Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/884A9C206C0B11EDBE0D536BC4F9AE02.roa
File:                     884A9C206C0B11EDBE0D536BC4F9AE02.roa (raw, json)
Hash identifier:          qXa7Qvnmq/EW4cMyWRLD32Fw/AJrcIpna2q0fpfoR5Q=
Subject key identifier:   86:86:5A:66:0D:63:08:5D:0A:05:F5:66:13:C3:51:E2:91:05:77:A1
Certificate issuer:       /CN=A91A560A/serialNumber=167C3B221775FEC05039468150CE814756AC6F0A
Certificate serial:       3B3C
Authority key identifier: 16:7C:3B:22:17:75:FE:C0:50:39:46:81:50:CE:81:47:56:AC:6F:0A
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/884A9C206C0B11EDBE0D536BC4F9AE02.roa
Signing time:             Thu 24 Nov 2022 15:20:31 +0000
ROA not before:           Thu 24 Nov 2022 15:20:31 +0000
ROA not after:            Tue 31 Oct 2023 00:00:00 +0000
asID:                     18403
IP address blocks:        1.52.0.0/14 maxlen: 24
                          42.112.0.0/13 maxlen: 24
                          43.239.148.0/22 maxlen: 24
                          58.186.0.0/15 maxlen: 24
                          103.35.64.0/22 maxlen: 24
                          103.39.92.0/22 maxlen: 24
                          103.143.206.0/23 maxlen: 24
                          103.156.10.0/23 maxlen: 24
                          103.156.12.0/23 maxlen: 24
                          103.156.30.0/23 maxlen: 24
                          103.156.32.0/23 maxlen: 24
                          103.156.34.0/23 maxlen: 24
                          103.159.55.0/24 maxlen: 24
                          103.171.92.0/23 maxlen: 23
                          103.171.92.0/24 maxlen: 24
                          103.171.93.0/24 maxlen: 24
                          113.22.0.0/16 maxlen: 24
                          113.23.0.0/17 maxlen: 24
                          118.68.0.0/14 maxlen: 24
                          144.48.20.0/22 maxlen: 24
                          183.80.0.0/16 maxlen: 24
                          183.81.0.0/17 maxlen: 24
                          203.191.8.0/21 maxlen: 24
                          210.245.0.0/17 maxlen: 24
                          2405:4800::/30 maxlen: 31
                          2405:4800::/32 maxlen: 48
                          2405:4801::/32 maxlen: 48
                          2405:4802::/32 maxlen: 48
                          2405:4803::/32 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 15164 (0x3b3c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91A560A/serialNumber=167C3B221775FEC05039468150CE814756AC6F0A
        Validity
            Not Before: Nov 24 15:20:31 2022 GMT
            Not After : Oct 31 00:00:00 2023 GMT
        Subject: CN=637f8bbe-bca3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:4a:04:b5:3f:4a:14:f5:3a:42:84:56:ac:1a:
                    f6:67:fd:d0:32:c1:08:8a:d8:4e:00:cf:c9:a7:3e:
                    dc:cc:de:54:f1:73:52:59:c2:8e:2b:de:d3:e4:aa:
                    9b:8b:94:f0:67:b7:95:8c:11:89:50:47:41:58:57:
                    b9:8b:56:ed:b4:55:0f:1f:b0:24:4d:78:ba:cd:1d:
                    7d:35:26:27:9c:cb:dc:1b:dd:fa:f8:ee:a0:61:e2:
                    ef:ae:26:cd:c1:5f:42:2d:33:63:c8:a6:04:2c:8b:
                    9b:d8:89:ed:96:2f:22:43:20:9c:c2:dd:d4:69:ef:
                    be:4d:84:67:82:08:17:d5:84:70:fb:1f:c4:39:7c:
                    90:ae:f3:d5:44:53:32:2a:c0:84:b5:08:ca:95:50:
                    c1:50:76:b7:ee:15:a8:bf:a0:c9:ef:1a:0f:7a:c9:
                    b2:04:19:2a:5f:2e:b8:73:46:5d:1a:c6:10:f7:0e:
                    8f:70:8e:ec:74:aa:c4:92:6e:44:b3:5d:3e:0e:b9:
                    96:6b:16:db:d2:3b:67:fc:06:0f:e4:1c:dd:84:57:
                    48:b4:e1:a3:51:89:59:83:8e:61:7b:57:72:3b:92:
                    21:ef:b7:26:b5:72:9c:fb:ff:3f:52:1c:66:53:30:
                    a6:cb:4d:c6:a3:1c:be:e3:ac:59:67:0e:26:80:42:
                    ff:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:86:5A:66:0D:63:08:5D:0A:05:F5:66:13:C3:51:E2:91:05:77:A1
            X509v3 Authority Key Identifier:
                keyid:16:7C:3B:22:17:75:FE:C0:50:39:46:81:50:CE:81:47:56:AC:6F:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/884A9C206C0B11EDBE0D536BC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  1.52.0.0/14
                  42.112.0.0/13
                  43.239.148.0/22
                  58.186.0.0/15
                  103.35.64.0/22
                  103.39.92.0/22
                  103.143.206.0/23
                  103.156.10.0-103.156.13.255
                  103.156.30.0-103.156.35.255
                  103.159.55.0/24
                  103.171.92.0/23
                  113.22.0.0-113.23.127.255
                  118.68.0.0/14
                  144.48.20.0/22
                  183.80.0.0-183.81.127.255
                  203.191.8.0/21
                  210.245.0.0/17
                IPv6:
                  2405:4800::/30

    Signature Algorithm: sha256WithRSAEncryption
         7f:e5:21:3b:55:dc:4c:70:6f:52:9f:95:89:4b:60:c1:13:21:
         85:f9:dd:46:c9:3a:b5:fc:4b:35:5f:9e:d9:e0:ae:72:86:fb:
         79:83:bc:e7:9b:a0:a6:87:8f:07:b9:f2:4f:0c:43:c1:fb:7e:
         6a:b5:ce:07:b5:88:63:82:72:09:c0:b7:62:c6:6b:b3:d3:c6:
         18:a8:d9:9e:82:98:5b:ee:00:14:15:03:0a:c5:45:1f:e6:d5:
         4b:a1:ae:c6:be:c9:9e:9f:24:ff:35:50:53:6c:a5:c2:9e:6a:
         c1:f2:5c:a7:fa:09:ef:20:61:02:f6:e2:4e:87:4e:2f:8b:d3:
         54:c9:61:28:8e:b4:d2:81:0a:ab:ad:26:37:59:98:3b:be:10:
         39:dc:db:1e:0b:f4:29:41:d4:45:47:9b:35:ac:cd:8a:25:2b:
         ba:37:49:30:83:ba:26:fb:d1:5d:ca:f3:8e:3d:83:bc:93:f2:
         a9:44:04:8c:89:b6:af:99:11:a3:2a:47:b9:d4:13:ef:a3:2f:
         13:da:c8:4c:66:ef:93:32:1d:28:b1:52:c3:02:51:1a:52:6d:
         72:3f:bb:8b:b2:c1:45:d2:9f:c3:7a:d5:84:7b:31:99:90:17:
         aa:0d:ca:1a:a0:99:be:f6:5a:2b:71:9d:ea:0b:93:f6:74:b9:
         b3:7a:bb:33
-----BEGIN CERTIFICATE-----
MIIF/zCCBOegAwIBAgICOzwwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTU2MEExMTAvBgNVBAUTKDE2N0MzQjIyMTc3NUZFQzA1MDM5NDY4MTUwQ0U4MTQ3
NTZBQzZGMEEwHhcNMjIxMTI0MTUyMDMxWhcNMjMxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MzdmOGJiZS1iY2EzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAqUoEtT9KFPU6QoRWrBr2Z/3QMsEIithOAM/Jpz7czN5U8XNSWcKOK97T5Kqb
i5TwZ7eVjBGJUEdBWFe5i1bttFUPH7AkTXi6zR19NSYnnMvcG936+O6gYeLvribN
wV9CLTNjyKYELIub2Intli8iQyCcwt3Uae++TYRngggX1YRw+x/EOXyQrvPVRFMy
KsCEtQjKlVDBUHa37hWov6DJ7xoPesmyBBkqXy64c0ZdGsYQ9w6PcI7sdKrEkm5E
s10+DrmWaxbb0jtn/AYP5BzdhFdItOGjUYlZg45he1dyO5Ih77cmtXKc+/8/Uhxm
UzCmy03Goxy+46xZZw4mgEL/9QIDAQABo4IDIzCCAx8wHQYDVR0OBBYEFIaGWmYN
YwhdCgX1ZhPDUeKRBXehMB8GA1UdIwQYMBaAFBZ8OyIXdf7AUDlGgVDOgUdWrG8K
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBNTYwQS9BQUVCMTkxQTFE
OEExMUUyQTM4N0QwRTQwOEIwMkNEMi9Gbnc3SWhkMV9zQlFPVWFCVU02QlIxYXNi
d28uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0ZudzdJaGQxX3NCUU9VYUJVTTZCUjFhc2J3by5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTU2MEEvQUFFQjE5MUExRDhBMTFFMkEzODdEMEU0MDhCMDJDRDIvODg0QTlDMjA2
QzBCMTFFREJFMEQ1MzZCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgawGCCsGAQUFBwEHAQH/
BIGcMIGZMIGHBAIAATCBgAMDAgE0AwMDKnADBAIr75QDAwE6ugMEAmcjQAMEAmcn
XAMEAWePzjAMAwQBZ5wKAwQBZ5wMMAwDBAFnnB4DBAJnnCADBABnnzcDBAFnq1ww
CwMDAXEWAwQHcRcAAwMCdkQDBAKQMBQwCwMDBLdQAwQHt1EAAwQDy78IAwQH0vUA
MA0EAgACMAcDBQIkBUgAMA0GCSqGSIb3DQEBCwUAA4IBAQB/5SE7VdxMcG9Sn5WJ
S2DBEyGF+d1GyTq1/Es1X57Z4K5yhvt5g7znm6Cmh48HufJPDEPB+35qtc4HtYhj
gnIJwLdixmuz08YYqNmegphb7gAUFQMKxUUf5tVLoa7GvsmenyT/NVBTbKXCnmrB
8lyn+gnvIGEC9uJOh04vi9NUyWEojrTSgQqrrSY3WZg7vhA53NseC/QpQdRFR5s1
rM2KJSu6N0kwg7om+9FdyvOOPYO8k/KpRASMibavmRGjKke51BPvoy8T2shMZu+T
Mh0osVLDAlEaUm1yP7uLssFF0p/DetWEezGZkBeqDcoaoJm+9lorcZ3qC5P2dLmz
ersz
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:36 2024 by rpki-client on console-fra.rpki-client.org