Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91DF93A/F7DFA72EE5F311EAB3A91561C4F9AE02/5D2944FCF79811EC8A78DD1EC4F9AE02.roa
File:                     5D2944FCF79811EC8A78DD1EC4F9AE02.roa (raw, json)
Hash identifier:          leFBA1Y8MXYg7lDfk3QWoYsnNkKOG9UjK/97EsNanKo=
Subject key identifier:   2C:38:D7:8B:08:C5:8C:5F:DF:E0:D6:32:3D:B6:A4:B0:7F:8B:A7:7C
Certificate issuer:       /CN=A91DF93A/serialNumber=7E244310D7A456EB127B926C42F26D79E9ACDB88
Certificate serial:       059F
Authority key identifier: 7E:24:43:10:D7:A4:56:EB:12:7B:92:6C:42:F2:6D:79:E9:AC:DB:88
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/fiRDENekVusSe5JsQvJteems24g.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91DF93A/F7DFA72EE5F311EAB3A91561C4F9AE02/5D2944FCF79811EC8A78DD1EC4F9AE02.roa
Signing time:             Wed 29 Jun 2022 10:43:51 +0000
ROA not before:           Wed 29 Jun 2022 10:43:51 +0000
ROA not after:            Thu 31 Aug 2023 00:00:00 +0000
asID:                     212879
IP address blocks:        169.136.64.0/24 maxlen: 24
                          169.136.65.0/24 maxlen: 24
                          169.136.66.0/24 maxlen: 24
                          169.136.67.0/24 maxlen: 24
                          169.136.72.0/24 maxlen: 24
                          169.136.133.0/24 maxlen: 24
                          169.136.137.0/24 maxlen: 24
                          169.136.138.0/24 maxlen: 24
                          169.136.139.0/24 maxlen: 24
                          169.136.145.0/24 maxlen: 24
                          169.136.147.0/24 maxlen: 24
                          169.136.148.0/24 maxlen: 24
                          169.136.149.0/24 maxlen: 24
                          169.136.150.0/24 maxlen: 24
                          169.136.151.0/24 maxlen: 24
                          169.136.152.0/24 maxlen: 24
                          169.136.153.0/24 maxlen: 24
                          169.136.154.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1439 (0x59f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91DF93A/serialNumber=7E244310D7A456EB127B926C42F26D79E9ACDB88
        Validity
            Not Before: Jun 29 10:43:51 2022 GMT
            Not After : Aug 31 00:00:00 2023 GMT
        Subject: CN=62bc2ce7-cf3e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:7a:92:e8:75:ed:da:ee:c8:cc:a1:8f:e5:9a:
                    08:60:b7:d6:e0:0e:9b:86:b2:7c:69:12:19:f5:a9:
                    e8:45:48:bb:45:0d:74:95:5b:27:3f:39:9a:60:70:
                    3b:41:fa:b1:ee:ca:d8:6c:a7:b3:d5:cd:3a:16:f2:
                    e5:0b:00:5a:66:ca:d7:11:31:6a:16:ae:16:0d:f6:
                    51:b1:df:e7:dd:45:10:a3:10:a5:c3:d9:78:67:19:
                    42:0c:df:93:b7:1c:98:07:06:fd:ee:ec:3f:2d:81:
                    38:41:dc:f2:a5:f0:58:46:f7:cf:f1:69:65:83:33:
                    d3:3e:a4:a8:45:c4:50:d6:05:0c:67:36:2f:90:3d:
                    42:bb:e3:55:00:19:e4:bb:62:57:fd:e3:1d:2e:27:
                    b0:1f:1f:ba:1d:4c:d8:8b:93:70:57:89:e8:de:37:
                    0b:56:a1:6d:46:41:1c:ef:30:c4:c0:a9:4b:5e:6b:
                    99:9d:b7:53:1e:6f:7e:dc:76:ff:a9:61:38:71:fb:
                    ae:c5:f3:eb:38:96:5b:e5:be:0f:4e:da:02:d7:2d:
                    d0:df:89:a1:4f:4b:1b:ec:6a:04:cf:ae:46:0e:aa:
                    dc:5b:5d:40:f9:79:36:6d:64:69:fd:03:1a:48:c5:
                    3a:1d:6c:bb:e5:14:87:91:b1:f7:bc:06:e4:8e:f7:
                    f2:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:38:D7:8B:08:C5:8C:5F:DF:E0:D6:32:3D:B6:A4:B0:7F:8B:A7:7C
            X509v3 Authority Key Identifier:
                keyid:7E:24:43:10:D7:A4:56:EB:12:7B:92:6C:42:F2:6D:79:E9:AC:DB:88

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91DF93A/F7DFA72EE5F311EAB3A91561C4F9AE02/fiRDENekVusSe5JsQvJteems24g.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/fiRDENekVusSe5JsQvJteems24g.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91DF93A/F7DFA72EE5F311EAB3A91561C4F9AE02/5D2944FCF79811EC8A78DD1EC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  169.136.64.0/22
                  169.136.72.0/24
                  169.136.133.0/24
                  169.136.137.0-169.136.139.255
                  169.136.145.0/24
                  169.136.147.0-169.136.154.255

    Signature Algorithm: sha256WithRSAEncryption
         60:07:0d:b5:a9:4b:c2:f1:d1:11:51:8d:01:24:0f:2e:7d:2d:
         d9:7f:39:3c:5a:3b:7e:a5:13:24:3c:87:85:f0:2a:43:ab:fc:
         b0:b0:e6:ca:d5:78:26:b1:36:66:e9:2d:8c:50:ca:26:36:ff:
         85:a0:9e:90:08:6a:8f:8e:ec:0d:4c:91:d7:b5:af:f1:93:3f:
         8c:c8:5e:c3:2a:f7:37:fb:06:3f:5d:67:2f:f6:37:e3:8e:9b:
         01:4a:47:b0:64:68:98:3c:4f:1b:f3:11:8b:de:d9:1f:f2:7d:
         1d:d5:d2:dd:79:19:88:80:38:9a:39:4c:64:ec:60:c1:ef:28:
         46:f9:4f:66:e4:a4:34:54:73:df:60:61:e7:17:da:7c:e4:1c:
         d1:65:ce:ee:42:6b:a0:c4:4b:e1:50:cc:a3:34:82:e0:68:5b:
         e3:6a:aa:16:39:25:bb:83:1f:85:68:99:e0:dc:df:ca:62:a7:
         a7:ac:a3:8f:aa:ea:8a:f3:1e:f4:e3:81:74:45:9c:be:19:3d:
         5a:2b:3e:be:17:ee:0d:45:95:ce:9d:2b:01:88:4e:dd:67:f0:
         56:92:9b:08:ae:11:66:5f:e2:a8:14:a2:3d:a2:43:2c:9c:31:
         0e:78:ce:ef:2a:13:ca:f5:cf:d7:29:75:5a:e8:c6:44:e2:9a:
         85:93:12:b1
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgICBZ8wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
REY5M0ExMTAvBgNVBAUTKDdFMjQ0MzEwRDdBNDU2RUIxMjdCOTI2QzQyRjI2RDc5
RTlBQ0RCODgwHhcNMjIwNjI5MTA0MzUxWhcNMjMwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MmJjMmNlNy1jZjNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA6HqS6HXt2u7IzKGP5ZoIYLfW4A6bhrJ8aRIZ9anoRUi7RQ10lVsnPzmaYHA7
Qfqx7srYbKez1c06FvLlCwBaZsrXETFqFq4WDfZRsd/n3UUQoxClw9l4ZxlCDN+T
txyYBwb97uw/LYE4QdzypfBYRvfP8WllgzPTPqSoRcRQ1gUMZzYvkD1Cu+NVABnk
u2JX/eMdLiewHx+6HUzYi5NwV4no3jcLVqFtRkEc7zDEwKlLXmuZnbdTHm9+3Hb/
qWE4cfuuxfPrOJZb5b4PTtoC1y3Q34mhT0sb7GoEz65GDqrcW11A+Xk2bWRp/QMa
SMU6HWy75RSHkbH3vAbkjvfy+QIDAQABo4ICwzCCAr8wHQYDVR0OBBYEFCw414sI
xYxf3+DWMj22pLB/i6d8MB8GA1UdIwQYMBaAFH4kQxDXpFbrEnuSbELybXnprNuI
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFERjkzQS9GN0RGQTcyRUU1
RjMxMUVBQjNBOTE1NjFDNEY5QUUwMi9maVJERU5la1Z1c1NlNUpzUXZKdGVlbXMy
NGcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL2ZpUkRFTmVrVnVzU2U1SnNRdkp0ZWVtczI0Zy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
REY5M0EvRjdERkE3MkVFNUYzMTFFQUIzQTkxNTYxQzRGOUFFMDIvNUQyOTQ0RkNG
Nzk4MTFFQzhBNzhERDFFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwTQYIKwYBBQUHAQcBAf8E
PjA8MDoEAgABMDQDBAKpiEADBACpiEgDBACpiIUwDAMEAKmIiQMEAqmIiAMEAKmI
kTAMAwQAqYiTAwQAqYiaMA0GCSqGSIb3DQEBCwUAA4IBAQBgBw21qUvC8dERUY0B
JA8ufS3Zfzk8Wjt+pRMkPIeF8CpDq/ywsObK1XgmsTZm6S2MUMomNv+FoJ6QCGqP
juwNTJHXta/xkz+MyF7DKvc3+wY/XWcv9jfjjpsBSkewZGiYPE8b8xGL3tkf8n0d
1dLdeRmIgDiaOUxk7GDB7yhG+U9m5KQ0VHPfYGHnF9p85BzRZc7uQmugxEvhUMyj
NILgaFvjaqoWOSW7gx+FaJng3N/KYqenrKOPquqK8x7044F0RZy+GT1aKz6+F+4N
RZXOnSsBiE7dZ/BWkpsIrhFmX+KoFKI9okMsnDEOeM7vKhPK9c/XKXVa6MZE4pqF
kxKx
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:43 2024 by rpki-client on console-fra.rpki-client.org