Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91510AD/8B5E75FE1D8711E284B383DF08B02CD2/977871B208C511EDBC862E48C4F9AE02.roa
File:                     977871B208C511EDBC862E48C4F9AE02.roa (raw, json)
Hash identifier:          5fZCBYHiF1fJ1uKsPlCTe9Ms+DAoN3V5KPj1Rrszle8=
Subject key identifier:   D0:98:92:65:96:FE:8A:D8:31:8F:7B:FF:56:CD:C9:DB:C4:16:A0:14
Certificate issuer:       /CN=A91510AD/serialNumber=E1E6908A16EC813DAA0BD64797AE9DBDEB092257
Certificate serial:       3364
Authority key identifier: E1:E6:90:8A:16:EC:81:3D:AA:0B:D6:47:97:AE:9D:BD:EB:09:22:57
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/4eaQihbsgT2qC9ZHl66dvesJIlc.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91510AD/8B5E75FE1D8711E284B383DF08B02CD2/977871B208C511EDBC862E48C4F9AE02.roa
Signing time:             Thu 06 Oct 2022 14:40:39 +0000
ROA not before:           Thu 06 Oct 2022 14:40:39 +0000
ROA not after:            Sat 30 Dec 2023 00:00:00 +0000
asID:                     17469
IP address blocks:        175.29.124.0/22 maxlen: 24
                          175.29.140.0/22 maxlen: 24
                          175.29.144.0/22 maxlen: 24
                          175.29.152.0/21 maxlen: 21
                          175.29.160.0/20 maxlen: 24
                          175.29.176.0/20 maxlen: 24
                          175.29.192.0/21 maxlen: 24
                          202.22.192.0/20 maxlen: 24
                          203.76.144.0/21 maxlen: 24
                          203.82.192.0/20 maxlen: 24
                          2404:150::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 13156 (0x3364)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91510AD/serialNumber=E1E6908A16EC813DAA0BD64797AE9DBDEB092257
        Validity
            Not Before: Oct  6 14:40:39 2022 GMT
            Not After : Dec 30 00:00:00 2023 GMT
        Subject: CN=633ee8e7-a50c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:e7:50:83:d4:3d:51:4a:38:d3:6c:19:12:3e:
                    6c:84:67:5a:d9:e2:3c:38:cb:d0:c8:57:0b:ad:df:
                    03:78:23:a7:a2:da:c2:33:b5:af:49:95:c5:a5:6b:
                    7c:94:0e:65:61:e7:7b:95:9f:49:bc:b6:2e:1c:42:
                    ea:4e:54:a3:8e:fa:95:37:97:67:5b:11:d5:85:d9:
                    30:99:fb:eb:68:ab:3b:95:3a:5f:f9:32:90:b6:0f:
                    0b:bf:e4:9c:d1:6c:23:5a:b6:85:10:94:5e:72:c0:
                    a6:c6:fb:5e:0d:f8:0c:0a:43:76:d3:b0:a6:fb:cf:
                    d1:c6:83:f5:36:2d:f0:c1:c4:00:dd:23:29:1a:7d:
                    7c:3b:20:30:f9:40:f7:61:5d:9f:10:82:af:09:8f:
                    81:7c:30:fe:d7:df:09:bc:96:f5:dc:b9:87:df:8e:
                    50:f1:20:56:67:ae:9a:75:23:b1:fc:02:fc:41:92:
                    c7:67:66:64:9c:35:55:66:2e:ff:fe:66:35:c3:10:
                    fd:55:e6:6f:48:6d:0e:99:39:7d:52:82:2b:5b:79:
                    61:ad:6c:cc:aa:ae:27:fd:39:f9:f4:e3:24:59:3f:
                    bf:ba:c6:84:d8:0f:26:05:cb:f2:a5:31:35:1d:ef:
                    11:9f:19:0c:75:93:09:b3:8c:3b:96:cb:61:e2:af:
                    57:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:98:92:65:96:FE:8A:D8:31:8F:7B:FF:56:CD:C9:DB:C4:16:A0:14
            X509v3 Authority Key Identifier:
                keyid:E1:E6:90:8A:16:EC:81:3D:AA:0B:D6:47:97:AE:9D:BD:EB:09:22:57

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91510AD/8B5E75FE1D8711E284B383DF08B02CD2/4eaQihbsgT2qC9ZHl66dvesJIlc.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/4eaQihbsgT2qC9ZHl66dvesJIlc.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91510AD/8B5E75FE1D8711E284B383DF08B02CD2/977871B208C511EDBC862E48C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  175.29.124.0/22
                  175.29.140.0-175.29.147.255
                  175.29.152.0-175.29.199.255
                  202.22.192.0/20
                  203.76.144.0/21
                  203.82.192.0/20
                IPv6:
                  2404:150::/32

    Signature Algorithm: sha256WithRSAEncryption
         2e:ea:51:9c:4e:a2:5a:7d:f8:fe:42:62:b0:34:dd:53:56:d6:
         ad:2a:98:41:cf:da:f5:06:85:93:7e:10:33:72:53:bb:17:bd:
         b0:88:88:5a:18:c2:47:3a:03:34:af:0f:04:ed:8a:89:bc:b0:
         34:a2:82:80:96:96:f8:06:46:ae:ec:c9:84:07:78:f4:77:ca:
         e3:07:0b:4e:b0:f6:03:39:a6:0f:20:c6:13:e9:b4:98:24:ca:
         3a:5d:34:ba:b8:45:ec:5f:57:2c:00:97:6d:6a:e0:1e:12:93:
         e6:5b:3b:bc:87:34:a6:26:3a:53:09:b4:ed:62:a3:54:ef:a0:
         72:cc:95:f1:95:7b:ed:64:92:f8:95:6d:1f:92:5b:6e:73:cc:
         9b:36:b7:20:90:42:aa:37:97:23:14:13:ee:a2:73:6f:01:0f:
         12:71:2b:67:74:6f:6b:55:f4:5e:15:3b:9e:bd:84:cd:0b:2e:
         c4:5f:d8:d0:1b:c2:b0:c0:02:97:43:b3:a9:d3:1e:ba:98:3b:
         96:8e:16:6f:91:e5:4b:32:e0:ff:33:25:53:0c:eb:47:b4:a6:
         08:09:a2:40:5a:72:47:49:4d:a4:b9:86:16:b5:34:c9:66:3d:
         dc:b4:df:c0:42:c8:d6:a2:4b:9f:f5:21:73:13:98:cf:cf:bd:
         1d:44:32:56
-----BEGIN CERTIFICATE-----
MIIFrjCCBJagAwIBAgICM2QwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NTEwQUQxMTAvBgNVBAUTKEUxRTY5MDhBMTZFQzgxM0RBQTBCRDY0Nzk3QUU5REJE
RUIwOTIyNTcwHhcNMjIxMDA2MTQ0MDM5WhcNMjMxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02MzNlZThlNy1hNTBjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAm+dQg9Q9UUo402wZEj5shGda2eI8OMvQyFcLrd8DeCOnotrCM7WvSZXFpWt8
lA5lYed7lZ9JvLYuHELqTlSjjvqVN5dnWxHVhdkwmfvraKs7lTpf+TKQtg8Lv+Sc
0WwjWraFEJRecsCmxvteDfgMCkN207Cm+8/RxoP1Ni3wwcQA3SMpGn18OyAw+UD3
YV2fEIKvCY+BfDD+198JvJb13LmH345Q8SBWZ66adSOx/AL8QZLHZ2ZknDVVZi7/
/mY1wxD9VeZvSG0OmTl9UoIrW3lhrWzMqq4n/Tn59OMkWT+/usaE2A8mBcvypTE1
He8RnxkMdZMJs4w7lsth4q9XYQIDAQABo4IC0jCCAs4wHQYDVR0OBBYEFNCYkmWW
/orYMY97/1bNydvEFqAUMB8GA1UdIwQYMBaAFOHmkIoW7IE9qgvWR5eunb3rCSJX
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1MTBBRC84QjVFNzVGRTFE
ODcxMUUyODRCMzgzREYwOEIwMkNEMi80ZWFRaWhic2dUMnFDOVpIbDY2ZHZlc0pJ
bGMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzRlYVFpaGJzZ1QycUM5WkhsNjZkdmVzSklsYy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NTEwQUQvOEI1RTc1RkUxRDg3MTFFMjg0QjM4M0RGMDhCMDJDRDIvOTc3ODcxQjIw
OEM1MTFFREJDODYyRTQ4QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwXAYIKwYBBQUHAQcBAf8E
TTBLMDoEAgABMDQDBAKvHXwwDAMEAq8djAMEAq8dkDAMAwQDrx2YAwQDrx3AAwQE
yhbAAwQDy0yQAwQEy1LAMA0EAgACMAcDBQAkBAFQMA0GCSqGSIb3DQEBCwUAA4IB
AQAu6lGcTqJaffj+QmKwNN1TVtatKphBz9r1BoWTfhAzclO7F72wiIhaGMJHOgM0
rw8E7YqJvLA0ooKAlpb4Bkau7MmEB3j0d8rjBwtOsPYDOaYPIMYT6bSYJMo6XTS6
uEXsX1csAJdtauAeEpPmWzu8hzSmJjpTCbTtYqNU76ByzJXxlXvtZJL4lW0fkltu
c8ybNrcgkEKqN5cjFBPuonNvAQ8ScStndG9rVfReFTuevYTNCy7EX9jQG8KwwAKX
Q7Op0x66mDuWjhZvkeVLMuD/MyVTDOtHtKYICaJAWnJHSU2kuYYWtTTJZj3ctN/A
QsjWokuf9SFzE5jPz70dRDJW
-----END CERTIFICATE-----