Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A916EB94/E3CC25D8811E11EC92025551C4F9AE02/B1386720962311EC91D4BF7CC4F9AE02.roa
File:                     B1386720962311EC91D4BF7CC4F9AE02.roa (raw, json)
Hash identifier:          2DFdxoPldDb7evkQW5NgT9RVHg9w4KRbeoTb2oS1mnY=
Subject key identifier:   DF:43:9C:63:E9:88:46:82:5D:70:98:4D:5C:06:D0:A1:F9:0E:59:8C
Certificate issuer:       /CN=A916EB94/serialNumber=C4D4FB0FF027796E9DAA17B75551FD0B77F1982F
Certificate serial:       DB
Authority key identifier: C4:D4:FB:0F:F0:27:79:6E:9D:AA:17:B7:55:51:FD:0B:77:F1:98:2F
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xNT7D_AneW6dqhe3VVH9C3fxmC8.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A916EB94/E3CC25D8811E11EC92025551C4F9AE02/B1386720962311EC91D4BF7CC4F9AE02.roa
Signing time:             Wed 11 May 2022 16:53:41 +0000
ROA not before:           Wed 11 May 2022 16:53:41 +0000
ROA not after:            Thu 31 Aug 2023 00:00:00 +0000
asID:                     38067
IP address blocks:        43.231.20.0/22 maxlen: 24
                          103.14.128.0/22 maxlen: 23
                          103.14.128.0/24 maxlen: 24
                          103.14.129.0/24 maxlen: 24
                          103.14.130.0/24 maxlen: 24
                          103.14.131.0/24 maxlen: 24
                          103.20.180.0/22 maxlen: 24
                          103.29.124.0/22 maxlen: 24
                          103.217.112.0/22 maxlen: 24
                          103.240.44.0/22 maxlen: 24
                          116.12.32.0/21 maxlen: 22
                          116.12.32.0/22 maxlen: 24
                          116.12.36.0/23 maxlen: 24
                          116.12.38.0/24 maxlen: 24
                          116.12.39.0/24 maxlen: 24
                          120.50.176.0/21 maxlen: 24
                          122.102.32.0/21 maxlen: 24
                          210.1.240.0/20 maxlen: 24
                          210.1.255.128/26 maxlen: 26
                          2405:6900::/36 maxlen: 36

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 219 (0xdb)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A916EB94/serialNumber=C4D4FB0FF027796E9DAA17B75551FD0B77F1982F
        Validity
            Not Before: May 11 16:53:41 2022 GMT
            Not After : Aug 31 00:00:00 2023 GMT
        Subject: CN=627bea15-ad5e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:a3:8a:e2:be:25:52:4a:05:b2:da:44:a0:5b:
                    8c:d8:16:84:a6:8d:fb:a5:64:73:27:7d:d3:bc:b1:
                    91:91:a4:64:ac:9e:d1:8c:2f:c8:7b:ee:45:77:93:
                    3e:f9:23:2f:e4:c4:04:b9:80:96:aa:49:3f:95:24:
                    82:ee:e7:7b:f6:82:00:b5:69:f7:56:83:11:60:43:
                    76:2c:f6:9b:47:14:63:76:bf:23:5f:ce:03:95:c0:
                    a9:b5:c1:ac:33:de:c4:a7:29:eb:50:0b:f6:f7:af:
                    17:65:f4:f5:05:77:6c:8e:1d:0f:bc:14:43:11:42:
                    38:85:f2:34:11:8c:40:f1:b2:9c:9f:57:bf:06:eb:
                    2c:27:3d:6b:03:7d:10:0a:27:d8:a9:7e:e7:6c:ed:
                    e7:45:f4:6a:27:30:ea:36:af:1c:6d:15:0e:f1:b9:
                    22:f4:81:7e:b0:e3:d4:9b:66:10:a4:df:d1:f6:1d:
                    06:f5:74:68:47:ea:13:74:26:67:47:95:19:63:36:
                    d9:48:c8:7e:a1:8a:65:cc:82:6c:fa:1a:fd:2c:82:
                    55:75:60:6e:e7:85:1c:f4:97:ba:9e:f6:b7:a2:28:
                    f5:d9:61:23:49:dc:1f:aa:8f:aa:3c:e1:32:df:2a:
                    77:d3:34:4d:47:29:c4:dc:30:84:a9:66:2e:c4:45:
                    fc:f9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:43:9C:63:E9:88:46:82:5D:70:98:4D:5C:06:D0:A1:F9:0E:59:8C
            X509v3 Authority Key Identifier:
                keyid:C4:D4:FB:0F:F0:27:79:6E:9D:AA:17:B7:55:51:FD:0B:77:F1:98:2F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A916EB94/E3CC25D8811E11EC92025551C4F9AE02/xNT7D_AneW6dqhe3VVH9C3fxmC8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xNT7D_AneW6dqhe3VVH9C3fxmC8.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A916EB94/E3CC25D8811E11EC92025551C4F9AE02/B1386720962311EC91D4BF7CC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.231.20.0/22
                  103.14.128.0/22
                  103.20.180.0/22
                  103.29.124.0/22
                  103.217.112.0/22
                  103.240.44.0/22
                  116.12.32.0/21
                  120.50.176.0/21
                  122.102.32.0/21
                  210.1.240.0/20
                IPv6:
                  2405:6900::/36

    Signature Algorithm: sha256WithRSAEncryption
         8c:88:f5:e2:c6:c4:8e:2a:18:19:9f:d8:98:10:3f:04:02:1c:
         41:ff:fd:cb:9a:b1:61:49:bd:06:1e:1a:af:7f:df:33:00:de:
         40:16:ec:ec:d0:98:00:28:e5:e1:3b:70:90:06:c3:a2:a8:9a:
         a9:06:b1:dc:ee:92:c3:66:7f:ee:ce:c9:82:6d:be:e6:68:6d:
         5b:a4:48:21:e6:c3:8a:29:cc:0a:ee:9f:8a:4f:00:0e:31:5c:
         da:d1:bb:3c:76:c1:a6:65:f2:f0:f4:10:14:da:cf:3c:de:8c:
         fe:28:a6:f7:d7:ef:45:33:1e:a1:52:f0:1c:bd:c0:4f:06:01:
         30:b8:ad:2b:bc:59:08:65:30:72:1f:b9:07:75:4f:ec:b2:80:
         4d:fd:6d:0b:28:e7:07:dc:0f:c4:c0:72:ba:7d:db:a2:7c:96:
         54:86:86:b5:4a:5b:b2:dc:35:97:44:ea:38:20:c0:19:9f:43:
         e5:a9:49:e1:69:dc:3d:14:26:41:fe:10:2e:6d:1f:4a:0c:b7:
         86:e4:28:7a:25:27:8e:7c:a8:4e:98:97:12:a4:8a:63:0d:f7:
         38:91:74:3b:2e:bc:ba:31:4a:25:32:5d:bd:25:2d:fe:84:4b:
         cc:81:3d:51:65:6f:c3:ff:44:a7:4b:68:d4:8c:8d:8d:aa:bd:
         91:5f:21:ab
-----BEGIN CERTIFICATE-----
MIIFtzCCBJ+gAwIBAgICANswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NkVCOTQxMTAvBgNVBAUTKEM0RDRGQjBGRjAyNzc5NkU5REFBMTdCNzU1NTFGRDBC
NzdGMTk4MkYwHhcNMjIwNTExMTY1MzQxWhcNMjMwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MjdiZWExNS1hZDVlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAvaOK4r4lUkoFstpEoFuM2BaEpo37pWRzJ33TvLGRkaRkrJ7RjC/Ie+5Fd5M+
+SMv5MQEuYCWqkk/lSSC7ud79oIAtWn3VoMRYEN2LPabRxRjdr8jX84DlcCptcGs
M97EpynrUAv2968XZfT1BXdsjh0PvBRDEUI4hfI0EYxA8bKcn1e/BussJz1rA30Q
CifYqX7nbO3nRfRqJzDqNq8cbRUO8bki9IF+sOPUm2YQpN/R9h0G9XRoR+oTdCZn
R5UZYzbZSMh+oYplzIJs+hr9LIJVdWBu54Uc9Je6nva3oij12WEjSdwfqo+qPOEy
3yp30zRNRynE3DCEqWYuxEX8+QIDAQABo4IC2zCCAtcwHQYDVR0OBBYEFN9DnGPp
iEaCXXCYTVwG0KH5DlmMMB8GA1UdIwQYMBaAFMTU+w/wJ3lunaoXt1VR/Qt38Zgv
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE2RUI5NC9FM0NDMjVEODgx
MUUxMUVDOTIwMjU1NTFDNEY5QUUwMi94TlQ3RF9BbmVXNmRxaGUzVlZIOUMzZnht
QzguY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3hOVDdEX0FuZVc2ZHFoZTNWVkg5QzNmeG1DOC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NkVCOTQvRTNDQzI1RDg4MTFFMTFFQzkyMDI1NTUxQzRGOUFFMDIvQjEzODY3MjA5
NjIzMTFFQzkxRDRCRjdDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwZQYIKwYBBQUHAQcBAf8E
VjBUMEIEAgABMDwDBAIr5xQDBAJnDoADBAJnFLQDBAJnHXwDBAJn2XADBAJn8CwD
BAN0DCADBAN4MrADBAN6ZiADBATSAfAwDgQCAAIwCAMGBCQFaQAAMA0GCSqGSIb3
DQEBCwUAA4IBAQCMiPXixsSOKhgZn9iYED8EAhxB//3LmrFhSb0GHhqvf98zAN5A
Fuzs0JgAKOXhO3CQBsOiqJqpBrHc7pLDZn/uzsmCbb7maG1bpEgh5sOKKcwK7p+K
TwAOMVza0bs8dsGmZfLw9BAU2s883oz+KKb31+9FMx6hUvAcvcBPBgEwuK0rvFkI
ZTByH7kHdU/ssoBN/W0LKOcH3A/EwHK6fduifJZUhoa1Sluy3DWXROo4IMAZn0Pl
qUnhadw9FCZB/hAubR9KDLeG5Ch6JSeOfKhOmJcSpIpjDfc4kXQ7Lry6MUolMl29
JS3+hEvMgT1RZW/D/0SnS2jUjI2Nqr2RXyGr
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:21 2024 by rpki-client on console-ams.rpki-client.org