Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/5DF0417AC4B611EC8680212BC4F9AE02.roa
File:                     5DF0417AC4B611EC8680212BC4F9AE02.roa (raw, json)
Hash identifier:          5UGCcvvlO/Ghqdekgl/dj05f+YV3QdTnmYHTTGf3NwY=
Subject key identifier:   C0:46:23:6E:75:58:D5:05:30:D6:B4:6F:C4:22:1C:04:B5:4F:A0:BC
Certificate issuer:       /CN=A91A001E/serialNumber=8278F47DEC5B7ADC201897F99BCC6E2BFA88D015
Certificate serial:       395E
Authority key identifier: 82:78:F4:7D:EC:5B:7A:DC:20:18:97:F9:9B:CC:6E:2B:FA:88:D0:15
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gnj0fexbetwgGJf5m8xuK_qI0BU.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/5DF0417AC4B611EC8680212BC4F9AE02.roa
Signing time:             Tue 26 Apr 2022 05:20:10 +0000
ROA not before:           Tue 26 Apr 2022 05:20:10 +0000
ROA not after:            Fri 30 Sep 2022 00:00:00 +0000
asID:                     3970
IP address blocks:        103.171.218.0/24 maxlen: 24
                          103.171.219.0/24 maxlen: 24
                          2001:df7:5380::/48 maxlen: 48
                          2001:df7:5381::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 14686 (0x395e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91A001E/serialNumber=8278F47DEC5B7ADC201897F99BCC6E2BFA88D015
        Validity
            Not Before: Apr 26 05:20:10 2022 GMT
            Not After : Sep 30 00:00:00 2022 GMT
        Subject: CN=62678109-f860
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:c6:48:35:2d:b3:fc:64:da:8a:76:39:f3:25:
                    45:7e:28:da:64:d5:36:54:b9:82:f1:d1:4e:7b:72:
                    36:e8:92:f9:fe:57:cc:24:e4:bc:37:01:b3:87:b2:
                    f1:17:d7:1c:91:c8:ff:38:f8:44:ae:bb:cc:49:dd:
                    91:1f:f0:3a:11:90:e8:17:b2:2b:13:e4:0f:00:a1:
                    7f:73:1e:1e:95:8b:84:06:1b:51:c3:eb:d6:b6:e8:
                    02:94:8c:39:34:9d:92:06:4a:00:47:96:40:54:23:
                    d5:a3:74:92:8b:63:d7:9a:80:44:d4:cf:e0:30:4f:
                    ae:f9:8f:5c:02:f9:75:72:5e:a4:70:0a:e8:a3:69:
                    06:1f:e5:9a:03:5a:a4:a8:61:5f:2a:1d:6b:7d:8f:
                    2c:f9:2f:cb:cb:ac:a6:14:fa:21:b3:5c:8f:a4:7a:
                    75:91:81:15:04:c3:e2:0e:c0:47:3d:23:44:d0:f6:
                    17:f0:d7:a9:4a:c6:3e:95:07:31:94:8b:2a:e0:02:
                    fc:59:3a:a9:db:46:8f:69:65:57:52:0b:86:a0:93:
                    95:58:a1:05:86:3d:df:ab:e0:28:9f:f9:5a:e3:9a:
                    ee:40:a6:7d:64:01:17:89:4d:82:79:d7:d5:5f:3c:
                    03:89:48:ac:4c:bc:a9:97:80:2d:45:1b:5e:8e:18:
                    c2:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:46:23:6E:75:58:D5:05:30:D6:B4:6F:C4:22:1C:04:B5:4F:A0:BC
            X509v3 Authority Key Identifier:
                keyid:82:78:F4:7D:EC:5B:7A:DC:20:18:97:F9:9B:CC:6E:2B:FA:88:D0:15

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/gnj0fexbetwgGJf5m8xuK_qI0BU.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gnj0fexbetwgGJf5m8xuK_qI0BU.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A001E/35FA0F561D7811E293771FC408B02CD2/5DF0417AC4B611EC8680212BC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.171.218.0/23
                IPv6:
                  2001:df7:5380::/47

    Signature Algorithm: sha256WithRSAEncryption
         b6:e5:6f:28:32:f0:1c:f3:98:d7:af:80:00:1e:3d:95:33:76:
         4c:2c:56:78:04:b3:6a:7b:1e:8c:7f:58:42:00:d0:65:dd:4f:
         6c:ae:22:c8:d1:60:a8:30:f4:ae:40:ba:f0:2c:3c:71:00:c2:
         af:3a:a2:65:2e:50:c9:f3:1f:c1:39:6d:cc:bf:d2:bd:f8:27:
         09:00:13:39:6a:3a:51:57:99:ae:7c:64:da:30:0f:6c:04:79:
         77:6d:57:b2:f6:7a:00:c4:c4:58:ef:32:4d:e9:82:da:cb:54:
         58:be:47:c3:b9:cf:6a:27:c2:a9:c0:7a:a6:15:f1:e3:e8:e4:
         f7:5d:dc:fa:d2:cf:34:51:dd:d1:30:aa:6b:da:c1:02:c4:c3:
         fa:41:8c:6a:3b:b9:f9:cc:e5:c8:58:cb:c5:e9:ea:93:2e:e7:
         97:7c:54:37:dc:53:75:76:fa:96:11:ce:f4:3a:24:4c:10:e4:
         59:b7:27:9e:a8:31:33:74:60:5b:ba:02:77:d7:34:fd:73:82:
         ca:85:bd:d0:cc:13:d0:12:6c:65:28:7c:3f:4f:79:65:cf:d4:
         f3:b9:28:8a:97:8c:90:2f:52:86:73:96:df:8e:ec:44:9f:5e:
         7d:8d:81:a3:ac:85:9f:cf:46:92:73:ff:45:c9:08:03:01:eb:
         b8:8c:35:07
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICOV4wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTAwMUUxMTAvBgNVBAUTKDgyNzhGNDdERUM1QjdBREMyMDE4OTdGOTlCQ0M2RTJC
RkE4OEQwMTUwHhcNMjIwNDI2MDUyMDEwWhcNMjIwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02MjY3ODEwOS1mODYwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAmcZINS2z/GTainY58yVFfijaZNU2VLmC8dFOe3I26JL5/lfMJOS8NwGzh7Lx
F9cckcj/OPhErrvMSd2RH/A6EZDoF7IrE+QPAKF/cx4elYuEBhtRw+vWtugClIw5
NJ2SBkoAR5ZAVCPVo3SSi2PXmoBE1M/gME+u+Y9cAvl1cl6kcAroo2kGH+WaA1qk
qGFfKh1rfY8s+S/Ly6ymFPohs1yPpHp1kYEVBMPiDsBHPSNE0PYX8NepSsY+lQcx
lIsq4AL8WTqp20aPaWVXUguGoJOVWKEFhj3fq+Aon/la45ruQKZ9ZAEXiU2CedfV
XzwDiUisTLypl4AtRRtejhjCdQIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFMBGI251
WNUFMNa0b8QiHAS1T6C8MB8GA1UdIwQYMBaAFIJ49H3sW3rcIBiX+ZvMbiv6iNAV
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBMDAxRS8zNUZBMEY1NjFE
NzgxMUUyOTM3NzFGQzQwOEIwMkNEMi9nbmowZmV4YmV0d2dHSmY1bTh4dUtfcUkw
QlUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2duajBmZXhiZXR3Z0dKZjVtOHh1S19xSTBCVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTAwMUUvMzVGQTBGNTYxRDc4MTFFMjkzNzcxRkM0MDhCMDJDRDIvNURGMDQxN0FD
NEI2MTFFQzg2ODAyMTJCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBAFnq9owDwQCAAIwCQMHASABDfdTgDANBgkqhkiG9w0BAQsF
AAOCAQEAtuVvKDLwHPOY16+AAB49lTN2TCxWeASzansejH9YQgDQZd1PbK4iyNFg
qDD0rkC68Cw8cQDCrzqiZS5QyfMfwTltzL/SvfgnCQATOWo6UVeZrnxk2jAPbAR5
d21XsvZ6AMTEWO8yTemC2stUWL5Hw7nPaifCqcB6phXx4+jk913c+tLPNFHd0TCq
a9rBAsTD+kGMaju5+czlyFjLxenqky7nl3xUN9xTdXb6lhHO9DokTBDkWbcnnqgx
M3RgW7oCd9c0/XOCyoW90MwT0BJsZSh8P095Zc/U87koipeMkC9ShnOW347sRJ9e
fY2Bo6yFn89GknP/RckIAwHruIw1Bw==
-----END CERTIFICATE-----