Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91AE984/28745E4C15EE11EAA2D9E06EC4F9AE02/F84D2BC48F3711EDB7B05920C4F9AE02.roa
File:                     F84D2BC48F3711EDB7B05920C4F9AE02.roa (raw, json)
Hash identifier:          0wiC/XGwa4vzISPP5/V4ZiDIhTiUJ/ptkAc5AKfUQSU=
Subject key identifier:   3A:BB:F3:DE:E7:56:6E:C0:15:B6:3B:15:A3:1C:8A:C8:4B:86:62:7B
Certificate issuer:       /CN=A91AE984/serialNumber=8ABA3E47D51C5D2C9EF343E5AF41101E43C58A88
Certificate serial:       0A2E
Authority key identifier: 8A:BA:3E:47:D5:1C:5D:2C:9E:F3:43:E5:AF:41:10:1E:43:C5:8A:88
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/iro-R9UcXSye80Plr0EQHkPFiog.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91AE984/28745E4C15EE11EAA2D9E06EC4F9AE02/F84D2BC48F3711EDB7B05920C4F9AE02.roa
Signing time:             Sun 08 Jan 2023 09:36:48 +0000
ROA not before:           Sun 08 Jan 2023 09:36:48 +0000
ROA not after:            Sun 28 May 2023 00:00:00 +0000
asID:                     59230
IP address blocks:        2404:7bc0:200::/40 maxlen: 40

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2606 (0xa2e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91AE984/serialNumber=8ABA3E47D51C5D2C9EF343E5AF41101E43C58A88
        Validity
            Not Before: Jan  8 09:36:48 2023 GMT
            Not After : May 28 00:00:00 2023 GMT
        Subject: CN=63ba8eaf-cd8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:04:51:98:76:28:5f:ef:53:1b:d8:58:f2:f6:
                    55:5a:0c:63:04:1a:a6:9d:18:30:2d:62:bc:eb:f5:
                    55:5e:6b:5d:b3:4b:ec:23:c4:a3:d4:a6:6c:74:0b:
                    7e:85:d4:e8:e9:e8:bd:8b:81:69:bc:06:a3:11:0c:
                    10:8d:84:cb:1b:f0:33:51:6b:7a:ca:6a:20:fc:af:
                    1b:7b:7a:4c:2c:0d:82:56:2e:c1:76:e9:73:65:1e:
                    1c:fc:af:ab:0a:a9:06:ab:2a:4f:4b:28:9a:1a:02:
                    4b:b4:98:94:b7:03:63:d5:bb:a9:c2:96:56:88:a9:
                    ea:aa:0e:59:39:01:e3:f0:bd:42:45:52:32:89:53:
                    4d:8f:1f:6e:67:55:36:7e:08:8b:cb:fe:0b:d4:0d:
                    66:28:7e:4d:6c:c4:79:6f:12:f2:f5:9a:29:37:f5:
                    92:d4:9a:8e:51:8e:b5:9c:fd:1a:10:26:8e:0c:97:
                    ea:f2:72:13:85:86:7d:bb:a7:92:4e:bc:58:d2:ae:
                    bf:1b:bf:83:94:b4:55:87:62:a5:28:d9:6d:7e:27:
                    8b:94:2f:45:3d:27:cb:38:d4:13:9a:54:d9:13:d5:
                    5b:56:1c:1b:ee:21:53:c0:00:7b:ab:88:75:10:8c:
                    ab:89:a3:4e:71:7e:28:3c:19:8d:42:8b:f2:a2:c6:
                    09:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:BB:F3:DE:E7:56:6E:C0:15:B6:3B:15:A3:1C:8A:C8:4B:86:62:7B
            X509v3 Authority Key Identifier:
                keyid:8A:BA:3E:47:D5:1C:5D:2C:9E:F3:43:E5:AF:41:10:1E:43:C5:8A:88

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91AE984/28745E4C15EE11EAA2D9E06EC4F9AE02/iro-R9UcXSye80Plr0EQHkPFiog.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/iro-R9UcXSye80Plr0EQHkPFiog.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91AE984/28745E4C15EE11EAA2D9E06EC4F9AE02/F84D2BC48F3711EDB7B05920C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2404:7bc0:200::/40

    Signature Algorithm: sha256WithRSAEncryption
         b8:a9:7a:53:fc:8c:6a:ac:14:ef:a5:6d:b2:2b:5c:df:c1:02:
         42:54:51:4f:7c:58:5a:05:4f:c8:c7:27:bf:8a:ed:c2:26:36:
         34:80:62:34:18:99:86:64:d1:d9:4d:f6:b2:28:97:ca:0f:d5:
         2f:81:39:96:e7:ea:2b:96:e6:c6:2d:58:1d:e4:52:8e:e1:45:
         48:0c:1f:42:ef:57:fc:13:fa:9f:90:d0:f8:28:4c:bf:40:74:
         be:79:21:13:56:a7:d1:be:4d:11:57:49:f8:13:6c:eb:1b:62:
         b4:00:74:20:e3:89:f7:39:59:91:c6:c2:4e:fa:28:49:64:bb:
         df:88:44:84:6d:6e:54:d2:1f:3f:52:ad:89:eb:e5:dd:ce:4e:
         10:e5:35:9d:24:bf:20:6f:1a:9e:67:29:7d:3d:d6:74:64:d4:
         0c:2a:15:a4:4a:bd:66:c2:53:4e:f8:37:74:e8:d0:3d:9b:ca:
         8c:0a:bc:d8:2d:ca:58:e7:fc:9f:9c:74:ff:f5:ba:a0:fd:c7:
         39:04:30:29:23:ec:a8:68:76:dd:ec:fc:67:a0:1a:1f:82:f5:
         20:35:41:44:23:cc:62:dc:d6:02:a9:d0:3f:26:6d:d1:6e:7f:
         2e:0c:b6:0a:a2:aa:04:c9:2b:c3:1d:cf:43:f9:6c:f6:c0:32:
         3d:07:ea:ce
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgICCi4wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QUU5ODQxMTAvBgNVBAUTKDhBQkEzRTQ3RDUxQzVEMkM5RUYzNDNFNUFGNDExMDFF
NDNDNThBODgwHhcNMjMwMTA4MDkzNjQ4WhcNMjMwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02M2JhOGVhZi1jZDhlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAuQRRmHYoX+9TG9hY8vZVWgxjBBqmnRgwLWK86/VVXmtds0vsI8Sj1KZsdAt+
hdTo6ei9i4FpvAajEQwQjYTLG/AzUWt6ymog/K8be3pMLA2CVi7BdulzZR4c/K+r
CqkGqypPSyiaGgJLtJiUtwNj1bupwpZWiKnqqg5ZOQHj8L1CRVIyiVNNjx9uZ1U2
fgiLy/4L1A1mKH5NbMR5bxLy9ZopN/WS1JqOUY61nP0aECaODJfq8nIThYZ9u6eS
TrxY0q6/G7+DlLRVh2KlKNltfieLlC9FPSfLONQTmlTZE9VbVhwb7iFTwAB7q4h1
EIyriaNOcX4oPBmNQovyosYJFwIDAQABo4IClzCCApMwHQYDVR0OBBYEFDq7897n
Vm7AFbY7FaMcishLhmJ7MB8GA1UdIwQYMBaAFIq6PkfVHF0snvND5a9BEB5DxYqI
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBRTk4NC8yODc0NUU0QzE1
RUUxMUVBQTJEOUUwNkVDNEY5QUUwMi9pcm8tUjlVY1hTeWU4MFBscjBFUUhrUEZp
b2cuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2lyby1SOVVjWFN5ZTgwUGxyMEVRSGtQRmlvZy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QUU5ODQvMjg3NDVFNEMxNUVFMTFFQUEyRDlFMDZFQzRGOUFFMDIvRjg0RDJCQzQ4
RjM3MTFFREI3QjA1OTIwQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwIQYIKwYBBQUHAQcBAf8E
EjAQMA4EAgACMAgDBgAkBHvAAjANBgkqhkiG9w0BAQsFAAOCAQEAuKl6U/yMaqwU
76Vtsitc38ECQlRRT3xYWgVPyMcnv4rtwiY2NIBiNBiZhmTR2U32siiXyg/VL4E5
lufqK5bmxi1YHeRSjuFFSAwfQu9X/BP6n5DQ+ChMv0B0vnkhE1an0b5NEVdJ+BNs
6xtitAB0IOOJ9zlZkcbCTvooSWS734hEhG1uVNIfP1Ktievl3c5OEOU1nSS/IG8a
nmcpfT3WdGTUDCoVpEq9ZsJTTvg3dOjQPZvKjAq82C3KWOf8n5x0//W6oP3HOQQw
KSPsqGh23ez8Z6AaH4L1IDVBRCPMYtzWAqnQPyZt0W5/Lgy2CqKqBMkrwx3PQ/ls
9sAyPQfqzg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:37 2024 by rpki-client on console-fra.rpki-client.org