Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91DF93A/F7DFA72EE5F311EAB3A91561C4F9AE02/C0FF198630B311ECA42CF927C4F9AE02.roa
File:                     C0FF198630B311ECA42CF927C4F9AE02.roa (raw, json)
Hash identifier:          SJUZh7tLlyQYl4/+neOlPDT92FWJtqb/GytEjHcuAO0=
Subject key identifier:   16:4A:4A:0C:28:6E:B8:2B:80:B9:0A:E9:7F:4B:58:52:18:08:A7:0E
Certificate issuer:       /CN=A91DF93A/serialNumber=7E244310D7A456EB127B926C42F26D79E9ACDB88
Certificate serial:       068B
Authority key identifier: 7E:24:43:10:D7:A4:56:EB:12:7B:92:6C:42:F2:6D:79:E9:AC:DB:88
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/fiRDENekVusSe5JsQvJteems24g.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91DF93A/F7DFA72EE5F311EAB3A91561C4F9AE02/C0FF198630B311ECA42CF927C4F9AE02.roa
Signing time:             Fri 16 Dec 2022 06:39:09 +0000
ROA not before:           Fri 16 Dec 2022 06:39:08 +0000
ROA not after:            Thu 31 Aug 2023 00:00:00 +0000
asID:                     21859
IP address blocks:        169.136.82.0/24 maxlen: 24
                          169.136.85.0/24 maxlen: 24
                          169.136.109.0/24 maxlen: 24
                          169.136.120.0/24 maxlen: 24
                          169.136.122.0/24 maxlen: 24
                          169.136.128.0/24 maxlen: 24
                          169.136.129.0/24 maxlen: 24
                          169.136.130.0/24 maxlen: 24
                          169.136.131.0/24 maxlen: 24
                          169.136.134.0/24 maxlen: 24
                          169.136.135.0/24 maxlen: 24
                          169.136.142.0/24 maxlen: 24
                          169.136.143.0/24 maxlen: 24
                          169.136.146.0/24 maxlen: 24
                          169.136.191.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1675 (0x68b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91DF93A/serialNumber=7E244310D7A456EB127B926C42F26D79E9ACDB88
        Validity
            Not Before: Dec 16 06:39:08 2022 GMT
            Not After : Aug 31 00:00:00 2023 GMT
        Subject: CN=639c128c-7c08
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:f8:7e:7a:cb:ed:71:b7:ed:88:5e:82:e5:3a:
                    1e:30:61:b4:eb:e8:d2:18:6e:a5:aa:b1:ca:5c:c0:
                    8f:32:7c:77:db:08:1d:6a:37:c4:ad:da:0d:97:89:
                    2a:4e:55:68:ad:1d:a5:ff:47:a3:1e:46:17:51:2f:
                    53:97:96:4e:5f:e9:37:be:51:14:37:66:f5:d0:ac:
                    33:3d:aa:2d:00:8e:3d:d2:c1:a6:e6:f7:d1:54:6c:
                    3b:bf:f9:8e:23:85:08:10:63:60:b4:2f:1e:f4:d8:
                    50:72:92:d4:8d:2f:dd:77:91:57:bf:88:10:dd:56:
                    01:29:0e:d5:d1:d9:0d:6e:98:06:b7:fc:88:85:83:
                    74:e0:af:4f:d0:99:d4:f2:ad:a2:3d:48:4f:20:5b:
                    8a:2f:4f:ae:6b:19:8e:f5:7d:b8:4c:b4:21:49:ac:
                    39:fa:79:e6:cb:cc:b0:0f:3a:0d:b8:ea:03:7f:f7:
                    51:5e:d0:fe:31:4b:89:c8:90:4e:bf:9d:9a:10:3d:
                    d5:e7:87:be:91:ee:46:38:a3:63:62:c6:f0:17:c6:
                    2c:3b:f8:9a:51:f7:8b:61:84:d0:0b:db:dc:75:8c:
                    51:73:c7:95:e3:d4:53:0a:32:5d:b3:5b:07:38:1b:
                    95:37:5b:97:03:fc:33:d3:aa:0f:57:31:4e:2a:43:
                    88:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:4A:4A:0C:28:6E:B8:2B:80:B9:0A:E9:7F:4B:58:52:18:08:A7:0E
            X509v3 Authority Key Identifier:
                keyid:7E:24:43:10:D7:A4:56:EB:12:7B:92:6C:42:F2:6D:79:E9:AC:DB:88

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91DF93A/F7DFA72EE5F311EAB3A91561C4F9AE02/fiRDENekVusSe5JsQvJteems24g.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/fiRDENekVusSe5JsQvJteems24g.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91DF93A/F7DFA72EE5F311EAB3A91561C4F9AE02/C0FF198630B311ECA42CF927C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  169.136.82.0/24
                  169.136.85.0/24
                  169.136.109.0/24
                  169.136.120.0/24
                  169.136.122.0/24
                  169.136.128.0/22
                  169.136.134.0/23
                  169.136.142.0/23
                  169.136.146.0/24
                  169.136.191.0/24

    Signature Algorithm: sha256WithRSAEncryption
         44:37:93:3c:92:ac:2f:9d:2f:4c:2c:a9:94:a3:59:6f:a9:c9:
         a8:b8:ba:82:d1:de:e2:a8:90:ad:c0:ba:f5:44:4a:66:ad:cd:
         9b:eb:ed:5f:5f:eb:a9:fd:64:40:b6:d8:2c:72:5b:c0:5e:5d:
         27:e8:32:24:0d:4e:6f:98:12:a4:6e:7d:94:88:0c:73:6a:03:
         b7:1a:2b:ed:b8:cf:c5:38:40:cb:b1:09:fd:69:b6:b1:11:a7:
         b7:33:f3:ce:76:18:73:6f:4c:61:77:a9:4f:2d:08:bb:84:a0:
         64:a3:eb:9e:cd:69:6f:18:b8:7d:6d:9b:18:54:33:5b:bf:27:
         d4:7b:e0:c8:e0:6c:52:30:8f:24:75:60:02:b7:47:96:6e:fb:
         cb:42:f2:36:64:e7:fc:ca:1b:4b:a5:c7:10:a0:25:a1:bd:75:
         89:f4:c4:4c:ba:4c:b2:92:28:3b:f5:f0:c3:a6:66:e2:47:fb:
         44:db:0b:f5:ed:9d:23:73:83:a0:dd:46:87:bc:86:14:56:0c:
         51:95:db:26:22:83:a8:65:27:df:30:c5:c9:06:4e:bc:6f:dd:
         ea:2a:fa:3e:b2:b7:54:10:8c:c1:70:e5:6c:60:54:06:bb:2e:
         5d:5c:7b:ab:a0:f6:bb:9f:1c:c0:69:e5:75:6f:fd:79:03:a0:
         71:3d:24:58
-----BEGIN CERTIFICATE-----
MIIFpzCCBI+gAwIBAgICBoswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
REY5M0ExMTAvBgNVBAUTKDdFMjQ0MzEwRDdBNDU2RUIxMjdCOTI2QzQyRjI2RDc5
RTlBQ0RCODgwHhcNMjIxMjE2MDYzOTA4WhcNMjMwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MzljMTI4Yy03YzA4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAyPh+esvtcbftiF6C5ToeMGG06+jSGG6lqrHKXMCPMnx32wgdajfErdoNl4kq
TlVorR2l/0ejHkYXUS9Tl5ZOX+k3vlEUN2b10KwzPaotAI490sGm5vfRVGw7v/mO
I4UIEGNgtC8e9NhQcpLUjS/dd5FXv4gQ3VYBKQ7V0dkNbpgGt/yIhYN04K9P0JnU
8q2iPUhPIFuKL0+uaxmO9X24TLQhSaw5+nnmy8ywDzoNuOoDf/dRXtD+MUuJyJBO
v52aED3V54e+ke5GOKNjYsbwF8YsO/iaUfeLYYTQC9vcdYxRc8eV49RTCjJds1sH
OBuVN1uXA/wz06oPVzFOKkOIdwIDAQABo4ICyzCCAscwHQYDVR0OBBYEFBZKSgwo
brgrgLkK6X9LWFIYCKcOMB8GA1UdIwQYMBaAFH4kQxDXpFbrEnuSbELybXnprNuI
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFERjkzQS9GN0RGQTcyRUU1
RjMxMUVBQjNBOTE1NjFDNEY5QUUwMi9maVJERU5la1Z1c1NlNUpzUXZKdGVlbXMy
NGcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL2ZpUkRFTmVrVnVzU2U1SnNRdkp0ZWVtczI0Zy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
REY5M0EvRjdERkE3MkVFNUYzMTFFQUIzQTkxNTYxQzRGOUFFMDIvQzBGRjE5ODYz
MEIzMTFFQ0E0MkNGOTI3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwVQYIKwYBBQUHAQcBAf8E
RjBEMEIEAgABMDwDBACpiFIDBACpiFUDBACpiG0DBACpiHgDBACpiHoDBAKpiIAD
BAGpiIYDBAGpiI4DBACpiJIDBACpiL8wDQYJKoZIhvcNAQELBQADggEBAEQ3kzyS
rC+dL0wsqZSjWW+pyai4uoLR3uKokK3AuvVESmatzZvr7V9f66n9ZEC22CxyW8Be
XSfoMiQNTm+YEqRufZSIDHNqA7caK+24z8U4QMuxCf1ptrERp7cz8852GHNvTGF3
qU8tCLuEoGSj657NaW8YuH1tmxhUM1u/J9R74MjgbFIwjyR1YAK3R5Zu+8tC8jZk
5/zKG0ulxxCgJaG9dYn0xEy6TLKSKDv18MOmZuJH+0TbC/XtnSNzg6DdRoe8hhRW
DFGV2yYig6hlJ98wxckGTrxv3eoq+j6yt1QQjMFw5WxgVAa7Ll1ce6ug9rufHMBp
5XVv/XkDoHE9JFg=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:06:31 2024 by rpki-client on console-ams.rpki-client.org