Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91B25F2/EF90CD4E03B011EA85F02934C4F9AE02/61BF1B50894011EEA9CB2284C4F9AE02.roa
File:                     61BF1B50894011EEA9CB2284C4F9AE02.roa (raw, json)
Hash identifier:          HdczIV3EUE3mE39xu2CzgvaC2NwebQmrfjVNrPDNlwM=
Subject key identifier:   AE:F6:4A:B5:28:4F:46:98:75:5C:58:80:40:63:9B:3A:70:94:A8:93
Certificate issuer:       /CN=A91B25F2/serialNumber=B6C87BB58728F76F6F90A09DFD6BAA1AD4E73BCA
Certificate serial:       0B37
Authority key identifier: B6:C8:7B:B5:87:28:F7:6F:6F:90:A0:9D:FD:6B:AA:1A:D4:E7:3B:CA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/tsh7tYco929vkKCd_WuqGtTnO8o.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91B25F2/EF90CD4E03B011EA85F02934C4F9AE02/61BF1B50894011EEA9CB2284C4F9AE02.roa
Signing time:             Wed 22 Nov 2023 14:06:51 +0000
ROA not before:           Wed 22 Nov 2023 14:06:51 +0000
ROA not after:            Fri 01 Mar 2024 00:00:00 +0000
asID:                     136765
IP address blocks:        43.230.211.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2871 (0xb37)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91B25F2/serialNumber=B6C87BB58728F76F6F90A09DFD6BAA1AD4E73BCA
        Validity
            Not Before: Nov 22 14:06:51 2023 GMT
            Not After : Mar  1 00:00:00 2024 GMT
        Subject: CN=655e0afa-3509
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:82:9b:eb:5e:50:d7:a8:84:50:f8:6f:34:8c:
                    6c:42:a6:cf:e4:5b:f6:9f:13:e8:4b:e7:07:96:0f:
                    54:21:43:6c:4d:5e:d7:c2:a7:3c:2a:55:da:97:0c:
                    43:80:65:c5:13:de:b2:36:53:09:56:ee:aa:4e:1a:
                    cc:2f:f2:57:ac:79:0b:9b:6b:eb:97:c2:9f:d9:59:
                    a8:95:8f:07:55:ec:a2:2e:42:bf:f2:22:bc:d1:f1:
                    8e:77:50:43:b0:e3:7c:d9:8f:89:dd:04:67:a2:b3:
                    6d:ca:c3:d4:b3:9b:7f:d0:00:cc:a5:19:a0:ce:cd:
                    6d:60:d7:6d:cf:e8:69:ce:60:b6:a8:bb:e8:a6:86:
                    fa:8e:12:db:4b:20:ae:93:08:cb:a5:36:4c:f3:6e:
                    98:e6:27:cc:67:9b:53:1d:3f:4f:a8:26:94:8c:a1:
                    db:53:64:b8:6c:c2:24:40:0d:fe:e6:06:71:a9:a6:
                    53:f3:c9:2a:6c:d0:eb:7e:c7:1b:bb:a1:d9:f0:ba:
                    ed:f1:6c:dc:3a:b2:81:2c:21:a3:c5:9b:37:40:8d:
                    60:25:71:ea:f6:7b:bd:4d:d5:fa:01:ce:bd:cc:87:
                    bf:d7:03:0c:14:6d:1c:44:5c:7a:c9:bd:3a:56:a8:
                    58:96:ca:82:91:73:75:8a:92:91:07:f7:5f:ea:dc:
                    43:87
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AE:F6:4A:B5:28:4F:46:98:75:5C:58:80:40:63:9B:3A:70:94:A8:93
            X509v3 Authority Key Identifier:
                keyid:B6:C8:7B:B5:87:28:F7:6F:6F:90:A0:9D:FD:6B:AA:1A:D4:E7:3B:CA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91B25F2/EF90CD4E03B011EA85F02934C4F9AE02/tsh7tYco929vkKCd_WuqGtTnO8o.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/tsh7tYco929vkKCd_WuqGtTnO8o.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B25F2/EF90CD4E03B011EA85F02934C4F9AE02/61BF1B50894011EEA9CB2284C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.230.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9d:9c:2e:44:1f:76:a2:ee:0c:ab:0f:0e:7e:58:91:5d:e6:2f:
         46:c1:4d:43:39:7f:62:33:e7:72:a2:0b:82:5b:53:c6:81:15:
         91:4b:57:2f:e2:17:0d:5b:97:76:22:fd:bd:d2:89:98:f0:ba:
         b0:b6:f3:4c:59:aa:e7:cd:39:d3:cd:3f:b0:d1:cc:6d:94:e2:
         9e:53:a0:1b:fe:17:be:07:23:2c:03:fc:22:b2:51:3f:e0:7b:
         23:7f:1f:5f:40:8a:96:5c:7a:a3:56:4d:bf:c0:7f:09:1c:bb:
         d0:fd:1e:56:05:6f:d6:e5:ca:8c:7f:1a:fb:1e:1c:8c:37:e5:
         f1:27:3f:ee:4e:19:ee:31:90:28:f5:71:0c:1c:8c:7d:b8:3b:
         08:ea:40:bf:70:f0:27:ea:65:aa:14:cf:95:a8:a4:c0:ca:a0:
         07:f3:8e:68:53:91:2c:f8:71:24:ba:5b:4b:f7:70:3c:64:fe:
         b4:b1:dc:66:ba:0c:5a:70:b4:bd:dd:9e:d0:a9:0f:a1:55:82:
         a3:0b:56:19:2e:7c:e6:f5:a4:87:6b:32:51:75:d0:46:a0:62:
         b0:b5:32:2a:0e:c6:ab:6c:e6:42:5a:5f:74:8b:6f:19:41:9a:
         99:9f:65:e7:37:eb:95:c7:71:d2:32:d4:ab:da:5a:5f:ee:65:
         c7:02:ab:9b
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICCzcwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QjI1RjIxMTAvBgNVBAUTKEI2Qzg3QkI1ODcyOEY3NkY2RjkwQTA5REZENkJBQTFB
RDRFNzNCQ0EwHhcNMjMxMTIyMTQwNjUxWhcNMjQwMzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTVlMGFmYS0zNTA5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAzIKb615Q16iEUPhvNIxsQqbP5Fv2nxPoS+cHlg9UIUNsTV7Xwqc8KlXalwxD
gGXFE96yNlMJVu6qThrML/JXrHkLm2vrl8Kf2VmolY8HVeyiLkK/8iK80fGOd1BD
sON82Y+J3QRnorNtysPUs5t/0ADMpRmgzs1tYNdtz+hpzmC2qLvopob6jhLbSyCu
kwjLpTZM826Y5ifMZ5tTHT9PqCaUjKHbU2S4bMIkQA3+5gZxqaZT88kqbNDrfscb
u6HZ8Lrt8WzcOrKBLCGjxZs3QI1gJXHq9nu9TdX6Ac69zIe/1wMMFG0cRFx6yb06
VqhYlsqCkXN1ipKRB/df6txDhwIDAQABo4IClTCCApEwHQYDVR0OBBYEFK72SrUo
T0aYdVxYgEBjmzpwlKiTMB8GA1UdIwQYMBaAFLbIe7WHKPdvb5Cgnf1rqhrU5zvK
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCMjVGMi9FRjkwQ0Q0RTAz
QjAxMUVBODVGMDI5MzRDNEY5QUUwMi90c2g3dFljbzkyOXZrS0NkX1d1cUd0VG5P
OG8uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3RzaDd0WWNvOTI5dmtLQ2RfV3VxR3RUbk84by5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QjI1RjIvRUY5MENENEUwM0IwMTFFQTg1RjAyOTM0QzRGOUFFMDIvNjFCRjFCNTA4
OTQwMTFFRUE5Q0IyMjg0QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAAr5tMwDQYJKoZIhvcNAQELBQADggEBAJ2cLkQfdqLuDKsP
Dn5YkV3mL0bBTUM5f2Iz53KiC4JbU8aBFZFLVy/iFw1bl3Yi/b3SiZjwurC280xZ
qufNOdPNP7DRzG2U4p5ToBv+F74HIywD/CKyUT/geyN/H19AipZceqNWTb/Afwkc
u9D9HlYFb9blyox/GvseHIw35fEnP+5OGe4xkCj1cQwcjH24OwjqQL9w8CfqZaoU
z5WopMDKoAfzjmhTkSz4cSS6W0v3cDxk/rSx3Ga6DFpwtL3dntCpD6FVgqMLVhku
fOb1pIdrMlF10EagYrC1MioOxqts5kJaX3SLbxlBmpmfZec365XHcdIy1KvaWl/u
ZccCq5s=
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:38 2024 by rpki-client on console-fra.rpki-client.org