Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91CB7AB/56786568400911EBA374225BC4F9AE02/68CC1FD4DB6611EDB3746966C4F9AE02.roa
File:                     68CC1FD4DB6611EDB3746966C4F9AE02.roa (raw, json)
Hash identifier:          srjDYNjq+0+kHqMirsI83MSlmzcN6A+R/VGDkUJqGpw=
Subject key identifier:   0B:A9:6B:E1:65:42:AE:A9:E9:21:21:AE:B3:F6:A8:4D:B4:46:56:0B
Certificate issuer:       /CN=A91CB7AB/serialNumber=3DE9D3DFF6E048FD908146502E4F08E456F3D9BC
Certificate serial:       0606
Authority key identifier: 3D:E9:D3:DF:F6:E0:48:FD:90:81:46:50:2E:4F:08:E4:56:F3:D9:BC
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/PenT3_bgSP2QgUZQLk8I5Fbz2bw.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91CB7AB/56786568400911EBA374225BC4F9AE02/68CC1FD4DB6611EDB3746966C4F9AE02.roa
Signing time:             Sat 06 May 2023 22:41:28 +0000
ROA not before:           Sat 06 May 2023 22:41:28 +0000
ROA not after:            Sun 31 Mar 2024 00:00:00 +0000
asID:                     49999
IP address blocks:        202.139.240.0/22 maxlen: 24
                          202.139.244.0/22 maxlen: 24
                          202.139.248.0/22 maxlen: 24
                          202.148.136.0/22 maxlen: 24
                          210.247.204.0/22 maxlen: 24
                          210.247.208.0/22 maxlen: 24
                          210.247.212.0/22 maxlen: 24
                          210.247.228.0/22 maxlen: 24
                          210.247.236.0/22 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1542 (0x606)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91CB7AB/serialNumber=3DE9D3DFF6E048FD908146502E4F08E456F3D9BC
        Validity
            Not Before: May  6 22:41:28 2023 GMT
            Not After : Mar 31 00:00:00 2024 GMT
        Subject: CN=6456d798-a8dc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:7e:cb:1c:37:3b:9e:e2:b4:2b:88:86:d3:cf:
                    d2:96:71:4e:bb:5c:f4:0b:f8:69:d5:a6:14:93:50:
                    b8:fb:81:4f:f7:58:d8:8a:49:3f:34:95:4d:4c:d1:
                    36:b3:3e:09:9d:dd:bd:7d:3a:8e:28:d8:07:14:a8:
                    d5:b5:8e:e4:c5:20:82:8e:80:b6:2a:50:c6:f7:5f:
                    8c:f6:2c:c2:96:1b:58:2a:96:b2:a2:0b:c9:a0:14:
                    d7:b8:92:17:06:9b:64:d0:b8:84:cb:9d:03:1a:c5:
                    0f:2a:77:33:a8:e9:76:82:49:86:c6:97:3b:84:37:
                    79:54:52:c7:5c:55:82:20:50:38:ae:7e:6d:76:39:
                    3a:09:fd:d1:7d:d7:b7:07:48:b3:de:eb:1b:af:04:
                    82:a0:0e:db:d6:b3:cd:56:1f:3a:fe:de:66:44:16:
                    5d:2f:13:3f:95:12:0f:23:d3:cf:36:7e:a2:8e:bd:
                    46:b3:d2:c7:51:23:92:d3:be:1c:d8:f6:22:8a:6d:
                    95:96:9e:d4:4d:6d:99:e1:10:65:17:39:e9:68:cd:
                    37:cf:21:80:58:6c:ce:14:88:31:f5:27:c1:ea:1f:
                    ff:c8:a2:e7:11:88:9b:33:bc:0c:ea:dc:69:b4:5a:
                    04:47:c5:b4:7f:bd:c2:83:0a:de:ed:b7:6c:e6:ef:
                    04:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                0B:A9:6B:E1:65:42:AE:A9:E9:21:21:AE:B3:F6:A8:4D:B4:46:56:0B
            X509v3 Authority Key Identifier:
                keyid:3D:E9:D3:DF:F6:E0:48:FD:90:81:46:50:2E:4F:08:E4:56:F3:D9:BC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91CB7AB/56786568400911EBA374225BC4F9AE02/PenT3_bgSP2QgUZQLk8I5Fbz2bw.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/PenT3_bgSP2QgUZQLk8I5Fbz2bw.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91CB7AB/56786568400911EBA374225BC4F9AE02/68CC1FD4DB6611EDB3746966C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.139.240.0-202.139.251.255
                  202.148.136.0/22
                  210.247.204.0-210.247.215.255
                  210.247.228.0/22
                  210.247.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         c4:f7:17:a5:7e:d8:ff:ee:b8:51:f1:c0:8f:f7:0e:97:20:de:
         32:4b:4b:6f:94:6e:da:c1:3c:8f:06:bd:e1:ef:84:05:55:28:
         b0:8b:7d:9c:5b:21:c1:42:43:fe:05:a0:15:85:84:62:db:12:
         e1:09:2c:67:23:74:b1:79:8f:37:fb:7a:85:5a:cb:cc:9e:88:
         92:c1:cb:ab:bd:1a:ed:8e:64:77:a9:c9:e6:3d:83:02:39:98:
         7e:7f:3b:ce:51:a8:24:21:9b:0e:18:67:b2:9d:00:a3:58:33:
         e0:51:0b:42:a1:cb:a4:cb:74:fe:13:19:cb:ac:bc:d8:65:8b:
         ef:25:a4:75:c1:aa:20:e9:66:f6:bb:20:6b:52:7a:db:09:3d:
         2c:30:e9:e2:05:27:5e:e6:c5:5c:cf:4d:5e:6d:ca:62:fc:31:
         51:3b:9a:3d:6a:57:e4:75:71:51:78:47:65:ca:2d:84:bb:c2:
         1f:a2:67:3f:2c:c9:2a:bb:6c:24:fc:59:3b:e8:d8:f3:fa:58:
         68:52:0f:26:74:60:bf:3f:66:7f:43:7a:c6:e6:19:2f:34:c8:
         e3:7a:a1:e9:12:5f:8d:c6:1b:4b:8e:ca:77:9f:81:2e:11:e6:
         f9:cf:b2:0e:eb:c0:2e:b4:5c:66:85:67:5e:50:24:46:84:b2:
         09:92:2e:8d
-----BEGIN CERTIFICATE-----
MIIFmTCCBIGgAwIBAgICBgYwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Q0I3QUIxMTAvBgNVBAUTKDNERTlEM0RGRjZFMDQ4RkQ5MDgxNDY1MDJFNEYwOEU0
NTZGM0Q5QkMwHhcNMjMwNTA2MjI0MTI4WhcNMjQwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDU2ZDc5OC1hOGRjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAtX7LHDc7nuK0K4iG08/SlnFOu1z0C/hp1aYUk1C4+4FP91jYikk/NJVNTNE2
sz4Jnd29fTqOKNgHFKjVtY7kxSCCjoC2KlDG91+M9izClhtYKpayogvJoBTXuJIX
Bptk0LiEy50DGsUPKnczqOl2gkmGxpc7hDd5VFLHXFWCIFA4rn5tdjk6Cf3Rfde3
B0iz3usbrwSCoA7b1rPNVh86/t5mRBZdLxM/lRIPI9PPNn6ijr1Gs9LHUSOS074c
2PYiim2Vlp7UTW2Z4RBlFznpaM03zyGAWGzOFIgx9SfB6h//yKLnEYibM7wM6txp
tFoER8W0f73Cgwre7bds5u8ESQIDAQABo4ICvTCCArkwHQYDVR0OBBYEFAupa+Fl
Qq6p6SEhrrP2qE20RlYLMB8GA1UdIwQYMBaAFD3p09/24Ej9kIFGUC5PCORW89m8
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDQjdBQi81Njc4NjU2ODQw
MDkxMUVCQTM3NDIyNUJDNEY5QUUwMi9QZW5UM19iZ1NQMlFnVVpRTGs4STVGYnoy
YncuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1BlblQzX2JnU1AyUWdVWlFMazhJNUZiejJidy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Q0I3QUIvNTY3ODY1Njg0MDA5MTFFQkEzNzQyMjVCQzRGOUFFMDIvNjhDQzFGRDRE
QjY2MTFFREIzNzQ2OTY2QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwRwYIKwYBBQUHAQcBAf8E
ODA2MDQEAgABMC4wDAMEBMqL8AMEAsqL+AMEAsqUiDAMAwQC0vfMAwQD0vfQAwQC
0vfkAwQC0vfsMA0GCSqGSIb3DQEBCwUAA4IBAQDE9xelftj/7rhR8cCP9w6XIN4y
S0tvlG7awTyPBr3h74QFVSiwi32cWyHBQkP+BaAVhYRi2xLhCSxnI3SxeY83+3qF
WsvMnoiSwcurvRrtjmR3qcnmPYMCOZh+fzvOUagkIZsOGGeynQCjWDPgUQtCocuk
y3T+ExnLrLzYZYvvJaR1waog6Wb2uyBrUnrbCT0sMOniBSde5sVcz01ebcpi/DFR
O5o9alfkdXFReEdlyi2Eu8Ifomc/LMkqu2wk/Fk76Njz+lhoUg8mdGC/P2Z/Q3rG
5hkvNMjjeqHpEl+NxhtLjsp3n4EuEeb5z7IO68AutFxmhWdeUCRGhLIJki6N
-----END CERTIFICATE-----