Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9139322/2CB1EEBAF65311EBA1B4A61AC4F9AE02/09F120902D2D11EE80D2D138C4F9AE02.roa
File:                     09F120902D2D11EE80D2D138C4F9AE02.roa (raw, json)
Hash identifier:          ZzQPemFFTMTOqxcgNAkg9QnluqKmCMzOaA0sgA1xOCc=
Subject key identifier:   1D:87:C4:5A:98:CA:44:F7:BB:7F:B6:6E:DE:A0:60:21:AA:5F:F8:12
Certificate issuer:       /CN=A9139322/serialNumber=EDC547BD0E6C0C0706A185833835F65EA3C71013
Certificate serial:       042B
Authority key identifier: ED:C5:47:BD:0E:6C:0C:07:06:A1:85:83:38:35:F6:5E:A3:C7:10:13
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/7cVHvQ5sDAcGoYWDODX2XqPHEBM.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9139322/2CB1EEBAF65311EBA1B4A61AC4F9AE02/09F120902D2D11EE80D2D138C4F9AE02.roa
Signing time:             Fri 28 Jul 2023 09:56:36 +0000
ROA not before:           Fri 28 Jul 2023 09:56:36 +0000
ROA not after:            Fri 01 Dec 2023 00:00:00 +0000
asID:                     197644
IP address blocks:        43.254.165.0/24 maxlen: 24
                          43.254.166.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1067 (0x42b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9139322/serialNumber=EDC547BD0E6C0C0706A185833835F65EA3C71013
        Validity
            Not Before: Jul 28 09:56:36 2023 GMT
            Not After : Dec  1 00:00:00 2023 GMT
        Subject: CN=64c390d4-bc2e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:3b:bf:1e:8a:d5:99:fa:3d:9f:ed:b9:07:1a:
                    49:4e:d4:7a:b0:09:52:9f:80:cc:00:29:c6:95:c1:
                    6c:08:50:17:5d:66:36:8c:c1:4f:cd:3c:80:25:c3:
                    07:e3:ab:2b:29:ad:0b:ec:d3:f2:d9:29:42:33:75:
                    e7:99:a7:1a:ac:4b:14:69:9c:93:7f:7f:86:a8:dd:
                    65:db:e9:5f:52:94:ca:2f:4a:aa:24:e7:01:52:11:
                    e4:f8:73:ff:22:22:0c:d6:d1:2a:5e:86:eb:ed:76:
                    98:63:d4:ca:8b:1d:80:e8:7c:02:b3:b8:89:66:42:
                    78:3c:26:3c:65:e0:89:41:5d:67:16:09:95:34:1e:
                    db:2f:c8:28:d9:e2:e4:43:9e:7e:0d:0f:18:ca:00:
                    32:a0:29:17:3c:aa:af:6f:76:ce:91:a3:9e:81:ff:
                    e1:bd:45:71:4b:69:60:9f:45:a5:fa:0b:5d:1f:94:
                    6b:ac:ac:d8:9e:09:6c:9e:87:b1:18:5d:0c:f6:63:
                    0f:a5:e4:d0:28:8b:3a:f2:66:54:4e:55:98:98:2f:
                    8f:a8:28:53:c8:d4:6b:d8:44:6a:51:07:fe:77:e2:
                    af:3c:5d:56:09:06:0a:fe:b2:21:3c:a1:68:59:b3:
                    bb:99:c7:a5:d5:cf:ad:8a:b5:80:86:60:75:96:84:
                    44:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1D:87:C4:5A:98:CA:44:F7:BB:7F:B6:6E:DE:A0:60:21:AA:5F:F8:12
            X509v3 Authority Key Identifier:
                keyid:ED:C5:47:BD:0E:6C:0C:07:06:A1:85:83:38:35:F6:5E:A3:C7:10:13

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9139322/2CB1EEBAF65311EBA1B4A61AC4F9AE02/7cVHvQ5sDAcGoYWDODX2XqPHEBM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/7cVHvQ5sDAcGoYWDODX2XqPHEBM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9139322/2CB1EEBAF65311EBA1B4A61AC4F9AE02/09F120902D2D11EE80D2D138C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.254.165.0-43.254.166.255

    Signature Algorithm: sha256WithRSAEncryption
         26:09:37:d7:23:6e:89:5d:95:7c:77:8d:05:28:f7:79:03:4b:
         ae:5a:db:4e:6b:8e:70:ab:4d:04:05:1b:a7:14:ad:d8:11:2a:
         1c:17:28:59:29:cc:e1:d4:9b:2a:b1:66:2c:39:f8:13:cc:14:
         6c:45:a8:08:97:80:f3:52:fc:2f:14:2f:1c:74:1d:9d:7a:92:
         d5:92:07:33:5f:6f:c8:bc:53:fd:a5:94:f7:4b:b7:c9:02:cb:
         49:4a:a6:ea:d5:45:12:47:9e:a6:83:fa:ee:5d:87:fc:13:cd:
         d7:c0:d9:c7:18:52:de:3b:8c:fc:3d:fe:c4:9f:b0:84:69:89:
         86:54:9a:e8:1b:70:ad:06:58:c5:3f:46:3d:7f:cd:54:31:a4:
         78:a4:2d:82:0c:a9:21:6b:71:77:94:8b:ae:de:aa:1e:6d:d3:
         3f:0b:f4:fd:6b:3b:c4:bb:ee:e3:de:c6:97:10:8a:de:9d:8b:
         98:8d:f5:a5:dd:e8:53:ca:b7:dc:b5:b2:85:2b:41:a0:bc:ff:
         89:3a:53:b9:21:9c:31:50:a7:5d:c8:47:9a:54:b5:45:70:e8:
         d1:39:cc:23:8b:ae:08:46:37:e7:d6:4d:11:09:24:39:aa:4b:
         90:7e:3e:52:8a:f7:0c:2f:55:d3:1c:66:ae:5c:fd:c9:b0:0f:
         dd:16:51:90
-----BEGIN CERTIFICATE-----
MIIFeTCCBGGgAwIBAgICBCswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MzkzMjIxMTAvBgNVBAUTKEVEQzU0N0JEMEU2QzBDMDcwNkExODU4MzM4MzVGNjVF
QTNDNzEwMTMwHhcNMjMwNzI4MDk1NjM2WhcNMjMxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NGMzOTBkNC1iYzJlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAtDu/HorVmfo9n+25BxpJTtR6sAlSn4DMACnGlcFsCFAXXWY2jMFPzTyAJcMH
46srKa0L7NPy2SlCM3XnmacarEsUaZyTf3+GqN1l2+lfUpTKL0qqJOcBUhHk+HP/
IiIM1tEqXobr7XaYY9TKix2A6HwCs7iJZkJ4PCY8ZeCJQV1nFgmVNB7bL8go2eLk
Q55+DQ8YygAyoCkXPKqvb3bOkaOegf/hvUVxS2lgn0Wl+gtdH5RrrKzYnglsnoex
GF0M9mMPpeTQKIs68mZUTlWYmC+PqChTyNRr2ERqUQf+d+KvPF1WCQYK/rIhPKFo
WbO7mcel1c+tirWAhmB1loREcwIDAQABo4ICnTCCApkwHQYDVR0OBBYEFB2HxFqY
ykT3u3+2bt6gYCGqX/gSMB8GA1UdIwQYMBaAFO3FR70ObAwHBqGFgzg19l6jxxAT
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEzOTMyMi8yQ0IxRUVCQUY2
NTMxMUVCQTFCNEE2MUFDNEY5QUUwMi83Y1ZIdlE1c0RBY0dvWVdET0RYMlhxUEhF
Qk0uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzdjVkh2UTVzREFjR29ZV0RPRFgyWHFQSEVCTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MzkzMjIvMkNCMUVFQkFGNjUzMTFFQkExQjRBNjFBQzRGOUFFMDIvMDlGMTIwOTAy
RDJEMTFFRTgwRDJEMTM4QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJwYIKwYBBQUHAQcBAf8E
GDAWMBQEAgABMA4wDAMEACv+pQMEACv+pjANBgkqhkiG9w0BAQsFAAOCAQEAJgk3
1yNuiV2VfHeNBSj3eQNLrlrbTmuOcKtNBAUbpxSt2BEqHBcoWSnM4dSbKrFmLDn4
E8wUbEWoCJeA81L8LxQvHHQdnXqS1ZIHM19vyLxT/aWU90u3yQLLSUqm6tVFEkee
poP67l2H/BPN18DZxxhS3juM/D3+xJ+whGmJhlSa6BtwrQZYxT9GPX/NVDGkeKQt
ggypIWtxd5SLrt6qHm3TPwv0/Ws7xLvu497GlxCK3p2LmI31pd3oU8q33LWyhStB
oLz/iTpTuSGcMVCnXchHmlS1RXDo0TnMI4uuCEY359ZNEQkkOapLkH4+Uor3DC9V
0xxmrlz9ybAP3RZRkA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:04:54 2024 by rpki-client on console-ams.rpki-client.org