Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91E6134/5F9AA4BEC2A811EAA7918A2EC4F9AE02/CC3898BE7D2D11EDAFFEDF7CC4F9AE02.roa
File:                     CC3898BE7D2D11EDAFFEDF7CC4F9AE02.roa (raw, json)
Hash identifier:          G9bBNLhgfOZaOkeA7mC5DvnaQ5uRw/gQyPsgua1azag=
Subject key identifier:   F4:26:D2:5C:80:18:E0:60:EC:CC:32:87:8E:BA:39:E7:3A:62:72:56
Certificate issuer:       /CN=A91E6134/serialNumber=8308087911EA49E215DC4926B0226A521E5B39C4
Certificate serial:       0ADB
Authority key identifier: 83:08:08:79:11:EA:49:E2:15:DC:49:26:B0:22:6A:52:1E:5B:39:C4
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gwgIeRHqSeIV3EkmsCJqUh5bOcQ.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91E6134/5F9AA4BEC2A811EAA7918A2EC4F9AE02/CC3898BE7D2D11EDAFFEDF7CC4F9AE02.roa
Signing time:             Tue 18 Apr 2023 11:01:06 +0000
ROA not before:           Tue 18 Apr 2023 11:01:06 +0000
ROA not after:            Sun 30 Jul 2023 00:00:00 +0000
asID:                     10753
IP address blocks:        43.254.12.0/22 maxlen: 24
                          115.167.52.0/22 maxlen: 24
                          115.167.100.0/22 maxlen: 24
                          175.110.64.0/22 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2779 (0xadb)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E6134/serialNumber=8308087911EA49E215DC4926B0226A521E5B39C4
        Validity
            Not Before: Apr 18 11:01:06 2023 GMT
            Not After : Jul 30 00:00:00 2023 GMT
        Subject: CN=643e7871-ffa8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:8e:03:d3:e2:03:57:6f:94:99:38:a0:7b:48:
                    22:c1:7a:1f:34:48:2e:b6:8a:69:15:6e:34:3d:9e:
                    fa:c5:f0:60:99:2d:c7:c6:f6:08:a5:c5:ee:6e:cb:
                    ef:9f:2a:b9:82:10:a6:70:79:ab:cc:49:b6:58:ed:
                    da:45:67:b9:db:82:a6:ac:43:17:9e:fc:ba:f9:92:
                    10:5e:27:f6:b7:3c:87:0d:ec:03:d5:36:62:76:3f:
                    dd:70:d9:ee:cc:52:f1:a2:b8:de:01:43:2c:52:8e:
                    27:8f:91:20:c0:b1:16:06:ec:a5:4b:6c:aa:5a:a0:
                    4e:01:40:54:83:8e:7c:a0:3c:cd:f5:89:60:1c:6f:
                    10:f8:83:63:33:ce:48:31:a9:c3:81:c5:ce:81:52:
                    7b:a9:6a:46:c8:59:50:42:eb:6f:ca:fe:9d:96:bd:
                    14:49:5a:4f:7d:df:59:50:2f:ef:f6:5c:05:38:cb:
                    ca:17:9f:0b:df:12:1d:15:e1:26:a3:79:75:74:14:
                    0f:4f:25:56:a5:4f:27:b2:4d:59:53:16:17:bd:15:
                    df:95:ec:d1:30:f6:04:b6:63:ec:bc:d7:28:cc:8d:
                    4b:b4:6e:61:d6:76:30:4f:e7:18:d5:2d:32:8e:bc:
                    6b:cc:1d:c5:6d:0a:20:00:01:91:2f:34:8a:89:22:
                    18:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:26:D2:5C:80:18:E0:60:EC:CC:32:87:8E:BA:39:E7:3A:62:72:56
            X509v3 Authority Key Identifier:
                keyid:83:08:08:79:11:EA:49:E2:15:DC:49:26:B0:22:6A:52:1E:5B:39:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91E6134/5F9AA4BEC2A811EAA7918A2EC4F9AE02/gwgIeRHqSeIV3EkmsCJqUh5bOcQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gwgIeRHqSeIV3EkmsCJqUh5bOcQ.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91E6134/5F9AA4BEC2A811EAA7918A2EC4F9AE02/CC3898BE7D2D11EDAFFEDF7CC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.254.12.0/22
                  115.167.52.0/22
                  115.167.100.0/22
                  175.110.64.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ae:50:bd:ac:f1:be:88:8f:67:fa:42:1d:50:10:dc:4b:d2:42:
         5e:e7:b5:61:0a:a0:05:37:c8:0d:1b:52:e6:62:5c:a9:2a:82:
         fc:37:27:80:21:97:ba:21:d2:b3:e7:61:fc:7d:db:eb:fc:65:
         5c:52:69:85:51:3f:ce:d7:e1:81:26:ac:bf:93:86:93:4e:11:
         e7:7d:b8:c9:e7:76:a1:b2:b5:7b:e5:c9:69:7d:7b:3d:c0:3d:
         22:c3:17:15:f1:13:a7:4a:b9:84:3f:6b:8b:b7:8a:6c:42:4c:
         00:72:57:13:bd:f4:1f:79:d0:60:36:b5:d8:81:d5:a9:73:a1:
         fe:4b:66:7f:b7:e1:fe:55:33:cc:86:85:f8:e0:72:f5:5c:9d:
         05:c0:ba:b7:48:e3:aa:9e:22:f0:b8:0d:1c:af:51:0d:ee:26:
         e1:17:c4:b0:32:2b:7a:07:eb:2f:08:a7:6a:5e:7a:ac:4a:7d:
         f2:ba:aa:62:c2:e2:9a:b4:69:e8:a8:d8:c8:b9:de:59:dd:c1:
         ac:2f:ff:51:9b:35:6e:be:66:35:52:cd:60:7d:67:5f:f8:29:
         b4:89:7a:b8:15:d0:62:28:1c:cd:31:83:c9:74:0d:f0:44:ac:
         aa:3d:9e:73:f1:49:62:04:43:69:5c:2d:37:aa:4b:97:5b:ec:
         3c:4b:9a:b1
-----BEGIN CERTIFICATE-----
MIIFgzCCBGugAwIBAgICCtswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RTYxMzQxMTAvBgNVBAUTKDgzMDgwODc5MTFFQTQ5RTIxNURDNDkyNkIwMjI2QTUy
MUU1QjM5QzQwHhcNMjMwNDE4MTEwMTA2WhcNMjMwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDNlNzg3MS1mZmE4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAy44D0+IDV2+UmTige0giwXofNEgutoppFW40PZ76xfBgmS3HxvYIpcXubsvv
nyq5ghCmcHmrzEm2WO3aRWe524KmrEMXnvy6+ZIQXif2tzyHDewD1TZidj/dcNnu
zFLxorjeAUMsUo4nj5EgwLEWBuylS2yqWqBOAUBUg458oDzN9YlgHG8Q+INjM85I
ManDgcXOgVJ7qWpGyFlQQutvyv6dlr0USVpPfd9ZUC/v9lwFOMvKF58L3xIdFeEm
o3l1dBQPTyVWpU8nsk1ZUxYXvRXflezRMPYEtmPsvNcozI1LtG5h1nYwT+cY1S0y
jrxrzB3FbQogAAGRLzSKiSIY4wIDAQABo4ICpzCCAqMwHQYDVR0OBBYEFPQm0lyA
GOBg7Mwyh466Oec6YnJWMB8GA1UdIwQYMBaAFIMICHkR6kniFdxJJrAialIeWznE
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFNjEzNC81RjlBQTRCRUMy
QTgxMUVBQTc5MThBMkVDNEY5QUUwMi9nd2dJZVJIcVNlSVYzRWttc0NKcVVoNWJP
Y1EuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2d3Z0llUkhxU2VJVjNFa21zQ0pxVWg1Yk9jUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RTYxMzQvNUY5QUE0QkVDMkE4MTFFQUE3OTE4QTJFQzRGOUFFMDIvQ0MzODk4QkU3
RDJEMTFFREFGRkVERjdDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMQYIKwYBBQUHAQcBAf8E
IjAgMB4EAgABMBgDBAIr/gwDBAJzpzQDBAJzp2QDBAKvbkAwDQYJKoZIhvcNAQEL
BQADggEBAK5QvazxvoiPZ/pCHVAQ3EvSQl7ntWEKoAU3yA0bUuZiXKkqgvw3J4Ah
l7oh0rPnYfx92+v8ZVxSaYVRP87X4YEmrL+ThpNOEed9uMnndqGytXvlyWl9ez3A
PSLDFxXxE6dKuYQ/a4u3imxCTAByVxO99B950GA2tdiB1alzof5LZn+34f5VM8yG
hfjgcvVcnQXAurdI46qeIvC4DRyvUQ3uJuEXxLAyK3oH6y8Ip2peeqxKffK6qmLC
4pq0aeio2Mi53lndwawv/1GbNW6+ZjVSzWB9Z1/4KbSJergV0GIoHM0xg8l0DfBE
rKo9nnPxSWIEQ2lcLTeqS5db7DxLmrE=
-----END CERTIFICATE-----