Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A916A983/0E082E72CD0F11E89D9FF165C4F9AE02/00C598F2DF3511ED8FBA823DC4F9AE02.roa
File:                     00C598F2DF3511ED8FBA823DC4F9AE02.roa (raw, json)
Hash identifier:          Tlk/yv2DzWpzOMMqx8ZO6yJZvpMdsdxiCIs6rk5vWFs=
Subject key identifier:   C1:C3:B3:93:2B:F6:CF:AD:F8:D9:8C:D1:31:BC:C5:CE:8F:28:55:33
Certificate issuer:       /CN=A916A983/serialNumber=88D87B102F5C2771C367064E2049B68A903C71B5
Certificate serial:       1183
Authority key identifier: 88:D8:7B:10:2F:5C:27:71:C3:67:06:4E:20:49:B6:8A:90:3C:71:B5
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/iNh7EC9cJ3HDZwZOIEm2ipA8cbU.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A916A983/0E082E72CD0F11E89D9FF165C4F9AE02/00C598F2DF3511ED8FBA823DC4F9AE02.roa
Signing time:             Thu 20 Apr 2023 04:37:06 +0000
ROA not before:           Thu 20 Apr 2023 04:37:06 +0000
ROA not after:            Sat 30 Sep 2023 00:00:00 +0000
asID:                     1221
IP address blocks:        137.147.0.0/16 maxlen: 16
                          138.130.0.0/16 maxlen: 16
                          138.217.0.0/16 maxlen: 16
                          139.130.0.0/16 maxlen: 16
                          139.134.0.0/16 maxlen: 16
                          139.168.0.0/16 maxlen: 16
                          143.238.0.0/16 maxlen: 16
                          144.130.0.0/15 maxlen: 15
                          144.130.0.0/17 maxlen: 17
                          144.130.144.0/20 maxlen: 20
                          144.130.160.0/19 maxlen: 19
                          144.130.192.0/18 maxlen: 18
                          144.131.0.0/16 maxlen: 16
                          144.132.0.0/14 maxlen: 14
                          144.136.0.0/15 maxlen: 15
                          144.139.0.0/16 maxlen: 16
                          144.140.0.0/16 maxlen: 16
                          147.69.0.0/16 maxlen: 16
                          149.135.0.0/16 maxlen: 16
                          165.228.0.0/16 maxlen: 16
                          192.67.84.0/24 maxlen: 24
                          192.70.219.0/24 maxlen: 24
                          192.73.66.0/24 maxlen: 24
                          192.74.139.0/24 maxlen: 24
                          192.74.140.0/22 maxlen: 26
                          192.74.144.0/20 maxlen: 20
                          192.74.160.0/19 maxlen: 19
                          192.74.192.0/20 maxlen: 20
                          192.74.208.0/24 maxlen: 24
                          192.82.143.0/24 maxlen: 24
                          192.111.105.0/24 maxlen: 24
                          192.131.27.0/24 maxlen: 24
                          192.131.28.0/23 maxlen: 23
                          192.131.30.0/24 maxlen: 24
                          192.148.116.0/22 maxlen: 22
                          192.148.120.0/21 maxlen: 21
                          192.148.128.0/19 maxlen: 19
                          192.148.160.0/22 maxlen: 22
                          192.148.164.0/23 maxlen: 23

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4483 (0x1183)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A916A983/serialNumber=88D87B102F5C2771C367064E2049B68A903C71B5
        Validity
            Not Before: Apr 20 04:37:06 2023 GMT
            Not After : Sep 30 00:00:00 2023 GMT
        Subject: CN=6440c172-ddcf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:98:d7:1e:2c:f1:fe:a2:2c:a0:e3:9e:fa:e5:
                    63:92:74:3a:27:09:77:bf:e0:c0:da:b9:d5:90:d1:
                    69:c8:ff:02:bc:cb:60:ff:cf:1c:24:5a:00:4b:8d:
                    74:43:49:f1:20:fc:5f:5e:6e:24:f0:cd:77:a7:9e:
                    1a:8b:82:26:2f:20:43:0f:22:a4:f0:0e:01:6a:1e:
                    3a:10:8f:33:a1:64:4c:3e:24:d2:cf:eb:3f:06:1f:
                    57:16:4f:c9:58:cb:12:f7:39:9c:dd:95:26:da:40:
                    44:70:5d:95:2d:eb:61:cc:c7:28:dd:0a:0d:1c:39:
                    82:51:dc:73:62:fb:31:52:46:6e:eb:f0:cf:9f:b1:
                    31:f3:01:b4:2f:19:71:bf:18:20:2b:6d:b0:15:f6:
                    cf:58:a3:29:e3:cb:bc:bb:68:85:56:8e:dd:75:31:
                    e6:b9:f8:31:4a:93:49:80:13:62:50:bf:62:08:5a:
                    0d:22:24:eb:ac:d7:df:cc:85:a7:c3:ae:36:61:3d:
                    c0:d0:e1:9b:a0:15:df:04:b8:bb:d7:dd:df:df:fb:
                    18:5f:2b:51:ea:a4:b7:c7:38:d5:9b:fa:71:0f:80:
                    8a:17:5c:cf:2d:16:e1:b4:d7:74:36:9c:58:7e:1a:
                    92:8b:0d:ad:86:86:3b:62:70:52:5b:05:fd:6a:25:
                    cc:bf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C1:C3:B3:93:2B:F6:CF:AD:F8:D9:8C:D1:31:BC:C5:CE:8F:28:55:33
            X509v3 Authority Key Identifier:
                keyid:88:D8:7B:10:2F:5C:27:71:C3:67:06:4E:20:49:B6:8A:90:3C:71:B5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A916A983/0E082E72CD0F11E89D9FF165C4F9AE02/iNh7EC9cJ3HDZwZOIEm2ipA8cbU.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/iNh7EC9cJ3HDZwZOIEm2ipA8cbU.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A916A983/0E082E72CD0F11E89D9FF165C4F9AE02/00C598F2DF3511ED8FBA823DC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  137.147.0.0/16
                  138.130.0.0/16
                  138.217.0.0/16
                  139.130.0.0/16
                  139.134.0.0/16
                  139.168.0.0/16
                  143.238.0.0/16
                  144.130.0.0-144.137.255.255
                  144.139.0.0-144.140.255.255
                  147.69.0.0/16
                  149.135.0.0/16
                  165.228.0.0/16
                  192.67.84.0/24
                  192.70.219.0/24
                  192.73.66.0/24
                  192.74.139.0-192.74.208.255
                  192.82.143.0/24
                  192.111.105.0/24
                  192.131.27.0-192.131.30.255
                  192.148.116.0-192.148.165.255

    Signature Algorithm: sha256WithRSAEncryption
         89:3d:5c:a9:67:eb:5d:59:36:2c:88:88:9b:1d:43:eb:0c:de:
         cd:d6:a4:87:48:65:1c:3f:72:64:0f:14:d1:70:a9:dc:37:96:
         b5:3c:2c:6e:68:bd:8f:a9:98:f8:a1:93:c4:a7:0f:b4:96:01:
         1e:0f:a1:cc:90:59:86:4e:e9:08:31:44:e6:fe:d6:ff:01:50:
         45:88:89:f8:56:2b:8f:19:47:db:31:5f:0a:8b:e7:fc:b3:7c:
         36:c1:44:b7:43:23:ec:d5:08:1d:7f:d8:0a:82:e2:09:e7:50:
         bd:d3:e9:9f:b1:8d:37:6a:df:e3:d3:37:6f:45:78:f1:bd:95:
         1a:78:4d:ca:80:ee:be:15:1a:67:09:3e:1a:11:a2:bd:38:30:
         2a:36:d8:d3:2b:b2:39:fa:48:74:0e:04:4f:39:a9:72:9e:6f:
         a5:ee:0f:7a:bf:71:c9:44:dd:65:0e:f7:77:6d:12:0d:4b:7a:
         50:6d:33:6e:c8:5c:8a:af:c4:c4:a2:4c:c5:40:05:60:d1:47:
         84:fa:2f:cc:70:78:a9:de:d7:ea:d6:cd:5f:37:10:cc:3f:fb:
         5f:95:69:ed:c2:bf:2f:27:8d:39:41:fb:7f:dd:0f:87:ce:88:
         6f:06:66:74:3e:87:95:5f:98:8d:63:1c:91:9c:11:f5:47:b3:
         b8:99:71:e2
-----BEGIN CERTIFICATE-----
MIIGAjCCBOqgAwIBAgICEYMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NkE5ODMxMTAvBgNVBAUTKDg4RDg3QjEwMkY1QzI3NzFDMzY3MDY0RTIwNDlCNjhB
OTAzQzcxQjUwHhcNMjMwNDIwMDQzNzA2WhcNMjMwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDQwYzE3Mi1kZGNmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAzpjXHizx/qIsoOOe+uVjknQ6Jwl3v+DA2rnVkNFpyP8CvMtg/88cJFoAS410
Q0nxIPxfXm4k8M13p54ai4ImLyBDDyKk8A4Bah46EI8zoWRMPiTSz+s/Bh9XFk/J
WMsS9zmc3ZUm2kBEcF2VLethzMco3QoNHDmCUdxzYvsxUkZu6/DPn7Ex8wG0Lxlx
vxggK22wFfbPWKMp48u8u2iFVo7ddTHmufgxSpNJgBNiUL9iCFoNIiTrrNffzIWn
w642YT3A0OGboBXfBLi7193f3/sYXytR6qS3xzjVm/pxD4CKF1zPLRbhtNd0NpxY
fhqSiw2thoY7YnBSWwX9aiXMvwIDAQABo4IDJjCCAyIwHQYDVR0OBBYEFMHDs5Mr
9s+t+NmM0TG8xc6PKFUzMB8GA1UdIwQYMBaAFIjYexAvXCdxw2cGTiBJtoqQPHG1
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE2QTk4My8wRTA4MkU3MkNE
MEYxMUU4OUQ5RkYxNjVDNEY5QUUwMi9pTmg3RUM5Y0ozSERad1pPSUVtMmlwQThj
YlUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL2lOaDdFQzljSjNIRFp3Wk9JRW0yaXBBOGNiVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NkE5ODMvMEUwODJFNzJDRDBGMTFFODlEOUZGMTY1QzRGOUFFMDIvMDBDNTk4RjJE
RjM1MTFFRDhGQkE4MjNEQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwga8GCCsGAQUFBwEHAQH/
BIGfMIGcMIGZBAIAATCBkgMDAImTAwMAioIDAwCK2QMDAIuCAwMAi4YDAwCLqAMD
AI/uMAoDAwGQggMDAZCIMAoDAwCQiwMDAJCMAwMAk0UDAwCVhwMDAKXkAwQAwENU
AwQAwEbbAwQAwElCMAwDBADASosDBADAStADBADAUo8DBADAb2kwDAMEAMCDGwME
AMCDHjAMAwQCwJR0AwQBwJSkMA0GCSqGSIb3DQEBCwUAA4IBAQCJPVypZ+tdWTYs
iIibHUPrDN7N1qSHSGUcP3JkDxTRcKncN5a1PCxuaL2PqZj4oZPEpw+0lgEeD6HM
kFmGTukIMUTm/tb/AVBFiIn4ViuPGUfbMV8Ki+f8s3w2wUS3QyPs1Qgdf9gKguIJ
51C90+mfsY03at/j0zdvRXjxvZUaeE3KgO6+FRpnCT4aEaK9ODAqNtjTK7I5+kh0
DgRPOalynm+l7g96v3HJRN1lDvd3bRINS3pQbTNuyFyKr8TEokzFQAVg0UeE+i/M
cHip3tfq1s1fNxDMP/tflWntwr8vJ405Qft/3Q+HzohvBmZ0PoeVX5iNYxyRnBH1
R7O4mXHi
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:10 2024 by rpki-client on console-fra.rpki-client.org