Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9139B49/0780B990C9F811E79EF12009C4F9AE02/95636AFAFD5B11ECAB94E67BC4F9AE02.roa
File:                     95636AFAFD5B11ECAB94E67BC4F9AE02.roa (raw, json)
Hash identifier:          OVV2JQfiqTgx41I8sFALI4GKtqkwGBY2fofnmyfJ5IY=
Subject key identifier:   64:0A:FF:E3:35:B1:A3:92:F8:40:69:5F:65:E0:01:CD:06:06:C7:D4
Certificate issuer:       /CN=A9139B49/serialNumber=4EE540A48AD973FBD831ABD02603B5FB0FB945BE
Certificate serial:       1555
Authority key identifier: 4E:E5:40:A4:8A:D9:73:FB:D8:31:AB:D0:26:03:B5:FB:0F:B9:45:BE
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/TuVApIrZc_vYMavQJgO1-w-5Rb4.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9139B49/0780B990C9F811E79EF12009C4F9AE02/95636AFAFD5B11ECAB94E67BC4F9AE02.roa
Signing time:             Thu 14 Jul 2022 12:43:46 +0000
ROA not before:           Thu 14 Jul 2022 12:43:46 +0000
ROA not after:            Fri 31 Mar 2023 00:00:00 +0000
asID:                     17911
IP address blocks:        103.224.12.0/24 maxlen: 24
                          103.224.13.0/24 maxlen: 24
                          103.224.14.0/24 maxlen: 24
                          103.224.15.0/24 maxlen: 24
                          122.129.64.0/24 maxlen: 24
                          122.129.65.0/24 maxlen: 24
                          122.129.66.0/24 maxlen: 24
                          122.129.67.0/24 maxlen: 24
                          122.129.68.0/24 maxlen: 24
                          122.129.69.0/24 maxlen: 24
                          122.129.70.0/24 maxlen: 24
                          122.129.71.0/24 maxlen: 24
                          122.129.72.0/24 maxlen: 24
                          122.129.73.0/24 maxlen: 24
                          122.129.74.0/24 maxlen: 24
                          122.129.75.0/24 maxlen: 24
                          122.129.76.0/24 maxlen: 24
                          122.129.77.0/24 maxlen: 24
                          122.129.78.0/24 maxlen: 24
                          122.129.79.0/24 maxlen: 24
                          122.129.80.0/24 maxlen: 24
                          122.129.81.0/24 maxlen: 24
                          122.129.82.0/24 maxlen: 24
                          122.129.83.0/24 maxlen: 24
                          122.129.84.0/24 maxlen: 24
                          122.129.85.0/24 maxlen: 24
                          122.129.86.0/24 maxlen: 24
                          122.129.87.0/24 maxlen: 24
                          122.129.88.0/24 maxlen: 24
                          122.129.89.0/24 maxlen: 24
                          122.129.90.0/24 maxlen: 24
                          122.129.91.0/24 maxlen: 24
                          122.129.92.0/24 maxlen: 24
                          122.129.93.0/24 maxlen: 24
                          122.129.94.0/24 maxlen: 24
                          122.129.95.0/24 maxlen: 24
                          203.128.0.0/24 maxlen: 24
                          203.128.1.0/24 maxlen: 24
                          203.128.2.0/24 maxlen: 24
                          203.128.3.0/24 maxlen: 24
                          203.128.4.0/24 maxlen: 24
                          203.128.5.0/24 maxlen: 24
                          203.128.6.0/24 maxlen: 24
                          203.128.7.0/24 maxlen: 24
                          203.128.8.0/24 maxlen: 24
                          203.128.9.0/24 maxlen: 24
                          203.128.10.0/24 maxlen: 24
                          203.128.11.0/24 maxlen: 24
                          203.128.12.0/24 maxlen: 24
                          203.128.13.0/24 maxlen: 24
                          203.128.14.0/24 maxlen: 24
                          203.128.15.0/24 maxlen: 24
                          203.128.16.0/24 maxlen: 24
                          203.128.17.0/24 maxlen: 24
                          203.128.18.0/24 maxlen: 24
                          203.128.19.0/24 maxlen: 24
                          203.128.20.0/24 maxlen: 24
                          203.128.21.0/24 maxlen: 24
                          203.128.22.0/24 maxlen: 24
                          203.128.23.0/24 maxlen: 24
                          203.128.24.0/24 maxlen: 24
                          203.128.25.0/24 maxlen: 24
                          203.128.26.0/24 maxlen: 24
                          203.128.27.0/24 maxlen: 24
                          203.128.28.0/24 maxlen: 24
                          203.128.29.0/24 maxlen: 24
                          203.128.30.0/24 maxlen: 24
                          203.128.31.0/24 maxlen: 24
                          2400:4f00::/36 maxlen: 36

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 5461 (0x1555)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9139B49/serialNumber=4EE540A48AD973FBD831ABD02603B5FB0FB945BE
        Validity
            Not Before: Jul 14 12:43:46 2022 GMT
            Not After : Mar 31 00:00:00 2023 GMT
        Subject: CN=62d00f82-fcc3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:d7:49:9e:ed:c2:17:1e:e0:f9:e0:80:33:23:
                    d5:08:d6:17:43:bb:55:e8:18:21:18:e7:42:3d:4f:
                    3a:35:ea:92:07:be:07:7d:b8:c3:fc:89:d1:76:09:
                    6e:0a:81:07:b4:67:5c:f2:51:54:f0:3c:1e:d3:04:
                    c7:cb:88:58:9e:c5:c8:6c:f8:ab:5a:4b:ad:95:af:
                    5f:eb:2c:95:04:cf:ff:e8:9e:57:35:92:ec:37:9a:
                    5a:65:b7:dd:27:08:63:14:d5:ed:74:cf:89:7e:39:
                    7e:64:f7:47:ee:43:57:7d:91:73:01:42:94:08:54:
                    41:ce:62:2f:0a:d9:76:1a:10:83:87:50:b5:cb:9a:
                    16:4f:7e:04:54:6c:96:4f:a1:ae:ce:4d:53:be:dd:
                    95:c4:a0:81:a7:9e:a4:17:f6:b9:f8:04:0b:6c:dd:
                    20:88:ab:b5:dc:e9:50:09:b5:cf:5c:a8:da:9a:81:
                    7b:b2:f8:a8:74:9d:fc:c3:05:3a:3b:e1:92:fb:d4:
                    1c:4c:66:57:99:e7:e9:6b:ca:21:dc:51:c1:7d:51:
                    48:2d:57:fc:a8:76:82:94:17:a8:6d:82:27:a9:f8:
                    69:e8:bf:ef:7e:9b:1d:af:5a:8a:89:c6:43:f4:9d:
                    77:81:48:f6:98:d3:8c:f9:95:a9:6e:43:8d:51:20:
                    24:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:0A:FF:E3:35:B1:A3:92:F8:40:69:5F:65:E0:01:CD:06:06:C7:D4
            X509v3 Authority Key Identifier:
                keyid:4E:E5:40:A4:8A:D9:73:FB:D8:31:AB:D0:26:03:B5:FB:0F:B9:45:BE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9139B49/0780B990C9F811E79EF12009C4F9AE02/TuVApIrZc_vYMavQJgO1-w-5Rb4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/TuVApIrZc_vYMavQJgO1-w-5Rb4.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9139B49/0780B990C9F811E79EF12009C4F9AE02/95636AFAFD5B11ECAB94E67BC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.224.12.0/22
                  122.129.64.0/19
                  203.128.0.0/19
                IPv6:
                  2400:4f00::/36

    Signature Algorithm: sha256WithRSAEncryption
         2d:db:9f:c7:cd:bc:4b:b2:d3:ee:35:ba:61:8b:6e:7f:42:56:
         46:27:2c:61:e2:90:53:e7:39:ad:64:cb:36:f6:ff:ab:c8:59:
         46:b8:e1:98:cf:05:c9:43:56:87:20:99:7f:89:40:77:42:34:
         57:ad:c3:52:4a:73:d7:2a:98:5d:ac:fb:4f:4c:71:2a:66:11:
         b7:7a:51:4d:d0:90:72:36:27:db:13:4a:1e:b5:3b:a4:12:fa:
         2e:95:26:1a:86:3b:b5:f6:d4:80:d2:49:47:bb:a2:5b:4d:b1:
         04:83:0b:30:e9:92:59:ee:41:e5:8d:7f:74:7b:28:5a:07:b1:
         4b:b6:24:d9:12:c9:16:5e:ad:11:46:bc:7e:58:95:6a:21:13:
         d3:65:87:6d:49:3e:4f:4e:70:89:b0:8e:4c:4f:d5:03:69:ba:
         50:09:0b:86:56:33:32:3a:10:c1:59:3e:bd:68:31:d4:05:14:
         31:e0:f9:48:fb:28:3a:1d:a8:f4:c6:4e:c6:f4:22:26:58:e4:
         b0:5a:ee:13:37:6a:e5:fa:20:71:c9:38:19:f7:8d:9d:fc:e1:
         99:6b:c7:95:d8:8b:84:75:1f:55:f8:eb:55:fb:15:fe:0e:f7:
         a3:0c:bb:6f:de:0c:ba:a0:0e:62:62:5a:82:7a:28:84:ba:95:
         f3:60:3c:21
-----BEGIN CERTIFICATE-----
MIIFjTCCBHWgAwIBAgICFVUwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MzlCNDkxMTAvBgNVBAUTKDRFRTU0MEE0OEFEOTczRkJEODMxQUJEMDI2MDNCNUZC
MEZCOTQ1QkUwHhcNMjIwNzE0MTI0MzQ2WhcNMjMwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MmQwMGY4Mi1mY2MzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA6NdJnu3CFx7g+eCAMyPVCNYXQ7tV6BghGOdCPU86NeqSB74HfbjD/InRdglu
CoEHtGdc8lFU8Dwe0wTHy4hYnsXIbPirWkutla9f6yyVBM//6J5XNZLsN5paZbfd
JwhjFNXtdM+Jfjl+ZPdH7kNXfZFzAUKUCFRBzmIvCtl2GhCDh1C1y5oWT34EVGyW
T6Guzk1Tvt2VxKCBp56kF/a5+AQLbN0giKu13OlQCbXPXKjamoF7sviodJ38wwU6
O+GS+9QcTGZXmefpa8oh3FHBfVFILVf8qHaClBeobYInqfhp6L/vfpsdr1qKicZD
9J13gUj2mNOM+ZWpbkONUSAkHQIDAQABo4ICsTCCAq0wHQYDVR0OBBYEFGQK/+M1
saOS+EBpX2XgAc0GBsfUMB8GA1UdIwQYMBaAFE7lQKSK2XP72DGr0CYDtfsPuUW+
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEzOUI0OS8wNzgwQjk5MEM5
RjgxMUU3OUVGMTIwMDlDNEY5QUUwMi9UdVZBcElyWmNfdllNYXZRSmdPMS13LTVS
YjQuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1R1VkFwSXJaY192WU1hdlFKZ08xLXctNVJiNC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MzlCNDkvMDc4MEI5OTBDOUY4MTFFNzlFRjEyMDA5QzRGOUFFMDIvOTU2MzZBRkFG
RDVCMTFFQ0FCOTRFNjdCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwOwYIKwYBBQUHAQcBAf8E
LDAqMBgEAgABMBIDBAJn4AwDBAV6gUADBAXLgAAwDgQCAAIwCAMGBCQATwAAMA0G
CSqGSIb3DQEBCwUAA4IBAQAt25/HzbxLstPuNbphi25/QlZGJyxh4pBT5zmtZMs2
9v+ryFlGuOGYzwXJQ1aHIJl/iUB3QjRXrcNSSnPXKphdrPtPTHEqZhG3elFN0JBy
NifbE0oetTukEvoulSYahju19tSA0klHu6JbTbEEgwsw6ZJZ7kHljX90eyhaB7FL
tiTZEskWXq0RRrx+WJVqIRPTZYdtST5PTnCJsI5MT9UDabpQCQuGVjMyOhDBWT69
aDHUBRQx4PlI+yg6Haj0xk7G9CImWOSwWu4TN2rl+iBxyTgZ942d/OGZa8eV2IuE
dR9V+OtV+xX+DvejDLtv3gy6oA5iYlqCeiiEupXzYDwh
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:04:55 2024 by rpki-client on console-ams.rpki-client.org