Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A918A996/32C68A5E279811EEBD8DC55FC4F9AE02/7EC65D5A27A011EEB3CBB135C4F9AE02.roa
File:                     7EC65D5A27A011EEB3CBB135C4F9AE02.roa (raw, json)
Hash identifier:          nOG0gx7Mf6qrWb6gms60glaRqUEFzfeT6QdLMy7AwOI=
Subject key identifier:   19:C5:20:DA:90:6F:46:E7:49:AD:CC:36:7A:7E:89:C9:D0:FE:ED:AA
Certificate issuer:       /CN=A918A996/serialNumber=8386BE861BDBDB6D0165087DC044A07FA4D4F089
Certificate serial:       08
Authority key identifier: 83:86:BE:86:1B:DB:DB:6D:01:65:08:7D:C0:44:A0:7F:A4:D4:F0:89
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/g4a-hhvb220BZQh9wESgf6TU8Ik.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A918A996/32C68A5E279811EEBD8DC55FC4F9AE02/7EC65D5A27A011EEB3CBB135C4F9AE02.roa
Signing time:             Mon 24 Jul 2023 02:22:32 +0000
ROA not before:           Mon 24 Jul 2023 02:22:32 +0000
ROA not after:            Sun 31 Mar 2024 00:00:00 +0000
asID:                     10118
IP address blocks:        117.103.144.0/20 maxlen: 20
                          117.103.152.0/23 maxlen: 23
                          117.103.156.0/24 maxlen: 24
                          117.103.157.0/24 maxlen: 24
                          117.103.158.0/24 maxlen: 24
                          117.103.159.0/24 maxlen: 24
                          180.188.128.0/18 maxlen: 18
                          180.188.144.0/20 maxlen: 20
                          180.188.176.0/24 maxlen: 24
                          180.188.180.0/22 maxlen: 22
                          180.188.184.0/22 maxlen: 22
                          180.188.188.0/22 maxlen: 22

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 8 (0x8)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A918A996/serialNumber=8386BE861BDBDB6D0165087DC044A07FA4D4F089
        Validity
            Not Before: Jul 24 02:22:32 2023 GMT
            Not After : Mar 31 00:00:00 2024 GMT
        Subject: CN=64bde068-bf46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:3b:65:e4:8d:71:24:22:29:3a:9a:d8:80:1b:
                    36:57:26:c0:30:1f:9a:6d:d2:8f:e2:1e:0d:b5:bf:
                    6d:88:c3:7b:fe:cb:86:37:92:6a:55:5a:f6:af:27:
                    a6:38:7f:50:bf:0f:1c:3b:f5:42:0a:eb:30:03:8a:
                    d0:9f:a8:4b:77:9d:1a:d5:3a:74:52:c3:bb:c3:8f:
                    93:42:e1:79:df:71:9f:93:8a:7b:af:c7:e7:53:eb:
                    97:d6:4c:cb:60:47:3d:49:72:78:78:5f:14:a2:1a:
                    45:d8:23:e2:cf:87:df:3b:4a:91:d9:04:ee:cb:f6:
                    0d:77:60:46:b6:bb:63:fa:7c:57:5c:b2:4b:a3:1f:
                    4e:18:11:ce:66:8a:1a:8a:7a:e4:7e:68:75:1b:b1:
                    8f:e9:e3:86:78:bf:b7:c5:7f:fe:95:d1:e4:f7:8c:
                    1a:35:65:c1:2a:77:31:a8:17:4e:06:37:52:c3:22:
                    f4:00:71:36:d8:40:05:b2:c1:46:de:74:73:43:c3:
                    c0:46:14:f2:47:98:97:bc:ad:c2:3f:c3:00:16:38:
                    49:6e:1e:0b:66:36:90:d5:3a:4c:87:2b:e2:df:fa:
                    26:6e:47:ba:70:4f:62:fc:8b:0d:4f:57:05:4f:fb:
                    c4:a7:ec:31:ee:82:ca:c7:fc:dc:e4:4f:2c:ca:f5:
                    53:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                19:C5:20:DA:90:6F:46:E7:49:AD:CC:36:7A:7E:89:C9:D0:FE:ED:AA
            X509v3 Authority Key Identifier:
                keyid:83:86:BE:86:1B:DB:DB:6D:01:65:08:7D:C0:44:A0:7F:A4:D4:F0:89

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A918A996/32C68A5E279811EEBD8DC55FC4F9AE02/g4a-hhvb220BZQh9wESgf6TU8Ik.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/g4a-hhvb220BZQh9wESgf6TU8Ik.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918A996/32C68A5E279811EEBD8DC55FC4F9AE02/7EC65D5A27A011EEB3CBB135C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  117.103.144.0/20
                  180.188.128.0/18

    Signature Algorithm: sha256WithRSAEncryption
         85:69:b5:6d:88:27:cd:05:00:30:c5:ba:1e:35:aa:ed:7f:72:
         49:2a:f0:f1:64:cf:c4:dd:42:d8:80:ef:c7:c4:ae:29:01:3a:
         74:cd:ce:89:c6:d3:38:25:e6:18:77:df:94:24:04:c9:83:0b:
         41:45:7c:08:13:f2:ad:d1:d3:16:ce:94:9d:f9:cd:aa:39:ba:
         ec:e4:a4:f8:51:28:8a:75:d2:ba:59:7c:2e:d1:c1:6a:08:4e:
         3c:b0:9c:b0:f0:d9:db:34:e0:7f:51:06:c0:43:17:f4:01:99:
         8e:0b:ac:eb:8b:6a:79:63:e8:e9:f4:50:a1:40:45:5e:b9:7e:
         54:ff:66:89:7f:6f:7c:46:64:26:9a:66:c9:f4:a9:38:dd:22:
         28:aa:d9:ee:55:87:da:9f:52:4a:43:2e:04:f8:22:ae:ae:94:
         e0:6a:a7:aa:a5:3f:d4:be:21:e1:a2:70:21:b9:6f:9a:c0:5c:
         e2:56:21:7e:1f:17:8d:8c:9d:fe:4a:a4:29:7e:4b:1b:6f:22:
         0e:d9:7d:05:2d:8c:69:74:3c:38:89:4e:3f:36:36:c6:7d:57:
         2f:d9:87:bf:37:19:d1:f0:64:68:4f:f0:fd:85:e4:77:d6:54:
         8c:68:4b:d6:a9:1b:49:24:ce:3e:11:a5:ca:9a:59:2e:c6:b1:
         fe:22:ae:7d
-----BEGIN CERTIFICATE-----
MIIFdjCCBF6gAwIBAgIBCDANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTE4
QTk5NjExMC8GA1UEBRMoODM4NkJFODYxQkRCREI2RDAxNjUwODdEQzA0NEEwN0ZB
NEQ0RjA4OTAeFw0yMzA3MjQwMjIyMzJaFw0yNDAzMzEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY0YmRlMDY4LWJmNDYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDTO2XkjXEkIik6mtiAGzZXJsAwH5pt0o/iHg21v22Iw3v+y4Y3kmpVWvavJ6Y4
f1C/Dxw79UIK6zADitCfqEt3nRrVOnRSw7vDj5NC4XnfcZ+Tinuvx+dT65fWTMtg
Rz1Jcnh4XxSiGkXYI+LPh987SpHZBO7L9g13YEa2u2P6fFdcskujH04YEc5mihqK
euR+aHUbsY/p44Z4v7fFf/6V0eT3jBo1ZcEqdzGoF04GN1LDIvQAcTbYQAWywUbe
dHNDw8BGFPJHmJe8rcI/wwAWOEluHgtmNpDVOkyHK+Lf+iZuR7pwT2L8iw1PVwVP
+8Sn7DHugsrH/NzkTyzK9VOlAgMBAAGjggKbMIIClzAdBgNVHQ4EFgQUGcUg2pBv
RudJrcw2en6JydD+7aowHwYDVR0jBBgwFoAUg4a+hhvb220BZQh9wESgf6TU8Ikw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MThBOTk2LzMyQzY4QTVFMjc5
ODExRUVCRDhEQzU1RkM0RjlBRTAyL2c0YS1oaHZiMjIwQlpRaDl3RVNnZjZUVThJ
ay5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvZzRhLWhodmIyMjBCWlFoOXdFU2dmNlRVOElrLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4
QTk5Ni8zMkM2OEE1RTI3OTgxMUVFQkQ4REM1NUZDNEY5QUUwMi83RUM2NUQ1QTI3
QTAxMUVFQjNDQkIxMzVDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAlBggrBgEFBQcBBwEB/wQW
MBQwEgQCAAEwDAMEBHVnkAMEBrS8gDANBgkqhkiG9w0BAQsFAAOCAQEAhWm1bYgn
zQUAMMW6HjWq7X9ySSrw8WTPxN1C2IDvx8SuKQE6dM3OicbTOCXmGHfflCQEyYML
QUV8CBPyrdHTFs6UnfnNqjm67OSk+FEoinXSull8LtHBaghOPLCcsPDZ2zTgf1EG
wEMX9AGZjgus64tqeWPo6fRQoUBFXrl+VP9miX9vfEZkJppmyfSpON0iKKrZ7lWH
2p9SSkMuBPgirq6U4GqnqqU/1L4h4aJwIblvmsBc4lYhfh8XjYyd/kqkKX5LG28i
Dtl9BS2MaXQ8OIlOPzY2xn1XL9mHvzcZ0fBkaE/w/YXkd9ZUjGhL1qkbSSTOPhGl
yppZLsax/iKufQ==
-----END CERTIFICATE-----