Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91ADE0A/30D80126C11311E5B01A7269C4F9AE02/E911EB98DB6A11ED9D388A41C4F9AE02.roa
File:                     E911EB98DB6A11ED9D388A41C4F9AE02.roa (raw, json)
Hash identifier:          SBks3tg8T9WnTcGs7SJ8jl6WqVHxF995ypUW/Yyb+a0=
Subject key identifier:   F2:3B:29:52:8A:A6:17:50:26:C8:FE:57:73:F7:86:9F:26:D5:01:82
Certificate issuer:       /CN=A91ADE0A/serialNumber=BE488B4E60AC6A73A656EFDBC5FA67A1A8DE812A
Certificate serial:       20E6
Authority key identifier: BE:48:8B:4E:60:AC:6A:73:A6:56:EF:DB:C5:FA:67:A1:A8:DE:81:2A
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/vkiLTmCsanOmVu_bxfpnoajegSo.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91ADE0A/30D80126C11311E5B01A7269C4F9AE02/E911EB98DB6A11ED9D388A41C4F9AE02.roa
Signing time:             Tue 13 Jun 2023 03:34:01 +0000
ROA not before:           Tue 13 Jun 2023 03:34:01 +0000
ROA not after:            Wed 01 May 2024 00:00:00 +0000
asID:                     133334
IP address blocks:        45.124.56.0/22 maxlen: 24
                          103.61.220.0/22 maxlen: 22
                          103.200.32.0/22 maxlen: 22
                          103.203.52.0/22 maxlen: 22
                          103.225.136.0/22 maxlen: 24
                          2401:b80::/32 maxlen: 32
                          2401:b80::/36 maxlen: 36
                          2401:b80:1000::/36 maxlen: 36
                          2401:b80:2000::/36 maxlen: 36
                          2401:b80:3000::/36 maxlen: 36

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 8422 (0x20e6)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91ADE0A/serialNumber=BE488B4E60AC6A73A656EFDBC5FA67A1A8DE812A
        Validity
            Not Before: Jun 13 03:34:01 2023 GMT
            Not After : May  1 00:00:00 2024 GMT
        Subject: CN=6487e3a9-f14b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:1f:56:97:c9:67:93:85:85:99:33:e4:c9:2a:
                    e6:f7:0d:b9:16:13:e5:31:15:a1:10:1f:01:df:e7:
                    1a:e4:50:7e:87:fb:99:96:b3:57:57:2c:7e:23:53:
                    5d:d9:e7:53:82:b0:b2:0b:d4:2b:18:56:92:fc:a6:
                    05:f3:c7:1f:c7:0e:56:ed:1b:6d:b3:c5:f7:50:2b:
                    e6:05:83:b9:3f:c5:62:45:4f:0b:6f:b0:02:0e:f7:
                    48:6d:ca:d2:01:10:f2:cb:b2:b8:58:cc:60:66:42:
                    20:ed:2e:b1:9a:6b:0a:aa:70:11:47:df:8a:d2:7b:
                    73:79:5c:44:03:a7:3c:c3:2c:56:b3:b9:72:4f:7a:
                    24:47:04:e6:0b:cf:38:ac:1a:85:81:d5:80:cb:d7:
                    88:c6:34:f8:b4:5a:de:6b:a1:97:44:8e:bb:42:3d:
                    69:98:cb:3e:89:cd:c3:73:81:75:aa:35:b0:b4:af:
                    9e:40:b0:8d:dc:b4:77:21:6c:9e:72:47:42:3f:64:
                    46:a1:03:38:ca:07:ec:ea:fe:9b:bb:90:fe:61:00:
                    46:56:9f:10:2c:d1:6d:33:66:5e:e1:dc:d7:9c:0b:
                    04:6e:18:5f:1f:6c:ca:f2:0f:16:4f:0e:0d:6d:05:
                    24:5a:59:29:d7:ce:fa:20:d4:63:2c:bc:24:97:7d:
                    a2:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F2:3B:29:52:8A:A6:17:50:26:C8:FE:57:73:F7:86:9F:26:D5:01:82
            X509v3 Authority Key Identifier:
                keyid:BE:48:8B:4E:60:AC:6A:73:A6:56:EF:DB:C5:FA:67:A1:A8:DE:81:2A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91ADE0A/30D80126C11311E5B01A7269C4F9AE02/vkiLTmCsanOmVu_bxfpnoajegSo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/vkiLTmCsanOmVu_bxfpnoajegSo.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91ADE0A/30D80126C11311E5B01A7269C4F9AE02/E911EB98DB6A11ED9D388A41C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.124.56.0/22
                  103.61.220.0/22
                  103.200.32.0/22
                  103.203.52.0/22
                  103.225.136.0/22
                IPv6:
                  2401:b80::/32

    Signature Algorithm: sha256WithRSAEncryption
         7b:88:f1:32:49:6f:86:8e:64:e5:e5:38:11:8e:e2:c7:50:6a:
         81:41:1d:1d:25:84:4c:67:5d:e6:1b:65:eb:5c:ea:c8:20:1b:
         99:5d:89:36:f4:af:ae:e4:53:dd:2d:0e:19:d7:66:84:53:ee:
         97:73:56:68:95:aa:30:dc:3c:71:e1:45:5c:b0:bb:1b:c3:eb:
         22:46:90:53:06:d1:6c:38:8c:2f:55:b4:ff:30:ba:72:a5:77:
         14:ed:e1:d0:22:a0:e8:cf:2d:fa:33:34:ee:5e:a6:ff:4e:52:
         4c:5e:d2:03:f3:fa:0b:6c:71:3c:b6:d4:ef:0d:df:cb:06:69:
         52:be:65:5f:b7:8f:8c:a2:fb:23:33:25:dd:ec:8e:24:7a:e4:
         60:a3:ef:4e:00:72:ee:7f:69:54:2a:2a:4f:8c:de:10:48:d1:
         9c:0c:a9:6a:be:be:e0:d2:a7:19:38:fa:a6:11:d2:ed:3b:40:
         5e:51:65:5c:de:53:ed:c7:ca:8c:42:ea:61:58:34:11:bb:8c:
         7f:ce:7f:e5:58:78:d5:36:5c:a8:20:06:98:c0:04:19:08:6c:
         2d:93:ee:b3:e4:17:35:e2:99:9d:32:1b:32:f9:df:86:b9:67:
         bb:32:61:2d:ad:e1:34:88:ba:88:49:90:81:8d:d2:23:6b:05:
         5f:c5:86:5f
-----BEGIN CERTIFICATE-----
MIIFmDCCBICgAwIBAgICIOYwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QURFMEExMTAvBgNVBAUTKEJFNDg4QjRFNjBBQzZBNzNBNjU2RUZEQkM1RkE2N0Ex
QThERTgxMkEwHhcNMjMwNjEzMDMzNDAxWhcNMjQwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDg3ZTNhOS1mMTRiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAqx9Wl8lnk4WFmTPkySrm9w25FhPlMRWhEB8B3+ca5FB+h/uZlrNXVyx+I1Nd
2edTgrCyC9QrGFaS/KYF88cfxw5W7Rtts8X3UCvmBYO5P8ViRU8Lb7ACDvdIbcrS
ARDyy7K4WMxgZkIg7S6xmmsKqnARR9+K0ntzeVxEA6c8wyxWs7lyT3okRwTmC884
rBqFgdWAy9eIxjT4tFrea6GXRI67Qj1pmMs+ic3Dc4F1qjWwtK+eQLCN3LR3IWye
ckdCP2RGoQM4ygfs6v6bu5D+YQBGVp8QLNFtM2Ze4dzXnAsEbhhfH2zK8g8WTw4N
bQUkWlkp1876INRjLLwkl32iVwIDAQABo4ICvDCCArgwHQYDVR0OBBYEFPI7KVKK
phdQJsj+V3P3hp8m1QGCMB8GA1UdIwQYMBaAFL5Ii05grGpzplbv28X6Z6Go3oEq
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBREUwQS8zMEQ4MDEyNkMx
MTMxMUU1QjAxQTcyNjlDNEY5QUUwMi92a2lMVG1Dc2FuT21WdV9ieGZwbm9hamVn
U28uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3ZraUxUbUNzYW5PbVZ1X2J4ZnBub2FqZWdTby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QURFMEEvMzBEODAxMjZDMTEzMTFFNUIwMUE3MjY5QzRGOUFFMDIvRTkxMUVCOThE
QjZBMTFFRDlEMzg4QTQxQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwRgYIKwYBBQUHAQcBAf8E
NzA1MCQEAgABMB4DBAItfDgDBAJnPdwDBAJnyCADBAJnyzQDBAJn4YgwDQQCAAIw
BwMFACQBC4AwDQYJKoZIhvcNAQELBQADggEBAHuI8TJJb4aOZOXlOBGO4sdQaoFB
HR0lhExnXeYbZetc6sggG5ldiTb0r67kU90tDhnXZoRT7pdzVmiVqjDcPHHhRVyw
uxvD6yJGkFMG0Ww4jC9VtP8wunKldxTt4dAioOjPLfozNO5epv9OUkxe0gPz+gts
cTy21O8N38sGaVK+ZV+3j4yi+yMzJd3sjiR65GCj704Acu5/aVQqKk+M3hBI0ZwM
qWq+vuDSpxk4+qYR0u07QF5RZVzeU+3HyoxC6mFYNBG7jH/Of+VYeNU2XKggBpjA
BBkIbC2T7rPkFzXimZ0yGzL534a5Z7syYS2t4TSIuohJkIGN0iNrBV/Fhl8=
-----END CERTIFICATE-----