Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A911ABF4/EA87185C721B11E9BB748150C4F9AE02/CC3FFCB8C2AC11EBBDA5E886C4F9AE02.roa
File:                     CC3FFCB8C2AC11EBBDA5E886C4F9AE02.roa (raw, json)
Hash identifier:          D5tUjZ8n7dW4KhGnKHIdpgrJCLDr+PXD8bNj3FTJp+A=
Subject key identifier:   99:7C:34:43:75:4E:7C:0F:D4:55:EF:BC:46:B7:47:B8:68:E0:B0:70
Certificate issuer:       /CN=A911ABF4/serialNumber=BBE233560EFD409B38CDB80A00575A37BA896435
Certificate serial:       024C
Authority key identifier: BB:E2:33:56:0E:FD:40:9B:38:CD:B8:0A:00:57:5A:37:BA:89:64:35
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/u-IzVg79QJs4zbgKAFdaN7qJZDU.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A911ABF4/EA87185C721B11E9BB748150C4F9AE02/CC3FFCB8C2AC11EBBDA5E886C4F9AE02.roa
Signing time:             Wed 23 Jun 2021 06:47:57 +0000
ROA not before:           Wed 23 Jun 2021 06:47:57 +0000
ROA not after:            Fri 01 Jul 2022 00:00:00 +0000
asID:                     137542
IP address blocks:        103.112.128.0/24 maxlen: 24
                          103.112.129.0/24 maxlen: 24
                          103.112.130.0/24 maxlen: 24
                          103.112.131.0/24 maxlen: 24
                          2402:a940::/32 maxlen: 32
                          2402:a940::/36 maxlen: 36
                          2402:a940:1000::/36 maxlen: 36
                          2402:a940:2000::/36 maxlen: 36
                          2402:a940:3000::/36 maxlen: 36
                          2402:a940:4000::/36 maxlen: 36
                          2402:a940:5000::/36 maxlen: 36
                          2402:a940:6000::/36 maxlen: 36
                          2402:a940:7000::/36 maxlen: 36
                          2402:a940:8000::/36 maxlen: 36
                          2402:a940:9000::/36 maxlen: 36
                          2402:a940:a000::/36 maxlen: 36
                          2402:a940:b000::/36 maxlen: 36
                          2402:a940:c000::/36 maxlen: 36
                          2402:a940:d000::/36 maxlen: 36
                          2402:a940:e000::/36 maxlen: 36
                          2402:a940:f000::/36 maxlen: 36

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 588 (0x24c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A911ABF4/serialNumber=BBE233560EFD409B38CDB80A00575A37BA896435
        Validity
            Not Before: Jun 23 06:47:57 2021 GMT
            Not After : Jul  1 00:00:00 2022 GMT
        Subject: CN=60d2d91d-77dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:88:96:e5:54:85:3b:47:73:70:c0:70:5c:ec:
                    64:c6:8e:a8:25:18:16:a1:c6:0d:67:4e:14:f8:2c:
                    a6:4a:f7:3a:57:5e:76:0e:e4:6a:61:65:35:96:14:
                    00:37:4e:90:9e:f9:fb:98:ba:a1:28:c2:ff:ff:63:
                    35:fb:4e:84:e2:09:a2:43:84:d6:41:ee:95:c0:6c:
                    54:07:31:74:92:99:70:2a:e1:36:04:27:2b:2d:e8:
                    a1:33:86:da:ae:a3:3f:ac:d6:b8:2e:fe:0d:7b:fc:
                    67:14:22:fa:e4:5a:14:b4:65:b6:c4:e9:83:12:4f:
                    00:94:e4:46:43:2a:05:9c:33:b0:57:22:15:41:0d:
                    13:e6:94:a2:b8:ef:12:cd:f1:74:e1:8e:d4:f3:81:
                    c1:d5:10:6b:fb:a8:dc:de:2d:2d:fb:cc:07:e5:1e:
                    0b:b7:55:54:f3:ad:98:15:46:72:3e:f7:89:6a:a7:
                    f9:a3:d5:45:dd:52:90:d6:17:d0:d3:2b:c4:e7:f9:
                    af:46:4a:cc:e4:ec:df:6f:c5:d4:64:1d:5e:0f:45:
                    de:5b:d9:ea:9e:b0:33:c0:5e:92:f7:3d:ea:80:9f:
                    2f:ab:fc:97:a2:6f:9d:3d:05:7a:8f:96:5b:c7:f9:
                    b3:aa:77:6e:8a:77:c0:32:a3:c6:d9:50:3d:c7:28:
                    e4:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                99:7C:34:43:75:4E:7C:0F:D4:55:EF:BC:46:B7:47:B8:68:E0:B0:70
            X509v3 Authority Key Identifier:
                keyid:BB:E2:33:56:0E:FD:40:9B:38:CD:B8:0A:00:57:5A:37:BA:89:64:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A911ABF4/EA87185C721B11E9BB748150C4F9AE02/u-IzVg79QJs4zbgKAFdaN7qJZDU.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/u-IzVg79QJs4zbgKAFdaN7qJZDU.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A911ABF4/EA87185C721B11E9BB748150C4F9AE02/CC3FFCB8C2AC11EBBDA5E886C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.112.128.0/22
                IPv6:
                  2402:a940::/32

    Signature Algorithm: sha256WithRSAEncryption
         2a:1f:29:0b:40:03:67:9c:52:4f:b2:47:17:b6:96:04:b7:4d:
         72:de:a7:51:af:d9:12:e7:20:8d:49:d9:d2:65:7f:b0:0d:52:
         9d:87:50:ed:4b:9c:c4:90:70:a7:3a:41:f1:02:f0:8f:27:d1:
         71:0c:5a:0f:2e:89:82:7d:ef:04:97:32:d7:6a:fa:99:71:96:
         0f:9e:f2:d5:d6:60:d3:3b:2c:85:37:5b:2d:79:45:b4:51:f9:
         fc:13:3e:e1:13:94:30:b3:bb:45:4f:b4:19:3e:ca:c8:74:f2:
         a9:d2:ee:42:54:3b:5c:dc:62:07:77:b9:d5:3c:d6:e2:e5:38:
         2b:14:71:e7:4b:43:9c:db:11:49:d1:19:22:d2:f9:19:30:7e:
         31:44:03:28:65:f2:65:9a:61:ef:fb:e5:6d:1f:15:b3:99:8c:
         04:e7:84:bc:a2:19:b0:4e:3f:61:12:f8:00:b4:da:34:db:3e:
         cb:14:6c:b8:4b:0f:c3:b7:ca:e2:e9:54:b0:7f:64:64:b0:cc:
         ef:01:55:db:c5:6e:9d:b4:6f:43:6b:ac:a4:1e:69:fe:1b:37:
         2f:68:57:15:3a:c8:68:df:78:12:cd:6b:3a:e3:18:88:d4:90:
         a0:11:4e:d9:34:00:9d:f9:2d:4c:d3:43:79:ad:72:cf:d5:db:
         e0:94:cc:2d
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICAkwwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MUFCRjQxMTAvBgNVBAUTKEJCRTIzMzU2MEVGRDQwOUIzOENEQjgwQTAwNTc1QTM3
QkE4OTY0MzUwHhcNMjEwNjIzMDY0NzU3WhcNMjIwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MGQyZDkxZC03N2RjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAvYiW5VSFO0dzcMBwXOxkxo6oJRgWocYNZ04U+CymSvc6V152DuRqYWU1lhQA
N06Qnvn7mLqhKML//2M1+06E4gmiQ4TWQe6VwGxUBzF0kplwKuE2BCcrLeihM4ba
rqM/rNa4Lv4Ne/xnFCL65FoUtGW2xOmDEk8AlORGQyoFnDOwVyIVQQ0T5pSiuO8S
zfF04Y7U84HB1RBr+6jc3i0t+8wH5R4Lt1VU862YFUZyPveJaqf5o9VF3VKQ1hfQ
0yvE5/mvRkrM5Ozfb8XUZB1eD0XeW9nqnrAzwF6S9z3qgJ8vq/yXom+dPQV6j5Zb
x/mzqnduinfAMqPG2VA9xyjkiQIDAQABo4ICpDCCAqAwHQYDVR0OBBYEFJl8NEN1
TnwP1FXvvEa3R7ho4LBwMB8GA1UdIwQYMBaAFLviM1YO/UCbOM24CgBXWje6iWQ1
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTExQUJGNC9FQTg3MTg1Qzcy
MUIxMUU5QkI3NDgxNTBDNEY5QUUwMi91LUl6Vmc3OVFKczR6YmdLQUZkYU43cUpa
RFUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3UtSXpWZzc5UUpzNHpiZ0tBRmRhTjdxSlpEVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MUFCRjQvRUE4NzE4NUM3MjFCMTFFOUJCNzQ4MTUwQzRGOUFFMDIvQ0MzRkZDQjhD
MkFDMTFFQkJEQTVFODg2QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLgYIKwYBBQUHAQcBAf8E
HzAdMAwEAgABMAYDBAJncIAwDQQCAAIwBwMFACQCqUAwDQYJKoZIhvcNAQELBQAD
ggEBACofKQtAA2ecUk+yRxe2lgS3TXLep1Gv2RLnII1J2dJlf7ANUp2HUO1LnMSQ
cKc6QfEC8I8n0XEMWg8uiYJ97wSXMtdq+plxlg+e8tXWYNM7LIU3Wy15RbRR+fwT
PuETlDCzu0VPtBk+ysh08qnS7kJUO1zcYgd3udU81uLlOCsUcedLQ5zbEUnRGSLS
+RkwfjFEAyhl8mWaYe/75W0fFbOZjATnhLyiGbBOP2ES+AC02jTbPssUbLhLD8O3
yuLpVLB/ZGSwzO8BVdvFbp20b0NrrKQeaf4bNy9oVxU6yGjfeBLNazrjGIjUkKAR
Ttk0AJ35LUzTQ3mtcs/V2+CUzC0=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:04:46 2024 by rpki-client on console-ams.rpki-client.org