Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91DD125/7A142D00D95E11E787A1A766C4F9AE02/916C0F2E00DF11E8816D6C48C4F9AE02.roa
File:                     916C0F2E00DF11E8816D6C48C4F9AE02.roa (raw, json)
Hash identifier:          EHCJ3EH9xAbUHvGys6LUv65xpXCmgo632FeOoqQFiq0=
Subject key identifier:   B0:20:F5:D5:55:CA:64:5C:79:66:06:17:BD:6D:02:C5:30:1E:79:24
Certificate issuer:       /CN=A91DD125/serialNumber=CE9056B4C65DE3857D4D0E1DB0023D60B6F7D30C
Certificate serial:       160A
Authority key identifier: CE:90:56:B4:C6:5D:E3:85:7D:4D:0E:1D:B0:02:3D:60:B6:F7:D3:0C
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/zpBWtMZd44V9TQ4dsAI9YLb30ww.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91DD125/7A142D00D95E11E787A1A766C4F9AE02/916C0F2E00DF11E8816D6C48C4F9AE02.roa
Signing time:             Tue 14 Feb 2023 17:44:30 +0000
ROA not before:           Tue 14 Feb 2023 17:44:30 +0000
ROA not after:            Sun 31 Mar 2024 00:00:00 +0000
asID:                     137430
IP address blocks:        2402:28c0:fff8::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 5642 (0x160a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91DD125/serialNumber=CE9056B4C65DE3857D4D0E1DB0023D60B6F7D30C
        Validity
            Not Before: Feb 14 17:44:30 2023 GMT
            Not After : Mar 31 00:00:00 2024 GMT
        Subject: CN=63ebc87e-21f1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:bc:5f:5d:70:69:56:34:72:50:dc:42:d9:a2:
                    3b:2f:67:b6:27:5e:92:bb:4d:eb:f8:13:e7:0f:9d:
                    98:7f:ef:52:72:90:f3:10:0e:9b:8b:16:c7:46:36:
                    ee:a6:de:5d:df:36:c9:0c:77:12:ff:19:7b:ef:18:
                    3b:38:96:22:2e:0a:4d:1c:63:e3:b7:f3:f7:1d:48:
                    df:8a:c5:62:12:99:49:7d:06:b0:fb:a6:09:55:70:
                    19:e9:0e:66:ca:48:19:a8:84:40:82:55:b6:20:71:
                    16:a7:7e:4c:4c:81:a5:94:e0:e2:25:ef:99:40:5d:
                    5d:a6:d1:a6:ff:03:fe:d4:7d:15:c4:c4:d5:34:80:
                    57:05:6d:8c:4f:95:db:e0:e2:98:bb:82:7a:7a:b6:
                    6d:36:51:d3:76:7f:bc:79:19:72:3e:b3:3c:cb:8b:
                    56:7c:7a:99:2d:1f:86:ab:ad:93:1f:85:db:e5:e5:
                    95:00:f2:06:2b:4f:e2:79:25:60:8f:ef:ed:de:7b:
                    92:d1:47:fd:65:35:3f:0d:2b:3d:21:86:00:87:90:
                    9f:79:15:d8:24:94:6b:2b:59:55:4a:ba:2b:6e:61:
                    e7:f3:35:f2:1a:6d:f2:f7:5c:95:e5:9a:76:63:24:
                    ec:db:44:15:d3:ba:ca:a7:f4:6d:b7:af:45:7d:ac:
                    f3:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B0:20:F5:D5:55:CA:64:5C:79:66:06:17:BD:6D:02:C5:30:1E:79:24
            X509v3 Authority Key Identifier:
                keyid:CE:90:56:B4:C6:5D:E3:85:7D:4D:0E:1D:B0:02:3D:60:B6:F7:D3:0C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91DD125/7A142D00D95E11E787A1A766C4F9AE02/zpBWtMZd44V9TQ4dsAI9YLb30ww.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/zpBWtMZd44V9TQ4dsAI9YLb30ww.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91DD125/7A142D00D95E11E787A1A766C4F9AE02/916C0F2E00DF11E8816D6C48C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2402:28c0:fff8::/48

    Signature Algorithm: sha256WithRSAEncryption
         93:ec:af:a1:3d:7c:35:7a:20:58:fc:6b:ac:bd:c7:b0:d9:4a:
         e3:a2:f6:87:03:e5:fe:3a:94:4c:4d:d2:a4:0e:f7:9f:5e:84:
         e8:26:9e:53:fc:e3:0b:e2:ec:1c:52:17:dd:71:70:d4:2d:e2:
         6f:2c:81:7d:5a:a8:82:94:8a:8f:ff:8b:ad:81:47:69:6d:f6:
         32:6d:85:39:5f:fb:ae:f8:6d:c4:35:9b:92:aa:9f:8f:fb:1b:
         4c:94:ff:a4:bc:7e:54:b1:c8:3b:37:49:59:4e:3c:f8:81:03:
         ac:62:23:93:56:de:a5:b2:4a:ce:49:61:a3:64:2c:78:0c:8c:
         a7:37:65:b6:a3:63:1e:a2:70:c3:1f:e4:f5:0e:f9:bd:a5:b7:
         a3:8e:b7:0c:f8:a9:de:85:0b:08:ab:a6:8c:b7:96:4b:2e:4b:
         7f:96:c7:fd:ee:c1:d9:b9:af:d7:2a:42:1b:5f:f2:9b:af:ad:
         99:4c:64:29:fd:3f:4e:57:b6:47:b1:7a:e0:12:8b:72:5a:ed:
         b4:23:5f:7b:f3:38:3c:56:94:9a:99:89:8b:85:70:8b:4c:3d:
         b5:5b:71:29:f4:eb:aa:29:4e:99:73:60:5b:77:af:b5:e5:2f:
         5a:e6:71:fd:fd:1b:d1:ee:71:a3:43:09:e1:19:d5:0f:f2:ca:
         c8:09:ea:86
-----BEGIN CERTIFICATE-----
MIIFdDCCBFygAwIBAgICFgowDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
REQxMjUxMTAvBgNVBAUTKENFOTA1NkI0QzY1REUzODU3RDREMEUxREIwMDIzRDYw
QjZGN0QzMEMwHhcNMjMwMjE0MTc0NDMwWhcNMjQwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02M2ViYzg3ZS0yMWYxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA2bxfXXBpVjRyUNxC2aI7L2e2J16Su03r+BPnD52Yf+9ScpDzEA6bixbHRjbu
pt5d3zbJDHcS/xl77xg7OJYiLgpNHGPjt/P3HUjfisViEplJfQaw+6YJVXAZ6Q5m
ykgZqIRAglW2IHEWp35MTIGllODiJe+ZQF1dptGm/wP+1H0VxMTVNIBXBW2MT5Xb
4OKYu4J6erZtNlHTdn+8eRlyPrM8y4tWfHqZLR+Gq62TH4Xb5eWVAPIGK0/ieSVg
j+/t3nuS0Uf9ZTU/DSs9IYYAh5CfeRXYJJRrK1lVSrorbmHn8zXyGm3y91yV5Zp2
YyTs20QV07rKp/Rtt69Ffazz/QIDAQABo4ICmDCCApQwHQYDVR0OBBYEFLAg9dVV
ymRceWYGF71tAsUwHnkkMB8GA1UdIwQYMBaAFM6QVrTGXeOFfU0OHbACPWC299MM
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFERDEyNS83QTE0MkQwMEQ5
NUUxMUU3ODdBMUE3NjZDNEY5QUUwMi96cEJXdE1aZDQ0VjlUUTRkc0FJOVlMYjMw
d3cuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3pwQld0TVpkNDRWOVRRNGRzQUk5WUxiMzB3dy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
REQxMjUvN0ExNDJEMDBEOTVFMTFFNzg3QTFBNzY2QzRGOUFFMDIvOTE2QzBGMkUw
MERGMTFFODgxNkQ2QzQ4QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwIgYIKwYBBQUHAQcBAf8E
EzARMA8EAgACMAkDBwAkAijA//gwDQYJKoZIhvcNAQELBQADggEBAJPsr6E9fDV6
IFj8a6y9x7DZSuOi9ocD5f46lExN0qQO959ehOgmnlP84wvi7BxSF91xcNQt4m8s
gX1aqIKUio//i62BR2lt9jJthTlf+674bcQ1m5Kqn4/7G0yU/6S8flSxyDs3SVlO
PPiBA6xiI5NW3qWySs5JYaNkLHgMjKc3ZbajYx6icMMf5PUO+b2lt6OOtwz4qd6F
Cwirpoy3lksuS3+Wx/3uwdm5r9cqQhtf8puvrZlMZCn9P05XtkexeuASi3Ja7bQj
X3vzODxWlJqZiYuFcItMPbVbcSn066opTplzYFt3r7XlL1rmcf39G9HucaNDCeEZ
1Q/yysgJ6oY=
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:43 2024 by rpki-client on console-fra.rpki-client.org