Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9171634/942B83BC1D9011E2A36166F008B02CD2/43B8F258AF0A11E98A9DC647C4F9AE02.roa
File:                     43B8F258AF0A11E98A9DC647C4F9AE02.roa (raw, json)
Hash identifier:          dh8kAs9e/B0vj7fn28n7rEpwdFcSk/3DfZsVUHeRmuo=
Subject key identifier:   4B:2C:65:FE:31:EC:F3:0D:3D:40:7A:8A:FD:64:31:1B:91:05:89:1A
Certificate issuer:       /CN=A9171634/serialNumber=3FC971292CE91A591A8CDFA7D1AE09CA46E03E87
Certificate serial:       3194
Authority key identifier: 3F:C9:71:29:2C:E9:1A:59:1A:8C:DF:A7:D1:AE:09:CA:46:E0:3E:87
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/P8lxKSzpGlkajN-n0a4JykbgPoc.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9171634/942B83BC1D9011E2A36166F008B02CD2/43B8F258AF0A11E98A9DC647C4F9AE02.roa
Signing time:             Sun 01 May 2022 15:00:43 +0000
ROA not before:           Sun 01 May 2022 15:00:43 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     37989
IP address blocks:        203.123.48.0/21 maxlen: 24
                          2405:fc00::/32 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 12692 (0x3194)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9171634/serialNumber=3FC971292CE91A591A8CDFA7D1AE09CA46E03E87
        Validity
            Not Before: May  1 15:00:43 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=626ea09a-502e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:d1:01:cc:f3:c2:f2:5d:85:9a:ac:aa:bc:bc:
                    be:92:7a:65:53:12:9b:5f:cc:3a:78:22:f7:7f:03:
                    6a:f7:4c:b8:c7:55:05:7a:b2:9a:e3:bf:64:10:f5:
                    b4:20:84:23:a9:fd:59:30:c1:fe:3c:89:dd:0b:43:
                    90:d7:79:b9:0b:c3:6f:73:95:a4:5d:e9:ce:5f:f3:
                    07:d6:a9:8a:ce:69:f3:ad:c5:46:3d:96:8c:90:7a:
                    20:5b:78:7f:e1:1b:c6:76:a4:4e:1d:26:6c:03:c2:
                    42:6d:68:bd:e5:97:c9:4e:d0:15:56:1a:57:b1:3a:
                    c1:14:bb:e4:9d:38:df:f7:16:8f:3e:89:9f:8e:98:
                    78:af:3e:3e:0a:f8:6f:e2:f2:27:ad:99:bd:39:f4:
                    3f:56:a4:31:b8:84:f4:78:be:90:34:e9:b9:6b:6d:
                    64:9d:44:92:d4:98:bb:24:65:20:e7:88:b9:3e:1c:
                    eb:dc:96:a1:01:b1:72:dc:db:34:10:c7:87:cb:9a:
                    f4:36:7d:20:5d:3b:d1:2a:5b:20:38:a1:1e:ce:28:
                    18:a0:59:9c:2c:e4:89:0e:17:bf:a6:28:21:4c:01:
                    ab:40:cc:9a:29:6e:82:cb:a6:2b:e1:11:ad:b7:65:
                    85:db:4e:76:e4:d6:95:81:74:b9:13:7f:e8:37:10:
                    dc:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:2C:65:FE:31:EC:F3:0D:3D:40:7A:8A:FD:64:31:1B:91:05:89:1A
            X509v3 Authority Key Identifier:
                keyid:3F:C9:71:29:2C:E9:1A:59:1A:8C:DF:A7:D1:AE:09:CA:46:E0:3E:87

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9171634/942B83BC1D9011E2A36166F008B02CD2/P8lxKSzpGlkajN-n0a4JykbgPoc.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/P8lxKSzpGlkajN-n0a4JykbgPoc.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9171634/942B83BC1D9011E2A36166F008B02CD2/43B8F258AF0A11E98A9DC647C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.123.48.0/21
                IPv6:
                  2405:fc00::/32

    Signature Algorithm: sha256WithRSAEncryption
         2e:0f:3a:31:d5:7e:98:f7:d4:b8:10:dc:cc:7c:b2:50:04:51:
         e2:8a:36:c1:43:db:5f:50:b3:97:68:ae:3a:d5:ad:a5:48:c1:
         5a:cb:4c:ba:4b:da:3e:3d:55:fc:cf:a1:ab:22:9f:05:78:bb:
         d0:1c:cf:45:6b:28:bb:70:8c:7d:6e:b8:94:4f:ba:4c:02:d0:
         f7:d1:d5:f2:1d:00:18:4e:2e:71:4c:62:27:d1:2f:f9:d8:b1:
         73:3f:d6:10:16:f3:85:eb:30:ca:9f:86:62:48:46:1c:9d:8d:
         db:e5:8c:09:55:e6:46:2b:15:6b:82:46:33:41:a1:ac:d1:7d:
         9a:bd:6e:86:68:d6:41:1d:0f:e1:16:65:00:ab:90:8a:2f:7b:
         4f:ad:d3:ca:e4:6f:ef:42:c4:be:f6:ef:06:7a:48:82:6b:fb:
         1e:c8:8e:2d:4d:3f:d8:67:38:76:25:c4:8f:ce:ab:21:31:b7:
         3a:81:6e:71:e5:58:0b:b5:81:69:47:e5:6a:57:92:4e:e8:92:
         0c:43:df:e0:2d:b9:cd:b5:f7:56:3d:ae:b0:c3:94:9b:ae:34:
         c6:f6:a6:ca:e4:34:76:0c:5d:bf:28:4e:ff:11:8e:ff:74:21:
         bd:82:3b:da:c2:00:de:81:35:5a:a6:c7:c5:4c:6b:34:de:97:
         84:51:14:cb
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICMZQwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NzE2MzQxMTAvBgNVBAUTKDNGQzk3MTI5MkNFOTFBNTkxQThDREZBN0QxQUUwOUNB
NDZFMDNFODcwHhcNMjIwNTAxMTUwMDQzWhcNMjMwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MjZlYTA5YS01MDJlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA3NEBzPPC8l2FmqyqvLy+knplUxKbX8w6eCL3fwNq90y4x1UFerKa479kEPW0
IIQjqf1ZMMH+PIndC0OQ13m5C8Nvc5WkXenOX/MH1qmKzmnzrcVGPZaMkHogW3h/
4RvGdqROHSZsA8JCbWi95ZfJTtAVVhpXsTrBFLvknTjf9xaPPomfjph4rz4+Cvhv
4vInrZm9OfQ/VqQxuIT0eL6QNOm5a21knUSS1Ji7JGUg54i5Phzr3JahAbFy3Ns0
EMeHy5r0Nn0gXTvRKlsgOKEezigYoFmcLOSJDhe/pighTAGrQMyaKW6Cy6Yr4RGt
t2WF20525NaVgXS5E3/oNxDcbQIDAQABo4ICpDCCAqAwHQYDVR0OBBYEFEssZf4x
7PMNPUB6iv1kMRuRBYkaMB8GA1UdIwQYMBaAFD/JcSks6RpZGozfp9GuCcpG4D6H
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3MTYzNC85NDJCODNCQzFE
OTAxMUUyQTM2MTY2RjAwOEIwMkNEMi9QOGx4S1N6cEdsa2FqTi1uMGE0SnlrYmdQ
b2MuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1A4bHhLU3pwR2xrYWpOLW4wYTRKeWtiZ1BvYy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NzE2MzQvOTQyQjgzQkMxRDkwMTFFMkEzNjE2NkYwMDhCMDJDRDIvNDNCOEYyNThB
RjBBMTFFOThBOURDNjQ3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLgYIKwYBBQUHAQcBAf8E
HzAdMAwEAgABMAYDBAPLezAwDQQCAAIwBwMFACQF/AAwDQYJKoZIhvcNAQELBQAD
ggEBAC4POjHVfpj31LgQ3Mx8slAEUeKKNsFD219Qs5dorjrVraVIwVrLTLpL2j49
VfzPoasinwV4u9Acz0VrKLtwjH1uuJRPukwC0PfR1fIdABhOLnFMYifRL/nYsXM/
1hAW84XrMMqfhmJIRhydjdvljAlV5kYrFWuCRjNBoazRfZq9boZo1kEdD+EWZQCr
kIove0+t08rkb+9CxL727wZ6SIJr+x7Iji1NP9hnOHYlxI/OqyExtzqBbnHlWAu1
gWlH5WpXkk7okgxD3+Atuc2191Y9rrDDlJuuNMb2psrkNHYMXb8oTv8Rjv90Ib2C
O9rCAN6BNVqmx8VMazTel4RRFMs=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:05:21 2024 by rpki-client on console-ams.rpki-client.org