Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9158D75/7434940EF25E11E99130B181C4F9AE02/2297D4B0F26011E9B18CB084C4F9AE02.roa
File:                     2297D4B0F26011E9B18CB084C4F9AE02.roa (raw, json)
Hash identifier:          mKp4i4A8uVddxmAENDUnqhW53/dtgpRWu04ANgDfzyo=
Subject key identifier:   B2:5F:58:C1:5F:DF:A9:64:00:DC:4C:C3:8A:4C:F7:2D:6D:99:30:9C
Certificate issuer:       /CN=A9158D75/serialNumber=F4345C314D6EBEDEB45FE0755F8FFEACF363CB8A
Certificate serial:       0684
Authority key identifier: F4:34:5C:31:4D:6E:BE:DE:B4:5F:E0:75:5F:8F:FE:AC:F3:63:CB:8A
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/9DRcMU1uvt60X-B1X4_-rPNjy4o.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9158D75/7434940EF25E11E99130B181C4F9AE02/2297D4B0F26011E9B18CB084C4F9AE02.roa
Signing time:             Tue 13 Apr 2021 19:44:05 +0000
ROA not before:           Tue 13 Apr 2021 19:44:05 +0000
ROA not after:            Sat 28 May 2022 00:00:00 +0000
asID:                     58803
IP address blocks:        43.254.96.0/22 maxlen: 24
                          103.245.96.0/22 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1668 (0x684)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9158D75/serialNumber=F4345C314D6EBEDEB45FE0755F8FFEACF363CB8A
        Validity
            Not Before: Apr 13 19:44:05 2021 GMT
            Not After : May 28 00:00:00 2022 GMT
        Subject: CN=6075f485-126a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:ba:f6:a0:74:c4:62:1b:93:42:03:c4:c6:86:
                    39:2e:b5:dc:d3:64:18:46:bb:12:5a:6f:60:74:ac:
                    89:3a:4f:48:ed:65:97:9f:34:4a:69:ae:12:c6:c3:
                    ce:85:8b:d1:dd:44:9f:4b:d1:be:bb:98:21:9c:82:
                    14:c2:13:41:8f:9d:7a:4f:bc:ea:8f:74:15:5a:f9:
                    d2:e5:9c:cd:92:6c:53:62:53:bb:1c:8e:c2:3e:69:
                    ea:bb:93:99:ec:3a:55:bc:5c:83:6c:4c:3b:77:5b:
                    80:1c:e0:56:34:66:07:42:ef:03:14:38:f4:df:37:
                    67:3d:e3:25:34:54:b2:d3:a8:21:36:05:49:7b:8e:
                    5a:90:95:b3:d9:50:c1:37:b9:ca:50:4e:58:7e:17:
                    45:22:59:35:0a:c1:11:ed:62:f6:bb:83:18:4f:63:
                    b8:da:60:46:78:e7:7b:cf:4b:e6:ce:6b:7f:a4:0e:
                    f8:d7:7e:16:d9:51:50:5e:3e:c0:15:d2:c5:0e:ce:
                    d3:a7:a4:38:95:ae:df:7b:d4:0c:68:09:f3:0a:cc:
                    7b:e2:39:8c:bb:30:5a:e7:8c:95:9f:3f:f2:c8:c4:
                    90:30:75:25:3b:57:b3:88:a0:e1:f1:0e:22:a7:2f:
                    97:7b:03:cc:0b:a3:be:3a:c2:32:56:52:47:1f:e7:
                    1a:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:5F:58:C1:5F:DF:A9:64:00:DC:4C:C3:8A:4C:F7:2D:6D:99:30:9C
            X509v3 Authority Key Identifier:
                keyid:F4:34:5C:31:4D:6E:BE:DE:B4:5F:E0:75:5F:8F:FE:AC:F3:63:CB:8A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9158D75/7434940EF25E11E99130B181C4F9AE02/9DRcMU1uvt60X-B1X4_-rPNjy4o.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/9DRcMU1uvt60X-B1X4_-rPNjy4o.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9158D75/7434940EF25E11E99130B181C4F9AE02/2297D4B0F26011E9B18CB084C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.254.96.0/22
                  103.245.96.0/22

    Signature Algorithm: sha256WithRSAEncryption
         33:a9:e7:f9:78:48:b2:51:82:5c:3a:de:00:17:3a:db:20:07:
         d2:ad:48:24:66:2a:2b:5e:ce:3d:f0:3b:27:22:cc:0f:24:9c:
         27:2c:06:3a:19:51:e1:16:52:c0:ce:f0:6c:8f:22:5a:13:45:
         7d:39:f9:37:ff:fa:f4:ca:96:21:6c:22:6f:c7:b7:5c:8a:ed:
         8b:26:45:f1:93:fa:a5:4a:a5:65:73:3a:b2:37:9f:f2:3b:d5:
         ad:c3:60:4b:0c:db:60:99:9e:e8:83:79:32:47:91:40:d0:3e:
         72:3c:08:ab:39:3e:0c:95:3e:a3:a4:af:7f:3b:43:5a:7a:d3:
         e3:70:c0:0c:f2:3f:6a:96:ae:5e:d1:84:ad:d8:a7:f8:87:dd:
         bf:1a:03:23:be:af:f6:3e:8f:dc:4e:6e:59:a8:5c:cd:19:85:
         bc:50:a8:84:2f:7a:b1:2a:a5:6f:87:a8:a8:09:d1:53:a7:14:
         39:32:d8:e4:ec:ef:4c:76:ea:b2:32:9f:0e:f9:10:a6:d0:1f:
         14:7a:ea:14:07:93:36:35:55:6e:b6:06:74:cc:4f:b5:4d:31:
         dd:6a:8a:b6:88:d6:01:88:22:d1:a7:92:fe:cd:fd:82:a1:1b:
         ea:d0:01:9f:3f:9c:5e:35:a9:8f:ba:9b:8e:2c:b6:69:30:5c:
         e7:6b:72:d9
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICBoQwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NThENzUxMTAvBgNVBAUTKEY0MzQ1QzMxNEQ2RUJFREVCNDVGRTA3NTVGOEZGRUFD
RjM2M0NCOEEwHhcNMjEwNDEzMTk0NDA1WhcNMjIwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02MDc1ZjQ4NS0xMjZhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAwrr2oHTEYhuTQgPExoY5LrXc02QYRrsSWm9gdKyJOk9I7WWXnzRKaa4SxsPO
hYvR3USfS9G+u5ghnIIUwhNBj516T7zqj3QVWvnS5ZzNkmxTYlO7HI7CPmnqu5OZ
7DpVvFyDbEw7d1uAHOBWNGYHQu8DFDj03zdnPeMlNFSy06ghNgVJe45akJWz2VDB
N7nKUE5YfhdFIlk1CsER7WL2u4MYT2O42mBGeOd7z0vmzmt/pA74134W2VFQXj7A
FdLFDs7Tp6Q4la7fe9QMaAnzCsx74jmMuzBa54yVnz/yyMSQMHUlO1eziKDh8Q4i
py+XewPMC6O+OsIyVlJHH+cadQIDAQABo4ICmzCCApcwHQYDVR0OBBYEFLJfWMFf
36lkANxMw4pM9y1tmTCcMB8GA1UdIwQYMBaAFPQ0XDFNbr7etF/gdV+P/qzzY8uK
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1OEQ3NS83NDM0OTQwRUYy
NUUxMUU5OTEzMEIxODFDNEY5QUUwMi85RFJjTVUxdXZ0NjBYLUIxWDRfLXJQTmp5
NG8uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzlEUmNNVTF1dnQ2MFgtQjFYNF8tclBOank0by5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NThENzUvNzQzNDk0MEVGMjVFMTFFOTkxMzBCMTgxQzRGOUFFMDIvMjI5N0Q0QjBG
MjYwMTFFOUIxOENCMDg0QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBAIr/mADBAJn9WAwDQYJKoZIhvcNAQELBQADggEBADOp5/l4
SLJRglw63gAXOtsgB9KtSCRmKitezj3wOycizA8knCcsBjoZUeEWUsDO8GyPIloT
RX05+Tf/+vTKliFsIm/Ht1yK7YsmRfGT+qVKpWVzOrI3n/I71a3DYEsM22CZnuiD
eTJHkUDQPnI8CKs5PgyVPqOkr387Q1p60+NwwAzyP2qWrl7RhK3Yp/iH3b8aAyO+
r/Y+j9xOblmoXM0ZhbxQqIQverEqpW+HqKgJ0VOnFDky2OTs70x26rIynw75EKbQ
HxR66hQHkzY1VW62BnTMT7VNMd1qiraI1gGIItGnkv7N/YKhG+rQAZ8/nF41qY+6
m44stmkwXOdrctk=
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:07 2024 by rpki-client on console-fra.rpki-client.org