Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91DFB70/2983647C838F11E586FC5812C4F9AE02/D9BCD298E01911EE8A139768C4F9AE02.roa
File:                     D9BCD298E01911EE8A139768C4F9AE02.roa (raw, json)
Hash identifier:          3i/MSwrs1JD2G5Iq2YxA4B9X86hxlB7TuehdIWECYmg=
Subject key identifier:   2B:1C:28:50:42:64:67:2B:8F:C8:5B:E8:AC:CB:38:5E:BB:86:82:C3
Certificate issuer:       /CN=A91DFB70/serialNumber=5D2DD154B5DCE21FB786C526DBDEF1B045928AB8
Certificate serial:       267A
Authority key identifier: 5D:2D:D1:54:B5:DC:E2:1F:B7:86:C5:26:DB:DE:F1:B0:45:92:8A:B8
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XS3RVLXc4h-3hsUm297xsEWSirg.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91DFB70/2983647C838F11E586FC5812C4F9AE02/D9BCD298E01911EE8A139768C4F9AE02.roa
Signing time:             Tue 12 Mar 2024 02:52:33 +0000
ROA not before:           Tue 12 Mar 2024 02:52:33 +0000
ROA not after:            Wed 29 May 2024 00:00:00 +0000
asID:                     18115
IP address blocks:        27.110.128.0/24 maxlen: 24
                          58.71.117.0/24 maxlen: 24
                          122.54.67.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 9850 (0x267a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91DFB70/serialNumber=5D2DD154B5DCE21FB786C526DBDEF1B045928AB8
        Validity
            Not Before: Mar 12 02:52:33 2024 GMT
            Not After : May 29 00:00:00 2024 GMT
        Subject: CN=65efc371-685a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:15:00:22:ee:1f:cc:9f:ae:cf:da:0c:7d:0b:
                    ef:7d:07:73:b9:d8:fc:f3:f7:f4:4b:a1:65:e7:37:
                    65:4d:1a:e2:8e:13:f4:f4:b2:6b:e4:51:59:df:60:
                    66:a5:b0:e9:1c:d1:37:14:2e:1c:e0:74:82:c9:ee:
                    e5:d0:5b:4c:26:8c:26:35:17:83:4f:d4:94:f3:d4:
                    58:39:32:d6:94:b9:9c:cd:1c:f1:98:93:7a:58:d4:
                    56:57:bb:a5:6c:37:aa:6d:2f:8e:79:d5:b8:1b:6a:
                    f8:4e:e5:e8:a9:c1:6c:7b:ae:87:02:a1:d9:80:0c:
                    f9:4e:56:79:92:73:5d:b2:e2:be:b1:1a:a3:4e:b1:
                    2c:f7:26:8a:78:a4:5a:e2:94:d9:aa:fb:27:e4:1c:
                    30:aa:59:04:a4:ff:f4:43:c2:f9:50:fe:d4:35:0c:
                    3c:1b:e0:5e:12:97:d5:2c:0c:9a:09:af:77:45:22:
                    b8:b4:f1:d8:75:9b:dd:1e:25:f3:a6:3e:9f:93:a5:
                    1b:3c:37:2d:c2:ed:d9:ec:b3:90:0f:b5:bb:c5:09:
                    f7:06:bf:73:20:c4:f7:c1:3b:38:a1:b1:2f:f2:71:
                    27:c6:5c:4c:bf:83:bf:5a:b3:f5:6e:8a:00:0c:13:
                    17:3c:bb:f8:55:b5:4f:ed:95:37:52:a4:ef:79:4a:
                    ed:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:1C:28:50:42:64:67:2B:8F:C8:5B:E8:AC:CB:38:5E:BB:86:82:C3
            X509v3 Authority Key Identifier:
                keyid:5D:2D:D1:54:B5:DC:E2:1F:B7:86:C5:26:DB:DE:F1:B0:45:92:8A:B8

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91DFB70/2983647C838F11E586FC5812C4F9AE02/XS3RVLXc4h-3hsUm297xsEWSirg.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XS3RVLXc4h-3hsUm297xsEWSirg.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91DFB70/2983647C838F11E586FC5812C4F9AE02/D9BCD298E01911EE8A139768C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  27.110.128.0/24
                  58.71.117.0/24
                  122.54.67.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b7:88:b1:51:5a:ec:92:08:b2:af:2a:67:22:75:cc:23:e6:7b:
         04:88:96:20:e6:41:99:ff:84:40:85:a7:95:e0:4c:c6:93:c1:
         64:04:0d:4d:1d:d8:0c:07:cf:5f:d6:c8:bc:25:d1:6b:1a:d9:
         dc:39:68:1d:00:e5:16:2e:8c:e2:65:2b:d3:7b:3a:8e:5d:96:
         40:08:27:bf:e5:ef:c0:e9:2a:2f:91:e6:27:b0:c4:da:3a:62:
         5f:9e:42:da:e3:94:6d:7b:e6:d4:a2:ff:49:e9:21:fd:12:ad:
         fe:70:c5:28:31:1f:30:68:08:f5:01:3e:9e:35:9b:e8:15:c6:
         25:3d:88:0b:ee:6a:5f:3c:a8:dc:eb:68:c4:71:d7:a4:7f:50:
         8c:42:b4:63:4a:cd:cd:3c:56:83:a5:34:81:fb:65:68:64:4d:
         54:26:57:82:98:2e:a3:21:3a:71:e0:fa:05:02:5f:c0:37:6a:
         19:50:74:21:55:33:8f:11:d4:7b:54:cb:dd:af:af:e6:1c:4e:
         27:4a:2d:62:26:3f:ae:80:1d:80:27:17:48:00:28:82:04:3a:
         58:d9:34:84:fc:19:b8:a8:45:27:a9:43:7c:e7:59:4b:94:5a:
         17:b9:e0:89:35:0a:4a:10:3b:b8:e1:ab:0d:22:80:d3:aa:0e:
         ff:fd:b9:aa
-----BEGIN CERTIFICATE-----
MIIFfTCCBGWgAwIBAgICJnowDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
REZCNzAxMTAvBgNVBAUTKDVEMkREMTU0QjVEQ0UyMUZCNzg2QzUyNkRCREVGMUIw
NDU5MjhBQjgwHhcNMjQwMzEyMDI1MjMzWhcNMjQwNTI5MDAwMDAwWjAYMRYwFAYD
VQQDEw02NWVmYzM3MS02ODVhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAoRUAIu4fzJ+uz9oMfQvvfQdzudj88/f0S6Fl5zdlTRrijhP09LJr5FFZ32Bm
pbDpHNE3FC4c4HSCye7l0FtMJowmNReDT9SU89RYOTLWlLmczRzxmJN6WNRWV7ul
bDeqbS+OedW4G2r4TuXoqcFse66HAqHZgAz5TlZ5knNdsuK+sRqjTrEs9yaKeKRa
4pTZqvsn5BwwqlkEpP/0Q8L5UP7UNQw8G+BeEpfVLAyaCa93RSK4tPHYdZvdHiXz
pj6fk6UbPDctwu3Z7LOQD7W7xQn3Br9zIMT3wTs4obEv8nEnxlxMv4O/WrP1booA
DBMXPLv4VbVP7ZU3UqTveUrtrwIDAQABo4ICoTCCAp0wHQYDVR0OBBYEFCscKFBC
ZGcrj8hb6KzLOF67hoLDMB8GA1UdIwQYMBaAFF0t0VS13OIft4bFJtve8bBFkoq4
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFERkI3MC8yOTgzNjQ3Qzgz
OEYxMUU1ODZGQzU4MTJDNEY5QUUwMi9YUzNSVkxYYzRoLTNoc1VtMjk3eHNFV1Np
cmcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1hTM1JWTFhjNGgtM2hzVW0yOTd4c0VXU2lyZy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
REZCNzAvMjk4MzY0N0M4MzhGMTFFNTg2RkM1ODEyQzRGOUFFMDIvRDlCQ0QyOThF
MDE5MTFFRThBMTM5NzY4QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwKwYIKwYBBQUHAQcBAf8E
HDAaMBgEAgABMBIDBAAbboADBAA6R3UDBAB6NkMwDQYJKoZIhvcNAQELBQADggEB
ALeIsVFa7JIIsq8qZyJ1zCPmewSIliDmQZn/hECFp5XgTMaTwWQEDU0d2AwHz1/W
yLwl0Wsa2dw5aB0A5RYujOJlK9N7Oo5dlkAIJ7/l78DpKi+R5iewxNo6Yl+eQtrj
lG175tSi/0npIf0Srf5wxSgxHzBoCPUBPp41m+gVxiU9iAvual88qNzraMRx16R/
UIxCtGNKzc08VoOlNIH7ZWhkTVQmV4KYLqMhOnHg+gUCX8A3ahlQdCFVM48R1HtU
y92vr+YcTidKLWImP66AHYAnF0gAKIIEOljZNIT8GbioRSepQ3znWUuUWhe54Ik1
CkoQO7jhqw0igNOqDv/9uao=
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:43 2024 by rpki-client on console-fra.rpki-client.org