX
rDsAV624junXSRwNpxspNQ9nez+PebGntJzctSYrZczqaugggZupmoVQQcAI5h3h
gSxQiNNIu8eZSpxZ3j/zEhl+HnV+kgyZtmSi9sKvRY2EBp+yLYFLodpY9zHpN+f3
izNK1OsHBfCCDhX7cSLmGVAYqeiBWBCdkj3lwIh0FFhoj9X1PChAwV16EDY5u+Sj
9hrNQCadod0NB85MjtRLjZFWKQIDAQABo4IClTCCApEwHQYDVR0OBBYEFAjjZIhC
y4gRJasrXRcB+c0ll3xAMB8GA1UdIwQYMBaAFMqQ1NISXwM2tTmO4Jl3KW8uQJK0
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1ODBEMi9FQkMxQUMyQzE4
NEYxMUVEQURCQzNDNjVDNEY5QUUwMi95cERVMGhKZkF6YTFPWTdnbVhjcGJ5NUFr
clEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3lwRFUwaEpmQXphMU9ZN2dtWGNwYnk1QWtyUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NTgwRDIvRUJDMUFDMkMxODRGMTFFREFEQkMzQzY1QzRGOUFFMDIvNjY5MzI2RTY4
QTM5MTFFRDkzRjRCQTcwQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBABnZnwwDQYJKoZIhvcNAQELBQADggEBAJkhdaur6XbNxnjC
IuT4x+/uqr8mgqy5UMIFeUfvdt4McVjFQ8ZWIlhSBwEyZ3q1lGaC01tkoiwaMQKO
9zcHygtE6lfA6egPL2DZcZH4GoJNKb1/NmkkQX30+Xv6lsO59ZMyixMwCxahaJAy
AjaUq2H33x7RwBxq2/nE2NMLYmy8UA2dms5mcLYRTeluXKDP7h4ki9ODWcjoUPYr
7K1kBW9bHDDrufHoYpHetxwuYXX4rop/M4eUg2/zrmgYbTZgX/1v+SvQv5nIp9Cf
wPevFJ5FweupeeEiFNLWWyHsT0i91KxmttxpmNGQgNe/6e0TAYm+SRZeCBfpkMp7
lqCwS44=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:06 2024 by rpki-client on console-ams.rpki-client.org