Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91B6587/417D71B4918611EDA84A124DC4F9AE02/AE4AF28EE4E811ED89F41C2FC4F9AE02.roa
File:                     AE4AF28EE4E811ED89F41C2FC4F9AE02.roa (raw, json)
Hash identifier:          bRxvG+fhO3QkL0/FGMopF+93+L/ymHGtBd2dU0CXZys=
Subject key identifier:   A5:F7:90:6A:9D:0C:17:22:2D:51:E1:E7:D7:0D:C2:1A:29:AB:4C:58
Certificate issuer:       /CN=A91B6587/serialNumber=2D634077CC847B59D4048D43E04B3309698FE638
Certificate serial:       6B
Authority key identifier: 2D:63:40:77:CC:84:7B:59:D4:04:8D:43:E0:4B:33:09:69:8F:E6:38
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/LWNAd8yEe1nUBI1D4EszCWmP5jg.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91B6587/417D71B4918611EDA84A124DC4F9AE02/AE4AF28EE4E811ED89F41C2FC4F9AE02.roa
Signing time:             Wed 03 May 2023 10:07:38 +0000
ROA not before:           Wed 03 May 2023 10:07:38 +0000
ROA not after:            Tue 31 Oct 2023 00:00:00 +0000
asID:                     133499
IP address blocks:        43.225.80.0/22 maxlen: 22
                          103.84.120.0/22 maxlen: 22
                          103.240.164.0/22 maxlen: 22
                          103.241.52.0/22 maxlen: 22
                          103.241.52.0/24 maxlen: 24
                          103.241.53.0/24 maxlen: 24
                          103.241.54.0/24 maxlen: 24
                          103.241.55.0/24 maxlen: 24
                          150.107.226.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 107 (0x6b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91B6587/serialNumber=2D634077CC847B59D4048D43E04B3309698FE638
        Validity
            Not Before: May  3 10:07:38 2023 GMT
            Not After : Oct 31 00:00:00 2023 GMT
        Subject: CN=6452326a-8a2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:ed:f8:6a:b1:f0:a0:fa:be:4f:63:a4:dc:02:
                    a5:ce:d8:04:d6:c8:f0:7f:6f:73:5e:3c:54:fd:dd:
                    a6:8b:b6:91:82:ac:3e:89:b1:0b:b6:c9:45:b4:ef:
                    93:a8:b1:41:ab:cc:38:fe:2a:3b:c4:db:1d:6b:ea:
                    f5:10:d9:7d:89:4e:4e:8c:e4:65:89:6e:49:00:5d:
                    70:e3:e2:28:c2:fb:6b:76:a2:7e:7d:84:c1:6c:b3:
                    7e:f0:a3:23:7b:60:b2:4f:df:17:0a:67:73:a7:98:
                    ab:14:67:cb:7b:41:94:c4:37:7c:9f:31:80:a3:80:
                    f0:5c:4a:ef:b9:3b:67:ab:5c:c3:16:b0:e1:42:e5:
                    cf:8b:ef:a6:d5:88:a1:09:5f:c1:bc:1d:b1:ec:df:
                    ec:57:49:15:2f:7c:74:5d:9b:d2:99:3c:25:c3:1b:
                    b7:e3:79:2f:7b:8e:8c:fa:ee:93:c7:0f:63:c3:5a:
                    cf:6c:98:f9:90:0f:42:94:d2:cc:11:7d:c7:f7:ee:
                    ef:2c:9d:1d:69:e0:1f:f2:a8:2c:f7:06:5e:96:f7:
                    33:9f:10:9b:80:d6:62:ff:71:d2:59:46:fa:3b:6f:
                    3c:a9:e1:2f:b4:26:bd:00:b1:4d:53:2a:51:fe:ab:
                    ea:dd:f5:86:74:d1:23:52:42:26:4f:bb:93:01:73:
                    b4:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:F7:90:6A:9D:0C:17:22:2D:51:E1:E7:D7:0D:C2:1A:29:AB:4C:58
            X509v3 Authority Key Identifier:
                keyid:2D:63:40:77:CC:84:7B:59:D4:04:8D:43:E0:4B:33:09:69:8F:E6:38

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91B6587/417D71B4918611EDA84A124DC4F9AE02/LWNAd8yEe1nUBI1D4EszCWmP5jg.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/LWNAd8yEe1nUBI1D4EszCWmP5jg.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B6587/417D71B4918611EDA84A124DC4F9AE02/AE4AF28EE4E811ED89F41C2FC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.225.80.0/22
                  103.84.120.0/22
                  103.240.164.0/22
                  103.241.52.0/22
                  150.107.226.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:fd:c1:bf:7f:e0:7a:e8:1d:0b:b9:83:9e:87:1c:a0:16:97:
         e4:74:bb:cc:06:26:f4:48:ce:70:3c:c8:4f:58:56:c6:c5:a0:
         af:22:9b:8f:59:91:d1:fd:4e:3b:b8:69:57:09:3f:11:af:b3:
         b9:8f:89:70:a8:bd:8c:ad:c1:17:7c:78:28:cb:65:a1:c0:6a:
         3f:b6:42:7c:1b:96:4f:15:91:f2:b9:43:c1:46:a2:1e:1c:bd:
         7a:f4:cb:ee:1f:f2:ec:db:a1:ca:86:da:c3:05:b7:5a:17:07:
         da:4b:1d:7e:a6:f1:54:7e:34:f4:51:2a:b8:df:09:ee:76:95:
         19:e7:d1:15:f4:d3:5c:fe:bd:8b:af:ba:da:4c:28:29:87:a5:
         7d:53:8c:98:57:7e:e9:5c:2b:8b:d6:08:95:c4:22:16:57:49:
         7d:5d:55:68:7a:6c:db:e9:b8:f3:61:ad:15:8d:de:4a:22:7c:
         ca:a6:79:d6:f1:39:5a:b2:87:07:b7:80:e8:ed:2e:20:db:13:
         d5:15:94:4c:de:d8:06:0f:3b:fb:aa:af:77:05:db:1d:eb:3a:
         10:38:67:44:e4:66:83:5e:dc:22:66:fc:4c:93:42:4a:9c:89:
         ad:3c:54:75:32:f7:12:84:4e:f8:c4:f8:1e:ee:2f:11:cd:73:
         a8:e0:f9:fd
-----BEGIN CERTIFICATE-----
MIIFiDCCBHCgAwIBAgIBazANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFC
NjU4NzExMC8GA1UEBRMoMkQ2MzQwNzdDQzg0N0I1OUQ0MDQ4RDQzRTA0QjMzMDk2
OThGRTYzODAeFw0yMzA1MDMxMDA3MzhaFw0yMzEwMzEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY0NTIzMjZhLThhMmMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDO7fhqsfCg+r5PY6TcAqXO2ATWyPB/b3NePFT93aaLtpGCrD6JsQu2yUW075Oo
sUGrzDj+KjvE2x1r6vUQ2X2JTk6M5GWJbkkAXXDj4ijC+2t2on59hMFss37woyN7
YLJP3xcKZ3OnmKsUZ8t7QZTEN3yfMYCjgPBcSu+5O2erXMMWsOFC5c+L76bViKEJ
X8G8HbHs3+xXSRUvfHRdm9KZPCXDG7fjeS97joz67pPHD2PDWs9smPmQD0KU0swR
fcf37u8snR1p4B/yqCz3Bl6W9zOfEJuA1mL/cdJZRvo7bzyp4S+0Jr0AsU1TKlH+
q+rd9YZ00SNSQiZPu5MBc7TFAgMBAAGjggKtMIICqTAdBgNVHQ4EFgQUpfeQap0M
FyItUeHn1w3CGimrTFgwHwYDVR0jBBgwFoAULWNAd8yEe1nUBI1D4EszCWmP5jgw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUI2NTg3LzQxN0Q3MUI0OTE4
NjExRURBODRBMTI0REM0RjlBRTAyL0xXTkFkOHlFZTFuVUJJMUQ0RXN6Q1dtUDVq
Zy5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvTFdOQWQ4eUVlMW5VQkkxRDRFc3pDV21QNWpnLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFC
NjU4Ny80MTdENzFCNDkxODYxMUVEQTg0QTEyNERDNEY5QUUwMi9BRTRBRjI4RUU0
RTgxMUVEODlGNDFDMkZDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDA3BggrBgEFBQcBBwEB/wQo
MCYwJAQCAAEwHgMEAivhUAMEAmdUeAMEAmfwpAMEAmfxNAMEAJZr4jANBgkqhkiG
9w0BAQsFAAOCAQEAPv3Bv3/geugdC7mDnoccoBaX5HS7zAYm9EjOcDzIT1hWxsWg
ryKbj1mR0f1OO7hpVwk/Ea+zuY+JcKi9jK3BF3x4KMtlocBqP7ZCfBuWTxWR8rlD
wUaiHhy9evTL7h/y7NuhyobawwW3WhcH2ksdfqbxVH409FEquN8J7naVGefRFfTT
XP69i6+62kwoKYelfVOMmFd+6Vwri9YIlcQiFldJfV1VaHps2+m482GtFY3eSiJ8
yqZ51vE5WrKHB7eA6O0uINsT1RWUTN7YBg87+6qvdwXbHes6EDhnRORmg17cImb8
TJNCSpyJrTxUdTL3EoRO+MT4Hu4vEc1zqOD5/Q==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:57 2024 by rpki-client on console-ams.rpki-client.org