Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9148BFA/04A24C34114311EC97369F73C4F9AE02/17B9520C069011EDB22D0829C4F9AE02.roa
File:                     17B9520C069011EDB22D0829C4F9AE02.roa (raw, json)
Hash identifier:          w5Tg7TMfXi/DHFZiYHmJyRHyDdgzPpSJNKUPF6DS7+4=
Subject key identifier:   E3:51:48:DC:96:21:79:33:45:40:75:2D:82:31:9E:19:04:D8:3E:FF
Certificate issuer:       /CN=A9148BFA/serialNumber=157B0BDE0E3CADB294839BC9815655644DB26E91
Certificate serial:       033F
Authority key identifier: 15:7B:0B:DE:0E:3C:AD:B2:94:83:9B:C9:81:56:55:64:4D:B2:6E:91
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/FXsL3g48rbKUg5vJgVZVZE2ybpE.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9148BFA/04A24C34114311EC97369F73C4F9AE02/17B9520C069011EDB22D0829C4F9AE02.roa
Signing time:             Sat 07 Jan 2023 03:02:24 +0000
ROA not before:           Sat 07 Jan 2023 03:02:24 +0000
ROA not after:            Sun 31 Mar 2024 00:00:00 +0000
asID:                     132372
IP address blocks:        43.226.230.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 831 (0x33f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9148BFA/serialNumber=157B0BDE0E3CADB294839BC9815655644DB26E91
        Validity
            Not Before: Jan  7 03:02:24 2023 GMT
            Not After : Mar 31 00:00:00 2024 GMT
        Subject: CN=63b8e0bf-6a27
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:24:f9:44:37:d4:5d:1a:d5:cc:40:a0:2e:b0:
                    95:01:65:5c:3e:ff:f4:07:5f:d8:ae:5d:e4:91:8f:
                    c2:4b:e3:d5:60:81:03:37:ba:9f:b9:ef:b3:87:92:
                    81:36:08:c8:c3:37:69:45:2c:d9:11:2c:d4:ce:5f:
                    5a:6b:d3:85:c9:df:8c:7c:c3:45:0a:a3:d8:5e:e4:
                    a7:26:7d:70:f1:ee:85:6c:d5:38:e5:57:9a:91:3c:
                    65:4b:1e:67:6e:5e:4c:67:b2:4e:58:13:90:e5:73:
                    b4:f1:43:91:7d:ed:5e:2a:19:c3:89:d3:7b:5f:c4:
                    27:39:9f:98:eb:c1:f5:2b:c0:21:c8:ef:f7:5f:15:
                    16:2a:f2:3d:f6:05:f8:a8:d1:46:5a:be:b8:67:a3:
                    a0:17:6a:37:e4:89:13:07:0f:89:03:07:d2:59:71:
                    0e:5e:65:79:8a:cc:35:86:6f:c2:6d:e6:64:d6:8e:
                    3b:b4:d5:46:c3:2e:41:42:56:28:bd:c3:6b:f3:f7:
                    45:90:10:96:57:e8:d9:ba:a1:4c:77:9b:c9:89:4c:
                    6c:6f:f0:6f:08:ef:eb:3f:85:ba:a6:ce:63:ce:af:
                    90:4c:90:ff:b6:74:e8:68:e4:f1:b5:3f:40:dd:b2:
                    76:5a:13:be:5c:32:e4:b2:03:06:f1:d5:68:99:1d:
                    e0:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:51:48:DC:96:21:79:33:45:40:75:2D:82:31:9E:19:04:D8:3E:FF
            X509v3 Authority Key Identifier:
                keyid:15:7B:0B:DE:0E:3C:AD:B2:94:83:9B:C9:81:56:55:64:4D:B2:6E:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9148BFA/04A24C34114311EC97369F73C4F9AE02/FXsL3g48rbKUg5vJgVZVZE2ybpE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/FXsL3g48rbKUg5vJgVZVZE2ybpE.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9148BFA/04A24C34114311EC97369F73C4F9AE02/17B9520C069011EDB22D0829C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.226.230.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1a:56:0e:16:b2:20:99:7d:59:45:ca:2a:ff:ce:47:48:1a:eb:
         e1:a4:98:f8:0a:b5:b0:a1:3c:0c:7b:1d:1e:1c:81:7b:2d:9c:
         6e:de:f3:5b:e7:28:f2:0d:78:e7:49:b2:49:fc:da:f6:0c:11:
         85:df:76:2c:af:ce:3e:55:bf:d9:3a:1a:5a:0a:47:60:07:ec:
         dc:ce:26:f3:9e:b4:d0:5d:f0:7e:1c:8f:10:b9:c8:a5:ca:a1:
         17:a4:c0:48:08:1f:89:21:96:53:4d:8f:90:f1:b6:8b:24:c3:
         01:93:3e:de:2f:dc:5f:a1:88:ca:f2:36:c7:cb:14:69:03:42:
         6b:55:e6:90:a7:c4:09:d5:15:22:ff:d6:8c:64:ec:8a:fb:1f:
         f5:d9:f0:30:b5:4a:d5:d0:4e:ae:7a:45:4c:21:0c:c3:0c:d6:
         37:35:ca:ea:11:d9:d3:f5:71:e7:38:60:db:25:12:7d:ff:d5:
         e0:38:55:40:42:a4:8e:80:2d:3e:c2:be:f6:6e:8e:8e:b9:96:
         d5:08:ad:8a:cd:4c:d2:4f:dd:f7:15:80:59:0d:1f:d1:38:9d:
         3d:1c:d5:a6:2c:f7:12:c1:e1:3a:5f:f0:23:29:4f:8d:92:78:
         2a:10:24:15:dc:a2:f5:d2:cd:8d:cd:12:b3:e1:29:e3:bf:d2:
         09:fa:44:a6
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICAz8wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDhCRkExMTAvBgNVBAUTKDE1N0IwQkRFMEUzQ0FEQjI5NDgzOUJDOTgxNTY1NTY0
NERCMjZFOTEwHhcNMjMwMTA3MDMwMjI0WhcNMjQwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02M2I4ZTBiZi02YTI3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAryT5RDfUXRrVzECgLrCVAWVcPv/0B1/Yrl3kkY/CS+PVYIEDN7qfue+zh5KB
NgjIwzdpRSzZESzUzl9aa9OFyd+MfMNFCqPYXuSnJn1w8e6FbNU45VeakTxlSx5n
bl5MZ7JOWBOQ5XO08UORfe1eKhnDidN7X8QnOZ+Y68H1K8AhyO/3XxUWKvI99gX4
qNFGWr64Z6OgF2o35IkTBw+JAwfSWXEOXmV5isw1hm/CbeZk1o47tNVGwy5BQlYo
vcNr8/dFkBCWV+jZuqFMd5vJiUxsb/BvCO/rP4W6ps5jzq+QTJD/tnToaOTxtT9A
3bJ2WhO+XDLksgMG8dVomR3gJwIDAQABo4IClTCCApEwHQYDVR0OBBYEFONRSNyW
IXkzRUB1LYIxnhkE2D7/MB8GA1UdIwQYMBaAFBV7C94OPK2ylIObyYFWVWRNsm6R
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0OEJGQS8wNEEyNEMzNDEx
NDMxMUVDOTczNjlGNzNDNEY5QUUwMi9GWHNMM2c0OHJiS1VnNXZKZ1ZaVlpFMnli
cEUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0ZYc0wzZzQ4cmJLVWc1dkpnVlpWWkUyeWJwRS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDhCRkEvMDRBMjRDMzQxMTQzMTFFQzk3MzY5RjczQzRGOUFFMDIvMTdCOTUyMEMw
NjkwMTFFREIyMkQwODI5QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAAr4uYwDQYJKoZIhvcNAQELBQADggEBABpWDhayIJl9WUXK
Kv/OR0ga6+GkmPgKtbChPAx7HR4cgXstnG7e81vnKPINeOdJskn82vYMEYXfdiyv
zj5Vv9k6GloKR2AH7NzOJvOetNBd8H4cjxC5yKXKoRekwEgIH4khllNNj5Dxtosk
wwGTPt4v3F+hiMryNsfLFGkDQmtV5pCnxAnVFSL/1oxk7Ir7H/XZ8DC1StXQTq56
RUwhDMMM1jc1yuoR2dP1cec4YNslEn3/1eA4VUBCpI6ALT7CvvZujo65ltUIrYrN
TNJP3fcVgFkNH9E4nT0c1aYs9xLB4Tpf8CMpT42SeCoQJBXcovXSzY3NErPhKeO/
0gn6RKY=
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:05 2024 by rpki-client on console-fra.rpki-client.org