Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91ADE0A/30D80126C11311E5B01A7269C4F9AE02/8DF46778CF7011EDBDB44333C4F9AE02.roa
File:                     8DF46778CF7011EDBDB44333C4F9AE02.roa (raw, json)
Hash identifier:          O9rA4+ftLBxT47CNzyrDITh9Ygo0t3YAnuqTmwqDM7U=
Subject key identifier:   3F:D7:4B:89:7D:C8:C3:FB:72:22:48:A4:0F:20:09:65:C7:E8:7A:11
Certificate issuer:       /CN=A91ADE0A/serialNumber=BE488B4E60AC6A73A656EFDBC5FA67A1A8DE812A
Certificate serial:       20BB
Authority key identifier: BE:48:8B:4E:60:AC:6A:73:A6:56:EF:DB:C5:FA:67:A1:A8:DE:81:2A
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/vkiLTmCsanOmVu_bxfpnoajegSo.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91ADE0A/30D80126C11311E5B01A7269C4F9AE02/8DF46778CF7011EDBDB44333C4F9AE02.roa
Signing time:             Fri 31 Mar 2023 03:03:04 +0000
ROA not before:           Fri 31 Mar 2023 03:03:04 +0000
ROA not after:            Wed 01 May 2024 00:00:00 +0000
asID:                     133334
IP address blocks:        45.124.56.0/22 maxlen: 24
                          103.61.220.0/22 maxlen: 22
                          103.200.32.0/22 maxlen: 22
                          103.203.52.0/22 maxlen: 22
                          103.225.136.0/22 maxlen: 24
                          2401:b80::/32 maxlen: 32
                          2401:b80::/36 maxlen: 36
                          2401:b80:1000::/36 maxlen: 36
                          2401:b80:2000::/36 maxlen: 36
                          2401:b80:2000:2017::/64 maxlen: 64
                          2401:b80:3000::/36 maxlen: 36

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 8379 (0x20bb)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91ADE0A/serialNumber=BE488B4E60AC6A73A656EFDBC5FA67A1A8DE812A
        Validity
            Not Before: Mar 31 03:03:04 2023 GMT
            Not After : May  1 00:00:00 2024 GMT
        Subject: CN=64264d68-b2c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:ca:fd:e2:6e:87:f3:78:95:94:a7:f0:bc:96:
                    dd:37:88:45:40:d2:a7:20:25:df:5a:eb:b1:29:13:
                    e5:80:24:8e:a4:4a:af:5d:14:01:a5:09:5e:d3:c4:
                    0a:d4:0e:52:d2:bf:2e:0e:11:00:69:82:07:2b:8c:
                    a9:9f:41:e3:d8:d3:98:65:5f:7b:4c:aa:5e:cf:71:
                    1f:60:53:52:7f:06:4f:ca:35:e0:1c:2d:e9:36:ca:
                    c5:c0:aa:b5:51:14:23:82:5f:99:eb:5d:e6:48:fc:
                    b5:cd:07:b3:23:9b:d0:42:20:5c:31:8b:93:bb:20:
                    38:23:f9:00:3b:29:fc:26:12:70:c8:b6:ad:b4:98:
                    31:e6:42:d9:8c:0c:6e:68:c9:a2:9c:d8:6f:21:93:
                    8c:f3:30:9c:fe:cc:93:86:e4:b5:58:98:b1:aa:e4:
                    e4:6f:58:c9:04:e1:f9:06:33:e9:6d:34:5f:38:80:
                    79:b4:99:10:7b:5f:7e:24:76:e6:94:69:2d:1a:07:
                    bb:20:09:cd:24:9a:4f:19:14:02:c1:ac:70:ef:3c:
                    41:9f:1f:a0:b2:e8:25:fc:e1:36:8c:33:02:eb:e1:
                    3e:15:9c:4b:60:c5:54:fe:ea:54:48:9a:12:e7:9e:
                    a1:8b:71:cf:3f:61:e0:09:58:f6:e6:c6:6e:8e:a6:
                    06:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:D7:4B:89:7D:C8:C3:FB:72:22:48:A4:0F:20:09:65:C7:E8:7A:11
            X509v3 Authority Key Identifier:
                keyid:BE:48:8B:4E:60:AC:6A:73:A6:56:EF:DB:C5:FA:67:A1:A8:DE:81:2A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91ADE0A/30D80126C11311E5B01A7269C4F9AE02/vkiLTmCsanOmVu_bxfpnoajegSo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/vkiLTmCsanOmVu_bxfpnoajegSo.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91ADE0A/30D80126C11311E5B01A7269C4F9AE02/8DF46778CF7011EDBDB44333C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.124.56.0/22
                  103.61.220.0/22
                  103.200.32.0/22
                  103.203.52.0/22
                  103.225.136.0/22
                IPv6:
                  2401:b80::/32

    Signature Algorithm: sha256WithRSAEncryption
         94:97:34:3a:8d:82:75:5f:3f:dc:0a:06:b0:ca:80:fe:25:79:
         52:91:6b:22:2a:f5:a2:3e:64:9b:3a:be:4b:62:cc:80:8a:a4:
         cf:ad:a7:5d:c2:36:6b:d0:8c:bd:71:2b:bf:17:39:08:5d:69:
         db:f7:81:de:49:f6:ca:90:fc:01:f8:3f:c3:35:e1:2a:de:d0:
         0e:38:77:7f:a1:a5:42:97:33:06:78:4d:d6:42:cd:fd:ff:0c:
         dd:0d:e9:a2:83:ef:11:62:8e:23:76:61:ef:41:62:5e:26:d5:
         13:87:4a:41:80:db:22:80:99:c7:e7:bb:ce:8c:79:ed:dd:94:
         9c:0d:d9:37:4f:aa:84:e9:62:db:86:c9:ef:64:9e:ef:f3:8a:
         d7:4a:5f:79:6a:cd:8b:b4:55:12:40:23:ae:c3:4d:d4:e7:6d:
         6f:97:f8:b7:a9:cd:d2:0f:f0:68:fd:08:5f:f2:a9:11:71:de:
         7c:f5:17:d0:19:4e:29:7c:34:98:7e:a4:e1:4c:0d:14:78:4d:
         13:45:b8:2a:31:f0:ba:94:60:16:01:9f:47:cd:c9:f3:06:64:
         36:3e:4c:c3:14:d2:fd:28:09:9d:54:62:2c:f1:c8:a2:4f:58:
         80:9f:5d:8d:7d:a9:63:2a:c5:1f:72:77:2a:f7:9e:1e:50:3d:
         e0:b8:39:41
-----BEGIN CERTIFICATE-----
MIIFmDCCBICgAwIBAgICILswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QURFMEExMTAvBgNVBAUTKEJFNDg4QjRFNjBBQzZBNzNBNjU2RUZEQkM1RkE2N0Ex
QThERTgxMkEwHhcNMjMwMzMxMDMwMzA0WhcNMjQwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDI2NGQ2OC1iMmM0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAqMr94m6H83iVlKfwvJbdN4hFQNKnICXfWuuxKRPlgCSOpEqvXRQBpQle08QK
1A5S0r8uDhEAaYIHK4ypn0Hj2NOYZV97TKpez3EfYFNSfwZPyjXgHC3pNsrFwKq1
URQjgl+Z613mSPy1zQezI5vQQiBcMYuTuyA4I/kAOyn8JhJwyLattJgx5kLZjAxu
aMminNhvIZOM8zCc/syThuS1WJixquTkb1jJBOH5BjPpbTRfOIB5tJkQe19+JHbm
lGktGge7IAnNJJpPGRQCwaxw7zxBnx+gsugl/OE2jDMC6+E+FZxLYMVU/upUSJoS
556hi3HPP2HgCVj25sZujqYGWwIDAQABo4ICvDCCArgwHQYDVR0OBBYEFD/XS4l9
yMP7ciJIpA8gCWXH6HoRMB8GA1UdIwQYMBaAFL5Ii05grGpzplbv28X6Z6Go3oEq
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBREUwQS8zMEQ4MDEyNkMx
MTMxMUU1QjAxQTcyNjlDNEY5QUUwMi92a2lMVG1Dc2FuT21WdV9ieGZwbm9hamVn
U28uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3ZraUxUbUNzYW5PbVZ1X2J4ZnBub2FqZWdTby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QURFMEEvMzBEODAxMjZDMTEzMTFFNUIwMUE3MjY5QzRGOUFFMDIvOERGNDY3NzhD
RjcwMTFFREJEQjQ0MzMzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwRgYIKwYBBQUHAQcBAf8E
NzA1MCQEAgABMB4DBAItfDgDBAJnPdwDBAJnyCADBAJnyzQDBAJn4YgwDQQCAAIw
BwMFACQBC4AwDQYJKoZIhvcNAQELBQADggEBAJSXNDqNgnVfP9wKBrDKgP4leVKR
ayIq9aI+ZJs6vktizICKpM+tp13CNmvQjL1xK78XOQhdadv3gd5J9sqQ/AH4P8M1
4Sre0A44d3+hpUKXMwZ4TdZCzf3/DN0N6aKD7xFijiN2Ye9BYl4m1ROHSkGA2yKA
mcfnu86Mee3dlJwN2TdPqoTpYtuGye9knu/zitdKX3lqzYu0VRJAI67DTdTnbW+X
+LepzdIP8Gj9CF/yqRFx3nz1F9AZTil8NJh+pOFMDRR4TRNFuCox8LqUYBYBn0fN
yfMGZDY+TMMU0v0oCZ1UYizxyKJPWICfXY19qWMqxR9ydyr3nh5QPeC4OUE=
-----END CERTIFICATE-----