Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91E0875/6D91AABC593111EAAA31B40AC4F9AE02/C21002F8E57B11ED8D3D2D65C4F9AE02.roa
File:                     C21002F8E57B11ED8D3D2D65C4F9AE02.roa (raw, json)
Hash identifier:          ftFbQs9gg5Hv66lhhncb5KJcpBCWtlnDAbpcIDpaz94=
Subject key identifier:   88:14:31:E0:BA:5E:BE:21:22:3D:20:99:F1:4F:DE:5E:15:0D:A9:1B
Certificate issuer:       /CN=A91E0875/serialNumber=F973492ED646928ED1F10DE84662E5523F55CC8D
Certificate serial:       091F
Authority key identifier: F9:73:49:2E:D6:46:92:8E:D1:F1:0D:E8:46:62:E5:52:3F:55:CC:8D
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/-XNJLtZGko7R8Q3oRmLlUj9VzI0.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91E0875/6D91AABC593111EAAA31B40AC4F9AE02/C21002F8E57B11ED8D3D2D65C4F9AE02.roa
Signing time:             Fri 28 Apr 2023 04:18:42 +0000
ROA not before:           Fri 28 Apr 2023 04:18:42 +0000
ROA not after:            Wed 01 May 2024 00:00:00 +0000
asID:                     134069
IP address blocks:        43.231.224.0/22 maxlen: 22
                          45.115.220.0/22 maxlen: 22
                          45.115.220.0/24 maxlen: 24
                          45.115.221.0/24 maxlen: 24
                          103.51.48.0/22 maxlen: 22
                          103.51.50.0/24 maxlen: 24
                          103.51.51.0/24 maxlen: 24
                          202.6.248.0/22 maxlen: 22
                          202.6.248.0/23 maxlen: 23
                          2402:1a80::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2335 (0x91f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E0875/serialNumber=F973492ED646928ED1F10DE84662E5523F55CC8D
        Validity
            Not Before: Apr 28 04:18:42 2023 GMT
            Not After : May  1 00:00:00 2024 GMT
        Subject: CN=644b4922-bd61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:ac:61:38:ab:84:1d:ef:8b:d6:24:d7:53:44:
                    b9:5a:72:d1:c7:04:74:49:34:54:73:f2:55:8d:1d:
                    c0:58:ba:19:5a:a0:5f:83:ee:c1:7b:2d:0f:07:47:
                    48:f9:2c:89:95:2d:50:d2:5f:bc:c3:77:5c:2a:2a:
                    a7:a0:51:af:f6:03:2d:56:d7:ec:1b:b2:9f:78:41:
                    1c:39:db:fd:28:26:f1:f3:38:4a:39:f9:be:bd:7f:
                    a0:55:54:3e:6e:39:54:13:c0:d9:c0:9e:b9:19:62:
                    53:45:75:14:4f:3b:d2:11:7f:13:20:87:63:6c:41:
                    79:40:02:1e:4f:e5:16:f4:31:b0:cf:5b:6b:4c:d4:
                    5c:ba:49:91:a4:66:57:ee:66:94:f8:bc:e8:73:44:
                    e8:8e:a5:fc:49:ad:a9:4e:52:ca:63:ce:7a:ca:22:
                    11:97:34:88:fe:7e:f3:b4:08:c2:3a:40:cc:53:a7:
                    d2:c9:ef:67:68:c8:37:91:ca:ce:4f:b9:4b:da:4a:
                    6f:fd:6e:95:c9:01:c4:c5:44:fc:58:04:46:13:95:
                    0e:95:70:e8:dc:4d:9f:07:86:a0:40:2d:f6:8f:46:
                    58:16:d9:c7:a8:c6:dc:e0:27:cd:cf:74:40:f2:1f:
                    8f:9b:ab:22:67:fe:98:0d:37:f6:ee:6e:11:e0:aa:
                    d0:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:14:31:E0:BA:5E:BE:21:22:3D:20:99:F1:4F:DE:5E:15:0D:A9:1B
            X509v3 Authority Key Identifier:
                keyid:F9:73:49:2E:D6:46:92:8E:D1:F1:0D:E8:46:62:E5:52:3F:55:CC:8D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91E0875/6D91AABC593111EAAA31B40AC4F9AE02/-XNJLtZGko7R8Q3oRmLlUj9VzI0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/-XNJLtZGko7R8Q3oRmLlUj9VzI0.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91E0875/6D91AABC593111EAAA31B40AC4F9AE02/C21002F8E57B11ED8D3D2D65C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.231.224.0/22
                  45.115.220.0/22
                  103.51.48.0/22
                  202.6.248.0/22
                IPv6:
                  2402:1a80::/32

    Signature Algorithm: sha256WithRSAEncryption
         9f:7c:69:d1:56:c4:85:c0:0b:da:17:04:9d:73:6a:42:05:d1:
         e9:35:94:dc:ef:fc:16:13:ac:a7:79:33:fd:24:d6:59:bf:78:
         7b:d5:2e:0e:27:74:5d:e9:fb:c2:8c:08:a1:2e:0b:40:d8:5d:
         d5:ad:f1:54:e9:33:0f:a5:c0:f2:88:b1:44:2a:ba:be:eb:56:
         bc:11:ad:5b:df:b7:0b:04:55:87:a3:5a:17:6c:6e:ac:28:50:
         af:28:8e:73:3c:15:d4:af:4b:21:4e:bc:84:a2:7f:64:f8:56:
         7c:f8:4e:cf:02:20:a7:fb:e9:57:80:09:4c:4f:98:1d:33:9f:
         cd:5c:ff:ba:69:f1:6c:70:84:f9:dd:e1:39:fd:6b:99:c7:81:
         8f:cd:34:0f:44:6d:fd:9e:30:27:e8:04:c2:07:40:52:35:27:
         49:67:67:97:82:56:4f:63:e6:e0:17:dd:49:37:fd:9e:7c:40:
         6c:90:4f:23:a6:8f:b6:e8:4f:d0:84:b8:20:2a:13:a8:ad:e7:
         11:2a:b7:bf:50:a1:13:a2:f9:93:40:76:a5:8f:8a:26:f8:2a:
         4b:02:92:82:91:f2:95:e0:ce:bc:6a:dc:0a:c5:3b:df:98:cd:
         02:51:47:32:18:d0:1e:83:65:7a:d0:8b:33:04:7b:d1:36:6e:
         b9:27:9a:dc
-----BEGIN CERTIFICATE-----
MIIFkjCCBHqgAwIBAgICCR8wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RTA4NzUxMTAvBgNVBAUTKEY5NzM0OTJFRDY0NjkyOEVEMUYxMERFODQ2NjJFNTUy
M0Y1NUNDOEQwHhcNMjMwNDI4MDQxODQyWhcNMjQwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDRiNDkyMi1iZDYxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAuKxhOKuEHe+L1iTXU0S5WnLRxwR0STRUc/JVjR3AWLoZWqBfg+7Bey0PB0dI
+SyJlS1Q0l+8w3dcKiqnoFGv9gMtVtfsG7KfeEEcOdv9KCbx8zhKOfm+vX+gVVQ+
bjlUE8DZwJ65GWJTRXUUTzvSEX8TIIdjbEF5QAIeT+UW9DGwz1trTNRcukmRpGZX
7maU+Lzoc0TojqX8Sa2pTlLKY856yiIRlzSI/n7ztAjCOkDMU6fSye9naMg3kcrO
T7lL2kpv/W6VyQHExUT8WARGE5UOlXDo3E2fB4agQC32j0ZYFtnHqMbc4CfNz3RA
8h+Pm6siZ/6YDTf27m4R4KrQoQIDAQABo4ICtjCCArIwHQYDVR0OBBYEFIgUMeC6
Xr4hIj0gmfFP3l4VDakbMB8GA1UdIwQYMBaAFPlzSS7WRpKO0fEN6EZi5VI/VcyN
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFMDg3NS82RDkxQUFCQzU5
MzExMUVBQUEzMUI0MEFDNEY5QUUwMi8tWE5KTHRaR2tvN1I4UTNvUm1MbFVqOVZ6
STAuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLy1YTkpMdFpHa283UjhRM29SbUxsVWo5VnpJMC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RTA4NzUvNkQ5MUFBQkM1OTMxMTFFQUFBMzFCNDBBQzRGOUFFMDIvQzIxMDAyRjhF
NTdCMTFFRDhEM0QyRDY1QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwQAYIKwYBBQUHAQcBAf8E
MTAvMB4EAgABMBgDBAIr5+ADBAItc9wDBAJnMzADBALKBvgwDQQCAAIwBwMFACQC
GoAwDQYJKoZIhvcNAQELBQADggEBAJ98adFWxIXAC9oXBJ1zakIF0ek1lNzv/BYT
rKd5M/0k1lm/eHvVLg4ndF3p+8KMCKEuC0DYXdWt8VTpMw+lwPKIsUQqur7rVrwR
rVvftwsEVYejWhdsbqwoUK8ojnM8FdSvSyFOvISif2T4Vnz4Ts8CIKf76VeACUxP
mB0zn81c/7pp8WxwhPnd4Tn9a5nHgY/NNA9Ebf2eMCfoBMIHQFI1J0lnZ5eCVk9j
5uAX3Uk3/Z58QGyQTyOmj7boT9CEuCAqE6it5xEqt79QoROi+ZNAdqWPiib4KksC
koKR8pXgzrxq3ArFO9+YzQJRRzIY0B6DZXrQizMEe9E2brknmtw=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:06:32 2024 by rpki-client on console-ams.rpki-client.org