Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91CFFA0/1D66D486D8CB11E9BAE24D21C4F9AE02/1C7EBE76823D11EC8E3CB427C4F9AE02.roa
File:                     1C7EBE76823D11EC8E3CB427C4F9AE02.roa (raw, json)
Hash identifier:          qHXzyIpFXjHurqHcN06H5gMjQZ5axXhJY1XQX4NPs50=
Subject key identifier:   E8:DA:ED:2D:B0:50:23:19:97:9D:6F:78:7D:5F:D1:5F:6A:29:8A:F0
Certificate issuer:       /CN=A91CFFA0/serialNumber=ADD9418F0F9B55F3B7376A093DB11DBAD3AEFEC8
Certificate serial:       0CFC
Authority key identifier: AD:D9:41:8F:0F:9B:55:F3:B7:37:6A:09:3D:B1:1D:BA:D3:AE:FE:C8
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/rdlBjw-bVfO3N2oJPbEdutOu_sg.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91CFFA0/1D66D486D8CB11E9BAE24D21C4F9AE02/1C7EBE76823D11EC8E3CB427C4F9AE02.roa
Signing time:             Wed 08 Feb 2023 19:26:46 +0000
ROA not before:           Wed 08 Feb 2023 19:26:46 +0000
ROA not after:            Sun 31 Mar 2024 00:00:00 +0000
asID:                     7468
IP address blocks:        202.64.110.0/24 maxlen: 24
                          220.232.132.0/24 maxlen: 24
                          220.232.133.0/24 maxlen: 24
                          220.232.134.0/24 maxlen: 24
                          220.232.135.0/24 maxlen: 24
                          220.232.156.0/24 maxlen: 24
                          220.232.157.0/24 maxlen: 24
                          220.232.158.0/24 maxlen: 24
                          220.232.159.0/24 maxlen: 24
                          220.232.211.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3324 (0xcfc)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91CFFA0/serialNumber=ADD9418F0F9B55F3B7376A093DB11DBAD3AEFEC8
        Validity
            Not Before: Feb  8 19:26:46 2023 GMT
            Not After : Mar 31 00:00:00 2024 GMT
        Subject: CN=63e3f776-dec8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:64:88:1c:96:10:c8:e5:e8:45:29:60:f5:74:
                    b7:53:05:75:73:b8:7d:78:e6:cc:2a:2c:d7:4e:7c:
                    58:39:87:2f:c0:1a:eb:b8:0a:f6:54:fe:fa:6a:d1:
                    2d:b9:e9:8a:5a:14:b0:b5:62:03:24:89:c5:30:a0:
                    23:53:f6:b1:ff:57:7b:f0:4e:b6:d7:4b:63:e7:72:
                    6a:10:97:48:c5:b9:72:59:a1:89:fc:43:c9:e7:dc:
                    0b:b0:61:89:1b:40:40:97:c9:ae:a4:8c:f5:e2:98:
                    ea:ed:0a:3c:03:b1:34:d2:68:df:64:5b:65:2c:e6:
                    c1:75:a1:12:dd:0e:4d:2c:c0:f3:75:43:d6:e2:c0:
                    ed:20:1b:f5:6a:22:60:a5:39:b0:cc:e4:9c:50:8d:
                    95:50:34:48:c3:96:fc:5f:af:ae:8b:d6:81:ea:d6:
                    c0:0f:d0:8b:6d:d5:4d:62:08:ce:bc:02:b7:38:1d:
                    2d:1d:b7:d8:15:0c:b4:a5:4e:b3:6c:3e:84:1f:2d:
                    af:1c:d1:c2:87:4a:bb:95:65:f9:d6:3e:f0:c7:5d:
                    eb:42:b5:3f:e9:b2:5f:5d:c3:77:2c:56:c4:de:85:
                    ea:dc:5e:c2:01:95:7c:f9:f4:de:ef:e1:5e:1d:3e:
                    85:4f:78:ce:c3:3a:e0:a2:73:a8:c3:c2:33:84:cb:
                    37:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:DA:ED:2D:B0:50:23:19:97:9D:6F:78:7D:5F:D1:5F:6A:29:8A:F0
            X509v3 Authority Key Identifier:
                keyid:AD:D9:41:8F:0F:9B:55:F3:B7:37:6A:09:3D:B1:1D:BA:D3:AE:FE:C8

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91CFFA0/1D66D486D8CB11E9BAE24D21C4F9AE02/rdlBjw-bVfO3N2oJPbEdutOu_sg.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/rdlBjw-bVfO3N2oJPbEdutOu_sg.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91CFFA0/1D66D486D8CB11E9BAE24D21C4F9AE02/1C7EBE76823D11EC8E3CB427C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.64.110.0/24
                  220.232.132.0/22
                  220.232.156.0/22
                  220.232.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:26:14:09:75:b0:d5:fe:f4:be:32:fc:92:9c:33:56:97:3d:
         f3:20:28:dc:17:42:ce:af:ce:d5:08:e4:05:71:13:33:ea:45:
         2b:33:89:58:8f:ce:cb:1b:55:15:54:ef:02:3c:24:93:81:36:
         be:1c:dd:16:7d:25:65:74:12:11:c0:bb:3b:d2:cb:44:1d:16:
         93:71:b1:6b:c2:08:49:24:02:54:a4:64:c8:94:d8:c8:b7:48:
         d7:24:a6:12:c0:29:15:6c:1a:10:6d:c5:38:e3:5a:4c:ec:c5:
         92:c7:51:76:b8:a4:9c:25:fe:a9:b7:30:04:09:d9:22:7a:0d:
         70:0d:d8:fb:e9:0f:ba:6a:e3:6c:1c:41:24:e0:6d:44:5d:83:
         f8:c7:65:c1:0b:ee:87:b2:79:30:5a:58:8c:cd:0a:7d:07:71:
         6b:ff:b1:e0:3d:21:a7:ae:16:d0:99:48:51:bb:51:9b:48:95:
         d9:fa:0a:7e:92:f3:b8:d8:f8:93:2d:f0:95:12:e6:06:39:b1:
         31:e1:da:e2:d6:35:ef:8b:25:80:38:63:5e:2c:cd:9c:f7:09:
         5c:58:e1:d1:6a:f4:54:54:f7:ee:5a:bb:e4:f8:8a:0e:e8:cb:
         c4:ad:c7:b1:b2:5f:2d:e9:dc:d8:28:51:ab:30:55:f3:26:bb:
         d5:b7:3b:f1
-----BEGIN CERTIFICATE-----
MIIFgzCCBGugAwIBAgICDPwwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Q0ZGQTAxMTAvBgNVBAUTKEFERDk0MThGMEY5QjU1RjNCNzM3NkEwOTNEQjExREJB
RDNBRUZFQzgwHhcNMjMwMjA4MTkyNjQ2WhcNMjQwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02M2UzZjc3Ni1kZWM4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAzmSIHJYQyOXoRSlg9XS3UwV1c7h9eObMKizXTnxYOYcvwBrruAr2VP76atEt
uemKWhSwtWIDJInFMKAjU/ax/1d78E6210tj53JqEJdIxblyWaGJ/EPJ59wLsGGJ
G0BAl8mupIz14pjq7Qo8A7E00mjfZFtlLObBdaES3Q5NLMDzdUPW4sDtIBv1aiJg
pTmwzOScUI2VUDRIw5b8X6+ui9aB6tbAD9CLbdVNYgjOvAK3OB0tHbfYFQy0pU6z
bD6EHy2vHNHCh0q7lWX51j7wx13rQrU/6bJfXcN3LFbE3oXq3F7CAZV8+fTe7+Fe
HT6FT3jOwzrgonOow8IzhMs3AwIDAQABo4ICpzCCAqMwHQYDVR0OBBYEFOja7S2w
UCMZl51veH1f0V9qKYrwMB8GA1UdIwQYMBaAFK3ZQY8Pm1XztzdqCT2xHbrTrv7I
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDRkZBMC8xRDY2RDQ4NkQ4
Q0IxMUU5QkFFMjREMjFDNEY5QUUwMi9yZGxCanctYlZmTzNOMm9KUGJFZHV0T3Vf
c2cuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3JkbEJqdy1iVmZPM04yb0pQYkVkdXRPdV9zZy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Q0ZGQTAvMUQ2NkQ0ODZEOENCMTFFOUJBRTI0RDIxQzRGOUFFMDIvMUM3RUJFNzY4
MjNEMTFFQzhFM0NCNDI3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMQYIKwYBBQUHAQcBAf8E
IjAgMB4EAgABMBgDBADKQG4DBALc6IQDBALc6JwDBADc6NMwDQYJKoZIhvcNAQEL
BQADggEBADMmFAl1sNX+9L4y/JKcM1aXPfMgKNwXQs6vztUI5AVxEzPqRSsziViP
zssbVRVU7wI8JJOBNr4c3RZ9JWV0EhHAuzvSy0QdFpNxsWvCCEkkAlSkZMiU2Mi3
SNckphLAKRVsGhBtxTjjWkzsxZLHUXa4pJwl/qm3MAQJ2SJ6DXAN2PvpD7pq42wc
QSTgbURdg/jHZcEL7oeyeTBaWIzNCn0HcWv/seA9IaeuFtCZSFG7UZtIldn6Cn6S
87jY+JMt8JUS5gY5sTHh2uLWNe+LJYA4Y14szZz3CVxY4dFq9FRU9+5au+T4ig7o
y8Stx7GyXy3p3NgoUaswVfMmu9W3O/E=
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:41 2024 by rpki-client on console-fra.rpki-client.org