Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91DEBE3/80AE10C6045011EABA82C415C4F9AE02/43BDBEACDCAF11ECB80FC175C4F9AE02.roa
File:                     43BDBEACDCAF11ECB80FC175C4F9AE02.roa (raw, json)
Hash identifier:          M0IY+mVTaF8b7K0H3c6YYlRj0hiuNVLIS2jRNxfsNCY=
Subject key identifier:   AD:42:69:74:34:FD:16:E1:E2:F4:39:54:75:1A:57:99:42:AA:4C:5D
Certificate issuer:       /CN=A91DEBE3/serialNumber=DE50542BEA108201A772C00BC9F251AD17FA96CD
Certificate serial:       0980
Authority key identifier: DE:50:54:2B:EA:10:82:01:A7:72:C0:0B:C9:F2:51:AD:17:FA:96:CD
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/3lBUK-oQggGncsALyfJRrRf6ls0.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91DEBE3/80AE10C6045011EABA82C415C4F9AE02/43BDBEACDCAF11ECB80FC175C4F9AE02.roa
Signing time:             Thu 26 May 2022 04:49:46 +0000
ROA not before:           Thu 26 May 2022 04:49:46 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     4864
IP address blocks:        103.214.80.0/24 maxlen: 24
                          103.214.83.0/24 maxlen: 24
                          144.48.87.0/24 maxlen: 24
                          2404:d580::/32 maxlen: 32
                          2404:d580::/48 maxlen: 48
                          2404:d580::/120 maxlen: 120
                          2404:d580:1::/48 maxlen: 48
                          2404:d580:2::/48 maxlen: 48
                          2404:d580:3::/48 maxlen: 48
                          2404:d580:4::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2432 (0x980)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91DEBE3/serialNumber=DE50542BEA108201A772C00BC9F251AD17FA96CD
        Validity
            Not Before: May 26 04:49:46 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=628f06e9-13aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:85:ea:83:7c:13:5a:bb:83:d5:d3:7e:19:a5:
                    9f:be:dd:cd:25:f1:5f:1e:04:92:0a:0b:78:58:48:
                    ff:62:23:1d:e7:45:50:71:a3:0d:81:97:bb:b5:08:
                    26:d1:34:fe:e2:6e:b6:d3:6b:07:4d:ad:7e:c7:9f:
                    6b:55:33:54:0c:1d:fb:bb:db:d8:af:3b:b1:94:4f:
                    e0:88:6e:71:6d:cd:47:f6:11:34:c4:f2:7f:32:62:
                    95:66:ab:b4:8c:7e:c8:6f:32:68:f5:25:f7:8c:be:
                    c0:6e:02:6b:dc:9c:a1:35:35:5e:2a:0e:c2:b9:84:
                    6e:ef:c0:ab:fa:3d:77:53:69:57:b9:58:ac:59:86:
                    71:3e:50:b0:ff:03:67:17:f9:08:41:7c:21:0a:fc:
                    de:e8:47:1a:91:20:17:e1:09:76:cf:d3:97:5d:8f:
                    fe:54:53:04:37:dd:cc:71:0c:fe:4c:91:a8:db:bf:
                    98:7b:74:2b:de:87:6d:98:ec:df:fd:3b:f7:3a:93:
                    2a:d7:ee:56:a2:cb:00:71:c4:e9:64:30:69:a1:b3:
                    0f:7a:03:ba:38:d5:2e:91:c3:d4:49:04:c8:e8:7d:
                    c7:18:6c:11:54:a1:3f:f0:70:5a:51:28:f1:9b:97:
                    73:0b:a8:38:80:a7:c6:62:3c:29:81:07:d9:21:38:
                    e7:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AD:42:69:74:34:FD:16:E1:E2:F4:39:54:75:1A:57:99:42:AA:4C:5D
            X509v3 Authority Key Identifier:
                keyid:DE:50:54:2B:EA:10:82:01:A7:72:C0:0B:C9:F2:51:AD:17:FA:96:CD

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91DEBE3/80AE10C6045011EABA82C415C4F9AE02/3lBUK-oQggGncsALyfJRrRf6ls0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/3lBUK-oQggGncsALyfJRrRf6ls0.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91DEBE3/80AE10C6045011EABA82C415C4F9AE02/43BDBEACDCAF11ECB80FC175C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.214.80.0/24
                  103.214.83.0/24
                  144.48.87.0/24
                IPv6:
                  2404:d580::/32

    Signature Algorithm: sha256WithRSAEncryption
         2e:a7:80:8f:20:9b:aa:7d:e6:9b:86:2e:18:fa:63:c4:87:14:
         5b:d1:f7:f6:98:fb:54:ea:09:70:98:fd:f2:db:da:ca:83:9c:
         e5:fe:71:38:6b:bd:31:5f:fa:98:f5:7b:f2:27:c9:fa:4e:00:
         c1:be:f5:2d:3f:d9:f0:da:e2:27:1e:de:1a:65:b9:2d:a0:85:
         3a:6e:e4:76:c3:f7:53:e7:17:4b:40:ce:07:f7:2a:7d:14:0b:
         14:6a:83:9c:28:f9:00:36:46:be:f2:ba:3e:5f:05:1d:79:88:
         21:fb:ba:75:77:e9:74:08:85:b0:8f:39:18:40:80:f7:e0:ac:
         3f:10:98:1b:0c:1e:1e:3f:be:59:1d:63:e1:f8:af:9d:be:2f:
         6f:75:d1:c8:89:be:57:c9:b3:74:19:c2:8f:ae:68:4f:84:a4:
         36:82:6f:63:87:b2:25:c8:ad:cb:09:c8:39:0f:c9:00:c0:b4:
         a2:de:fd:3a:b6:89:99:26:b0:6e:f1:4e:02:8e:73:6e:56:69:
         f8:26:d7:ba:00:ac:25:70:ce:e9:78:01:0e:9b:74:c0:3b:ca:
         d6:19:0e:63:3c:5e:29:b9:86:55:fc:62:96:a5:31:1e:11:19:
         9f:18:bb:94:10:5f:a7:c1:be:30:a8:fc:47:61:1c:35:72:a7:
         41:6d:94:14
-----BEGIN CERTIFICATE-----
MIIFjDCCBHSgAwIBAgICCYAwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
REVCRTMxMTAvBgNVBAUTKERFNTA1NDJCRUExMDgyMDFBNzcyQzAwQkM5RjI1MUFE
MTdGQTk2Q0QwHhcNMjIwNTI2MDQ0OTQ2WhcNMjMwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MjhmMDZlOS0xM2FhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAwoXqg3wTWruD1dN+GaWfvt3NJfFfHgSSCgt4WEj/YiMd50VQcaMNgZe7tQgm
0TT+4m6202sHTa1+x59rVTNUDB37u9vYrzuxlE/giG5xbc1H9hE0xPJ/MmKVZqu0
jH7IbzJo9SX3jL7AbgJr3JyhNTVeKg7CuYRu78Cr+j13U2lXuVisWYZxPlCw/wNn
F/kIQXwhCvze6EcakSAX4Ql2z9OXXY/+VFMEN93McQz+TJGo27+Ye3Qr3odtmOzf
/Tv3OpMq1+5WossAccTpZDBpobMPegO6ONUukcPUSQTI6H3HGGwRVKE/8HBaUSjx
m5dzC6g4gKfGYjwpgQfZITjntQIDAQABo4ICsDCCAqwwHQYDVR0OBBYEFK1CaXQ0
/Rbh4vQ5VHUaV5lCqkxdMB8GA1UdIwQYMBaAFN5QVCvqEIIBp3LAC8nyUa0X+pbN
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFERUJFMy84MEFFMTBDNjA0
NTAxMUVBQkE4MkM0MTVDNEY5QUUwMi8zbEJVSy1vUWdnR25jc0FMeWZKUnJSZjZs
czAuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzNsQlVLLW9RZ2dHbmNzQUx5ZkpSclJmNmxzMC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
REVCRTMvODBBRTEwQzYwNDUwMTFFQUJBODJDNDE1QzRGOUFFMDIvNDNCREJFQUNE
Q0FGMTFFQ0I4MEZDMTc1QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwOgYIKwYBBQUHAQcBAf8E
KzApMBgEAgABMBIDBABn1lADBABn1lMDBACQMFcwDQQCAAIwBwMFACQE1YAwDQYJ
KoZIhvcNAQELBQADggEBAC6ngI8gm6p95puGLhj6Y8SHFFvR9/aY+1TqCXCY/fLb
2sqDnOX+cThrvTFf+pj1e/InyfpOAMG+9S0/2fDa4ice3hpluS2ghTpu5HbD91Pn
F0tAzgf3Kn0UCxRqg5wo+QA2Rr7yuj5fBR15iCH7unV36XQIhbCPORhAgPfgrD8Q
mBsMHh4/vlkdY+H4r52+L2910ciJvlfJs3QZwo+uaE+EpDaCb2OHsiXIrcsJyDkP
yQDAtKLe/Tq2iZkmsG7xTgKOc25Wafgm17oArCVwzul4AQ6bdMA7ytYZDmM8Xim5
hlX8YpalMR4RGZ8Yu5QQX6fBvjCo/EdhHDVyp0FtlBQ=
-----END CERTIFICATE-----