Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9164D60/9E0DE392B45F11EBB61B760CC4F9AE02/53B0BD967F2B11ECAE92BA72C4F9AE02.roa
File:                     53B0BD967F2B11ECAE92BA72C4F9AE02.roa (raw, json)
Hash identifier:          oNeSSBwre/7NbCn3M+EOGBayKDYAYuSOrAV9Y5s0uvA=
Subject key identifier:   32:96:26:37:7F:29:83:16:CC:56:C7:DA:06:A0:50:36:36:CA:54:63
Certificate issuer:       /CN=A9164D60/serialNumber=E0BA228EAF9812F067D2FF3BF806895698C93977
Certificate serial:       021A
Authority key identifier: E0:BA:22:8E:AF:98:12:F0:67:D2:FF:3B:F8:06:89:56:98:C9:39:77
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/4Loijq-YEvBn0v87-AaJVpjJOXc.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9164D60/9E0DE392B45F11EBB61B760CC4F9AE02/53B0BD967F2B11ECAE92BA72C4F9AE02.roa
Signing time:             Thu 27 Jan 2022 04:41:01 +0000
ROA not before:           Thu 27 Jan 2022 04:41:01 +0000
ROA not after:            Fri 30 Sep 2022 00:00:00 +0000
asID:                     397373
IP address blocks:        27.126.182.0/24 maxlen: 24
                          27.126.186.0/24 maxlen: 24
                          27.126.191.0/24 maxlen: 24
                          115.126.19.0/24 maxlen: 24
                          115.126.32.0/22 maxlen: 22
                          115.126.39.0/24 maxlen: 24
                          115.126.49.0/24 maxlen: 24
                          115.126.76.0/22 maxlen: 22
                          115.126.114.0/24 maxlen: 24
                          116.212.114.0/24 maxlen: 24
                          118.99.5.0/24 maxlen: 24
                          118.99.21.0/24 maxlen: 24
                          118.99.52.0/24 maxlen: 24
                          118.99.58.0/24 maxlen: 24
                          118.102.14.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 538 (0x21a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9164D60/serialNumber=E0BA228EAF9812F067D2FF3BF806895698C93977
        Validity
            Not Before: Jan 27 04:41:01 2022 GMT
            Not After : Sep 30 00:00:00 2022 GMT
        Subject: CN=61f2225c-d86a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:6c:67:a9:b1:cb:e0:8a:0d:2a:6c:ac:34:7e:
                    5e:d3:07:60:54:09:c1:1e:f8:fa:93:d5:35:dd:c7:
                    7e:17:ee:95:8e:ed:c3:b6:9e:0c:fd:a5:90:ec:0e:
                    87:ef:5c:d7:f3:4c:3e:8c:22:2d:a7:24:6b:76:98:
                    14:4d:4f:08:1f:9b:66:9a:38:ed:1f:c7:e8:d0:5b:
                    34:47:5b:9e:be:0d:0f:bb:09:27:bb:63:57:95:9b:
                    04:5b:d4:a2:66:a3:d2:84:d6:0a:f0:79:18:e9:51:
                    a3:3d:3b:ad:fb:05:44:bd:ef:f3:0a:b7:61:38:d2:
                    a5:29:ab:b3:ab:3d:4d:14:24:c0:28:14:0c:59:88:
                    2d:23:49:2a:81:57:e9:5f:ed:06:76:68:57:29:92:
                    67:da:03:f6:66:19:ba:46:7d:cd:e1:00:c9:c5:8f:
                    6d:37:0c:b8:a8:80:d7:5f:af:3c:7a:cf:b1:b6:b7:
                    d5:3d:16:3d:f3:ae:0c:33:2d:ea:12:7b:46:f7:84:
                    ca:a1:b4:98:dc:7f:07:a9:7c:d8:46:f2:59:d8:5c:
                    eb:ed:66:4c:c3:f6:63:1e:5b:05:7f:18:9e:68:f3:
                    3b:56:23:c7:04:e5:07:0b:a9:41:66:30:f0:36:a8:
                    37:ad:09:b2:7b:ca:46:38:36:55:aa:00:fa:f2:05:
                    8a:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:96:26:37:7F:29:83:16:CC:56:C7:DA:06:A0:50:36:36:CA:54:63
            X509v3 Authority Key Identifier:
                keyid:E0:BA:22:8E:AF:98:12:F0:67:D2:FF:3B:F8:06:89:56:98:C9:39:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9164D60/9E0DE392B45F11EBB61B760CC4F9AE02/4Loijq-YEvBn0v87-AaJVpjJOXc.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/4Loijq-YEvBn0v87-AaJVpjJOXc.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9164D60/9E0DE392B45F11EBB61B760CC4F9AE02/53B0BD967F2B11ECAE92BA72C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  27.126.182.0/24
                  27.126.186.0/24
                  27.126.191.0/24
                  115.126.19.0/24
                  115.126.32.0/22
                  115.126.39.0/24
                  115.126.49.0/24
                  115.126.76.0/22
                  115.126.114.0/24
                  116.212.114.0/24
                  118.99.5.0/24
                  118.99.21.0/24
                  118.99.52.0/24
                  118.99.58.0/24
                  118.102.14.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6e:4e:a9:3c:78:aa:2e:9c:46:0f:d7:bb:db:ef:99:9a:a0:14:
         00:ff:18:cc:43:01:56:d7:0c:d0:2a:c4:57:59:09:72:d3:e6:
         53:da:99:94:2d:48:1e:b3:4a:53:1f:5d:e9:d1:8a:57:46:c2:
         52:87:6d:22:7c:f0:be:5f:25:3e:64:64:0c:47:70:7c:d1:72:
         a7:da:00:82:4d:66:79:50:a0:3b:41:08:77:e4:97:86:7b:ff:
         c2:01:50:ad:66:cd:a1:34:e8:43:e6:88:36:59:1b:8a:e1:92:
         f1:c3:0e:e9:7f:f7:58:e7:8e:91:2a:dd:6f:cf:60:4d:28:f8:
         17:46:8a:b6:9e:ee:30:46:0a:3c:c7:6f:03:d7:ca:0e:d0:11:
         94:27:9c:18:ea:6a:f3:a0:19:af:5d:86:fa:34:25:b1:1c:a4:
         d9:a1:ae:75:9e:48:4f:78:1d:92:c9:32:b5:63:80:33:1d:44:
         84:75:7c:48:e2:7f:28:49:62:88:5a:00:05:62:8e:f7:4f:d4:
         95:96:7d:31:da:9e:b4:16:14:3c:b4:91:45:b4:cf:32:79:c5:
         de:ce:d7:f6:c5:6c:42:01:f2:93:c5:94:16:34:97:41:c7:c5:
         6b:34:88:b5:da:b1:b7:ff:bf:f5:b4:1f:a0:e1:e2:95:2c:df:
         6a:5f:e3:83
-----BEGIN CERTIFICATE-----
MIIFxTCCBK2gAwIBAgICAhowDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NjRENjAxMTAvBgNVBAUTKEUwQkEyMjhFQUY5ODEyRjA2N0QyRkYzQkY4MDY4OTU2
OThDOTM5NzcwHhcNMjIwMTI3MDQ0MTAxWhcNMjIwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02MWYyMjI1Yy1kODZhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA5GxnqbHL4IoNKmysNH5e0wdgVAnBHvj6k9U13cd+F+6Vju3Dtp4M/aWQ7A6H
71zX80w+jCItpyRrdpgUTU8IH5tmmjjtH8fo0Fs0R1uevg0Puwknu2NXlZsEW9Si
ZqPShNYK8HkY6VGjPTut+wVEve/zCrdhONKlKauzqz1NFCTAKBQMWYgtI0kqgVfp
X+0GdmhXKZJn2gP2Zhm6Rn3N4QDJxY9tNwy4qIDXX688es+xtrfVPRY9864MMy3q
EntG94TKobSY3H8HqXzYRvJZ2Fzr7WZMw/ZjHlsFfxieaPM7ViPHBOUHC6lBZjDw
Nqg3rQmye8pGODZVqgD68gWKCwIDAQABo4IC6TCCAuUwHQYDVR0OBBYEFDKWJjd/
KYMWzFbH2gagUDY2ylRjMB8GA1UdIwQYMBaAFOC6Io6vmBLwZ9L/O/gGiVaYyTl3
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE2NEQ2MC85RTBERTM5MkI0
NUYxMUVCQjYxQjc2MENDNEY5QUUwMi80TG9panEtWUV2Qm4wdjg3LUFhSlZwakpP
WGMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzRMb2lqcS1ZRXZCbjB2ODctQWFKVnBqSk9YYy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NjRENjAvOUUwREUzOTJCNDVGMTFFQkI2MUI3NjBDQzRGOUFFMDIvNTNCMEJEOTY3
RjJCMTFFQ0FFOTJCQTcyQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwcwYIKwYBBQUHAQcBAf8E
ZDBiMGAEAgABMFoDBAAbfrYDBAAbfroDBAAbfr8DBABzfhMDBAJzfiADBABzficD
BABzfjEDBAJzfkwDBABzfnIDBAB01HIDBAB2YwUDBAB2YxUDBAB2YzQDBAB2YzoD
BAB2Zg4wDQYJKoZIhvcNAQELBQADggEBAG5OqTx4qi6cRg/Xu9vvmZqgFAD/GMxD
AVbXDNAqxFdZCXLT5lPamZQtSB6zSlMfXenRildGwlKHbSJ88L5fJT5kZAxHcHzR
cqfaAIJNZnlQoDtBCHfkl4Z7/8IBUK1mzaE06EPmiDZZG4rhkvHDDul/91jnjpEq
3W/PYE0o+BdGirae7jBGCjzHbwPXyg7QEZQnnBjqavOgGa9dhvo0JbEcpNmhrnWe
SE94HZLJMrVjgDMdRIR1fEjifyhJYohaAAVijvdP1JWWfTHanrQWFDy0kUW0zzJ5
xd7O1/bFbEIB8pPFlBY0l0HHxWs0iLXasbf/v/W0H6Dh4pUs32pf44M=
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:09 2024 by rpki-client on console-fra.rpki-client.org