Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91D4345/EC78CDDA053811EAB5897668C4F9AE02/E093848C7EA311EDA4BB4981C4F9AE02.roa
File:                     E093848C7EA311EDA4BB4981C4F9AE02.roa (raw, json)
Hash identifier:          ymrIhqNq9bNYlLWxrlHCBDqZQwH02tFpjIPbaJ1BZrc=
Subject key identifier:   6F:22:E3:1A:DF:D8:07:44:45:D8:6F:54:3E:FD:E0:8A:8E:B5:5A:34
Certificate issuer:       /CN=A91D4345/serialNumber=E537D0C348FD7DC49F5FC3B0066A31C584FAE1AB
Certificate serial:       0A81
Authority key identifier: E5:37:D0:C3:48:FD:7D:C4:9F:5F:C3:B0:06:6A:31:C5:84:FA:E1:AB
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/5TfQw0j9fcSfX8OwBmoxxYT64as.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91D4345/EC78CDDA053811EAB5897668C4F9AE02/E093848C7EA311EDA4BB4981C4F9AE02.roa
Signing time:             Sun 18 Dec 2022 07:16:23 +0000
ROA not before:           Sun 18 Dec 2022 07:16:23 +0000
ROA not after:            Fri 01 Mar 2024 00:00:00 +0000
asID:                     17471
IP address blocks:        103.7.112.0/22 maxlen: 24
                          122.99.96.0/21 maxlen: 24
                          202.125.64.0/20 maxlen: 24
                          203.83.160.0/19 maxlen: 24
                          203.191.32.0/23 maxlen: 24
                          2407:f040::/32 maxlen: 33

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2689 (0xa81)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91D4345/serialNumber=E537D0C348FD7DC49F5FC3B0066A31C584FAE1AB
        Validity
            Not Before: Dec 18 07:16:23 2022 GMT
            Not After : Mar  1 00:00:00 2024 GMT
        Subject: CN=639ebe47-5139
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:25:73:6d:36:22:d8:bf:f2:d6:6e:55:4b:18:
                    a9:ae:93:9e:55:7e:21:ce:2e:50:70:18:31:1d:1f:
                    db:b4:aa:fc:16:e0:9e:83:60:9f:50:9a:bf:84:fc:
                    2e:2e:13:8b:46:02:57:a4:68:8d:9d:89:df:81:64:
                    02:79:05:21:33:75:88:fa:17:91:63:19:22:ad:8b:
                    61:04:a6:91:82:4a:cf:00:ea:29:0d:6e:b4:7e:9f:
                    39:b5:4f:78:3a:35:12:c0:49:6c:21:af:ad:8a:43:
                    fe:15:38:b2:a0:db:ea:f6:cd:dd:35:d0:ca:98:e1:
                    ea:03:0d:e3:6d:6b:ae:1e:14:9e:85:23:65:42:a7:
                    e8:90:f8:60:9e:cd:76:a1:c7:41:a6:6f:30:ea:d1:
                    7b:21:84:e7:b3:b3:e6:0f:33:11:d1:d3:9a:17:a5:
                    92:25:ec:ee:e4:e3:e4:36:55:2a:63:d1:d3:79:b6:
                    66:4c:1c:8f:de:1a:fe:2f:41:3e:6a:2b:86:5b:b8:
                    d1:00:b4:b9:54:98:c3:b6:f0:2f:65:c9:d5:4f:81:
                    7b:73:7b:de:b9:64:14:c7:12:6a:3f:e5:39:f9:ae:
                    0f:fb:3b:a5:1e:b9:be:0c:20:f8:8e:97:71:82:89:
                    59:b7:4c:5e:4a:10:5c:93:28:79:d4:fb:52:b2:51:
                    14:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:22:E3:1A:DF:D8:07:44:45:D8:6F:54:3E:FD:E0:8A:8E:B5:5A:34
            X509v3 Authority Key Identifier:
                keyid:E5:37:D0:C3:48:FD:7D:C4:9F:5F:C3:B0:06:6A:31:C5:84:FA:E1:AB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91D4345/EC78CDDA053811EAB5897668C4F9AE02/5TfQw0j9fcSfX8OwBmoxxYT64as.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/5TfQw0j9fcSfX8OwBmoxxYT64as.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91D4345/EC78CDDA053811EAB5897668C4F9AE02/E093848C7EA311EDA4BB4981C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.7.112.0/22
                  122.99.96.0/21
                  202.125.64.0/20
                  203.83.160.0/19
                  203.191.32.0/23
                IPv6:
                  2407:f040::/32

    Signature Algorithm: sha256WithRSAEncryption
         d7:08:16:a9:2e:b6:61:e4:d4:4d:73:60:51:83:ef:c5:e8:52:
         8e:d3:72:f9:29:be:a4:5e:98:b7:51:4d:bc:38:71:f8:dc:e9:
         3a:21:2b:5a:4b:87:40:e6:3e:23:92:4e:b4:07:14:9a:b5:28:
         74:44:10:ae:0d:ab:c2:bb:55:94:98:ef:cb:b8:fe:63:68:70:
         f6:b9:53:da:89:02:4f:02:cb:f6:1a:d6:de:de:cf:0d:dc:78:
         15:bb:00:66:fc:ae:27:1f:08:2f:7a:90:db:a0:ce:d4:69:4d:
         19:a5:ec:cf:f8:86:97:7b:ae:dd:c6:29:61:86:b9:5c:d3:26:
         f6:36:69:48:5b:9f:a7:2f:23:84:d7:5c:cc:5b:34:cd:49:5e:
         bc:fe:2f:58:28:c4:ec:25:9f:1d:d3:8d:0a:30:c1:cd:3c:ef:
         5d:13:5c:8e:4c:40:60:d9:5e:5e:2b:54:26:0a:0a:c9:42:db:
         c0:86:49:71:d0:45:32:70:60:a1:dd:d6:ed:58:1d:a0:27:9a:
         e1:b2:6d:3a:6b:02:cf:c8:0e:a8:1a:8a:ee:3b:7c:58:0f:37:
         cf:c2:8c:2f:a3:cb:d4:23:a2:94:4f:09:94:6c:56:f6:41:66:
         b6:8f:1a:31:fe:8e:82:7c:a2:83:1e:83:26:d2:20:8c:1d:cf:
         40:77:51:4d
-----BEGIN CERTIFICATE-----
MIIFmDCCBICgAwIBAgICCoEwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RDQzNDUxMTAvBgNVBAUTKEU1MzdEMEMzNDhGRDdEQzQ5RjVGQzNCMDA2NkEzMUM1
ODRGQUUxQUIwHhcNMjIxMjE4MDcxNjIzWhcNMjQwMzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MzllYmU0Ny01MTM5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAzCVzbTYi2L/y1m5VSxiprpOeVX4hzi5QcBgxHR/btKr8FuCeg2CfUJq/hPwu
LhOLRgJXpGiNnYnfgWQCeQUhM3WI+heRYxkirYthBKaRgkrPAOopDW60fp85tU94
OjUSwElsIa+tikP+FTiyoNvq9s3dNdDKmOHqAw3jbWuuHhSehSNlQqfokPhgns12
ocdBpm8w6tF7IYTns7PmDzMR0dOaF6WSJezu5OPkNlUqY9HTebZmTByP3hr+L0E+
aiuGW7jRALS5VJjDtvAvZcnVT4F7c3veuWQUxxJqP+U5+a4P+zulHrm+DCD4jpdx
golZt0xeShBckyh51PtSslEU6QIDAQABo4ICvDCCArgwHQYDVR0OBBYEFG8i4xrf
2AdERdhvVD794IqOtVo0MB8GA1UdIwQYMBaAFOU30MNI/X3En1/DsAZqMcWE+uGr
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFENDM0NS9FQzc4Q0REQTA1
MzgxMUVBQjU4OTc2NjhDNEY5QUUwMi81VGZRdzBqOWZjU2ZYOE93Qm1veHhZVDY0
YXMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzVUZlF3MGo5ZmNTZlg4T3dCbW94eFlUNjRhcy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RDQzNDUvRUM3OENEREEwNTM4MTFFQUI1ODk3NjY4QzRGOUFFMDIvRTA5Mzg0OEM3
RUEzMTFFREE0QkI0OTgxQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwRgYIKwYBBQUHAQcBAf8E
NzA1MCQEAgABMB4DBAJnB3ADBAN6Y2ADBATKfUADBAXLU6ADBAHLvyAwDQQCAAIw
BwMFACQH8EAwDQYJKoZIhvcNAQELBQADggEBANcIFqkutmHk1E1zYFGD78XoUo7T
cvkpvqRemLdRTbw4cfjc6TohK1pLh0DmPiOSTrQHFJq1KHREEK4Nq8K7VZSY78u4
/mNocPa5U9qJAk8Cy/Ya1t7ezw3ceBW7AGb8ricfCC96kNugztRpTRml7M/4hpd7
rt3GKWGGuVzTJvY2aUhbn6cvI4TXXMxbNM1JXrz+L1goxOwlnx3TjQowwc08710T
XI5MQGDZXl4rVCYKCslC28CGSXHQRTJwYKHd1u1YHaAnmuGybTprAs/IDqgaiu47
fFgPN8/CjC+jy9QjopRPCZRsVvZBZraPGjH+joJ8ooMegybSIIwdz0B3UU0=
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:42 2024 by rpki-client on console-fra.rpki-client.org