Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A918A996/32C68A5E279811EEBD8DC55FC4F9AE02/A125ED66279B11EE87C1AC7FC4F9AE02.roa
File:                     A125ED66279B11EE87C1AC7FC4F9AE02.roa (raw, json)
Hash identifier:          e+uts/la6dHjIZal7QHFCNcFC3oEktbJzrIOkOqVhsI=
Subject key identifier:   FB:F5:91:C5:C5:CE:5C:E6:0B:88:95:F9:A8:BA:0A:C5:FE:C1:29:11
Certificate issuer:       /CN=A918A996/serialNumber=8386BE861BDBDB6D0165087DC044A07FA4D4F089
Certificate serial:       02
Authority key identifier: 83:86:BE:86:1B:DB:DB:6D:01:65:08:7D:C0:44:A0:7F:A4:D4:F0:89
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/g4a-hhvb220BZQh9wESgf6TU8Ik.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A918A996/32C68A5E279811EEBD8DC55FC4F9AE02/A125ED66279B11EE87C1AC7FC4F9AE02.roa
Signing time:             Fri 21 Jul 2023 07:53:07 +0000
ROA not before:           Fri 21 Jul 2023 07:53:07 +0000
ROA not after:            Sun 31 Mar 2024 00:00:00 +0000
asID:                     10118
IP address blocks:        117.103.144.0/20 maxlen: 24
                          180.188.128.0/18 maxlen: 18
                          180.188.144.0/20 maxlen: 20
                          180.188.176.0/24 maxlen: 24
                          180.188.180.0/22 maxlen: 22
                          180.188.184.0/22 maxlen: 22
                          180.188.188.0/22 maxlen: 22

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A918A996/serialNumber=8386BE861BDBDB6D0165087DC044A07FA4D4F089
        Validity
            Not Before: Jul 21 07:53:07 2023 GMT
            Not After : Mar 31 00:00:00 2024 GMT
        Subject: CN=64ba3963-69e7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:bc:53:4c:4d:41:7a:bb:19:dc:40:a1:82:7b:
                    0f:f5:ed:2e:b9:c1:20:fb:5d:84:ed:d8:15:98:20:
                    83:81:b9:0d:bd:41:34:27:92:9f:db:b6:d0:21:33:
                    af:bf:83:cc:3a:1c:f0:c6:01:cb:70:da:47:58:7c:
                    c1:c1:5b:9e:86:8c:b5:1a:fb:ce:15:68:ed:90:e2:
                    e1:4f:a9:cd:dc:a0:f4:11:66:12:c7:b4:f0:85:69:
                    07:0c:88:0c:3b:86:ef:e2:cb:bd:00:74:ea:9b:ac:
                    51:aa:a0:23:f5:e2:e0:e1:1e:2a:97:27:70:1f:f9:
                    c8:3a:08:0f:88:0a:48:f2:2f:97:f4:54:ee:d7:56:
                    81:f6:74:c8:10:de:e3:ea:a2:85:fc:fc:1f:08:32:
                    85:fb:04:fc:7f:fe:dd:5c:44:dd:6f:11:b8:49:8b:
                    7d:a0:8b:2f:ed:20:27:97:db:e0:72:e5:5e:39:dd:
                    39:15:aa:94:df:10:ec:f6:a8:f6:ed:3b:45:b4:f9:
                    64:c9:13:7d:ad:cc:a3:05:13:7b:3a:10:b1:16:bc:
                    2d:41:37:7d:d9:cf:fc:0a:7b:22:27:c3:2b:b5:b1:
                    eb:2f:49:4a:c9:ff:bd:0f:71:fb:4f:ea:05:57:41:
                    92:eb:08:32:d8:67:37:85:79:35:22:ec:17:90:03:
                    7e:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:F5:91:C5:C5:CE:5C:E6:0B:88:95:F9:A8:BA:0A:C5:FE:C1:29:11
            X509v3 Authority Key Identifier:
                keyid:83:86:BE:86:1B:DB:DB:6D:01:65:08:7D:C0:44:A0:7F:A4:D4:F0:89

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A918A996/32C68A5E279811EEBD8DC55FC4F9AE02/g4a-hhvb220BZQh9wESgf6TU8Ik.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/g4a-hhvb220BZQh9wESgf6TU8Ik.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918A996/32C68A5E279811EEBD8DC55FC4F9AE02/A125ED66279B11EE87C1AC7FC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  117.103.144.0/20
                  180.188.128.0/18

    Signature Algorithm: sha256WithRSAEncryption
         18:cd:df:ea:48:95:e0:98:e7:11:30:57:b8:ca:f8:2b:f5:a5:
         d9:a6:aa:32:f9:10:57:5c:e7:6d:c7:65:5a:de:ad:f3:5e:e0:
         81:fe:e9:49:1f:03:ca:02:6a:b6:b2:07:cd:58:d6:48:f9:d0:
         b3:71:cf:13:33:b4:a4:07:2c:03:04:43:a2:93:29:0d:b5:32:
         f1:e4:94:9f:26:3c:88:c4:fe:c3:50:c8:d2:41:8f:2e:6b:62:
         4a:06:9e:02:b7:14:eb:ef:5b:84:37:c0:cc:ab:ca:7d:ed:98:
         38:86:95:fb:d9:10:af:26:7b:71:85:fc:9f:8b:76:b5:f7:8c:
         93:f3:9d:6f:19:55:10:93:29:2b:22:5b:a4:e8:11:d3:61:ab:
         36:d4:b5:2d:89:ae:82:00:3c:1e:2a:3d:b7:a7:83:7f:b5:98:
         ce:36:5d:9d:41:f1:2e:db:2d:51:26:a3:1e:12:dc:4b:28:08:
         b7:af:1d:83:c2:bb:d6:61:21:4d:4c:ab:58:8d:d3:7c:72:08:
         f0:a4:11:2b:c3:2f:25:87:eb:76:c2:cc:9d:c5:89:11:8c:96:
         fb:82:e5:38:dc:09:49:15:b9:2d:4c:61:4d:46:5a:b3:97:45:
         8e:c9:12:14:23:cd:d8:22:a6:f4:0e:3e:04:59:4b:aa:88:a1:
         b4:58:38:7d
-----BEGIN CERTIFICATE-----
MIIFdjCCBF6gAwIBAgIBAjANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTE4
QTk5NjExMC8GA1UEBRMoODM4NkJFODYxQkRCREI2RDAxNjUwODdEQzA0NEEwN0ZB
NEQ0RjA4OTAeFw0yMzA3MjEwNzUzMDdaFw0yNDAzMzEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY0YmEzOTYzLTY5ZTcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQC0vFNMTUF6uxncQKGCew/17S65wSD7XYTt2BWYIIOBuQ29QTQnkp/bttAhM6+/
g8w6HPDGActw2kdYfMHBW56GjLUa+84VaO2Q4uFPqc3coPQRZhLHtPCFaQcMiAw7
hu/iy70AdOqbrFGqoCP14uDhHiqXJ3Af+cg6CA+ICkjyL5f0VO7XVoH2dMgQ3uPq
ooX8/B8IMoX7BPx//t1cRN1vEbhJi32giy/tICeX2+By5V453TkVqpTfEOz2qPbt
O0W0+WTJE32tzKMFE3s6ELEWvC1BN33Zz/wKeyInwyu1sesvSUrJ/70PcftP6gVX
QZLrCDLYZzeFeTUi7BeQA36xAgMBAAGjggKbMIIClzAdBgNVHQ4EFgQU+/WRxcXO
XOYLiJX5qLoKxf7BKREwHwYDVR0jBBgwFoAUg4a+hhvb220BZQh9wESgf6TU8Ikw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MThBOTk2LzMyQzY4QTVFMjc5
ODExRUVCRDhEQzU1RkM0RjlBRTAyL2c0YS1oaHZiMjIwQlpRaDl3RVNnZjZUVThJ
ay5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvZzRhLWhodmIyMjBCWlFoOXdFU2dmNlRVOElrLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4
QTk5Ni8zMkM2OEE1RTI3OTgxMUVFQkQ4REM1NUZDNEY5QUUwMi9BMTI1RUQ2NjI3
OUIxMUVFODdDMUFDN0ZDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAlBggrBgEFBQcBBwEB/wQW
MBQwEgQCAAEwDAMEBHVnkAMEBrS8gDANBgkqhkiG9w0BAQsFAAOCAQEAGM3f6kiV
4JjnETBXuMr4K/Wl2aaqMvkQV1znbcdlWt6t817ggf7pSR8DygJqtrIHzVjWSPnQ
s3HPEzO0pAcsAwRDopMpDbUy8eSUnyY8iMT+w1DI0kGPLmtiSgaeArcU6+9bhDfA
zKvKfe2YOIaV+9kQryZ7cYX8n4t2tfeMk/OdbxlVEJMpKyJbpOgR02GrNtS1LYmu
ggA8Hio9t6eDf7WYzjZdnUHxLtstUSajHhLcSygIt68dg8K71mEhTUyrWI3TfHII
8KQRK8MvJYfrdsLMncWJEYyW+4LlONwJSRW5LUxhTUZas5dFjskSFCPN2CKm9A4+
BFlLqoihtFg4fQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:25 2024 by rpki-client on console-ams.rpki-client.org