Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91E6DB3/53AA1BD4C60811EC9B31446DC4F9AE02/76B754FAC60A11EC96B5966DC4F9AE02.roa
File:                     76B754FAC60A11EC96B5966DC4F9AE02.roa (raw, json)
Hash identifier:          y71RLV64wDRP3Cksp41QmDRBpADUjX6X3XXUqXQZfpo=
Subject key identifier:   F5:BC:5A:FE:4F:DE:E4:AA:FE:E6:12:17:E6:B7:4E:33:BE:97:01:9B
Certificate issuer:       /CN=A91E6DB3/serialNumber=037246D514B82340EDE06289BF1BC8C459DBFCE5
Certificate serial:       02
Authority key identifier: 03:72:46:D5:14:B8:23:40:ED:E0:62:89:BF:1B:C8:C4:59:DB:FC:E5
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/A3JG1RS4I0Dt4GKJvxvIxFnb_OU.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91E6DB3/53AA1BD4C60811EC9B31446DC4F9AE02/76B754FAC60A11EC96B5966DC4F9AE02.roa
Signing time:             Wed 27 Apr 2022 09:14:39 +0000
ROA not before:           Wed 27 Apr 2022 09:14:39 +0000
ROA not after:            Fri 30 Sep 2022 00:00:00 +0000
asID:                     132742
IP address blocks:        45.121.56.0/24 maxlen: 24
                          45.121.57.0/24 maxlen: 24
                          45.121.58.0/24 maxlen: 24
                          45.121.59.0/24 maxlen: 24
                          103.61.144.0/24 maxlen: 24
                          103.61.145.0/24 maxlen: 24
                          103.61.146.0/24 maxlen: 24
                          103.61.147.0/24 maxlen: 24
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E6DB3, serialNumber=037246D514B82340EDE06289BF1BC8C459DBFCE5
        Validity
            Not Before: Apr 27 09:14:39 2022 GMT
            Not After : Sep 30 00:00:00 2022 GMT
        Subject: CN=6269097e-f3ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:8e:dc:dd:1f:ec:cf:a5:9b:4d:59:95:e7:85:
                    45:99:83:e6:c3:1f:9a:41:bf:44:d1:f0:d7:3c:db:
                    66:96:6a:e5:8e:2e:63:38:42:91:d8:68:f9:9e:86:
                    dd:99:61:e5:6f:68:d5:e3:05:d3:c1:2a:50:c8:0e:
                    bc:55:e4:8f:a9:67:34:84:b8:4a:21:49:1e:90:0c:
                    f3:bc:39:8f:07:79:fe:d7:1c:42:ad:95:d9:16:7a:
                    88:48:bf:2d:55:93:b0:6f:d8:f1:c0:34:c8:69:ac:
                    9e:99:22:b7:fc:50:0a:2d:56:3d:53:c6:94:ed:f9:
                    46:aa:23:38:c1:f5:ce:9b:e2:19:21:f1:75:24:80:
                    2a:51:8b:c7:a5:7e:b6:99:0a:55:13:ea:ba:fb:9a:
                    8c:c1:c2:57:a9:c5:e7:aa:e3:b6:1b:ad:92:6b:0d:
                    5d:70:e6:45:7b:4b:ed:3c:da:af:c3:97:9f:33:e5:
                    01:f0:dc:2b:c8:d5:9c:1e:5b:53:47:e9:eb:09:9d:
                    15:75:b9:db:c4:ac:7d:8c:36:8d:8a:cc:82:d1:52:
                    55:95:3d:e2:fc:31:c4:03:8a:0d:ec:79:f6:00:8e:
                    47:28:bf:ba:ca:45:45:6d:f9:6e:84:35:3f:36:66:
                    4a:41:cd:00:b5:a3:0b:c2:fb:2a:42:58:f2:64:ab:
                    74:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:BC:5A:FE:4F:DE:E4:AA:FE:E6:12:17:E6:B7:4E:33:BE:97:01:9B
            X509v3 Authority Key Identifier:
                keyid:03:72:46:D5:14:B8:23:40:ED:E0:62:89:BF:1B:C8:C4:59:DB:FC:E5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91E6DB3/53AA1BD4C60811EC9B31446DC4F9AE02/A3JG1RS4I0Dt4GKJvxvIxFnb_OU.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/A3JG1RS4I0Dt4GKJvxvIxFnb_OU.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91E6DB3/53AA1BD4C60811EC9B31446DC4F9AE02/76B754FAC60A11EC96B5966DC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.121.56.0/22
                  103.61.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         37:4e:5f:42:83:56:51:d7:93:69:59:55:9c:3f:8c:48:00:13:
         f0:91:cb:6e:27:28:99:ff:da:60:c1:90:97:97:ce:f0:57:77:
         a9:c4:ac:18:6e:03:36:6f:26:0f:be:fa:64:9f:ea:b8:b9:92:
         36:5c:11:8c:c9:c3:69:e0:71:cd:e7:13:e3:4c:76:c4:17:15:
         30:f2:18:4e:d6:eb:0d:da:41:b1:9d:ed:07:fe:1e:0a:d8:ea:
         5e:cc:ca:36:21:29:05:10:43:c1:cd:7e:d6:1f:43:24:9b:d2:
         6e:84:fa:03:82:34:a2:28:34:57:29:74:59:fb:38:70:cc:6a:
         41:2a:17:fe:f1:01:39:00:76:72:60:d8:e3:a7:e7:45:b9:67:
         26:f6:ef:5f:eb:3c:9d:d5:58:8c:a5:30:11:86:10:fc:b9:35:
         4b:fe:5c:18:0a:72:58:30:e0:9d:d2:08:0d:51:f1:fc:f3:3d:
         f0:99:59:3c:49:69:39:62:6c:b6:a7:9f:ba:3a:37:79:51:4b:
         9f:50:cd:bc:cd:91:b0:cf:4a:bd:49:9e:77:af:b5:f4:00:dd:
         4a:55:60:17:f4:bc:05:67:9b:45:c6:cc:e7:b9:d2:2e:59:79:
         d7:78:0e:88:53:ae:58:98:cf:48:d0:48:d0:fb:cc:33:6a:61:
         9d:b1:c5:ed
-----BEGIN CERTIFICATE-----
MIIFdjCCBF6gAwIBAgIBAjANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFF
NkRCMzExMC8GA1UEBRMoMDM3MjQ2RDUxNEI4MjM0MEVERTA2Mjg5QkYxQkM4QzQ1
OURCRkNFNTAeFw0yMjA0MjcwOTE0MzlaFw0yMjA5MzAwMDAwMDBaMBgxFjAUBgNV
BAMTDTYyNjkwOTdlLWYzYWIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDVjtzdH+zPpZtNWZXnhUWZg+bDH5pBv0TR8Nc822aWauWOLmM4QpHYaPmeht2Z
YeVvaNXjBdPBKlDIDrxV5I+pZzSEuEohSR6QDPO8OY8Hef7XHEKtldkWeohIvy1V
k7Bv2PHANMhprJ6ZIrf8UAotVj1TxpTt+UaqIzjB9c6b4hkh8XUkgCpRi8elfraZ
ClUT6rr7mozBwlepxeeq47YbrZJrDV1w5kV7S+082q/Dl58z5QHw3CvI1ZweW1NH
6esJnRV1udvErH2MNo2KzILRUlWVPeL8McQDig3sefYAjkcov7rKRUVt+W6ENT82
ZkpBzQC1owvC+ypCWPJkq3T3AgMBAAGjggKbMIIClzAdBgNVHQ4EFgQU9bxa/k/e
5Kr+5hIX5rdOM76XAZswHwYDVR0jBBgwFoAUA3JG1RS4I0Dt4GKJvxvIxFnb/OUw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUU2REIzLzUzQUExQkQ0QzYw
ODExRUM5QjMxNDQ2REM0RjlBRTAyL0EzSkcxUlM0STBEdDRHS0p2eHZJeEZuYl9P
VS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvQTNKRzFSUzRJMER0NEdLSnZ4dkl4Rm5iX09VLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFF
NkRCMy81M0FBMUJENEM2MDgxMUVDOUIzMTQ0NkRDNEY5QUUwMi83NkI3NTRGQUM2
MEExMUVDOTZCNTk2NkRDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAlBggrBgEFBQcBBwEB/wQW
MBQwEgQCAAEwDAMEAi15OAMEAmc9kDANBgkqhkiG9w0BAQsFAAOCAQEAN05fQoNW
UdeTaVlVnD+MSAAT8JHLbicomf/aYMGQl5fO8Fd3qcSsGG4DNm8mD776ZJ/quLmS
NlwRjMnDaeBxzecT40x2xBcVMPIYTtbrDdpBsZ3tB/4eCtjqXszKNiEpBRBDwc1+
1h9DJJvSboT6A4I0oig0Vyl0Wfs4cMxqQSoX/vEBOQB2cmDY46fnRblnJvbvX+s8
ndVYjKUwEYYQ/Lk1S/5cGApyWDDgndIIDVHx/PM98JlZPElpOWJstqefujo3eVFL
n1DNvM2RsM9KvUmed6+19ADdSlVgF/S8BWebRcbM57nSLll513gOiFOuWJjPSNBI
0PvMM2phnbHF7Q==
-----END CERTIFICATE-----