Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91D366A/EC09AA4A307D11EDA6C3A212C4F9AE02/B12AD8703D3111EDB2A35049C4F9AE02.roa
File:                     B12AD8703D3111EDB2A35049C4F9AE02.roa (raw, json)
Hash identifier:          BM/T4r5fXwYZc7zfpSREsFdLLgbOOUPe6vaddy3bzqI=
Subject key identifier:   2A:E8:36:17:23:F9:14:60:F1:EC:4A:0A:93:0C:72:52:C0:DD:36:C6
Certificate issuer:       /CN=A91D366A/serialNumber=B067C6BB70DF0DC04CE77F7C8D76706A49F6CB85
Certificate serial:       36
Authority key identifier: B0:67:C6:BB:70:DF:0D:C0:4C:E7:7F:7C:8D:76:70:6A:49:F6:CB:85
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/sGfGu3DfDcBM5398jXZwakn2y4U.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91D366A/EC09AA4A307D11EDA6C3A212C4F9AE02/B12AD8703D3111EDB2A35049C4F9AE02.roa
Signing time:             Mon 03 Oct 2022 20:05:04 +0000
ROA not before:           Mon 03 Oct 2022 20:05:04 +0000
ROA not after:            Tue 31 Oct 2023 00:00:00 +0000
asID:                     398343
IP address blocks:        203.18.98.0/24 maxlen: 24
                          203.21.72.0/24 maxlen: 24
                          203.33.239.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 54 (0x36)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91D366A/serialNumber=B067C6BB70DF0DC04CE77F7C8D76706A49F6CB85
        Validity
            Not Before: Oct  3 20:05:04 2022 GMT
            Not After : Oct 31 00:00:00 2023 GMT
        Subject: CN=633b4070-5337
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:40:18:87:c2:5c:ed:d0:7f:d2:61:f0:0e:b5:
                    6b:a6:9c:fb:43:a3:1f:47:1e:d3:dc:0d:d6:7e:18:
                    a7:64:ae:1d:92:44:d9:0a:7f:80:ea:62:aa:22:f4:
                    6d:3d:dd:50:b4:7a:36:3f:67:8e:27:c6:cc:52:26:
                    7d:fd:d2:fe:81:26:26:74:65:4e:2d:44:fc:2d:06:
                    31:ac:6c:58:2e:1a:d6:94:97:b1:20:a8:1a:e7:c9:
                    f6:35:46:bf:31:09:b2:23:3a:d6:6b:7e:91:52:8f:
                    56:7e:53:11:a4:5b:0d:f4:60:f9:49:fa:04:13:35:
                    a1:b8:95:0b:54:59:7c:dc:28:47:a3:d5:4a:c1:54:
                    ab:88:b3:66:31:d6:07:16:50:bb:f8:68:c3:8f:30:
                    ee:b0:20:f3:83:f5:1f:b7:4a:56:e2:f7:c1:cb:fa:
                    b4:25:43:6c:5b:3c:ed:b1:e1:e0:21:90:33:aa:1b:
                    ea:a6:58:40:20:47:cc:39:bb:ea:0c:ce:95:4a:74:
                    e3:d2:c1:cf:ce:b5:e1:6b:a7:e9:1a:8c:66:11:fc:
                    c2:c6:bc:f3:c2:71:b5:0a:88:26:97:4d:75:80:d1:
                    95:f5:a5:82:2c:b1:91:e3:03:68:8c:19:fb:80:45:
                    09:f5:05:2b:f2:c5:a7:82:4d:8c:f5:2e:17:4b:d6:
                    12:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:E8:36:17:23:F9:14:60:F1:EC:4A:0A:93:0C:72:52:C0:DD:36:C6
            X509v3 Authority Key Identifier:
                keyid:B0:67:C6:BB:70:DF:0D:C0:4C:E7:7F:7C:8D:76:70:6A:49:F6:CB:85

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91D366A/EC09AA4A307D11EDA6C3A212C4F9AE02/sGfGu3DfDcBM5398jXZwakn2y4U.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/sGfGu3DfDcBM5398jXZwakn2y4U.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91D366A/EC09AA4A307D11EDA6C3A212C4F9AE02/B12AD8703D3111EDB2A35049C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.18.98.0/24
                  203.21.72.0/24
                  203.33.239.0/24

    Signature Algorithm: sha256WithRSAEncryption
         45:eb:c3:9d:a9:e8:24:07:85:82:9f:ef:7d:40:ea:07:44:52:
         9d:4f:7b:b2:ec:8d:f6:75:3a:71:9f:55:16:26:cd:06:51:33:
         74:25:dc:d3:eb:14:ea:05:ec:80:13:c9:e9:fb:9b:dd:b7:dc:
         e4:6d:5e:ea:7c:d6:b1:44:23:43:b0:47:71:7e:45:c8:58:0c:
         cc:d5:2b:8e:ce:2e:2c:33:e7:78:12:15:8e:35:61:81:6b:12:
         6f:16:40:90:46:5c:47:4d:9d:eb:2f:82:fb:3e:fb:53:2a:f9:
         e9:d7:6f:4e:f7:44:2a:be:9d:22:70:93:e7:88:5c:55:00:6a:
         e4:ad:26:a7:3e:ea:8f:c2:db:cd:9c:56:dd:9f:75:40:70:0f:
         cc:ce:77:43:9f:de:44:18:f5:18:60:10:3f:d9:30:1b:c1:83:
         79:b0:bf:40:e1:db:6d:06:08:0b:09:57:b5:0a:fd:55:92:bb:
         6b:c0:c5:fe:24:24:28:29:ec:0b:cd:e9:03:21:4f:54:b6:09:
         b6:c3:e8:8a:90:87:4d:08:6c:bf:5c:eb:2f:d7:dd:7e:ca:34:
         f4:9b:95:cc:96:6f:f9:2b:7a:f6:95:28:5a:a0:52:cb:8b:0f:
         bf:77:c9:e1:21:7b:31:80:fb:fa:5f:18:d8:56:9a:1b:1e:69:
         7b:d2:4e:8e
-----BEGIN CERTIFICATE-----
MIIFfDCCBGSgAwIBAgIBNjANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFE
MzY2QTExMC8GA1UEBRMoQjA2N0M2QkI3MERGMERDMDRDRTc3RjdDOEQ3NjcwNkE0
OUY2Q0I4NTAeFw0yMjEwMDMyMDA1MDRaFw0yMzEwMzEwMDAwMDBaMBgxFjAUBgNV
BAMTDTYzM2I0MDcwLTUzMzcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQC8QBiHwlzt0H/SYfAOtWumnPtDox9HHtPcDdZ+GKdkrh2SRNkKf4DqYqoi9G09
3VC0ejY/Z44nxsxSJn390v6BJiZ0ZU4tRPwtBjGsbFguGtaUl7EgqBrnyfY1Rr8x
CbIjOtZrfpFSj1Z+UxGkWw30YPlJ+gQTNaG4lQtUWXzcKEej1UrBVKuIs2Yx1gcW
ULv4aMOPMO6wIPOD9R+3Slbi98HL+rQlQ2xbPO2x4eAhkDOqG+qmWEAgR8w5u+oM
zpVKdOPSwc/OteFrp+kajGYR/MLGvPPCcbUKiCaXTXWA0ZX1pYIssZHjA2iMGfuA
RQn1BSvyxaeCTYz1LhdL1hLRAgMBAAGjggKhMIICnTAdBgNVHQ4EFgQUKug2FyP5
FGDx7EoKkwxyUsDdNsYwHwYDVR0jBBgwFoAUsGfGu3DfDcBM5398jXZwakn2y4Uw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUQzNjZBL0VDMDlBQTRBMzA3
RDExRURBNkMzQTIxMkM0RjlBRTAyL3NHZkd1M0RmRGNCTTUzOThqWFp3YWtuMnk0
VS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvc0dmR3UzRGZEY0JNNTM5OGpYWndha24yeTRVLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFE
MzY2QS9FQzA5QUE0QTMwN0QxMUVEQTZDM0EyMTJDNEY5QUUwMi9CMTJBRDg3MDNE
MzExMUVEQjJBMzUwNDlDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDArBggrBgEFBQcBBwEB/wQc
MBowGAQCAAEwEgMEAMsSYgMEAMsVSAMEAMsh7zANBgkqhkiG9w0BAQsFAAOCAQEA
RevDnanoJAeFgp/vfUDqB0RSnU97suyN9nU6cZ9VFibNBlEzdCXc0+sU6gXsgBPJ
6fub3bfc5G1e6nzWsUQjQ7BHcX5FyFgMzNUrjs4uLDPneBIVjjVhgWsSbxZAkEZc
R02d6y+C+z77Uyr56ddvTvdEKr6dInCT54hcVQBq5K0mpz7qj8LbzZxW3Z91QHAP
zM53Q5/eRBj1GGAQP9kwG8GDebC/QOHbbQYICwlXtQr9VZK7a8DF/iQkKCnsC83p
AyFPVLYJtsPoipCHTQhsv1zrL9fdfso09JuVzJZv+St69pUoWqBSy4sPv3fJ4SF7
MYD7+l8Y2FaaGx5pe9JOjg==
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:42 2024 by rpki-client on console-fra.rpki-client.org