Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A912FC73/0144CDF89F3411EC9CEBC670C4F9AE02/D2E452A606E611ED819D663AC4F9AE02.roa
File:                     D2E452A606E611ED819D663AC4F9AE02.roa (raw, json)
Hash identifier:          +NywiwPZk1S5BEYnvhXX2XQ/uEkJ7f2DwLqjfEBQ7NE=
Subject key identifier:   4D:1C:A9:5E:2D:62:4B:7A:2C:79:96:28:94:05:93:35:4E:41:1E:FC
Certificate issuer:       /CN=A912FC73/serialNumber=CEE41601EEA9F51B3525DA55DD4AC95CEFAF5ABC
Certificate serial:       01B7
Authority key identifier: CE:E4:16:01:EE:A9:F5:1B:35:25:DA:55:DD:4A:C9:5C:EF:AF:5A:BC
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/zuQWAe6p9Rs1JdpV3UrJXO-vWrw.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A912FC73/0144CDF89F3411EC9CEBC670C4F9AE02/D2E452A606E611ED819D663AC4F9AE02.roa
Signing time:             Tue 11 Oct 2022 04:53:56 +0000
ROA not before:           Tue 11 Oct 2022 04:53:56 +0000
ROA not after:            Sat 30 Dec 2023 00:00:00 +0000
asID:                     996
IP address blocks:        223.29.128.0/22 maxlen: 22
                          223.29.132.0/22 maxlen: 22
                          223.29.136.0/22 maxlen: 22
                          223.29.140.0/22 maxlen: 22
                          223.29.144.0/22 maxlen: 22
                          223.29.148.0/22 maxlen: 22
                          223.29.152.0/22 maxlen: 22
                          223.29.156.0/22 maxlen: 22

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 439 (0x1b7)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A912FC73/serialNumber=CEE41601EEA9F51B3525DA55DD4AC95CEFAF5ABC
        Validity
            Not Before: Oct 11 04:53:56 2022 GMT
            Not After : Dec 30 00:00:00 2023 GMT
        Subject: CN=6344f6e3-2e35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:f7:a1:9e:72:42:92:bc:b7:69:c8:9b:2c:bb:
                    dd:e9:9d:35:b2:65:e4:0b:c9:f3:d1:5b:10:93:58:
                    99:e2:b3:40:0a:6a:4d:b1:b1:8f:3b:00:34:99:a7:
                    b5:90:44:5f:0b:38:66:36:83:b1:7a:50:2f:ab:7e:
                    cf:b9:71:a7:46:9f:c1:d3:a5:a0:18:14:1e:bc:ae:
                    86:f5:3b:41:81:46:aa:2c:da:e1:67:ac:40:a9:d0:
                    ee:85:d8:ee:13:1f:78:47:c0:c7:2c:23:14:6d:67:
                    0f:af:75:5f:84:84:49:77:1b:72:bf:50:13:b8:73:
                    63:07:b9:a7:73:c1:de:31:0c:1c:7f:b2:05:20:1a:
                    88:19:c8:4f:81:04:04:36:ec:23:7a:a3:3e:19:79:
                    8b:98:1d:d5:ca:98:b9:3b:eb:e0:ab:f5:37:b0:fb:
                    05:4d:6c:2b:6e:e3:cb:bb:2d:3b:bc:ae:c1:23:17:
                    20:44:6f:7f:c9:a8:b0:6d:eb:97:1c:34:25:df:f7:
                    d5:8d:97:f6:68:dc:e0:4e:26:c2:66:4f:c1:23:ca:
                    7b:dd:5e:89:9b:56:20:6a:bb:d0:b9:05:63:11:57:
                    39:ec:f3:2a:26:e1:83:8a:f3:3a:b3:ed:f7:c7:6f:
                    e9:22:c7:35:1c:b2:d6:3a:aa:82:a3:94:81:4b:ac:
                    4c:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:1C:A9:5E:2D:62:4B:7A:2C:79:96:28:94:05:93:35:4E:41:1E:FC
            X509v3 Authority Key Identifier:
                keyid:CE:E4:16:01:EE:A9:F5:1B:35:25:DA:55:DD:4A:C9:5C:EF:AF:5A:BC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A912FC73/0144CDF89F3411EC9CEBC670C4F9AE02/zuQWAe6p9Rs1JdpV3UrJXO-vWrw.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/zuQWAe6p9Rs1JdpV3UrJXO-vWrw.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A912FC73/0144CDF89F3411EC9CEBC670C4F9AE02/D2E452A606E611ED819D663AC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  223.29.128.0/19

    Signature Algorithm: sha256WithRSAEncryption
         0e:e7:77:8e:4e:01:93:80:13:54:33:98:e9:b8:f9:2a:b8:86:
         20:d5:f4:45:19:bc:95:7b:df:9f:4c:4e:cb:d1:88:7b:1b:47:
         33:16:fd:94:a7:a8:58:c8:42:f2:ec:1b:69:57:7e:08:9d:8f:
         ac:d7:20:a4:2e:6b:b4:33:e0:d2:04:ae:4a:b6:d6:66:c1:d6:
         49:94:00:94:63:9b:03:1e:b1:9b:8d:d2:dd:46:e9:57:32:a5:
         ed:01:27:f1:37:04:55:e1:38:9c:d6:26:44:8a:d9:fc:16:5b:
         64:d2:e9:5a:b4:2d:08:38:cb:76:20:15:91:ce:c8:20:c5:fa:
         0c:e2:ff:bb:69:91:93:7d:de:74:1c:11:03:17:5f:00:1c:26:
         08:46:a6:37:6b:26:fc:95:c9:ee:7b:15:ac:91:00:10:0c:4c:
         5c:e5:9c:2c:c8:10:db:9b:cc:d3:e5:9f:49:5c:82:60:02:6a:
         23:10:9c:6c:07:32:03:04:25:e8:ec:34:6f:b8:c4:19:23:a6:
         b0:5e:2c:5b:91:3c:2f:a5:d2:2e:90:2d:01:55:0f:d7:77:3b:
         98:84:fe:25:8f:3a:9e:01:33:b3:55:1d:73:d8:5d:dc:15:d5:
         05:3f:a8:10:b4:68:90:90:af:a0:3b:cb:fa:ee:0e:1c:1d:e5:
         5f:f8:9c:21
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICAbcwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MkZDNzMxMTAvBgNVBAUTKENFRTQxNjAxRUVBOUY1MUIzNTI1REE1NURENEFDOTVD
RUZBRjVBQkMwHhcNMjIxMDExMDQ1MzU2WhcNMjMxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02MzQ0ZjZlMy0yZTM1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAvfehnnJCkry3acibLLvd6Z01smXkC8nz0VsQk1iZ4rNACmpNsbGPOwA0mae1
kERfCzhmNoOxelAvq37PuXGnRp/B06WgGBQevK6G9TtBgUaqLNrhZ6xAqdDuhdju
Ex94R8DHLCMUbWcPr3VfhIRJdxtyv1ATuHNjB7mnc8HeMQwcf7IFIBqIGchPgQQE
NuwjeqM+GXmLmB3Vypi5O+vgq/U3sPsFTWwrbuPLuy07vK7BIxcgRG9/yaiwbeuX
HDQl3/fVjZf2aNzgTibCZk/BI8p73V6Jm1YgarvQuQVjEVc57PMqJuGDivM6s+33
x2/pIsc1HLLWOqqCo5SBS6xMuQIDAQABo4IClTCCApEwHQYDVR0OBBYEFE0cqV4t
Ykt6LHmWKJQFkzVOQR78MB8GA1UdIwQYMBaAFM7kFgHuqfUbNSXaVd1KyVzvr1q8
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEyRkM3My8wMTQ0Q0RGODlG
MzQxMUVDOUNFQkM2NzBDNEY5QUUwMi96dVFXQWU2cDlSczFKZHBWM1VySlhPLXZX
cncuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3p1UVdBZTZwOVJzMUpkcFYzVXJKWE8tdldydy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MkZDNzMvMDE0NENERjg5RjM0MTFFQzlDRUJDNjcwQzRGOUFFMDIvRDJFNDUyQTYw
NkU2MTFFRDgxOUQ2NjNBQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAXfHYAwDQYJKoZIhvcNAQELBQADggEBAA7nd45OAZOAE1Qz
mOm4+Sq4hiDV9EUZvJV7359MTsvRiHsbRzMW/ZSnqFjIQvLsG2lXfgidj6zXIKQu
a7Qz4NIErkq21mbB1kmUAJRjmwMesZuN0t1G6Vcype0BJ/E3BFXhOJzWJkSK2fwW
W2TS6Vq0LQg4y3YgFZHOyCDF+gzi/7tpkZN93nQcEQMXXwAcJghGpjdrJvyVye57
FayRABAMTFzlnCzIENubzNPln0lcgmACaiMQnGwHMgMEJejsNG+4xBkjprBeLFuR
PC+l0i6QLQFVD9d3O5iE/iWPOp4BM7NVHXPYXdwV1QU/qBC0aJCQr6A7y/ruDhwd
5V/4nCE=
-----END CERTIFICATE-----