Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9188F6D/9A5B1A9EF66A11E9BF50697AC4F9AE02/EA90642CD1E911EBA8B7520DC4F9AE02.roa
File:                     EA90642CD1E911EBA8B7520DC4F9AE02.roa (raw, json)
Hash identifier:          lV/Yz9WomVNcqRn4eQQObT731Z5dVCsRJvFU5FA+UfI=
Subject key identifier:   94:B7:56:10:5A:AC:E3:FC:96:A0:71:FA:80:BA:BC:50:18:C0:DA:AE
Certificate issuer:       /CN=A9188F6D/serialNumber=FD06B1508557F65F68CCBA3C203ECAAD075DD19B
Certificate serial:       070D
Authority key identifier: FD:06:B1:50:85:57:F6:5F:68:CC:BA:3C:20:3E:CA:AD:07:5D:D1:9B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_QaxUIVX9l9ozLo8ID7KrQdd0Zs.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9188F6D/9A5B1A9EF66A11E9BF50697AC4F9AE02/EA90642CD1E911EBA8B7520DC4F9AE02.roa
Signing time:             Tue 22 Jun 2021 07:27:09 +0000
ROA not before:           Tue 22 Jun 2021 07:27:09 +0000
ROA not after:            Sun 01 May 2022 00:00:00 +0000
asID:                     137453
IP address blocks:        103.109.92.0/24 maxlen: 24
                          103.109.93.0/24 maxlen: 24
                          103.109.95.0/24 maxlen: 24
                          103.214.201.0/24 maxlen: 24
                          103.214.202.0/24 maxlen: 24
                          144.48.151.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1805 (0x70d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9188F6D/serialNumber=FD06B1508557F65F68CCBA3C203ECAAD075DD19B
        Validity
            Not Before: Jun 22 07:27:09 2021 GMT
            Not After : May  1 00:00:00 2022 GMT
        Subject: CN=60d190cc-b1c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:e7:69:77:b2:73:e1:ff:1e:a0:08:55:b5:0f:
                    26:d9:95:a4:49:19:8a:80:e3:db:d5:1e:c4:8b:2c:
                    0f:05:39:f4:6c:02:ad:b2:72:1b:6c:3f:5c:4c:b1:
                    30:7c:cd:87:82:e8:b0:d3:42:4e:68:83:e6:38:1c:
                    08:f2:8f:12:fd:25:be:82:b9:28:df:7f:02:ba:a1:
                    93:de:4f:8d:04:76:fd:96:1a:f0:fe:72:08:eb:b0:
                    9e:28:c7:39:d6:85:04:b2:c2:87:5f:da:44:bf:ba:
                    4e:58:04:3a:57:61:96:63:2d:cc:be:f7:3e:04:08:
                    34:ff:c2:ba:a5:30:45:77:10:38:f8:14:65:f0:c3:
                    1a:09:b1:28:df:5c:39:61:83:d9:0f:54:fe:28:b5:
                    c3:af:5f:38:9e:df:b3:5a:e2:11:1e:4d:2e:fc:ce:
                    1e:b8:16:0b:73:8d:62:98:68:08:a8:3f:6d:22:a1:
                    24:cf:e1:a0:33:d0:67:19:89:be:47:34:11:fb:89:
                    4b:e8:f7:d3:aa:6d:e3:0e:72:6c:0e:2a:7e:3e:47:
                    fc:7f:bc:b7:72:ca:22:4d:24:8b:c4:be:6d:3d:61:
                    f6:9b:34:5c:37:25:4d:cf:bd:81:92:9f:99:a1:6a:
                    31:c6:73:13:b8:be:81:76:ce:71:f7:b9:3c:ad:64:
                    6e:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:B7:56:10:5A:AC:E3:FC:96:A0:71:FA:80:BA:BC:50:18:C0:DA:AE
            X509v3 Authority Key Identifier:
                keyid:FD:06:B1:50:85:57:F6:5F:68:CC:BA:3C:20:3E:CA:AD:07:5D:D1:9B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9188F6D/9A5B1A9EF66A11E9BF50697AC4F9AE02/_QaxUIVX9l9ozLo8ID7KrQdd0Zs.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_QaxUIVX9l9ozLo8ID7KrQdd0Zs.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9188F6D/9A5B1A9EF66A11E9BF50697AC4F9AE02/EA90642CD1E911EBA8B7520DC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.109.92.0/23
                  103.109.95.0/24
                  103.214.201.0-103.214.202.255
                  144.48.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:07:49:1c:d6:c9:b1:90:51:d5:dd:4f:83:f2:68:6c:2d:26:
         db:76:a5:9b:64:7c:0e:a5:eb:63:f5:28:f9:ea:75:27:56:c6:
         d1:40:25:80:a5:c6:4d:c8:b7:c4:fa:51:f9:d4:e1:ad:9d:87:
         54:2d:42:4c:64:7e:22:4f:39:10:c5:de:8d:07:0e:b2:0f:ae:
         40:22:b8:c0:ca:27:51:2c:83:e2:ff:40:60:58:34:02:ef:6b:
         8a:5f:74:ef:6b:3c:5c:06:2b:9c:d2:c3:a7:81:2f:57:90:06:
         67:67:60:f0:ca:36:01:bc:ed:e1:30:0c:cb:4e:c0:2f:20:23:
         2b:ea:e8:e3:ce:2a:87:9e:53:35:05:37:5f:76:66:c8:9c:ea:
         b0:ef:de:79:9d:16:d4:56:55:03:ca:47:8e:56:d9:e5:4d:ea:
         d5:02:db:30:72:92:ba:d5:15:c9:7b:14:60:6f:5b:14:f0:f9:
         75:48:bd:37:b8:0c:48:bd:d0:35:5c:2d:65:b9:47:f3:35:5d:
         1d:31:9c:0f:35:79:c7:78:69:f9:b4:10:c7:53:a4:2c:1e:a3:
         0f:94:99:d4:1a:11:52:e8:bb:1f:1e:df:f1:5d:09:d3:e8:54:
         67:fa:69:0e:31:b9:f9:9c:76:86:89:bf:f0:0d:17:5c:fc:91:
         94:e2:14:5b
-----BEGIN CERTIFICATE-----
MIIFizCCBHOgAwIBAgICBw0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
ODhGNkQxMTAvBgNVBAUTKEZEMDZCMTUwODU1N0Y2NUY2OENDQkEzQzIwM0VDQUFE
MDc1REQxOUIwHhcNMjEwNjIyMDcyNzA5WhcNMjIwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MGQxOTBjYy1iMWM3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAvudpd7Jz4f8eoAhVtQ8m2ZWkSRmKgOPb1R7EiywPBTn0bAKtsnIbbD9cTLEw
fM2Hguiw00JOaIPmOBwI8o8S/SW+grko338CuqGT3k+NBHb9lhrw/nII67CeKMc5
1oUEssKHX9pEv7pOWAQ6V2GWYy3Mvvc+BAg0/8K6pTBFdxA4+BRl8MMaCbEo31w5
YYPZD1T+KLXDr184nt+zWuIRHk0u/M4euBYLc41imGgIqD9tIqEkz+GgM9BnGYm+
RzQR+4lL6PfTqm3jDnJsDip+Pkf8f7y3csoiTSSLxL5tPWH2mzRcNyVNz72Bkp+Z
oWoxxnMTuL6Bds5x97k8rWRuMQIDAQABo4ICrzCCAqswHQYDVR0OBBYEFJS3VhBa
rOP8lqBx+oC6vFAYwNquMB8GA1UdIwQYMBaAFP0GsVCFV/ZfaMy6PCA+yq0HXdGb
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4OEY2RC85QTVCMUE5RUY2
NkExMUU5QkY1MDY5N0FDNEY5QUUwMi9fUWF4VUlWWDlsOW96TG84SUQ3S3JRZGQw
WnMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL19RYXhVSVZYOWw5b3pMbzhJRDdLclFkZDBacy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
ODhGNkQvOUE1QjFBOUVGNjZBMTFFOUJGNTA2OTdBQzRGOUFFMDIvRUE5MDY0MkNE
MUU5MTFFQkE4Qjc1MjBEQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwOQYIKwYBBQUHAQcBAf8E
KjAoMCYEAgABMCADBAFnbVwDBABnbV8wDAMEAGfWyQMEAGfWygMEAJAwlzANBgkq
hkiG9w0BAQsFAAOCAQEAmwdJHNbJsZBR1d1Pg/JobC0m23alm2R8DqXrY/Uo+ep1
J1bG0UAlgKXGTci3xPpR+dThrZ2HVC1CTGR+Ik85EMXejQcOsg+uQCK4wMonUSyD
4v9AYFg0Au9ril9072s8XAYrnNLDp4EvV5AGZ2dg8Mo2Abzt4TAMy07ALyAjK+ro
484qh55TNQU3X3ZmyJzqsO/eeZ0W1FZVA8pHjlbZ5U3q1QLbMHKSutUVyXsUYG9b
FPD5dUi9N7gMSL3QNVwtZblH8zVdHTGcDzV5x3hp+bQQx1OkLB6jD5SZ1BoRUui7
Hx7f8V0J0+hUZ/ppDjG5+Zx2hom/8A0XXPyRlOIUWw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:14 2024 by rpki-client on console-fra.rpki-client.org