Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A912D3CB/A9A439FC69B211EA9779DD48C4F9AE02/8CA71016029611EDA5631357C4F9AE02.roa
File:                     8CA71016029611EDA5631357C4F9AE02.roa (raw, json)
Hash identifier:          DGk+NFA6gfVK0NTG/9mGheVP8bZCHwpV7jmY1AzrCfg=
Subject key identifier:   BE:45:DB:BA:F8:DF:CD:A1:60:9A:7B:8F:AB:01:AD:C4:71:9B:99:B6
Certificate issuer:       /CN=A912D3CB/serialNumber=EDD2A69686865256C9B0FDDD6B714966D5378F33
Certificate serial:       07AB
Authority key identifier: ED:D2:A6:96:86:86:52:56:C9:B0:FD:DD:6B:71:49:66:D5:37:8F:33
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/7dKmloaGUlbJsP3da3FJZtU3jzM.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A912D3CB/A9A439FC69B211EA9779DD48C4F9AE02/8CA71016029611EDA5631357C4F9AE02.roa
Signing time:             Wed 13 Jul 2022 10:28:35 +0000
ROA not before:           Wed 13 Jul 2022 10:28:35 +0000
ROA not after:            Fri 31 Mar 2023 00:00:00 +0000
asID:                     58895
IP address blocks:        103.83.20.0/22 maxlen: 22
                          103.83.20.0/24 maxlen: 24
                          103.83.21.0/24 maxlen: 24
                          103.83.22.0/24 maxlen: 24
                          103.83.23.0/24 maxlen: 24
                          123.108.92.0/24 maxlen: 24
                          123.108.93.0/24 maxlen: 24
                          123.108.94.0/24 maxlen: 24
                          123.108.95.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1963 (0x7ab)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A912D3CB/serialNumber=EDD2A69686865256C9B0FDDD6B714966D5378F33
        Validity
            Not Before: Jul 13 10:28:35 2022 GMT
            Not After : Mar 31 00:00:00 2023 GMT
        Subject: CN=62ce9e52-75b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:1d:08:7c:5b:1c:82:12:9a:73:74:65:b0:67:
                    ca:f9:37:24:cd:ba:c2:9e:aa:a6:62:2d:92:70:50:
                    c2:79:2b:3c:22:dd:52:04:11:be:2d:7a:87:b1:49:
                    70:ef:52:98:b6:d1:16:aa:ee:7a:7a:c8:c9:ce:ed:
                    83:10:0a:79:f2:01:5d:8b:cd:2c:b5:63:7a:5a:e0:
                    01:45:07:08:9f:ef:ce:ca:c3:a2:f4:37:34:43:25:
                    22:3d:db:85:4e:fa:e6:f0:74:3f:c1:a0:2f:23:bb:
                    65:70:0f:2e:1d:7d:14:7c:41:a9:67:09:a8:7e:c5:
                    eb:32:26:84:4d:3f:77:65:69:87:bd:6e:6b:66:2a:
                    75:9b:3e:19:6e:04:9c:8b:63:b4:ed:7e:2d:42:69:
                    15:5e:8c:93:c9:e0:45:d7:00:24:79:1b:ac:51:6e:
                    72:5e:ad:37:01:40:49:7a:b6:53:d9:c2:e2:a1:6c:
                    f6:47:2b:59:8d:66:b3:a7:4d:1a:b5:11:ae:9e:56:
                    83:a2:c3:3a:e1:2d:e4:c9:73:ad:b7:45:80:00:27:
                    cc:0b:c1:9b:0c:69:7a:5d:b7:5d:f7:7f:ee:c8:3d:
                    ff:b5:d1:df:c2:10:71:ff:81:42:c0:fb:ef:2b:4b:
                    f9:53:47:a8:28:fb:22:c3:d7:69:0d:5c:17:b4:7d:
                    7e:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:45:DB:BA:F8:DF:CD:A1:60:9A:7B:8F:AB:01:AD:C4:71:9B:99:B6
            X509v3 Authority Key Identifier:
                keyid:ED:D2:A6:96:86:86:52:56:C9:B0:FD:DD:6B:71:49:66:D5:37:8F:33

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A912D3CB/A9A439FC69B211EA9779DD48C4F9AE02/7dKmloaGUlbJsP3da3FJZtU3jzM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/7dKmloaGUlbJsP3da3FJZtU3jzM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A912D3CB/A9A439FC69B211EA9779DD48C4F9AE02/8CA71016029611EDA5631357C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.83.20.0/22
                  123.108.92.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4c:74:5b:ed:4f:00:58:12:18:ff:e7:42:73:2c:e1:6f:85:d9:
         d6:ca:f3:ca:da:ca:b5:79:9d:67:82:76:1e:12:b3:9f:20:77:
         29:ce:56:1a:7c:bf:67:28:be:31:26:8d:5e:cf:cb:0e:98:c5:
         92:3c:71:41:a9:bf:a4:13:d2:e8:fe:7b:ec:e9:d4:05:6f:b6:
         0c:93:09:d3:a7:bd:90:d5:e5:ae:d8:f0:90:2f:4f:d8:8e:0f:
         f1:f1:22:d3:e8:58:35:e0:04:fe:1f:29:b3:be:5c:42:76:24:
         17:6a:ab:41:05:f9:7e:b2:25:09:a3:bf:a7:df:cf:7a:56:88:
         5b:e9:d1:3c:07:82:ba:4a:c7:87:6b:6d:21:f3:55:be:33:98:
         de:88:48:d1:98:25:3c:a6:4b:39:6c:17:e8:68:d1:e6:c1:24:
         92:1d:40:bf:07:ac:9c:aa:55:a1:26:33:1d:4d:b6:7a:f9:c0:
         c2:89:b7:09:d9:31:fb:24:71:d1:2c:1f:9b:01:ab:15:3e:4e:
         52:ab:d2:5a:0d:c9:52:16:34:e5:b5:0a:2c:9e:b3:17:09:f0:
         f6:d9:06:2a:db:a3:c3:32:cf:d3:e3:37:7c:b0:e8:34:57:a2:
         dc:ba:99:7d:f6:01:f6:3a:b4:d5:69:b9:d3:ad:4a:47:c7:4a:
         3c:1d:5f:cc
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICB6swDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MkQzQ0IxMTAvBgNVBAUTKEVERDJBNjk2ODY4NjUyNTZDOUIwRkRERDZCNzE0OTY2
RDUzNzhGMzMwHhcNMjIwNzEzMTAyODM1WhcNMjMwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MmNlOWU1Mi03NWIzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAwx0IfFscghKac3RlsGfK+TckzbrCnqqmYi2ScFDCeSs8It1SBBG+LXqHsUlw
71KYttEWqu56esjJzu2DEAp58gFdi80stWN6WuABRQcIn+/OysOi9Dc0QyUiPduF
Tvrm8HQ/waAvI7tlcA8uHX0UfEGpZwmofsXrMiaETT93ZWmHvW5rZip1mz4ZbgSc
i2O07X4tQmkVXoyTyeBF1wAkeRusUW5yXq03AUBJerZT2cLioWz2RytZjWazp00a
tRGunlaDosM64S3kyXOtt0WAACfMC8GbDGl6Xbdd93/uyD3/tdHfwhBx/4FCwPvv
K0v5U0eoKPsiw9dpDVwXtH1+0QIDAQABo4ICmzCCApcwHQYDVR0OBBYEFL5F27r4
382hYJp7j6sBrcRxm5m2MB8GA1UdIwQYMBaAFO3SppaGhlJWybD93WtxSWbVN48z
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEyRDNDQi9BOUE0MzlGQzY5
QjIxMUVBOTc3OURENDhDNEY5QUUwMi83ZEttbG9hR1VsYkpzUDNkYTNGSlp0VTNq
ek0uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzdkS21sb2FHVWxiSnNQM2RhM0ZKWnRVM2p6TS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MkQzQ0IvQTlBNDM5RkM2OUIyMTFFQTk3NzlERDQ4QzRGOUFFMDIvOENBNzEwMTYw
Mjk2MTFFREE1NjMxMzU3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBAJnUxQDBAJ7bFwwDQYJKoZIhvcNAQELBQADggEBAEx0W+1P
AFgSGP/nQnMs4W+F2dbK88rayrV5nWeCdh4Ss58gdynOVhp8v2covjEmjV7Pyw6Y
xZI8cUGpv6QT0uj+e+zp1AVvtgyTCdOnvZDV5a7Y8JAvT9iOD/HxItPoWDXgBP4f
KbO+XEJ2JBdqq0EF+X6yJQmjv6ffz3pWiFvp0TwHgrpKx4drbSHzVb4zmN6ISNGY
JTymSzlsF+ho0ebBJJIdQL8HrJyqVaEmMx1Ntnr5wMKJtwnZMfskcdEsH5sBqxU+
TlKr0loNyVIWNOW1CiyesxcJ8PbZBirbo8Myz9PjN3yw6DRXoty6mX32AfY6tNVp
udOtSkfHSjwdX8w=
-----END CERTIFICATE-----