Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A919C3BE/947B3506093811EA95CA3129C4F9AE02/BBFEDCB248CE11EDBAC21660C4F9AE02.roa
File:                     BBFEDCB248CE11EDBAC21660C4F9AE02.roa (raw, json)
Hash identifier:          x7pK4Ru58Um3cWEq8S5U8WqmcQ8UjhsaD0bjeO1RLSY=
Subject key identifier:   D1:38:FB:87:2A:76:A5:A5:2E:0F:C4:94:AB:DC:EF:68:CC:05:43:EE
Certificate issuer:       /CN=A919C3BE/serialNumber=C467CB2CCB9C21A707B5DFBCEABA054C190523AE
Certificate serial:       0A9B
Authority key identifier: C4:67:CB:2C:CB:9C:21:A7:07:B5:DF:BC:EA:BA:05:4C:19:05:23:AE
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xGfLLMucIacHtd-86roFTBkFI64.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A919C3BE/947B3506093811EA95CA3129C4F9AE02/BBFEDCB248CE11EDBAC21660C4F9AE02.roa
Signing time:             Tue 14 Feb 2023 20:27:10 +0000
ROA not before:           Tue 14 Feb 2023 20:27:10 +0000
ROA not after:            Sun 31 Mar 2024 00:00:00 +0000
asID:                     134970
IP address blocks:        103.251.244.0/22 maxlen: 22
                          103.251.244.0/22 maxlen: 24
                          103.251.244.0/23 maxlen: 24
                          103.251.244.0/24 maxlen: 24
                          103.251.245.0/24 maxlen: 24
                          103.251.246.0/24 maxlen: 24
                          103.251.247.0/24 maxlen: 24
                          220.247.128.0/22 maxlen: 22
                          220.247.128.0/22 maxlen: 24
                          220.247.128.0/24 maxlen: 24
                          220.247.129.0/24 maxlen: 24
                          220.247.130.0/24 maxlen: 24
                          220.247.131.0/24 maxlen: 24
                          2407:7380::/32 maxlen: 32
                          2407:7380::/36 maxlen: 36
                          2407:7380::/48 maxlen: 48
                          2407:7380:a::/48 maxlen: 48
                          2407:7380:b::/48 maxlen: 48
                          2407:7380:c::/48 maxlen: 48
                          2407:7380:d::/48 maxlen: 48
                          2407:7380:1000::/48 maxlen: 48
                          2407:7380:2000::/48 maxlen: 48
                          2407:7380:3000::/48 maxlen: 48
                          2407:7380:4000::/48 maxlen: 48
                          2407:7380:5000::/48 maxlen: 48
                          2407:7380:6000::/48 maxlen: 48
                          2407:7380:7000::/48 maxlen: 48
                          2407:7380:8000::/48 maxlen: 48
                          2407:7380:9000::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2715 (0xa9b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A919C3BE/serialNumber=C467CB2CCB9C21A707B5DFBCEABA054C190523AE
        Validity
            Not Before: Feb 14 20:27:10 2023 GMT
            Not After : Mar 31 00:00:00 2024 GMT
        Subject: CN=63ebee9e-a0fe
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:ea:66:93:8b:0c:78:62:7d:00:cc:d2:46:3a:
                    b9:bf:80:18:7f:ed:9b:e5:ce:57:a3:b6:25:3e:83:
                    78:8a:5d:b7:4c:e1:6e:64:06:3b:87:b2:b6:6c:96:
                    b1:7a:49:3f:ab:d6:54:ec:14:16:8e:f7:19:0a:eb:
                    9d:e0:b7:b4:b7:dd:f6:eb:79:53:f8:e7:06:5c:00:
                    4e:de:ae:df:d1:cd:55:15:2c:15:e9:22:0d:52:c3:
                    39:df:bf:0d:a9:62:15:a0:b7:91:71:b8:ca:d1:11:
                    f0:4b:b1:12:7b:ec:bc:8f:9c:18:5d:71:09:24:37:
                    07:fc:f5:8f:d8:4a:f7:a8:a1:c3:16:eb:11:09:2d:
                    5a:f1:8d:23:06:7e:a2:16:19:57:fd:8d:80:8a:fa:
                    8a:c2:bd:dc:8b:67:2b:3b:51:76:65:5e:44:b3:00:
                    9f:73:db:5d:0d:77:01:12:be:b9:8c:5c:f4:1f:92:
                    b7:da:6f:0c:57:ed:25:0c:2d:08:df:10:0a:8a:5c:
                    77:a1:b9:23:ee:f7:db:59:90:99:1a:76:6c:01:08:
                    76:98:51:e5:f8:a5:a4:88:d0:d1:fd:f3:c3:9a:46:
                    ec:40:eb:48:f3:c6:62:d4:36:a0:06:47:0d:a0:ae:
                    d5:e7:06:cb:76:5d:cc:08:49:15:02:dd:f2:ec:dc:
                    de:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:38:FB:87:2A:76:A5:A5:2E:0F:C4:94:AB:DC:EF:68:CC:05:43:EE
            X509v3 Authority Key Identifier:
                keyid:C4:67:CB:2C:CB:9C:21:A7:07:B5:DF:BC:EA:BA:05:4C:19:05:23:AE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A919C3BE/947B3506093811EA95CA3129C4F9AE02/xGfLLMucIacHtd-86roFTBkFI64.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xGfLLMucIacHtd-86roFTBkFI64.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A919C3BE/947B3506093811EA95CA3129C4F9AE02/BBFEDCB248CE11EDBAC21660C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.251.244.0/22
                  220.247.128.0/22
                IPv6:
                  2407:7380::/32

    Signature Algorithm: sha256WithRSAEncryption
         69:fb:ec:41:a3:da:51:87:b1:e6:8c:ff:8c:bf:f9:1a:a8:dc:
         4b:7a:c5:c6:0f:01:9a:72:86:e6:8b:e5:13:49:cf:ef:ef:9e:
         04:b7:d5:9e:6f:9c:3c:87:8f:6a:7d:0f:53:42:1d:c1:ec:ec:
         73:fa:54:a9:3c:2a:1e:ab:57:86:a5:ee:14:3b:b4:c1:a4:1b:
         0f:16:7f:f5:e2:ce:26:18:91:73:57:43:4c:12:9a:49:32:21:
         e3:8f:a5:a8:32:6d:15:c4:b3:0e:b5:19:df:66:81:93:fc:aa:
         e6:c9:04:b9:e8:31:23:89:1b:52:70:83:fa:97:d9:6b:9b:0b:
         6f:ef:65:8a:4b:f9:2d:2e:56:0d:64:1b:f0:19:b9:ec:ea:40:
         6a:56:17:f7:e6:8a:6d:88:a7:9c:71:e4:b9:f0:80:53:3c:b9:
         13:ee:82:f8:b6:aa:0f:a8:1a:48:20:ab:14:e3:1d:f4:ed:c4:
         64:39:2f:9d:a5:2a:d4:66:38:9d:7e:5c:94:08:12:fc:e1:93:
         89:a2:bb:25:3d:04:13:bc:86:5c:69:85:df:6d:3b:8d:da:07:
         d6:f3:f3:78:aa:fd:7b:33:54:4c:12:91:fb:63:2b:7c:07:01:
         38:5f:2f:aa:68:ae:70:60:49:70:b1:6e:3b:ef:50:96:7d:7e:
         ec:05:d5:ec
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgICCpswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OUMzQkUxMTAvBgNVBAUTKEM0NjdDQjJDQ0I5QzIxQTcwN0I1REZCQ0VBQkEwNTRD
MTkwNTIzQUUwHhcNMjMwMjE0MjAyNzEwWhcNMjQwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02M2ViZWU5ZS1hMGZlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAxepmk4sMeGJ9AMzSRjq5v4AYf+2b5c5Xo7YlPoN4il23TOFuZAY7h7K2bJax
ekk/q9ZU7BQWjvcZCuud4Le0t93263lT+OcGXABO3q7f0c1VFSwV6SINUsM5378N
qWIVoLeRcbjK0RHwS7ESe+y8j5wYXXEJJDcH/PWP2Er3qKHDFusRCS1a8Y0jBn6i
FhlX/Y2AivqKwr3ci2crO1F2ZV5EswCfc9tdDXcBEr65jFz0H5K32m8MV+0lDC0I
3xAKilx3obkj7vfbWZCZGnZsAQh2mFHl+KWkiNDR/fPDmkbsQOtI88Zi1DagBkcN
oK7V5wbLdl3MCEkVAt3y7NzekwIDAQABo4ICqjCCAqYwHQYDVR0OBBYEFNE4+4cq
dqWlLg/ElKvc72jMBUPuMB8GA1UdIwQYMBaAFMRnyyzLnCGnB7XfvOq6BUwZBSOu
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5QzNCRS85NDdCMzUwNjA5
MzgxMUVBOTVDQTMxMjlDNEY5QUUwMi94R2ZMTE11Y0lhY0h0ZC04NnJvRlRCa0ZJ
NjQuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3hHZkxMTXVjSWFjSHRkLTg2cm9GVEJrRkk2NC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OUMzQkUvOTQ3QjM1MDYwOTM4MTFFQTk1Q0EzMTI5QzRGOUFFMDIvQkJGRURDQjI0
OENFMTFFREJBQzIxNjYwQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNAYIKwYBBQUHAQcBAf8E
JTAjMBIEAgABMAwDBAJn+/QDBALc94AwDQQCAAIwBwMFACQHc4AwDQYJKoZIhvcN
AQELBQADggEBAGn77EGj2lGHseaM/4y/+Rqo3Et6xcYPAZpyhuaL5RNJz+/vngS3
1Z5vnDyHj2p9D1NCHcHs7HP6VKk8Kh6rV4al7hQ7tMGkGw8Wf/XiziYYkXNXQ0wS
mkkyIeOPpagybRXEsw61Gd9mgZP8qubJBLnoMSOJG1Jwg/qX2WubC2/vZYpL+S0u
Vg1kG/AZuezqQGpWF/fmim2Ip5xx5LnwgFM8uRPugvi2qg+oGkggqxTjHfTtxGQ5
L52lKtRmOJ1+XJQIEvzhk4miuyU9BBO8hlxphd9tO43aB9bz83iq/XszVEwSkftj
K3wHAThfL6pornBgSXCxbjvvUJZ9fuwF1ew=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:49 2024 by rpki-client on console-ams.rpki-client.org