Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91F2BD9/0481F786EC1911EA85B1E76FC4F9AE02/D564DCD6EC1B11EAACBD9310C4F9AE02.roa
File:                     D564DCD6EC1B11EAACBD9310C4F9AE02.roa (raw, json)
Hash identifier:          oqio20OzCXSYNpK3BBXSZGuGVDmYY7IzecxgTHcny+s=
Subject key identifier:   F1:95:5A:21:11:E0:BA:EF:33:F3:36:1F:D6:AF:40:3A:C8:06:2E:0E
Certificate issuer:       /CN=A91F2BD9/serialNumber=AFCD12F3409878CD4AB445C445544AE8DA851A84
Certificate serial:       06B3
Authority key identifier: AF:CD:12:F3:40:98:78:CD:4A:B4:45:C4:45:54:4A:E8:DA:85:1A:84
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/r80S80CYeM1KtEXERVRK6NqFGoQ.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91F2BD9/0481F786EC1911EA85B1E76FC4F9AE02/D564DCD6EC1B11EAACBD9310C4F9AE02.roa
Signing time:             Tue 19 Sep 2023 05:24:37 +0000
ROA not before:           Tue 19 Sep 2023 05:24:37 +0000
ROA not after:            Fri 01 Mar 2024 00:00:00 +0000
asID:                     7594
IP address blocks:        120.88.64.0/19 maxlen: 19
                          120.88.64.0/24 maxlen: 24
                          120.88.65.0/24 maxlen: 24
                          120.88.66.0/24 maxlen: 24
                          120.88.67.0/24 maxlen: 24
                          120.88.68.0/24 maxlen: 24
                          120.88.69.0/24 maxlen: 24
                          120.88.70.0/24 maxlen: 24
                          120.88.71.0/24 maxlen: 24
                          120.88.72.0/24 maxlen: 24
                          120.88.73.0/24 maxlen: 24
                          120.88.74.0/24 maxlen: 24
                          120.88.75.0/24 maxlen: 24
                          120.88.76.0/24 maxlen: 24
                          120.88.77.0/24 maxlen: 24
                          120.88.78.0/24 maxlen: 24
                          120.88.79.0/24 maxlen: 24
                          120.88.80.0/24 maxlen: 24
                          120.88.81.0/24 maxlen: 24
                          120.88.82.0/24 maxlen: 24
                          120.88.83.0/24 maxlen: 24
                          120.88.84.0/24 maxlen: 24
                          120.88.85.0/24 maxlen: 24
                          120.88.86.0/24 maxlen: 24
                          120.88.87.0/24 maxlen: 24
                          120.88.88.0/24 maxlen: 24
                          120.88.89.0/24 maxlen: 24
                          120.88.90.0/24 maxlen: 24
                          120.88.91.0/24 maxlen: 24
                          120.88.92.0/24 maxlen: 24
                          120.88.93.0/24 maxlen: 24
                          120.88.94.0/24 maxlen: 24
                          120.88.95.0/24 maxlen: 24
                          121.0.0.0/21 maxlen: 21
                          121.0.0.0/24 maxlen: 24
                          121.0.1.0/24 maxlen: 24
                          121.0.2.0/24 maxlen: 24
                          121.0.3.0/24 maxlen: 24
                          121.0.4.0/24 maxlen: 24
                          121.0.5.0/24 maxlen: 24
                          121.0.6.0/24 maxlen: 24
                          121.0.7.0/24 maxlen: 24
                          203.56.180.0/24 maxlen: 24
                          2403:9000::/32 maxlen: 32
                          2403:9000:501::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1715 (0x6b3)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F2BD9/serialNumber=AFCD12F3409878CD4AB445C445544AE8DA851A84
        Validity
            Not Before: Sep 19 05:24:37 2023 GMT
            Not After : Mar  1 00:00:00 2024 GMT
        Subject: CN=65093094-ed20
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:01:17:20:c6:3c:71:15:a0:f0:cf:33:f6:e8:
                    31:9b:42:66:fb:a0:3e:95:cb:97:08:67:fa:45:24:
                    55:30:f7:47:6b:56:89:9c:7d:86:6e:c9:3f:6c:a7:
                    2d:24:3c:40:bd:1d:cb:f0:84:57:23:bb:6f:f2:89:
                    58:86:43:4b:7d:0b:a9:29:de:41:36:a8:1b:8c:63:
                    99:26:86:9d:1e:c3:0b:71:4a:72:66:94:43:80:93:
                    ee:6d:e3:3d:63:aa:6e:4b:bc:8d:6b:5b:31:8e:94:
                    ff:cd:a3:62:56:07:14:00:0b:cf:c2:25:43:98:aa:
                    d3:32:be:d8:17:9a:bf:af:b7:df:f9:72:42:b6:a5:
                    84:12:79:c4:61:25:da:72:d7:28:75:71:86:e8:e5:
                    6d:5b:09:5c:ef:c7:62:68:eb:30:ba:c9:d8:6e:ef:
                    f1:06:44:57:13:56:f4:f4:95:e2:32:a5:4b:47:d7:
                    f2:98:43:54:b1:d4:b0:51:5e:3c:93:1c:69:d5:21:
                    fa:7d:1c:cc:06:24:d4:0d:5b:33:42:92:0c:72:c0:
                    4c:b4:0d:62:20:f9:8e:71:99:0c:9a:a9:f5:3b:a8:
                    a0:54:54:1d:0d:7a:3c:2d:a6:23:a8:f8:ae:29:99:
                    93:3e:1f:fe:46:33:8f:a4:25:d5:63:b7:91:4e:99:
                    93:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F1:95:5A:21:11:E0:BA:EF:33:F3:36:1F:D6:AF:40:3A:C8:06:2E:0E
            X509v3 Authority Key Identifier:
                keyid:AF:CD:12:F3:40:98:78:CD:4A:B4:45:C4:45:54:4A:E8:DA:85:1A:84

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91F2BD9/0481F786EC1911EA85B1E76FC4F9AE02/r80S80CYeM1KtEXERVRK6NqFGoQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/r80S80CYeM1KtEXERVRK6NqFGoQ.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91F2BD9/0481F786EC1911EA85B1E76FC4F9AE02/D564DCD6EC1B11EAACBD9310C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  120.88.64.0/19
                  121.0.0.0/21
                  203.56.180.0/24
                IPv6:
                  2403:9000::/32

    Signature Algorithm: sha256WithRSAEncryption
         66:e1:8c:0f:31:7b:b3:27:c3:aa:70:e4:f4:c3:1e:4d:f8:59:
         08:03:02:24:0b:9d:22:80:1a:ef:da:8d:36:f0:44:a1:02:15:
         cb:4b:34:cd:0c:ca:19:a6:e6:aa:08:2e:67:24:6f:df:db:b7:
         47:f2:02:75:1c:af:57:ca:0d:19:60:69:eb:7e:7a:1d:01:d8:
         a6:c0:1b:16:01:69:83:eb:37:e5:d2:a9:ba:86:e6:c0:db:24:
         93:86:d4:22:55:b8:ac:be:7e:d5:6f:ac:74:66:5a:44:4e:8c:
         c4:f8:b5:d1:f8:0a:55:a7:3d:49:6d:e8:bb:6e:9a:b8:e4:8f:
         ae:d5:78:53:d7:a8:49:02:9c:d0:87:ad:0a:d7:39:55:f3:c9:
         ba:a3:ea:a7:5c:b7:1c:0a:1a:b1:19:44:1a:30:e9:ad:57:d1:
         c2:c9:85:85:db:c5:82:0e:2b:7f:70:77:eb:80:dc:71:74:fc:
         00:c3:80:7f:b8:ba:5f:75:6c:b8:b3:35:a8:27:0e:06:c7:5e:
         17:5a:b6:7f:5a:01:bb:da:0f:03:dd:35:30:a7:77:3e:6d:fd:
         86:8e:56:16:ca:6e:53:bc:a9:fa:87:ff:07:bc:89:66:d2:55:
         c3:cd:6c:0a:a0:64:86:1b:f8:fc:94:66:79:56:c6:79:30:5f:
         41:6f:04:93
-----BEGIN CERTIFICATE-----
MIIFjDCCBHSgAwIBAgICBrMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RjJCRDkxMTAvBgNVBAUTKEFGQ0QxMkYzNDA5ODc4Q0Q0QUI0NDVDNDQ1NTQ0QUU4
REE4NTFBODQwHhcNMjMwOTE5MDUyNDM3WhcNMjQwMzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTA5MzA5NC1lZDIwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAzwEXIMY8cRWg8M8z9ugxm0Jm+6A+lcuXCGf6RSRVMPdHa1aJnH2Gbsk/bKct
JDxAvR3L8IRXI7tv8olYhkNLfQupKd5BNqgbjGOZJoadHsMLcUpyZpRDgJPubeM9
Y6puS7yNa1sxjpT/zaNiVgcUAAvPwiVDmKrTMr7YF5q/r7ff+XJCtqWEEnnEYSXa
ctcodXGG6OVtWwlc78diaOswusnYbu/xBkRXE1b09JXiMqVLR9fymENUsdSwUV48
kxxp1SH6fRzMBiTUDVszQpIMcsBMtA1iIPmOcZkMmqn1O6igVFQdDXo8LaYjqPiu
KZmTPh/+RjOPpCXVY7eRTpmTwwIDAQABo4ICsDCCAqwwHQYDVR0OBBYEFPGVWiER
4LrvM/M2H9avQDrIBi4OMB8GA1UdIwQYMBaAFK/NEvNAmHjNSrRFxEVUSujahRqE
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGMkJEOS8wNDgxRjc4NkVD
MTkxMUVBODVCMUU3NkZDNEY5QUUwMi9yODBTODBDWWVNMUt0RVhFUlZSSzZOcUZH
b1EuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3I4MFM4MENZZU0xS3RFWEVSVlJLNk5xRkdvUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RjJCRDkvMDQ4MUY3ODZFQzE5MTFFQTg1QjFFNzZGQzRGOUFFMDIvRDU2NERDRDZF
QzFCMTFFQUFDQkQ5MzEwQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwOgYIKwYBBQUHAQcBAf8E
KzApMBgEAgABMBIDBAV4WEADBAN5AAADBADLOLQwDQQCAAIwBwMFACQDkAAwDQYJ
KoZIhvcNAQELBQADggEBAGbhjA8xe7Mnw6pw5PTDHk34WQgDAiQLnSKAGu/ajTbw
RKECFctLNM0Myhmm5qoILmckb9/bt0fyAnUcr1fKDRlgaet+eh0B2KbAGxYBaYPr
N+XSqbqG5sDbJJOG1CJVuKy+ftVvrHRmWkROjMT4tdH4ClWnPUlt6Ltumrjkj67V
eFPXqEkCnNCHrQrXOVXzybqj6qdctxwKGrEZRBow6a1X0cLJhYXbxYIOK39wd+uA
3HF0/ADDgH+4ul91bLizNagnDgbHXhdatn9aAbvaDwPdNTCndz5t/YaOVhbKblO8
qfqH/we8iWbSVcPNbAqgZIYb+PyUZnlWxnkwX0FvBJM=
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:48 2024 by rpki-client on console-fra.rpki-client.org