Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A919B06C/E9D62E74FEAE11E8910D4D66C4F9AE02/15108EAC5E1011EE87C32570C4F9AE02.roa
File:                     15108EAC5E1011EE87C32570C4F9AE02.roa (raw, json)
Hash identifier:          whCaEj8Y9zA6+3DQnD2QStds6cPxOEthZZxPUxXEgAs=
Subject key identifier:   6D:38:70:F5:6D:40:43:7D:1C:C2:0C:88:1C:40:35:55:7F:1D:D5:B0
Certificate issuer:       /CN=A919B06C/serialNumber=C83493C0297CCB58D2837946D6063F14A7DEE986
Certificate serial:       0CF1
Authority key identifier: C8:34:93:C0:29:7C:CB:58:D2:83:79:46:D6:06:3F:14:A7:DE:E9:86
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/yDSTwCl8y1jSg3lG1gY_FKfe6YY.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A919B06C/E9D62E74FEAE11E8910D4D66C4F9AE02/15108EAC5E1011EE87C32570C4F9AE02.roa
Signing time:             Mon 02 Oct 2023 07:19:06 +0000
ROA not before:           Mon 02 Oct 2023 07:19:06 +0000
ROA not after:            Wed 29 May 2024 00:00:00 +0000
asID:                     18230
IP address blocks:        59.152.8.0/24 maxlen: 24
                          59.152.9.0/24 maxlen: 24
                          59.152.10.0/24 maxlen: 24
                          59.152.11.0/24 maxlen: 24
                          59.152.12.0/24 maxlen: 24
                          59.152.13.0/24 maxlen: 24
                          59.152.15.0/24 maxlen: 24
                          2404:1b40::/32 maxlen: 32
                          2404:1b40::/48 maxlen: 48
                          2404:1b40:1::/48 maxlen: 48
                          2404:1b40:2::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3313 (0xcf1)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A919B06C/serialNumber=C83493C0297CCB58D2837946D6063F14A7DEE986
        Validity
            Not Before: Oct  2 07:19:06 2023 GMT
            Not After : May 29 00:00:00 2024 GMT
        Subject: CN=651a6ee9-4989
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:e5:f0:44:02:52:ad:f4:7e:01:9b:63:35:0d:
                    b1:69:f4:df:61:8a:61:25:3e:96:98:cb:06:e0:7e:
                    df:80:0b:cd:c4:1b:72:10:53:b0:a7:09:1a:0c:9f:
                    88:c4:8c:75:8a:04:40:b0:53:ad:65:0f:29:6e:7c:
                    2e:bd:ca:1c:9f:99:9f:2f:78:32:e6:b3:92:0b:3f:
                    ec:97:c4:d0:9d:1d:9a:7a:d5:93:ea:32:e4:bf:5d:
                    85:4c:33:0b:40:c5:40:30:a6:71:0a:e8:88:47:bd:
                    53:6f:29:26:d7:73:38:35:9a:95:37:26:45:07:90:
                    6d:42:64:ce:60:06:06:ad:cf:ce:e4:56:e7:3c:21:
                    31:81:c6:ea:d5:84:db:e6:4f:70:ed:fc:7c:eb:37:
                    ae:11:7d:cb:6f:df:0c:f5:8b:28:cb:cc:00:f9:6e:
                    d8:c4:10:ef:96:27:22:53:0e:35:59:14:bf:82:bf:
                    9a:59:7a:db:d9:17:0b:d5:5f:f0:f5:e8:a0:2f:cc:
                    16:94:09:53:ff:25:65:9d:ca:0b:48:2b:7f:f4:4c:
                    bc:e0:bf:e0:0f:8f:d2:ec:a6:c9:79:f0:c1:d4:90:
                    f2:bc:9f:06:ad:8c:6d:83:a1:b7:cb:4e:d5:26:fe:
                    5a:9a:72:89:ca:7d:14:0c:3c:20:3a:6a:fe:53:c2:
                    03:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:38:70:F5:6D:40:43:7D:1C:C2:0C:88:1C:40:35:55:7F:1D:D5:B0
            X509v3 Authority Key Identifier:
                keyid:C8:34:93:C0:29:7C:CB:58:D2:83:79:46:D6:06:3F:14:A7:DE:E9:86

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A919B06C/E9D62E74FEAE11E8910D4D66C4F9AE02/yDSTwCl8y1jSg3lG1gY_FKfe6YY.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/yDSTwCl8y1jSg3lG1gY_FKfe6YY.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A919B06C/E9D62E74FEAE11E8910D4D66C4F9AE02/15108EAC5E1011EE87C32570C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  59.152.8.0-59.152.13.255
                  59.152.15.0/24
                IPv6:
                  2404:1b40::/32

    Signature Algorithm: sha256WithRSAEncryption
         10:09:52:96:31:84:02:9d:e5:b0:41:86:18:9d:d3:30:5c:7a:
         81:16:b0:10:1a:cd:ee:bd:48:a4:83:c4:25:80:45:c0:47:81:
         a8:1c:a3:5d:df:90:3f:01:4f:a4:61:4e:2a:e1:46:90:05:db:
         9d:a6:70:b0:30:57:de:8c:fd:85:e9:4a:d8:a3:bc:5c:4f:c2:
         d2:e4:62:5d:4a:ba:71:3f:d4:8a:9d:34:04:7c:ff:dd:19:9c:
         bf:65:86:72:4e:05:e6:67:b2:d4:bb:ba:aa:f3:b3:c5:9b:c7:
         bd:64:d9:3a:79:ba:ad:9f:4f:73:0c:4e:d9:a1:85:f2:b8:ff:
         3e:76:a2:14:3a:03:77:c0:de:15:a0:92:a8:69:34:6b:bb:41:
         8d:bf:6c:1e:5e:4e:54:8e:09:c0:06:6b:26:f7:2f:4e:bd:ba:
         3c:c2:18:cf:3d:91:fd:cf:45:b2:5a:2b:3a:8d:98:fa:e1:6c:
         b6:22:fc:37:89:b5:14:62:ea:b0:5d:f3:75:5b:c9:ba:f1:b6:
         28:a5:c6:d3:29:25:db:a2:c2:e1:af:4c:cf:3c:9a:88:a8:a1:
         e1:1c:e0:81:7e:80:03:3b:db:c6:e0:a7:04:2c:04:97:8e:68:
         a5:3a:62:6c:e8:56:24:39:64:5b:b3:13:1a:e1:f8:c6:06:22:
         c4:7d:3e:91
-----BEGIN CERTIFICATE-----
MIIFjjCCBHagAwIBAgICDPEwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OUIwNkMxMTAvBgNVBAUTKEM4MzQ5M0MwMjk3Q0NCNThEMjgzNzk0NkQ2MDYzRjE0
QTdERUU5ODYwHhcNMjMxMDAyMDcxOTA2WhcNMjQwNTI5MDAwMDAwWjAYMRYwFAYD
VQQDEw02NTFhNmVlOS00OTg5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAw+XwRAJSrfR+AZtjNQ2xafTfYYphJT6WmMsG4H7fgAvNxBtyEFOwpwkaDJ+I
xIx1igRAsFOtZQ8pbnwuvcocn5mfL3gy5rOSCz/sl8TQnR2aetWT6jLkv12FTDML
QMVAMKZxCuiIR71Tbykm13M4NZqVNyZFB5BtQmTOYAYGrc/O5FbnPCExgcbq1YTb
5k9w7fx86zeuEX3Lb98M9Ysoy8wA+W7YxBDvliciUw41WRS/gr+aWXrb2RcL1V/w
9eigL8wWlAlT/yVlncoLSCt/9Ey84L/gD4/S7KbJefDB1JDyvJ8GrYxtg6G3y07V
Jv5amnKJyn0UDDwgOmr+U8IDRwIDAQABo4ICsjCCAq4wHQYDVR0OBBYEFG04cPVt
QEN9HMIMiBxANVV/HdWwMB8GA1UdIwQYMBaAFMg0k8ApfMtY0oN5RtYGPxSn3umG
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5QjA2Qy9FOUQ2MkU3NEZF
QUUxMUU4OTEwRDRENjZDNEY5QUUwMi95RFNUd0NsOHkxalNnM2xHMWdZX0ZLZmU2
WVkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3lEU1R3Q2w4eTFqU2czbEcxZ1lfRktmZTZZWS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OUIwNkMvRTlENjJFNzRGRUFFMTFFODkxMEQ0RDY2QzRGOUFFMDIvMTUxMDhFQUM1
RTEwMTFFRTg3QzMyNTcwQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwPAYIKwYBBQUHAQcBAf8E
LTArMBoEAgABMBQwDAMEAzuYCAMEATuYDAMEADuYDzANBAIAAjAHAwUAJAQbQDAN
BgkqhkiG9w0BAQsFAAOCAQEAEAlSljGEAp3lsEGGGJ3TMFx6gRawEBrN7r1IpIPE
JYBFwEeBqByjXd+QPwFPpGFOKuFGkAXbnaZwsDBX3oz9helK2KO8XE/C0uRiXUq6
cT/Uip00BHz/3Rmcv2WGck4F5mey1Lu6qvOzxZvHvWTZOnm6rZ9PcwxO2aGF8rj/
PnaiFDoDd8DeFaCSqGk0a7tBjb9sHl5OVI4JwAZrJvcvTr26PMIYzz2R/c9Fslor
Oo2Y+uFstiL8N4m1FGLqsF3zdVvJuvG2KKXG0ykl26LC4a9MzzyaiKih4RzggX6A
AzvbxuCnBCwEl45opTpibOhWJDlkW7MTGuH4xgYixH0+kQ==
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:34 2024 by rpki-client on console-fra.rpki-client.org