Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9186C05/7E16E59AEFD911EDBC545971C4F9AE02/70BC9644EFE111ED81AE706DC4F9AE02.roa
File:                     70BC9644EFE111ED81AE706DC4F9AE02.roa (raw, json)
Hash identifier:          g/h/7POWgsVxie6/+BQAT4SS8Fr63Q4lRz8hhbc65Wc=
Subject key identifier:   78:E0:8C:88:EA:79:99:59:AE:C2:E9:E6:8A:30:74:99:58:A2:A8:26
Certificate issuer:       /CN=A9186C05/serialNumber=A8F4A4D78517110D7B180A5E371B9805C625230B
Certificate serial:       02
Authority key identifier: A8:F4:A4:D7:85:17:11:0D:7B:18:0A:5E:37:1B:98:05:C6:25:23:0B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/qPSk14UXEQ17GApeNxuYBcYlIws.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9186C05/7E16E59AEFD911EDBC545971C4F9AE02/70BC9644EFE111ED81AE706DC4F9AE02.roa
Signing time:             Thu 11 May 2023 09:51:46 +0000
ROA not before:           Thu 11 May 2023 09:51:46 +0000
ROA not after:            Tue 31 Oct 2023 00:00:00 +0000
asID:                     136993
IP address blocks:        103.69.132.0/22 maxlen: 22
                          116.66.176.0/24 maxlen: 24
                          116.66.177.0/24 maxlen: 24
                          116.66.178.0/24 maxlen: 24
                          116.66.179.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9186C05/serialNumber=A8F4A4D78517110D7B180A5E371B9805C625230B
        Validity
            Not Before: May 11 09:51:46 2023 GMT
            Not After : Oct 31 00:00:00 2023 GMT
        Subject: CN=645cbab2-7f39
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:6d:aa:9d:27:5d:a2:2a:a7:e8:43:e6:35:13:
                    db:4f:48:7f:c3:61:ba:5e:56:83:f2:2c:07:40:a5:
                    fa:c8:d1:cf:7b:73:98:88:cb:5f:2d:8a:de:f2:21:
                    33:01:25:5b:ec:93:5b:0c:d4:fa:02:f5:30:5c:90:
                    c2:14:c5:5d:83:d6:8d:09:ac:b0:d1:66:56:77:1a:
                    90:d1:6a:19:09:0e:98:96:11:d4:e6:59:4a:65:0a:
                    67:92:22:fd:eb:cf:93:d3:fa:0b:23:45:e1:e0:c6:
                    3f:27:f7:05:d2:fe:e4:56:bc:38:9d:17:20:10:05:
                    cb:78:c5:45:8f:3c:bb:b2:2e:5c:44:a7:1b:39:ba:
                    bd:af:ef:b1:a6:7f:d8:5f:b4:a5:72:84:f1:23:e7:
                    7a:40:77:74:2f:50:05:bf:80:41:19:1f:d5:bf:69:
                    74:b8:e3:76:89:1a:a4:be:43:b9:8b:cb:6c:67:1b:
                    d6:06:92:e9:06:56:82:57:d9:8c:4f:c5:b3:c5:62:
                    80:07:dc:b7:36:9d:f1:b2:03:56:34:dc:d5:f9:30:
                    9f:d2:5d:bf:0f:79:da:34:3b:66:b1:2c:0d:e6:85:
                    49:aa:38:38:1a:f2:62:7a:c7:33:97:f2:13:77:db:
                    e5:4b:1b:0d:04:db:29:e5:8a:12:61:6c:66:3c:40:
                    1f:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:E0:8C:88:EA:79:99:59:AE:C2:E9:E6:8A:30:74:99:58:A2:A8:26
            X509v3 Authority Key Identifier:
                keyid:A8:F4:A4:D7:85:17:11:0D:7B:18:0A:5E:37:1B:98:05:C6:25:23:0B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9186C05/7E16E59AEFD911EDBC545971C4F9AE02/qPSk14UXEQ17GApeNxuYBcYlIws.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/qPSk14UXEQ17GApeNxuYBcYlIws.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9186C05/7E16E59AEFD911EDBC545971C4F9AE02/70BC9644EFE111ED81AE706DC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.69.132.0/22
                  116.66.176.0/22

    Signature Algorithm: sha256WithRSAEncryption
         00:b4:42:d1:4f:ff:46:d8:55:93:72:ce:38:ca:e4:8a:9f:8c:
         51:8e:2a:fe:67:fc:60:a3:7f:a9:7a:16:05:73:5e:c0:e1:f7:
         01:ad:aa:1d:37:fa:ad:8e:9a:5d:84:b7:b8:40:6a:6c:c3:65:
         56:a7:64:1e:d9:b3:1b:05:57:7c:82:aa:ba:36:5c:3b:16:24:
         f6:96:e0:c5:2e:d3:15:8c:c5:12:e1:45:6f:95:6d:25:cf:2d:
         dc:77:6c:a8:20:fc:39:be:e3:53:61:ea:1b:a0:38:96:e0:82:
         48:2d:f8:4e:d7:25:c5:23:8c:0c:46:bb:e0:31:8d:0e:48:61:
         13:99:67:e8:15:23:91:9c:8c:12:4a:8d:56:f9:a5:ac:99:41:
         6a:52:33:a5:6c:7c:2f:a0:4f:56:3b:aa:cf:f6:21:5f:63:0b:
         a4:8e:7c:3e:fc:29:24:16:a8:0e:58:cd:49:7a:cd:e2:b5:40:
         87:92:ef:48:80:ad:fa:da:77:a0:ec:3c:59:2e:2f:b7:38:4d:
         48:62:a0:5c:6b:0a:f8:40:ce:d8:c4:6a:2e:b6:58:3a:94:78:
         fe:01:fb:7a:15:7e:10:42:95:9e:8b:62:8a:a4:b2:ee:4e:73:
         e8:4d:43:31:8a:67:8c:60:79:6c:16:25:66:5c:3e:92:63:5f:
         e4:37:ba:b9
-----BEGIN CERTIFICATE-----
MIIFdjCCBF6gAwIBAgIBAjANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTE4
NkMwNTExMC8GA1UEBRMoQThGNEE0RDc4NTE3MTEwRDdCMTgwQTVFMzcxQjk4MDVD
NjI1MjMwQjAeFw0yMzA1MTEwOTUxNDZaFw0yMzEwMzEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY0NWNiYWIyLTdmMzkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDBbaqdJ12iKqfoQ+Y1E9tPSH/DYbpeVoPyLAdApfrI0c97c5iIy18tit7yITMB
JVvsk1sM1PoC9TBckMIUxV2D1o0JrLDRZlZ3GpDRahkJDpiWEdTmWUplCmeSIv3r
z5PT+gsjReHgxj8n9wXS/uRWvDidFyAQBct4xUWPPLuyLlxEpxs5ur2v77Gmf9hf
tKVyhPEj53pAd3QvUAW/gEEZH9W/aXS443aJGqS+Q7mLy2xnG9YGkukGVoJX2YxP
xbPFYoAH3Lc2nfGyA1Y03NX5MJ/SXb8Pedo0O2axLA3mhUmqODga8mJ6xzOX8hN3
2+VLGw0E2ynlihJhbGY8QB8BAgMBAAGjggKbMIIClzAdBgNVHQ4EFgQUeOCMiOp5
mVmuwunmijB0mViiqCYwHwYDVR0jBBgwFoAUqPSk14UXEQ17GApeNxuYBcYlIwsw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTg2QzA1LzdFMTZFNTlBRUZE
OTExRURCQzU0NTk3MUM0RjlBRTAyL3FQU2sxNFVYRVExN0dBcGVOeHVZQmNZbEl3
cy5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvcVBTazE0VVhFUTE3R0FwZU54dVlCY1lsSXdzLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4
NkMwNS83RTE2RTU5QUVGRDkxMUVEQkM1NDU5NzFDNEY5QUUwMi83MEJDOTY0NEVG
RTExMUVEODFBRTcwNkRDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAlBggrBgEFBQcBBwEB/wQW
MBQwEgQCAAEwDAMEAmdFhAMEAnRCsDANBgkqhkiG9w0BAQsFAAOCAQEAALRC0U//
RthVk3LOOMrkip+MUY4q/mf8YKN/qXoWBXNewOH3Aa2qHTf6rY6aXYS3uEBqbMNl
VqdkHtmzGwVXfIKqujZcOxYk9pbgxS7TFYzFEuFFb5VtJc8t3HdsqCD8Ob7jU2Hq
G6A4luCCSC34TtclxSOMDEa74DGNDkhhE5ln6BUjkZyMEkqNVvmlrJlBalIzpWx8
L6BPVjuqz/YhX2MLpI58PvwpJBaoDljNSXrN4rVAh5LvSICt+tp3oOw8WS4vtzhN
SGKgXGsK+EDO2MRqLrZYOpR4/gH7ehV+EEKVnotiiqSy7k5z6E1DMYpnjGB5bBYl
Zlw+kmNf5De6uQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:14 2024 by rpki-client on console-fra.rpki-client.org