Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/02A1DEA4A64611EAA24E1461C4F9AE02.roa
File:                     02A1DEA4A64611EAA24E1461C4F9AE02.roa (raw, json)
Hash identifier:          xpcm2T1LfhVtPk1rN8H0cJQssJFDXZAOkd1cElsuzLs=
Subject key identifier:   D4:D1:B7:93:A7:3D:7B:6A:3B:20:29:B7:0D:E7:F5:EA:ED:0C:64:02
Certificate issuer:       /CN=A91A560A/serialNumber=167C3B221775FEC05039468150CE814756AC6F0A
Certificate serial:       3C06
Authority key identifier: 16:7C:3B:22:17:75:FE:C0:50:39:46:81:50:CE:81:47:56:AC:6F:0A
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/02A1DEA4A64611EAA24E1461C4F9AE02.roa
Signing time:             Fri 17 Feb 2023 07:30:34 +0000
ROA not before:           Fri 17 Feb 2023 07:30:34 +0000
ROA not after:            Tue 31 Oct 2023 00:00:00 +0000
asID:                     135932
IP address blocks:        103.70.12.0/23 maxlen: 23
                          103.127.196.0/22 maxlen: 24
                          103.140.249.0/24 maxlen: 24
                          103.147.122.0/24 maxlen: 24
                          103.155.160.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 15366 (0x3c06)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91A560A/serialNumber=167C3B221775FEC05039468150CE814756AC6F0A
        Validity
            Not Before: Feb 17 07:30:34 2023 GMT
            Not After : Oct 31 00:00:00 2023 GMT
        Subject: CN=63ef2d19-5583
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:bb:b0:ea:16:28:5a:23:ff:51:5c:a7:0d:80:
                    52:3e:cb:23:7c:5a:ea:f1:5a:6a:37:98:a4:6a:e1:
                    90:d6:e2:0d:f8:3f:7d:a8:8b:f4:5d:46:7f:dd:08:
                    1c:09:66:0d:eb:60:d1:47:19:8a:d3:ae:0d:e5:1c:
                    16:d7:f6:dc:6c:3c:e8:af:9a:f7:b0:5c:a8:1f:70:
                    50:79:be:89:46:9e:20:26:43:88:d0:a2:27:a3:86:
                    4f:31:67:a9:93:ff:86:4a:67:1c:b1:5f:ba:57:b0:
                    68:2e:64:d9:1f:4a:e3:f8:f4:6a:32:48:4e:a0:b9:
                    36:97:e2:33:13:48:33:6f:fc:7d:a4:56:7d:20:ed:
                    05:33:80:a4:26:a7:a8:bf:07:56:5a:08:41:f4:12:
                    7a:3a:13:4c:98:f7:eb:28:e3:fc:45:93:e2:26:5d:
                    12:65:b4:7c:b5:35:67:ee:a3:aa:a2:c2:a4:ed:42:
                    18:e7:b4:76:84:94:8d:c4:5a:5a:f6:d9:50:8c:e3:
                    bb:a4:64:1f:bc:82:1d:4d:07:c9:da:c8:71:83:8b:
                    dc:94:35:a8:c9:37:e8:e6:30:08:cb:4c:74:b1:6a:
                    ca:09:15:6e:58:90:77:d9:93:e6:64:41:e9:e2:4a:
                    dc:e7:b4:ee:21:d2:f3:b3:ce:86:8a:c1:af:dd:b9:
                    00:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:D1:B7:93:A7:3D:7B:6A:3B:20:29:B7:0D:E7:F5:EA:ED:0C:64:02
            X509v3 Authority Key Identifier:
                keyid:16:7C:3B:22:17:75:FE:C0:50:39:46:81:50:CE:81:47:56:AC:6F:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/02A1DEA4A64611EAA24E1461C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.70.12.0/23
                  103.127.196.0/22
                  103.140.249.0/24
                  103.147.122.0/24
                  103.155.160.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0b:69:d0:ec:52:0c:3b:e3:47:b7:15:e6:f1:92:92:d6:7a:92:
         ff:6b:96:c3:6f:cc:f7:68:41:46:fa:c9:af:77:31:b6:8d:f4:
         19:b8:0c:6f:a5:31:d2:1e:21:38:40:90:91:fa:d2:78:71:5a:
         15:fa:de:c8:c9:11:3b:83:c2:77:df:bd:a5:80:54:b0:58:d7:
         6a:78:3e:05:b4:74:1c:be:09:28:51:fe:d2:f4:09:6f:b9:89:
         f4:5c:7b:df:2c:18:2b:f1:89:21:5d:74:e1:aa:97:d8:7b:82:
         79:b7:91:c5:94:8f:d2:28:1a:b1:39:a4:3d:8e:ce:8a:20:9d:
         34:0d:b8:19:fd:56:a2:ab:79:0a:cc:ff:d5:8f:65:f5:9d:76:
         08:08:0b:08:71:19:44:37:c7:29:18:7f:45:98:d6:30:c2:27:
         96:eb:12:df:3a:d6:ee:9f:08:ef:e0:b6:47:88:11:6a:7b:d2:
         49:23:16:01:e1:36:9b:1b:59:91:76:ed:a4:50:d2:41:99:8f:
         b2:7f:3a:84:1e:e7:5d:dc:cd:48:7a:8d:e3:d2:b7:a8:7f:3f:
         4d:8c:80:0e:5e:8c:28:64:97:c0:d9:aa:89:50:47:5b:90:86:
         6e:59:1e:4d:94:63:84:b1:8f:2a:ae:7e:f1:a0:ce:05:d6:26:
         a2:d9:83:8f
-----BEGIN CERTIFICATE-----
MIIFiTCCBHGgAwIBAgICPAYwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTU2MEExMTAvBgNVBAUTKDE2N0MzQjIyMTc3NUZFQzA1MDM5NDY4MTUwQ0U4MTQ3
NTZBQzZGMEEwHhcNMjMwMjE3MDczMDM0WhcNMjMxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02M2VmMmQxOS01NTgzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAw7uw6hYoWiP/UVynDYBSPssjfFrq8VpqN5ikauGQ1uIN+D99qIv0XUZ/3Qgc
CWYN62DRRxmK064N5RwW1/bcbDzor5r3sFyoH3BQeb6JRp4gJkOI0KIno4ZPMWep
k/+GSmccsV+6V7BoLmTZH0rj+PRqMkhOoLk2l+IzE0gzb/x9pFZ9IO0FM4CkJqeo
vwdWWghB9BJ6OhNMmPfrKOP8RZPiJl0SZbR8tTVn7qOqosKk7UIY57R2hJSNxFpa
9tlQjOO7pGQfvIIdTQfJ2shxg4vclDWoyTfo5jAIy0x0sWrKCRVuWJB32ZPmZEHp
4krc57TuIdLzs86GisGv3bkAmQIDAQABo4ICrTCCAqkwHQYDVR0OBBYEFNTRt5On
PXtqOyAptw3n9ertDGQCMB8GA1UdIwQYMBaAFBZ8OyIXdf7AUDlGgVDOgUdWrG8K
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBNTYwQS9BQUVCMTkxQTFE
OEExMUUyQTM4N0QwRTQwOEIwMkNEMi9Gbnc3SWhkMV9zQlFPVWFCVU02QlIxYXNi
d28uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0ZudzdJaGQxX3NCUU9VYUJVTTZCUjFhc2J3by5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTU2MEEvQUFFQjE5MUExRDhBMTFFMkEzODdEMEU0MDhCMDJDRDIvMDJBMURFQTRB
NjQ2MTFFQUEyNEUxNDYxQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNwYIKwYBBQUHAQcBAf8E
KDAmMCQEAgABMB4DBAFnRgwDBAJnf8QDBABnjPkDBABnk3oDBABnm6AwDQYJKoZI
hvcNAQELBQADggEBAAtp0OxSDDvjR7cV5vGSktZ6kv9rlsNvzPdoQUb6ya93MbaN
9Bm4DG+lMdIeIThAkJH60nhxWhX63sjJETuDwnffvaWAVLBY12p4PgW0dBy+CShR
/tL0CW+5ifRce98sGCvxiSFddOGql9h7gnm3kcWUj9IoGrE5pD2OzoognTQNuBn9
VqKreQrM/9WPZfWddggICwhxGUQ3xykYf0WY1jDCJ5brEt861u6fCO/gtkeIEWp7
0kkjFgHhNpsbWZF27aRQ0kGZj7J/OoQe513czUh6jePSt6h/P02MgA5ejChkl8DZ
qolQR1uQhm5ZHk2UY4SxjyqufvGgzgXWJqLZg48=
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:36 2024 by rpki-client on console-fra.rpki-client.org