Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91B6587/417D71B4918611EDA84A124DC4F9AE02/6FC779F4918911EDA3426975C4F9AE02.roa
File:                     6FC779F4918911EDA3426975C4F9AE02.roa (raw, json)
Hash identifier:          5YGew6lQDuw9ZGHxPODu4ozpCCauovjuD0fRPnNnCWU=
Subject key identifier:   93:D8:E3:CF:9A:B8:0B:5F:49:0E:63:4E:F9:57:A2:D8:43:4D:2E:8D
Certificate issuer:       /CN=A91B6587/serialNumber=2D634077CC847B59D4048D43E04B3309698FE638
Certificate serial:       06
Authority key identifier: 2D:63:40:77:CC:84:7B:59:D4:04:8D:43:E0:4B:33:09:69:8F:E6:38
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/LWNAd8yEe1nUBI1D4EszCWmP5jg.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91B6587/417D71B4918611EDA84A124DC4F9AE02/6FC779F4918911EDA3426975C4F9AE02.roa
Signing time:             Wed 11 Jan 2023 11:05:18 +0000
ROA not before:           Wed 11 Jan 2023 11:05:18 +0000
ROA not after:            Tue 31 Oct 2023 00:00:00 +0000
asID:                     203020
IP address blocks:        45.252.189.0/24 maxlen: 24
                          103.221.233.0/24 maxlen: 24
                          103.241.52.0/22 maxlen: 22
                          160.20.8.0/22 maxlen: 22
                          202.94.174.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 6 (0x6)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91B6587/serialNumber=2D634077CC847B59D4048D43E04B3309698FE638
        Validity
            Not Before: Jan 11 11:05:18 2023 GMT
            Not After : Oct 31 00:00:00 2023 GMT
        Subject: CN=63be97ee-90d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:b4:fa:35:5c:ae:08:db:da:54:0f:fa:af:f9:
                    d8:e0:01:d7:2f:24:92:59:0b:8d:73:52:cd:be:8e:
                    c7:e1:71:72:18:66:f0:38:35:b4:7c:3a:71:1d:fd:
                    0e:74:22:46:65:49:1b:19:c7:80:be:20:b0:92:af:
                    88:11:54:ff:19:37:75:3f:89:28:c7:97:cd:a0:53:
                    5d:be:51:62:2b:4d:b6:f4:8d:25:b7:09:08:14:f3:
                    0a:9b:d2:1f:56:f1:ef:f1:66:df:2b:98:8c:6d:cf:
                    ee:6c:fd:3e:30:82:dc:2f:60:96:e8:52:5c:f5:3c:
                    de:f0:5a:45:ea:60:bb:4e:28:b2:6f:70:20:c7:9c:
                    e5:10:bf:53:b6:15:a6:70:62:65:7d:c1:54:9c:5a:
                    1b:fb:9f:63:54:a3:07:f7:bf:81:70:ad:f5:bf:89:
                    3f:8d:3f:6a:05:c2:fc:19:57:c5:53:d0:da:74:c5:
                    89:89:0a:51:a1:5b:1f:6a:d2:36:cb:08:8c:a2:0a:
                    b7:ea:01:05:98:94:18:73:4d:ea:98:38:56:43:8c:
                    6e:fd:6e:23:75:15:8a:1e:9f:cc:03:bc:29:aa:1a:
                    c2:ef:ee:a0:9d:40:ab:12:89:b0:f1:1e:6b:cd:f3:
                    d2:32:bd:39:5b:23:a9:bb:ed:f5:4b:5d:6c:ce:3e:
                    92:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:D8:E3:CF:9A:B8:0B:5F:49:0E:63:4E:F9:57:A2:D8:43:4D:2E:8D
            X509v3 Authority Key Identifier:
                keyid:2D:63:40:77:CC:84:7B:59:D4:04:8D:43:E0:4B:33:09:69:8F:E6:38

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91B6587/417D71B4918611EDA84A124DC4F9AE02/LWNAd8yEe1nUBI1D4EszCWmP5jg.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/LWNAd8yEe1nUBI1D4EszCWmP5jg.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B6587/417D71B4918611EDA84A124DC4F9AE02/6FC779F4918911EDA3426975C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.252.189.0/24
                  103.221.233.0/24
                  103.241.52.0/22
                  160.20.8.0/22
                  202.94.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3f:5a:c5:ee:d6:10:49:49:59:38:97:4f:cb:5e:84:f3:23:b6:
         2e:b2:64:68:ab:3b:17:f3:35:1a:44:30:54:86:41:5c:78:cd:
         76:5f:44:f8:52:11:2a:9c:ea:71:90:dc:a5:de:9b:fa:81:cf:
         8a:14:83:02:99:6c:d0:57:6d:30:41:72:0a:52:ac:e5:0b:d9:
         2e:0b:00:2a:0a:eb:a8:d2:08:29:9e:d9:1b:d3:f5:f5:39:1d:
         fd:1f:35:aa:2c:39:a8:fe:6b:83:8f:d0:02:b5:33:51:14:04:
         9b:9b:a2:d9:95:1e:f2:76:6d:98:19:53:94:c2:9b:53:31:16:
         a7:75:c6:d2:21:18:a7:5d:26:1b:0f:06:cc:a1:25:d5:f1:59:
         3e:b9:4a:b2:b3:27:fd:9d:4f:69:16:f8:94:41:23:a3:5e:b2:
         54:dc:3f:0a:98:b5:b5:b7:44:01:db:79:c6:33:cb:23:63:18:
         d0:0a:4c:23:71:17:a0:64:7f:db:84:ed:3c:7d:eb:a4:4d:04:
         ab:85:54:55:34:e8:2f:f8:21:70:b4:b0:81:63:1f:84:40:ea:
         be:80:75:16:ce:64:0e:38:9f:18:42:48:30:e7:d8:eb:e7:3c:
         16:e9:ff:7d:22:2c:61:d2:f0:d9:73:a2:ea:f0:bc:b5:a4:c6:
         fa:94:79:6f
-----BEGIN CERTIFICATE-----
MIIFiDCCBHCgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFC
NjU4NzExMC8GA1UEBRMoMkQ2MzQwNzdDQzg0N0I1OUQ0MDQ4RDQzRTA0QjMzMDk2
OThGRTYzODAeFw0yMzAxMTExMTA1MThaFw0yMzEwMzEwMDAwMDBaMBgxFjAUBgNV
BAMTDTYzYmU5N2VlLTkwZDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCrtPo1XK4I29pUD/qv+djgAdcvJJJZC41zUs2+jsfhcXIYZvA4NbR8OnEd/Q50
IkZlSRsZx4C+ILCSr4gRVP8ZN3U/iSjHl82gU12+UWIrTbb0jSW3CQgU8wqb0h9W
8e/xZt8rmIxtz+5s/T4wgtwvYJboUlz1PN7wWkXqYLtOKLJvcCDHnOUQv1O2FaZw
YmV9wVScWhv7n2NUowf3v4FwrfW/iT+NP2oFwvwZV8VT0Np0xYmJClGhWx9q0jbL
CIyiCrfqAQWYlBhzTeqYOFZDjG79biN1FYoen8wDvCmqGsLv7qCdQKsSibDxHmvN
89IyvTlbI6m77fVLXWzOPpLZAgMBAAGjggKtMIICqTAdBgNVHQ4EFgQUk9jjz5q4
C19JDmNO+Vei2ENNLo0wHwYDVR0jBBgwFoAULWNAd8yEe1nUBI1D4EszCWmP5jgw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUI2NTg3LzQxN0Q3MUI0OTE4
NjExRURBODRBMTI0REM0RjlBRTAyL0xXTkFkOHlFZTFuVUJJMUQ0RXN6Q1dtUDVq
Zy5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvTFdOQWQ4eUVlMW5VQkkxRDRFc3pDV21QNWpnLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFC
NjU4Ny80MTdENzFCNDkxODYxMUVEQTg0QTEyNERDNEY5QUUwMi82RkM3NzlGNDkx
ODkxMUVEQTM0MjY5NzVDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDA3BggrBgEFBQcBBwEB/wQo
MCYwJAQCAAEwHgMEAC38vQMEAGfd6QMEAmfxNAMEAqAUCAMEAMperjANBgkqhkiG
9w0BAQsFAAOCAQEAP1rF7tYQSUlZOJdPy16E8yO2LrJkaKs7F/M1GkQwVIZBXHjN
dl9E+FIRKpzqcZDcpd6b+oHPihSDApls0FdtMEFyClKs5QvZLgsAKgrrqNIIKZ7Z
G9P19Tkd/R81qiw5qP5rg4/QArUzURQEm5ui2ZUe8nZtmBlTlMKbUzEWp3XG0iEY
p10mGw8GzKEl1fFZPrlKsrMn/Z1PaRb4lEEjo16yVNw/Cpi1tbdEAdt5xjPLI2MY
0ApMI3EXoGR/24TtPH3rpE0Eq4VUVTToL/ghcLSwgWMfhEDqvoB1Fs5kDjifGEJI
MOfY6+c8Fun/fSIsYdLw2XOi6vC8taTG+pR5bw==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:57 2024 by rpki-client on console-ams.rpki-client.org