Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A918FC75/3AA5DEE0DD5811EC870FC20DC4F9AE02/45102AFED85011ED982CB146C4F9AE02.roa
File:                     45102AFED85011ED982CB146C4F9AE02.roa (raw, json)
Hash identifier:          S7J1cHFU9FP13u3UDXlgUbQFLH53/TpEkILL3tSqR/I=
Subject key identifier:   97:E2:2C:9F:50:F1:A0:5B:10:70:EB:68:CB:D4:36:C5:98:BB:3F:69
Certificate issuer:       /CN=A918FC75/serialNumber=482E5A6E0896A266A91A4066C06F4B4ED984649D
Certificate serial:       01CA
Authority key identifier: 48:2E:5A:6E:08:96:A2:66:A9:1A:40:66:C0:6F:4B:4E:D9:84:64:9D
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/SC5abgiWomapGkBmwG9LTtmEZJ0.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A918FC75/3AA5DEE0DD5811EC870FC20DC4F9AE02/45102AFED85011ED982CB146C4F9AE02.roa
Signing time:             Tue 11 Apr 2023 10:04:39 +0000
ROA not before:           Tue 11 Apr 2023 10:04:39 +0000
ROA not after:            Thu 31 Aug 2023 00:00:00 +0000
asID:                     9443
IP address blocks:        203.32.21.0/24 maxlen: 24
                          203.32.25.0/24 maxlen: 24
                          203.32.26.0/24 maxlen: 24
                          203.32.28.0/24 maxlen: 24
                          203.32.32.0/24 maxlen: 24
                          203.32.38.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 458 (0x1ca)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A918FC75/serialNumber=482E5A6E0896A266A91A4066C06F4B4ED984649D
        Validity
            Not Before: Apr 11 10:04:39 2023 GMT
            Not After : Aug 31 00:00:00 2023 GMT
        Subject: CN=643530b6-1e45
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:db:e1:5c:b5:48:f7:9a:82:96:7e:c4:93:41:
                    a7:2f:48:2e:ee:1a:6a:bf:9a:96:e6:e4:52:0e:63:
                    86:88:04:fd:75:b3:8d:6b:c1:e5:49:a7:8a:7d:70:
                    4d:d5:78:60:2b:19:18:c7:8b:cd:7b:df:24:a8:8e:
                    3d:f5:33:61:55:c0:e8:d2:98:87:95:df:56:e6:d6:
                    84:1b:54:25:3a:c6:f7:26:fb:aa:c1:c6:56:29:b0:
                    24:4a:a2:20:a7:b1:ed:b8:d3:31:db:6b:25:97:8c:
                    1a:ed:f1:b8:cf:0d:1c:8f:b7:f5:87:84:32:fd:c3:
                    e7:80:b0:68:eb:32:6c:47:02:03:df:28:79:df:cc:
                    cf:51:04:df:51:9b:08:8d:02:6e:41:89:52:7d:3f:
                    b2:60:07:b1:e4:24:7d:52:e6:58:45:a1:34:1f:14:
                    3d:f5:48:db:b5:7e:6b:48:20:5a:1b:71:1f:20:f6:
                    30:88:16:a7:34:47:19:dd:8a:b6:8a:df:d3:b3:31:
                    84:b2:a1:25:ff:01:57:1a:4f:ef:89:7b:50:80:14:
                    38:4e:78:6f:93:da:57:fc:4c:4c:78:7d:b0:aa:18:
                    90:aa:83:20:1c:a9:38:00:35:c3:fc:87:a1:7d:b4:
                    29:e1:a4:64:27:b8:17:a5:be:ac:61:f2:8e:8e:b0:
                    ba:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:E2:2C:9F:50:F1:A0:5B:10:70:EB:68:CB:D4:36:C5:98:BB:3F:69
            X509v3 Authority Key Identifier:
                keyid:48:2E:5A:6E:08:96:A2:66:A9:1A:40:66:C0:6F:4B:4E:D9:84:64:9D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A918FC75/3AA5DEE0DD5811EC870FC20DC4F9AE02/SC5abgiWomapGkBmwG9LTtmEZJ0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/SC5abgiWomapGkBmwG9LTtmEZJ0.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918FC75/3AA5DEE0DD5811EC870FC20DC4F9AE02/45102AFED85011ED982CB146C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.32.21.0/24
                  203.32.25.0-203.32.26.255
                  203.32.28.0/24
                  203.32.32.0/24
                  203.32.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         93:cc:e2:dc:a6:f5:60:b9:dc:9a:bc:a3:3a:88:dc:f4:d5:c2:
         d8:e2:ff:7f:6f:a1:ec:ab:71:39:91:5a:a5:3c:41:87:62:60:
         bc:57:e2:78:b7:23:de:be:df:a1:72:11:81:ae:61:57:a2:70:
         b1:6a:67:32:4b:e5:23:31:b2:30:e4:bb:43:ee:32:c7:71:80:
         99:a7:77:f2:df:b0:a6:46:dc:2c:e7:1c:62:95:5f:e0:5a:5b:
         e2:84:b0:02:5a:fa:90:bf:00:26:f3:b1:a4:c9:46:9b:8b:dc:
         da:6b:2b:31:7d:1f:b3:a2:8e:02:ec:d9:d4:3d:ee:5d:9f:11:
         a8:df:40:20:15:ad:fc:5f:7d:df:3f:77:2b:e7:0b:1d:36:da:
         6d:e1:46:17:bd:25:5b:0b:21:8f:1a:2f:a9:f1:21:1d:45:b1:
         80:96:8b:3d:c5:38:be:47:e0:ce:f3:df:59:d4:56:55:20:0a:
         81:a5:41:b3:84:bd:51:bb:b3:a9:d7:52:3c:3a:08:d7:20:a1:
         ca:a7:36:c7:6a:45:d9:d1:e1:80:30:1c:c5:e9:22:c7:0a:71:
         8f:b6:e3:b3:72:d5:d9:ef:06:be:6d:8f:03:f8:4b:ec:e7:3e:
         6f:6a:bf:8b:39:a8:41:f3:df:25:d8:d3:49:97:8d:f8:23:b1:
         0a:d4:ab:97
-----BEGIN CERTIFICATE-----
MIIFkTCCBHmgAwIBAgICAcowDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OEZDNzUxMTAvBgNVBAUTKDQ4MkU1QTZFMDg5NkEyNjZBOTFBNDA2NkMwNkY0QjRF
RDk4NDY0OUQwHhcNMjMwNDExMTAwNDM5WhcNMjMwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDM1MzBiNi0xZTQ1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA5tvhXLVI95qCln7Ek0GnL0gu7hpqv5qW5uRSDmOGiAT9dbONa8HlSaeKfXBN
1XhgKxkYx4vNe98kqI499TNhVcDo0piHld9W5taEG1QlOsb3JvuqwcZWKbAkSqIg
p7HtuNMx22sll4wa7fG4zw0cj7f1h4Qy/cPngLBo6zJsRwID3yh538zPUQTfUZsI
jQJuQYlSfT+yYAex5CR9UuZYRaE0HxQ99UjbtX5rSCBaG3EfIPYwiBanNEcZ3Yq2
it/TszGEsqEl/wFXGk/viXtQgBQ4Tnhvk9pX/ExMeH2wqhiQqoMgHKk4ADXD/Ieh
fbQp4aRkJ7gXpb6sYfKOjrC62QIDAQABo4ICtTCCArEwHQYDVR0OBBYEFJfiLJ9Q
8aBbEHDraMvUNsWYuz9pMB8GA1UdIwQYMBaAFEguWm4IlqJmqRpAZsBvS07ZhGSd
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4RkM3NS8zQUE1REVFMERE
NTgxMUVDODcwRkMyMERDNEY5QUUwMi9TQzVhYmdpV29tYXBHa0Jtd0c5TFR0bUVa
SjAuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1NDNWFiZ2lXb21hcEdrQm13RzlMVHRtRVpKMC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OEZDNzUvM0FBNURFRTBERDU4MTFFQzg3MEZDMjBEQzRGOUFFMDIvNDUxMDJBRkVE
ODUwMTFFRDk4MkNCMTQ2QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwPwYIKwYBBQUHAQcBAf8E
MDAuMCwEAgABMCYDBADLIBUwDAMEAMsgGQMEAMsgGgMEAMsgHAMEAMsgIAMEAMsg
JjANBgkqhkiG9w0BAQsFAAOCAQEAk8zi3Kb1YLncmryjOojc9NXC2OL/f2+h7Ktx
OZFapTxBh2JgvFfieLcj3r7foXIRga5hV6JwsWpnMkvlIzGyMOS7Q+4yx3GAmad3
8t+wpkbcLOccYpVf4Fpb4oSwAlr6kL8AJvOxpMlGm4vc2msrMX0fs6KOAuzZ1D3u
XZ8RqN9AIBWt/F993z93K+cLHTbabeFGF70lWwshjxovqfEhHUWxgJaLPcU4vkfg
zvPfWdRWVSAKgaVBs4S9UbuzqddSPDoI1yChyqc2x2pF2dHhgDAcxekixwpxj7bj
s3LV2e8Gvm2PA/hL7Oc+b2q/izmoQfPfJdjTSZeN+COxCtSrlw==
-----END CERTIFICATE-----