Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91B3D30/E3DF469C416811EAAE8A7750C4F9AE02/1358F7D6419811EAA268D964C4F9AE02.roa
File:                     1358F7D6419811EAA268D964C4F9AE02.roa (raw, json)
Hash identifier:          anu+ARaa/lbCsJvr8RP0ruCGA9lHvLiQyb6N9UihGGw=
Subject key identifier:   FF:24:48:7A:AD:98:CB:26:B0:60:D9:19:67:84:10:43:02:2A:EE:2D
Certificate issuer:       /CN=A91B3D30/serialNumber=01EE089DD4867B2CB276582AA97B318F509EA6EE
Certificate serial:       094A
Authority key identifier: 01:EE:08:9D:D4:86:7B:2C:B2:76:58:2A:A9:7B:31:8F:50:9E:A6:EE
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Ae4IndSGeyyydlgqqXsxj1Cepu4.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91B3D30/E3DF469C416811EAAE8A7750C4F9AE02/1358F7D6419811EAA268D964C4F9AE02.roa
Signing time:             Fri 02 Dec 2022 21:07:33 +0000
ROA not before:           Fri 02 Dec 2022 21:07:33 +0000
ROA not after:            Fri 01 Mar 2024 00:00:00 +0000
asID:                     9311
IP address blocks:        43.239.105.0/24 maxlen: 24
                          43.239.107.0/24 maxlen: 24
                          45.124.204.0/24 maxlen: 24
                          45.124.206.0/24 maxlen: 24
                          103.244.221.0/24 maxlen: 24
                          103.244.223.0/24 maxlen: 24
                          103.249.184.0/24 maxlen: 24
                          103.249.186.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2378 (0x94a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91B3D30/serialNumber=01EE089DD4867B2CB276582AA97B318F509EA6EE
        Validity
            Not Before: Dec  2 21:07:33 2022 GMT
            Not After : Mar  1 00:00:00 2024 GMT
        Subject: CN=638a6915-cfe0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:ee:38:37:56:09:3a:f1:e7:84:79:e3:c8:1c:
                    de:66:55:18:96:f9:3b:ca:8e:06:af:0b:d1:97:95:
                    18:5a:36:98:b8:8d:a1:28:0f:f4:f9:d6:fd:84:1b:
                    f1:bb:3e:62:42:5e:f6:3b:ed:ab:9c:b1:c9:02:a2:
                    f3:a5:a4:e3:1f:a7:88:21:ac:93:a2:ab:18:d3:24:
                    57:b4:e5:70:85:66:57:7f:ed:68:24:35:56:b4:39:
                    11:99:d6:ef:eb:21:ab:dd:c2:43:62:40:e4:c2:16:
                    4e:7f:77:60:e8:1e:ac:a6:e9:52:8c:cc:8a:98:21:
                    7e:cc:9f:46:18:b7:26:cd:4b:20:7c:2f:7f:a4:fe:
                    49:8c:81:ed:93:2a:c7:fa:aa:96:94:4e:9f:f0:54:
                    1e:90:15:2b:34:8d:df:f1:6d:db:43:81:a6:11:70:
                    28:72:21:60:6a:07:69:a0:9b:b2:e0:1c:ab:62:42:
                    df:05:27:5e:22:10:10:ba:ef:c2:0f:ba:7b:48:4b:
                    2a:5a:a9:f9:41:7f:39:ae:e1:87:28:b2:e1:05:7a:
                    85:4d:5a:ec:d1:b4:d1:16:96:66:bd:16:0c:51:8c:
                    54:92:99:83:1d:a5:0a:40:09:fc:6f:a6:d0:b1:94:
                    9c:50:be:1f:2e:85:6e:c2:6d:a9:0d:e5:2a:3f:fa:
                    a1:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FF:24:48:7A:AD:98:CB:26:B0:60:D9:19:67:84:10:43:02:2A:EE:2D
            X509v3 Authority Key Identifier:
                keyid:01:EE:08:9D:D4:86:7B:2C:B2:76:58:2A:A9:7B:31:8F:50:9E:A6:EE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91B3D30/E3DF469C416811EAAE8A7750C4F9AE02/Ae4IndSGeyyydlgqqXsxj1Cepu4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Ae4IndSGeyyydlgqqXsxj1Cepu4.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B3D30/E3DF469C416811EAAE8A7750C4F9AE02/1358F7D6419811EAA268D964C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.239.105.0/24
                  43.239.107.0/24
                  45.124.204.0/24
                  45.124.206.0/24
                  103.244.221.0/24
                  103.244.223.0/24
                  103.249.184.0/24
                  103.249.186.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:39:42:2a:58:10:1e:8c:ca:1c:91:b6:df:cc:44:b9:6f:62:
         c4:65:76:db:6e:63:15:10:fa:60:bc:ff:41:de:b4:d0:21:f7:
         61:26:40:01:69:cb:ba:0c:14:fd:b5:af:3d:1c:bf:90:6f:cd:
         8c:55:dc:13:a1:35:91:c0:53:aa:01:06:65:92:e5:c1:54:5d:
         2c:bd:a6:2a:80:e0:7b:db:5b:67:02:93:f7:1b:d1:81:f0:21:
         fd:fa:07:93:21:8c:8b:65:b9:7e:13:0a:f6:10:a3:2a:4f:72:
         8b:7d:fd:0d:95:14:e1:f8:67:97:2f:6e:cc:3e:39:f4:9c:84:
         7e:0f:f4:68:c6:e2:63:68:88:08:ee:00:9b:80:9e:45:8e:f1:
         c9:22:9c:2e:1a:0a:4a:b7:10:82:9a:63:43:fa:2d:23:1a:85:
         2b:02:74:64:b2:66:75:42:0a:b9:cd:f8:a0:eb:3b:0f:c7:51:
         42:1e:55:25:cc:9d:31:c2:ae:0e:92:03:96:61:4d:82:bc:1f:
         29:47:18:f8:86:87:72:e9:83:60:18:3b:67:9b:12:9c:7c:d0:
         3e:0a:69:b7:d7:d4:04:9b:b1:63:f0:76:28:76:ca:bc:c4:f4:
         53:5c:a8:1f:d8:f4:44:b7:0e:04:ba:6f:4b:73:30:df:2b:c8:
         4b:e5:25:a7
-----BEGIN CERTIFICATE-----
MIIFmzCCBIOgAwIBAgICCUowDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QjNEMzAxMTAvBgNVBAUTKDAxRUUwODlERDQ4NjdCMkNCMjc2NTgyQUE5N0IzMThG
NTA5RUE2RUUwHhcNMjIxMjAyMjEwNzMzWhcNMjQwMzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MzhhNjkxNS1jZmUwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAu+44N1YJOvHnhHnjyBzeZlUYlvk7yo4GrwvRl5UYWjaYuI2hKA/0+db9hBvx
uz5iQl72O+2rnLHJAqLzpaTjH6eIIayToqsY0yRXtOVwhWZXf+1oJDVWtDkRmdbv
6yGr3cJDYkDkwhZOf3dg6B6spulSjMyKmCF+zJ9GGLcmzUsgfC9/pP5JjIHtkyrH
+qqWlE6f8FQekBUrNI3f8W3bQ4GmEXAociFgagdpoJuy4ByrYkLfBSdeIhAQuu/C
D7p7SEsqWqn5QX85ruGHKLLhBXqFTVrs0bTRFpZmvRYMUYxUkpmDHaUKQAn8b6bQ
sZScUL4fLoVuwm2pDeUqP/qhnQIDAQABo4ICvzCCArswHQYDVR0OBBYEFP8kSHqt
mMsmsGDZGWeEEEMCKu4tMB8GA1UdIwQYMBaAFAHuCJ3UhnsssnZYKql7MY9Qnqbu
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCM0QzMC9FM0RGNDY5QzQx
NjgxMUVBQUU4QTc3NTBDNEY5QUUwMi9BZTRJbmRTR2V5eXlkbGdxcVhzeGoxQ2Vw
dTQuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0FlNEluZFNHZXl5eWRsZ3FxWHN4ajFDZXB1NC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QjNEMzAvRTNERjQ2OUM0MTY4MTFFQUFFOEE3NzUwQzRGOUFFMDIvMTM1OEY3RDY0
MTk4MTFFQUEyNjhEOTY0QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwSQYIKwYBBQUHAQcBAf8E
OjA4MDYEAgABMDADBAAr72kDBAAr72sDBAAtfMwDBAAtfM4DBABn9N0DBABn9N8D
BABn+bgDBABn+bowDQYJKoZIhvcNAQELBQADggEBAIk5QipYEB6MyhyRtt/MRLlv
YsRldttuYxUQ+mC8/0HetNAh92EmQAFpy7oMFP21rz0cv5BvzYxV3BOhNZHAU6oB
BmWS5cFUXSy9piqA4HvbW2cCk/cb0YHwIf36B5MhjItluX4TCvYQoypPcot9/Q2V
FOH4Z5cvbsw+OfSchH4P9GjG4mNoiAjuAJuAnkWO8ckinC4aCkq3EIKaY0P6LSMa
hSsCdGSyZnVCCrnN+KDrOw/HUUIeVSXMnTHCrg6SA5ZhTYK8HylHGPiGh3Lpg2AY
O2ebEpx80D4KabfX1ASbsWPwdih2yrzE9FNcqB/Y9ES3DgS6b0tzMN8ryEvlJac=
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:38 2024 by rpki-client on console-fra.rpki-client.org