Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91B31CE/6B05607A7CCD11EBAEC6A974C4F9AE02/B504C6887CCE11EB952D2E75C4F9AE02.roa
File:                     B504C6887CCE11EB952D2E75C4F9AE02.roa (raw, json)
Hash identifier:          BXeM2L6ewGxxa+4p4vjjuEmhqtzoi1ARq/m/5+t3ky8=
Subject key identifier:   58:3F:EC:D0:A5:2B:DA:74:1E:55:F9:6F:69:C4:63:5B:0D:21:04:7B
Certificate issuer:       /CN=A91B31CE/serialNumber=4B47C9C64D3C23217A15DDAB8747C39DC30184F2
Certificate serial:       055A
Authority key identifier: 4B:47:C9:C6:4D:3C:23:21:7A:15:DD:AB:87:47:C3:9D:C3:01:84:F2
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/S0fJxk08IyF6Fd2rh0fDncMBhPI.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91B31CE/6B05607A7CCD11EBAEC6A974C4F9AE02/B504C6887CCE11EB952D2E75C4F9AE02.roa
Signing time:             Mon 06 Nov 2023 11:17:49 +0000
ROA not before:           Mon 06 Nov 2023 11:17:49 +0000
ROA not after:            Wed 29 May 2024 00:00:00 +0000
asID:                     0
IP address blocks:        103.162.254.0/24 maxlen: 24
                          103.248.201.128/26 maxlen: 26
                          103.248.201.192/26 maxlen: 26
                          2001:df3:1540::/48 maxlen: 48
                          2001:df6:480::/48 maxlen: 48
                          2001:df6:481::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1370 (0x55a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91B31CE/serialNumber=4B47C9C64D3C23217A15DDAB8747C39DC30184F2
        Validity
            Not Before: Nov  6 11:17:49 2023 GMT
            Not After : May 29 00:00:00 2024 GMT
        Subject: CN=6548cb5c-4af4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:74:4d:b4:e9:93:a4:42:ef:4a:92:33:32:c5:
                    39:da:6b:e3:c3:96:7c:ee:95:4c:6b:eb:b5:95:37:
                    1f:6a:38:1f:ed:41:ea:f5:5c:c9:f2:be:98:b3:36:
                    69:74:06:82:4a:57:cd:c9:3a:f3:32:09:49:87:50:
                    71:ba:39:fd:59:0d:cb:df:20:70:04:ec:1b:0e:5d:
                    0e:da:dc:7d:7f:4a:31:45:e2:2c:9a:5f:82:19:96:
                    ab:72:6f:51:ab:cf:ed:ad:3c:a6:0a:f6:7b:88:83:
                    d8:a3:d1:fc:33:6d:a2:bc:13:41:51:96:f6:37:17:
                    45:da:2e:a4:25:75:7a:d3:3a:9f:27:b4:74:36:8f:
                    dd:80:fc:d4:12:4d:06:40:3f:c9:99:5c:30:47:58:
                    01:5f:b7:15:7d:94:ca:38:a1:59:bc:44:0e:1e:8f:
                    29:c2:a3:ee:06:9c:d3:43:85:0c:4e:36:a1:03:2b:
                    cf:8a:8d:a7:3a:e5:39:4e:ed:a2:24:4a:bb:19:21:
                    8f:89:f4:d0:3a:9f:5f:2a:6d:87:8a:a0:5c:df:f5:
                    14:be:72:3a:51:bb:63:67:ec:e0:1a:71:57:1c:74:
                    10:27:88:98:49:de:83:60:05:de:d8:9d:a3:c9:95:
                    7f:92:c5:ae:09:18:70:e6:93:07:aa:90:58:99:d0:
                    63:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                58:3F:EC:D0:A5:2B:DA:74:1E:55:F9:6F:69:C4:63:5B:0D:21:04:7B
            X509v3 Authority Key Identifier:
                keyid:4B:47:C9:C6:4D:3C:23:21:7A:15:DD:AB:87:47:C3:9D:C3:01:84:F2

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91B31CE/6B05607A7CCD11EBAEC6A974C4F9AE02/S0fJxk08IyF6Fd2rh0fDncMBhPI.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/S0fJxk08IyF6Fd2rh0fDncMBhPI.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B31CE/6B05607A7CCD11EBAEC6A974C4F9AE02/B504C6887CCE11EB952D2E75C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.162.254.0/24
                  103.248.201.128/25
                IPv6:
                  2001:df3:1540::/48
                  2001:df6:480::/47

    Signature Algorithm: sha256WithRSAEncryption
         1c:e8:15:47:9b:df:07:d6:e8:19:20:59:d5:5e:bd:af:b6:97:
         f2:35:64:a3:d5:36:33:39:07:68:d7:2a:04:05:5f:ab:2e:45:
         b9:82:da:a9:97:46:0d:a7:c1:90:34:2a:f8:50:e8:0f:14:9c:
         99:cf:65:a6:11:13:a2:81:8c:bb:80:fb:97:c6:97:1c:3d:78:
         cc:3a:e3:5b:59:9b:07:55:f9:d6:f9:ea:eb:20:eb:f9:32:2b:
         ef:77:77:8e:e2:e5:f9:37:0b:67:65:7e:c5:60:23:1d:a9:d6:
         8d:57:ef:56:b6:29:ba:41:fb:f5:3b:b6:e4:8e:c6:59:a4:ed:
         1c:69:a5:49:19:01:32:62:52:ad:cd:53:54:95:fd:a7:3b:88:
         1b:c6:ad:6e:29:45:3b:03:9e:f4:98:cb:5d:d4:09:8b:a0:e7:
         b5:9c:af:2f:dc:1d:f0:d5:70:16:48:4f:7d:c6:f5:4a:75:13:
         f1:0b:16:16:a2:9a:1d:92:ed:e9:ce:d9:63:49:2f:44:ad:9b:
         5e:4b:af:75:3f:4d:11:60:26:d2:20:c1:f2:47:b9:1b:25:f9:
         84:27:e6:9e:47:04:a0:24:60:40:53:4a:e2:76:2d:2b:6e:af:
         d1:31:f8:ca:22:3d:d7:5f:6c:a7:2a:1a:a4:2c:e5:b8:96:c6:
         4b:52:52:e7
-----BEGIN CERTIFICATE-----
MIIFkjCCBHqgAwIBAgICBVowDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QjMxQ0UxMTAvBgNVBAUTKDRCNDdDOUM2NEQzQzIzMjE3QTE1RERBQjg3NDdDMzlE
QzMwMTg0RjIwHhcNMjMxMTA2MTExNzQ5WhcNMjQwNTI5MDAwMDAwWjAYMRYwFAYD
VQQDEw02NTQ4Y2I1Yy00YWY0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEArXRNtOmTpELvSpIzMsU52mvjw5Z87pVMa+u1lTcfajgf7UHq9VzJ8r6YszZp
dAaCSlfNyTrzMglJh1Bxujn9WQ3L3yBwBOwbDl0O2tx9f0oxReIsml+CGZarcm9R
q8/trTymCvZ7iIPYo9H8M22ivBNBUZb2NxdF2i6kJXV60zqfJ7R0No/dgPzUEk0G
QD/JmVwwR1gBX7cVfZTKOKFZvEQOHo8pwqPuBpzTQ4UMTjahAyvPio2nOuU5Tu2i
JEq7GSGPifTQOp9fKm2HiqBc3/UUvnI6UbtjZ+zgGnFXHHQQJ4iYSd6DYAXe2J2j
yZV/ksWuCRhw5pMHqpBYmdBjTQIDAQABo4ICtjCCArIwHQYDVR0OBBYEFFg/7NCl
K9p0HlX5b2nEY1sNIQR7MB8GA1UdIwQYMBaAFEtHycZNPCMhehXdq4dHw53DAYTy
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCMzFDRS82QjA1NjA3QTdD
Q0QxMUVCQUVDNkE5NzRDNEY5QUUwMi9TMGZKeGswOEl5RjZGZDJyaDBmRG5jTUJo
UEkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1MwZkp4azA4SXlGNkZkMnJoMGZEbmNNQmhQSS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QjMxQ0UvNkIwNTYwN0E3Q0NEMTFFQkFFQzZBOTc0QzRGOUFFMDIvQjUwNEM2ODg3
Q0NFMTFFQjk1MkQyRTc1QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwQAYIKwYBBQUHAQcBAf8E
MTAvMBMEAgABMA0DBABnov4DBQdn+MmAMBgEAgACMBIDBwAgAQ3zFUADBwEgAQ32
BIAwDQYJKoZIhvcNAQELBQADggEBABzoFUeb3wfW6BkgWdVeva+2l/I1ZKPVNjM5
B2jXKgQFX6suRbmC2qmXRg2nwZA0KvhQ6A8UnJnPZaYRE6KBjLuA+5fGlxw9eMw6
41tZmwdV+db56usg6/kyK+93d47i5fk3C2dlfsVgIx2p1o1X71a2KbpB+/U7tuSO
xlmk7RxppUkZATJiUq3NU1SV/ac7iBvGrW4pRTsDnvSYy13UCYug57Wcry/cHfDV
cBZIT33G9Up1E/ELFhaimh2S7enO2WNJL0Stm15Lr3U/TRFgJtIgwfJHuRsl+YQn
5p5HBKAkYEBTSuJ2LStur9Ex+MoiPddfbKcqGqQs5biWxktSUuc=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:56 2024 by rpki-client on console-ams.rpki-client.org