Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91B6EB1/4C5F720831F311EAA0A96876C4F9AE02/9D2775C6AE5D11EC8AB63973C4F9AE02.roa
File:                     9D2775C6AE5D11EC8AB63973C4F9AE02.roa (raw, json)
Hash identifier:          n27Y1AoLfevlKT4ANliR55Kpz1k1l3otnVdcs5sco4Q=
Subject key identifier:   45:6A:D1:1A:E0:EB:2D:C1:DA:2D:E5:89:F6:97:17:CB:88:2C:41:C9
Certificate issuer:       /CN=A91B6EB1/serialNumber=C28879FEC10CE929C1CF2E5B97886F1D7EA17C5A
Certificate serial:       0804
Authority key identifier: C2:88:79:FE:C1:0C:E9:29:C1:CF:2E:5B:97:88:6F:1D:7E:A1:7C:5A
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/woh5_sEM6SnBzy5bl4hvHX6hfFo.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91B6EB1/4C5F720831F311EAA0A96876C4F9AE02/9D2775C6AE5D11EC8AB63973C4F9AE02.roa
Signing time:             Mon 28 Mar 2022 20:27:13 +0000
ROA not before:           Mon 28 Mar 2022 20:27:13 +0000
ROA not after:            Sun 28 May 2023 00:00:00 +0000
asID:                     136395
IP address blocks:        103.86.108.0/22 maxlen: 22
                          103.86.108.0/23 maxlen: 23
                          103.86.108.0/24 maxlen: 24
                          103.86.109.0/24 maxlen: 24
                          103.86.110.0/24 maxlen: 24
                          103.86.111.0/24 maxlen: 24
                          202.181.4.0/22 maxlen: 22
                          202.181.4.0/23 maxlen: 23
                          202.181.4.0/24 maxlen: 24
                          202.181.5.0/24 maxlen: 24
                          202.181.6.0/24 maxlen: 24
                          202.181.7.0/24 maxlen: 24
                          2400:bcc0::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2052 (0x804)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91B6EB1/serialNumber=C28879FEC10CE929C1CF2E5B97886F1D7EA17C5A
        Validity
            Not Before: Mar 28 20:27:13 2022 GMT
            Not After : May 28 00:00:00 2023 GMT
        Subject: CN=62421a20-5419
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:08:d6:9b:55:c6:b0:c3:c4:94:a8:f4:32:67:
                    dc:5d:e3:a3:a7:ba:34:39:5c:85:cb:96:5c:d3:17:
                    b0:6b:78:55:00:3e:15:46:5b:46:80:29:cb:7d:65:
                    f5:fb:1c:da:34:a5:07:fd:1e:dc:80:aa:fd:db:8d:
                    72:aa:8d:5f:7f:b7:ce:64:47:fc:bb:ed:a0:bc:01:
                    f9:cd:16:ac:01:87:3c:4e:ab:e7:24:cc:3a:cf:fb:
                    7f:35:8d:18:98:43:f8:9e:d2:bf:4f:a7:2f:cc:d3:
                    75:ac:3f:08:77:82:f9:ff:61:48:ac:5e:a7:c7:5f:
                    b9:de:89:20:ed:9b:b4:97:95:f0:47:08:58:36:6b:
                    85:28:1d:07:0f:00:5a:9f:b0:4f:4f:14:20:fb:28:
                    75:89:e6:2c:0c:f9:63:a3:d0:ec:ab:2c:2b:f2:65:
                    fa:53:a7:ef:ad:79:3b:e6:88:36:79:75:5d:23:43:
                    97:3f:26:93:73:aa:53:9b:bc:08:32:bf:4a:60:66:
                    b6:fe:94:37:2f:91:bc:ab:8d:b1:ce:e0:cc:64:49:
                    5b:61:00:70:11:e2:31:af:db:fd:dc:ec:6d:2d:c3:
                    b8:af:02:7f:b9:19:59:f6:65:5d:89:d2:34:2d:bf:
                    31:b7:86:f0:5b:3f:7d:b2:6b:a5:d4:ae:04:ea:5b:
                    31:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:6A:D1:1A:E0:EB:2D:C1:DA:2D:E5:89:F6:97:17:CB:88:2C:41:C9
            X509v3 Authority Key Identifier:
                keyid:C2:88:79:FE:C1:0C:E9:29:C1:CF:2E:5B:97:88:6F:1D:7E:A1:7C:5A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91B6EB1/4C5F720831F311EAA0A96876C4F9AE02/woh5_sEM6SnBzy5bl4hvHX6hfFo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/woh5_sEM6SnBzy5bl4hvHX6hfFo.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B6EB1/4C5F720831F311EAA0A96876C4F9AE02/9D2775C6AE5D11EC8AB63973C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.86.108.0/22
                  202.181.4.0/22
                IPv6:
                  2400:bcc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         25:64:8d:ed:d5:df:d4:b6:c8:84:2d:f7:b5:d7:4e:78:66:ed:
         7d:5c:1b:76:6e:fe:fc:92:a8:da:41:76:cb:1b:7d:4b:a5:82:
         eb:df:e7:d0:cb:75:35:16:9f:b6:33:b6:98:ee:ce:3f:bc:a6:
         fe:c6:94:9f:d3:67:c8:87:60:0e:ff:7e:d7:dd:be:fc:3a:08:
         28:e6:69:20:e5:49:09:c7:eb:c5:60:fd:73:10:ee:22:56:ef:
         84:b1:0c:2e:7f:1e:20:a5:72:1d:a4:a5:9a:e2:17:eb:56:76:
         27:3d:69:9f:fd:f2:37:33:56:df:cd:ed:57:14:db:de:32:bc:
         e4:33:9a:ad:e6:19:09:53:78:17:f3:3d:b4:7a:4f:aa:4e:53:
         f5:98:39:1f:73:68:28:6f:4a:b4:6f:8f:24:a5:be:3f:c3:35:
         68:44:77:ae:d9:0f:2b:8e:97:f8:a0:7b:df:75:6d:8b:59:a7:
         db:b1:ce:8a:4d:4c:b9:79:b7:e7:eb:01:0d:97:38:84:1c:a9:
         ae:1e:8d:c5:26:40:64:65:7c:17:94:c5:62:ed:66:b0:d3:a3:
         c4:59:66:c8:0d:c4:4f:80:3c:e6:80:ad:9c:38:58:11:37:c6:
         a7:f7:aa:27:82:6c:c3:5a:2b:cb:f3:60:aa:b0:a0:be:de:a5:
         07:ff:f1:f9
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgICCAQwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QjZFQjExMTAvBgNVBAUTKEMyODg3OUZFQzEwQ0U5MjlDMUNGMkU1Qjk3ODg2RjFE
N0VBMTdDNUEwHhcNMjIwMzI4MjAyNzEzWhcNMjMwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02MjQyMWEyMC01NDE5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA7wjWm1XGsMPElKj0MmfcXeOjp7o0OVyFy5Zc0xewa3hVAD4VRltGgCnLfWX1
+xzaNKUH/R7cgKr9241yqo1ff7fOZEf8u+2gvAH5zRasAYc8TqvnJMw6z/t/NY0Y
mEP4ntK/T6cvzNN1rD8Id4L5/2FIrF6nx1+53okg7Zu0l5XwRwhYNmuFKB0HDwBa
n7BPTxQg+yh1ieYsDPljo9Dsqywr8mX6U6fvrXk75og2eXVdI0OXPyaTc6pTm7wI
Mr9KYGa2/pQ3L5G8q42xzuDMZElbYQBwEeIxr9v93OxtLcO4rwJ/uRlZ9mVdidI0
Lb8xt4bwWz99smul1K4E6lsxwwIDAQABo4ICqjCCAqYwHQYDVR0OBBYEFEVq0Rrg
6y3B2i3lifaXF8uILEHJMB8GA1UdIwQYMBaAFMKIef7BDOkpwc8uW5eIbx1+oXxa
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCNkVCMS80QzVGNzIwODMx
RjMxMUVBQTBBOTY4NzZDNEY5QUUwMi93b2g1X3NFTTZTbkJ6eTVibDRodkhYNmhm
Rm8uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3dvaDVfc0VNNlNuQnp5NWJsNGh2SFg2aGZGby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QjZFQjEvNEM1RjcyMDgzMUYzMTFFQUEwQTk2ODc2QzRGOUFFMDIvOUQyNzc1QzZB
RTVEMTFFQzhBQjYzOTczQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNAYIKwYBBQUHAQcBAf8E
JTAjMBIEAgABMAwDBAJnVmwDBALKtQQwDQQCAAIwBwMFACQAvMAwDQYJKoZIhvcN
AQELBQADggEBACVkje3V39S2yIQt97XXTnhm7X1cG3Zu/vySqNpBdssbfUulguvf
59DLdTUWn7Yztpjuzj+8pv7GlJ/TZ8iHYA7/ftfdvvw6CCjmaSDlSQnH68Vg/XMQ
7iJW74SxDC5/HiClch2kpZriF+tWdic9aZ/98jczVt/N7VcU294yvOQzmq3mGQlT
eBfzPbR6T6pOU/WYOR9zaChvSrRvjySlvj/DNWhEd67ZDyuOl/ige991bYtZp9ux
zopNTLl5t+frAQ2XOIQcqa4ejcUmQGRlfBeUxWLtZrDTo8RZZsgNxE+APOaArZw4
WBE3xqf3qieCbMNaK8vzYKqwoL7epQf/8fk=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:57 2024 by rpki-client on console-ams.rpki-client.org