Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A912BBC9/83FF9FECAA8111EAB42A0433C4F9AE02/17E4C634BBB311ED98408733C4F9AE02.roa
File:                     17E4C634BBB311ED98408733C4F9AE02.roa (raw, json)
Hash identifier:          GoLE4t/LB4kqnyO/BN7YQtR1Of6HlyQf1I9XSp2k3Co=
Subject key identifier:   50:7C:65:13:76:23:D5:4A:A4:89:5B:E5:9D:48:5D:8C:D2:3B:16:6D
Certificate issuer:       /CN=A912BBC9/serialNumber=D3B7215E1660A19EFD2E772F9BA7A7BDC6EE0D28
Certificate serial:       075E
Authority key identifier: D3:B7:21:5E:16:60:A1:9E:FD:2E:77:2F:9B:A7:A7:BD:C6:EE:0D:28
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/07chXhZgoZ79Lncvm6envcbuDSg.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A912BBC9/83FF9FECAA8111EAB42A0433C4F9AE02/17E4C634BBB311ED98408733C4F9AE02.roa
Signing time:             Mon 06 Mar 2023 00:48:49 +0000
ROA not before:           Mon 06 Mar 2023 00:48:49 +0000
ROA not after:            Tue 31 Oct 2023 00:00:00 +0000
asID:                     139351
IP address blocks:        103.141.158.0/25 maxlen: 25
                          103.141.158.128/25 maxlen: 25
                          103.141.159.0/25 maxlen: 25
                          103.141.159.128/25 maxlen: 25
                          2400:17a0::/48 maxlen: 48
                          2400:17a0:1::/48 maxlen: 48
                          2400:17a0:2::/48 maxlen: 48
                          2400:17a0:3::/48 maxlen: 48
                          2400:17a0:4::/48 maxlen: 48
                          2400:17a0:5::/48 maxlen: 48
                          2400:17a0:6::/48 maxlen: 48
                          2400:17a0:7::/48 maxlen: 48
                          2400:17a0:8::/48 maxlen: 48
                          2400:17a0:9::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1886 (0x75e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A912BBC9/serialNumber=D3B7215E1660A19EFD2E772F9BA7A7BDC6EE0D28
        Validity
            Not Before: Mar  6 00:48:49 2023 GMT
            Not After : Oct 31 00:00:00 2023 GMT
        Subject: CN=64053871-a5c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:a0:10:c9:f8:eb:16:4f:1c:91:4e:f0:fd:6f:
                    43:9d:a5:f9:4c:ff:73:74:05:22:5f:62:d4:dd:81:
                    20:87:5e:22:a9:92:2d:e2:60:77:0f:3a:70:4a:0d:
                    29:ec:de:2d:5e:38:20:19:09:4a:5d:94:e5:be:da:
                    f7:f0:ff:cf:16:13:54:bb:c5:52:a7:aa:16:5b:24:
                    58:51:3f:99:13:36:a1:fc:65:29:26:7f:e3:07:43:
                    e1:6f:48:81:8a:05:d7:de:e6:4e:7d:d6:bb:48:3c:
                    47:4c:b5:9a:e5:e9:c7:72:ef:06:5f:3f:87:e0:d0:
                    46:48:68:cf:45:f6:5e:d8:06:06:cd:0c:2f:70:b3:
                    6e:2c:56:9e:0d:9c:89:40:b7:e5:9b:98:a9:e8:a0:
                    13:aa:a0:69:55:2d:ed:d4:0c:54:92:7c:3c:26:e9:
                    1d:90:8b:c3:a0:3c:f1:11:04:8a:38:40:97:48:50:
                    ec:5c:e6:be:13:22:9b:7c:16:c5:4c:15:90:94:14:
                    7d:d8:40:ba:0d:02:b8:11:05:a1:43:09:62:61:04:
                    65:9f:0e:75:e7:fc:15:5e:8a:2a:1e:b2:a7:8f:72:
                    d0:ec:f9:ed:93:db:c1:da:46:c2:a9:f6:e3:cb:e7:
                    bf:e7:33:17:63:ec:a8:c3:d8:fb:af:56:53:be:30:
                    6d:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:7C:65:13:76:23:D5:4A:A4:89:5B:E5:9D:48:5D:8C:D2:3B:16:6D
            X509v3 Authority Key Identifier:
                keyid:D3:B7:21:5E:16:60:A1:9E:FD:2E:77:2F:9B:A7:A7:BD:C6:EE:0D:28

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A912BBC9/83FF9FECAA8111EAB42A0433C4F9AE02/07chXhZgoZ79Lncvm6envcbuDSg.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/07chXhZgoZ79Lncvm6envcbuDSg.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A912BBC9/83FF9FECAA8111EAB42A0433C4F9AE02/17E4C634BBB311ED98408733C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.141.158.0/23
                IPv6:
                  2400:17a0::-2400:17a0:9:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         94:78:df:9a:bb:57:72:85:9b:1d:37:d5:aa:97:49:a8:91:35:
         7a:68:a9:f2:cb:d1:c5:14:cc:f4:27:b8:61:f8:d6:4c:b7:62:
         87:bb:5b:ee:bf:db:c7:96:8f:8b:c3:bd:a7:ba:4c:3a:39:35:
         e4:e7:57:86:70:68:f5:b8:97:6d:a9:84:39:41:70:63:81:2c:
         98:cd:ed:33:fa:db:12:b0:61:1f:33:c8:50:0b:35:83:7d:8d:
         81:a1:43:57:79:60:bb:ad:5e:1e:8c:43:58:2f:b0:db:af:b9:
         87:1f:06:66:90:9d:90:0a:1b:a6:93:e7:70:41:38:d2:b4:0f:
         c4:61:ec:a6:e5:eb:2e:3b:25:c7:06:35:c1:95:5a:97:8e:2f:
         32:8d:42:68:dc:7a:0c:ff:23:ba:47:78:67:b5:88:e4:5d:6c:
         cf:e8:6a:8b:03:11:70:aa:cd:eb:54:e9:6f:65:3c:4c:c0:2f:
         80:0e:d6:57:7a:fd:c7:f2:43:74:03:21:c3:f6:8e:90:b0:44:
         aa:10:0d:a3:67:29:03:98:a4:27:e8:3f:b1:8d:84:4f:93:68:
         cf:82:f1:41:4a:7e:34:98:82:3e:3e:35:cd:05:7a:b7:72:dc:
         0b:16:ce:c5:10:d2:bc:2c:eb:f5:a5:cf:7a:10:5d:a5:f9:f8:
         70:1d:40:56
-----BEGIN CERTIFICATE-----
MIIFizCCBHOgAwIBAgICB14wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MkJCQzkxMTAvBgNVBAUTKEQzQjcyMTVFMTY2MEExOUVGRDJFNzcyRjlCQTdBN0JE
QzZFRTBEMjgwHhcNMjMwMzA2MDA0ODQ5WhcNMjMxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDA1Mzg3MS1hNWMzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAz6AQyfjrFk8ckU7w/W9DnaX5TP9zdAUiX2LU3YEgh14iqZIt4mB3DzpwSg0p
7N4tXjggGQlKXZTlvtr38P/PFhNUu8VSp6oWWyRYUT+ZEzah/GUpJn/jB0Phb0iB
igXX3uZOfda7SDxHTLWa5enHcu8GXz+H4NBGSGjPRfZe2AYGzQwvcLNuLFaeDZyJ
QLflm5ip6KATqqBpVS3t1AxUknw8JukdkIvDoDzxEQSKOECXSFDsXOa+EyKbfBbF
TBWQlBR92EC6DQK4EQWhQwliYQRlnw515/wVXooqHrKnj3LQ7Pntk9vB2kbCqfbj
y+e/5zMXY+yow9j7r1ZTvjBtAwIDAQABo4ICrzCCAqswHQYDVR0OBBYEFFB8ZRN2
I9VKpIlb5Z1IXYzSOxZtMB8GA1UdIwQYMBaAFNO3IV4WYKGe/S53L5unp73G7g0o
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEyQkJDOS84M0ZGOUZFQ0FB
ODExMUVBQjQyQTA0MzNDNEY5QUUwMi8wN2NoWGhaZ29aNzlMbmN2bTZlbnZjYnVE
U2cuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzA3Y2hYaFpnb1o3OUxuY3ZtNmVudmNidURTZy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MkJCQzkvODNGRjlGRUNBQTgxMTFFQUI0MkEwNDMzQzRGOUFFMDIvMTdFNEM2MzRC
QkIzMTFFRDk4NDA4NzMzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwOQYIKwYBBQUHAQcBAf8E
KjAoMAwEAgABMAYDBAFnjZ4wGAQCAAIwEjAQAwUFJAAXoAMHASQAF6AACDANBgkq
hkiG9w0BAQsFAAOCAQEAlHjfmrtXcoWbHTfVqpdJqJE1emip8svRxRTM9Ce4YfjW
TLdih7tb7r/bx5aPi8O9p7pMOjk15OdXhnBo9biXbamEOUFwY4EsmM3tM/rbErBh
HzPIUAs1g32NgaFDV3lgu61eHoxDWC+w26+5hx8GZpCdkAobppPncEE40rQPxGHs
puXrLjslxwY1wZVal44vMo1CaNx6DP8jukd4Z7WI5F1sz+hqiwMRcKrN61Tpb2U8
TMAvgA7WV3r9x/JDdAMhw/aOkLBEqhANo2cpA5ikJ+g/sY2ET5Noz4LxQUp+NJiC
Pj41zQV6t3LcCxbOxRDSvCzr9aXPehBdpfn4cB1AVg==
-----END CERTIFICATE-----