Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A918D6BF/E361BA20A5A111E7B3A3127DC4F9AE02/6723080E049311EEB0CADF2DC4F9AE02.roa
File:                     6723080E049311EEB0CADF2DC4F9AE02.roa (raw, json)
Hash identifier:          hv5g1+2sH9tgpi3PseelyCG7AEe9HMkCtz/6iDem18A=
Subject key identifier:   54:57:77:3A:51:4D:88:31:07:C0:19:3A:7D:52:9A:BF:3A:BE:D3:32
Certificate issuer:       /CN=A918D6BF/serialNumber=4E01F4FCA76DBF9295DEC61C1B32A4EE68ADFD23
Certificate serial:       175E
Authority key identifier: 4E:01:F4:FC:A7:6D:BF:92:95:DE:C6:1C:1B:32:A4:EE:68:AD:FD:23
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/TgH0_Kdtv5KV3sYcGzKk7mit_SM.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A918D6BF/E361BA20A5A111E7B3A3127DC4F9AE02/6723080E049311EEB0CADF2DC4F9AE02.roa
Signing time:             Wed 20 Sep 2023 16:53:54 +0000
ROA not before:           Wed 20 Sep 2023 16:53:54 +0000
ROA not after:            Wed 31 Jan 2024 00:00:00 +0000
asID:                     59256
IP address blocks:        103.39.238.0/24 maxlen: 24
                          103.39.239.0/24 maxlen: 24
                          103.39.248.0/24 maxlen: 24
                          103.243.239.0/24 maxlen: 24
                          175.111.176.0/24 maxlen: 24
                          175.111.177.0/24 maxlen: 24
                          175.111.179.0/24 maxlen: 24
                          2001:df6:9000::/48 maxlen: 48
                          2401:9cc0:200::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 5982 (0x175e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A918D6BF/serialNumber=4E01F4FCA76DBF9295DEC61C1B32A4EE68ADFD23
        Validity
            Not Before: Sep 20 16:53:54 2023 GMT
            Not After : Jan 31 00:00:00 2024 GMT
        Subject: CN=650b23a2-21ed
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:e1:8e:02:91:76:ef:06:6d:82:c3:69:89:a4:
                    7c:e9:26:34:8d:bc:e4:2b:2f:d0:13:a7:9c:e7:07:
                    19:b6:fa:69:40:cc:01:43:cf:a5:b2:6f:5b:0f:42:
                    0a:7f:f2:bb:ef:a0:c8:08:81:c0:23:88:39:5f:40:
                    48:97:34:72:29:fb:1f:78:9e:cb:4a:75:77:74:d4:
                    5f:f1:29:df:c8:81:20:23:b4:55:84:47:77:2f:22:
                    1b:6b:4b:96:83:0f:80:c7:61:b4:9b:ab:4d:90:05:
                    72:8c:ea:a1:09:cf:85:07:68:2f:3f:2b:97:b4:57:
                    00:04:58:52:69:2f:37:af:54:f7:fe:90:46:39:07:
                    30:a2:01:0a:ae:42:54:36:47:a9:fb:e0:d7:a3:d8:
                    92:59:4c:91:5c:de:c1:06:a4:69:e4:f6:f2:29:2e:
                    5e:7e:d2:cc:a8:2d:0c:67:43:b8:86:11:a3:d9:2e:
                    db:e5:65:27:1d:50:38:7b:18:67:20:2a:4b:db:09:
                    c9:10:44:07:5c:84:15:e8:f1:b6:8a:2f:83:bf:6f:
                    90:2b:c1:90:6c:35:e2:61:9e:dd:dd:38:02:8c:65:
                    18:e7:19:b5:8e:46:36:9e:59:7c:51:6f:be:66:d4:
                    77:0f:a2:2c:7f:18:3b:7c:2f:9e:ed:dc:ae:54:58:
                    81:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:57:77:3A:51:4D:88:31:07:C0:19:3A:7D:52:9A:BF:3A:BE:D3:32
            X509v3 Authority Key Identifier:
                keyid:4E:01:F4:FC:A7:6D:BF:92:95:DE:C6:1C:1B:32:A4:EE:68:AD:FD:23

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A918D6BF/E361BA20A5A111E7B3A3127DC4F9AE02/TgH0_Kdtv5KV3sYcGzKk7mit_SM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/TgH0_Kdtv5KV3sYcGzKk7mit_SM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918D6BF/E361BA20A5A111E7B3A3127DC4F9AE02/6723080E049311EEB0CADF2DC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.39.238.0/23
                  103.39.248.0/24
                  103.243.239.0/24
                  175.111.176.0/23
                  175.111.179.0/24
                IPv6:
                  2001:df6:9000::/48
                  2401:9cc0:200::/48

    Signature Algorithm: sha256WithRSAEncryption
         87:98:9a:76:bf:ff:c1:01:ab:54:be:47:24:c9:94:e5:6d:b6:
         e2:7a:74:9b:60:56:ea:9c:fb:82:24:73:f0:69:25:71:78:79:
         6e:fb:b0:a1:6f:70:ee:6c:ba:48:13:e8:52:31:98:b3:bb:44:
         d9:a1:9f:18:86:21:09:9b:d8:12:0b:5f:ea:e8:18:3a:df:0a:
         3b:5c:5f:a7:cd:aa:4b:70:e2:d3:20:76:11:ff:dd:e6:77:9a:
         90:f7:88:89:7b:5d:00:5e:f3:01:79:4e:75:ff:47:40:16:c6:
         cf:ae:cd:1e:b5:c0:d4:d0:5a:fa:49:76:c6:74:0c:88:af:40:
         b6:29:e2:3e:53:c9:06:9f:e5:65:60:2d:9f:f8:b7:de:c3:b6:
         33:e1:d9:32:d7:89:35:9d:e0:96:2e:4d:d3:27:2f:7c:11:98:
         6d:61:1f:17:ef:e3:d2:04:1f:8f:cc:53:55:58:19:79:66:a4:
         7e:1c:b5:b5:4a:cc:91:dc:c6:86:ff:2d:7a:d3:37:68:c0:63:
         ee:44:54:49:55:69:dd:a0:c8:95:57:4f:d6:ba:45:c1:00:44:
         fb:54:2d:51:7b:22:1b:21:63:2b:55:38:5f:ee:05:70:b1:69:
         11:50:18:cb:cb:e1:9d:97:2c:50:ad:fb:0d:85:80:f0:4e:c7:
         1d:02:ca:88
-----BEGIN CERTIFICATE-----
MIIFozCCBIugAwIBAgICF14wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OEQ2QkYxMTAvBgNVBAUTKDRFMDFGNEZDQTc2REJGOTI5NURFQzYxQzFCMzJBNEVF
NjhBREZEMjMwHhcNMjMwOTIwMTY1MzU0WhcNMjQwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTBiMjNhMi0yMWVkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAvuGOApF27wZtgsNpiaR86SY0jbzkKy/QE6ec5wcZtvppQMwBQ8+lsm9bD0IK
f/K776DICIHAI4g5X0BIlzRyKfsfeJ7LSnV3dNRf8SnfyIEgI7RVhEd3LyIba0uW
gw+Ax2G0m6tNkAVyjOqhCc+FB2gvPyuXtFcABFhSaS83r1T3/pBGOQcwogEKrkJU
Nkep++DXo9iSWUyRXN7BBqRp5PbyKS5eftLMqC0MZ0O4hhGj2S7b5WUnHVA4exhn
ICpL2wnJEEQHXIQV6PG2ii+Dv2+QK8GQbDXiYZ7d3TgCjGUY5xm1jkY2nll8UW++
ZtR3D6Isfxg7fC+e7dyuVFiBUQIDAQABo4ICxzCCAsMwHQYDVR0OBBYEFFRXdzpR
TYgxB8AZOn1Smr86vtMyMB8GA1UdIwQYMBaAFE4B9Pynbb+Sld7GHBsypO5orf0j
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4RDZCRi9FMzYxQkEyMEE1
QTExMUU3QjNBMzEyN0RDNEY5QUUwMi9UZ0gwX0tkdHY1S1Yzc1ljR3pLazdtaXRf
U00uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1RnSDBfS2R0djVLVjNzWWNHektrN21pdF9TTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OEQ2QkYvRTM2MUJBMjBBNUExMTFFN0IzQTMxMjdEQzRGOUFFMDIvNjcyMzA4MEUw
NDkzMTFFRUIwQ0FERjJEQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwUQYIKwYBBQUHAQcBAf8E
QjBAMCQEAgABMB4DBAFnJ+4DBABnJ/gDBABn8+8DBAGvb7ADBACvb7MwGAQCAAIw
EgMHACABDfaQAAMHACQBnMACADANBgkqhkiG9w0BAQsFAAOCAQEAh5iadr//wQGr
VL5HJMmU5W224np0m2BW6pz7giRz8GklcXh5bvuwoW9w7my6SBPoUjGYs7tE2aGf
GIYhCZvYEgtf6ugYOt8KO1xfp82qS3Di0yB2Ef/d5neakPeIiXtdAF7zAXlOdf9H
QBbGz67NHrXA1NBa+kl2xnQMiK9AtiniPlPJBp/lZWAtn/i33sO2M+HZMteJNZ3g
li5N0ycvfBGYbWEfF+/j0gQfj8xTVVgZeWakfhy1tUrMkdzGhv8tetM3aMBj7kRU
SVVp3aDIlVdP1rpFwQBE+1QtUXsiGyFjK1U4X+4FcLFpEVAYy8vhnZcsUK37DYWA
8E7HHQLKiA==
-----END CERTIFICATE-----