Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A912FCD6/1E9E1AACD2EA11E5AFB1E24CC4F9AE02/AED80FEA74A211EDA517AC36C4F9AE02.roa
File:                     AED80FEA74A211EDA517AC36C4F9AE02.roa (raw, json)
Hash identifier:          r0I7njE4tF3MP4IZKyfhA39rHv0rZauwe//iQW2leDQ=
Subject key identifier:   78:B7:9F:1B:D0:57:70:69:63:86:EB:6E:2A:A5:AE:C4:D0:58:A6:8C
Certificate issuer:       /CN=A912FCD6/serialNumber=53BF0DD780DB038ECE14D40459BAB9C68F69853B
Certificate serial:       200C
Authority key identifier: 53:BF:0D:D7:80:DB:03:8E:CE:14:D4:04:59:BA:B9:C6:8F:69:85:3B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/U78N14DbA47OFNQEWbq5xo9phTs.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A912FCD6/1E9E1AACD2EA11E5AFB1E24CC4F9AE02/AED80FEA74A211EDA517AC36C4F9AE02.roa
Signing time:             Thu 12 Jan 2023 15:55:16 +0000
ROA not before:           Thu 12 Jan 2023 15:55:16 +0000
ROA not after:            Sun 30 Jul 2023 00:00:00 +0000
asID:                     134128
IP address blocks:        59.153.28.0/22 maxlen: 24
                          103.18.80.0/22 maxlen: 24
                          103.54.148.0/22 maxlen: 24
                          180.210.220.0/22 maxlen: 24
                          2402:3b80::/32 maxlen: 32
                          2402:3b80::/48 maxlen: 48
                          2402:3b80:1::/48 maxlen: 48
                          2402:3b80:2::/48 maxlen: 48
                          2402:3b80:3::/48 maxlen: 48
                          2402:3b80:4::/48 maxlen: 48
                          2402:3b80:5::/48 maxlen: 48
                          2402:3b80:6::/48 maxlen: 48
                          2402:3b80:7::/48 maxlen: 48
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 8204 (0x200c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A912FCD6, serialNumber=53BF0DD780DB038ECE14D40459BAB9C68F69853B
        Validity
            Not Before: Jan 12 15:55:16 2023 GMT
            Not After : Jul 30 00:00:00 2023 GMT
        Subject: CN=63c02d64-a705
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:6c:4c:34:fc:29:3f:eb:10:45:d0:a3:ed:ce:
                    98:bd:4c:8f:5b:67:86:54:c6:df:f9:f4:ec:28:78:
                    73:a3:45:b8:ef:66:a3:a3:0d:82:1f:aa:16:f3:ec:
                    89:24:f9:23:23:d7:2c:7f:31:a0:75:d1:31:98:33:
                    88:f9:14:77:02:a0:5f:1d:19:f3:78:e9:fa:a3:96:
                    4c:ad:dc:06:65:22:77:e6:a7:2e:22:c7:f6:05:c9:
                    97:63:d3:c6:30:69:4b:77:ed:e1:5e:18:5a:75:b7:
                    a1:0c:6d:7f:72:2e:19:02:f3:ba:3d:18:6d:2d:34:
                    bc:71:07:62:0c:cc:ee:02:02:5a:21:61:c8:ce:97:
                    0b:7a:26:08:64:b8:0b:bd:ae:d8:eb:20:71:bc:30:
                    75:2f:a1:d8:2a:c4:99:37:4d:b0:91:ca:b1:53:6c:
                    e1:9d:53:32:a6:4f:a0:ff:9b:25:96:26:f3:1b:ad:
                    d9:af:af:8c:45:42:da:13:45:a0:8c:d2:5d:c3:0e:
                    b1:47:c9:97:c7:09:6b:d1:43:68:a7:7a:63:f8:17:
                    df:3c:08:da:6f:24:cb:a7:20:5e:91:3a:a8:fc:09:
                    1b:db:9a:c2:91:29:a5:1d:04:40:e2:c0:68:93:c3:
                    50:d0:58:0d:1b:3a:ab:2b:40:74:2b:d0:a4:2b:5f:
                    40:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:B7:9F:1B:D0:57:70:69:63:86:EB:6E:2A:A5:AE:C4:D0:58:A6:8C
            X509v3 Authority Key Identifier:
                keyid:53:BF:0D:D7:80:DB:03:8E:CE:14:D4:04:59:BA:B9:C6:8F:69:85:3B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A912FCD6/1E9E1AACD2EA11E5AFB1E24CC4F9AE02/U78N14DbA47OFNQEWbq5xo9phTs.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/U78N14DbA47OFNQEWbq5xo9phTs.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A912FCD6/1E9E1AACD2EA11E5AFB1E24CC4F9AE02/AED80FEA74A211EDA517AC36C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  59.153.28.0/22
                  103.18.80.0/22
                  103.54.148.0/22
                  180.210.220.0/22
                IPv6:
                  2402:3b80::/32

    Signature Algorithm: sha256WithRSAEncryption
         8f:16:f3:2e:e3:e5:7d:45:4e:9c:24:38:de:f2:8c:8d:48:e3:
         5c:48:05:5d:1b:f8:b6:61:8a:d8:44:9c:25:13:d2:eb:05:de:
         53:30:e5:59:03:a7:05:76:4c:3b:a2:83:8c:41:c8:02:da:d0:
         1a:2e:f7:76:a2:c1:64:bc:5a:df:f5:23:f9:68:7e:d7:51:9b:
         bb:d4:a0:0a:91:dc:3e:fd:5a:72:f5:2d:ed:fe:ff:75:ec:10:
         bd:b5:b3:cf:39:f1:08:0b:0b:3e:07:b6:ce:a5:bd:14:21:fb:
         17:a7:c7:2b:7b:45:19:69:f1:1f:77:9b:36:c8:d4:c3:0f:b6:
         80:83:40:68:cf:79:95:e2:00:b1:88:98:9a:1d:46:be:fe:19:
         83:09:b4:70:3c:e4:23:d5:04:92:02:dd:8b:13:46:ab:2f:28:
         a4:22:44:d8:bd:59:f0:86:04:45:d8:fa:b1:ca:fb:9f:96:48:
         c0:cc:65:1b:cc:97:7d:3f:a4:3b:46:13:90:aa:67:bc:1e:d8:
         f2:ec:bf:39:c9:5b:4a:df:f2:ab:a7:7a:33:96:85:d6:d4:ad:
         fe:89:c4:c7:de:b9:ec:cf:85:03:eb:ec:f1:84:87:fc:4a:44:
         e1:9b:b4:34:2c:cd:e6:21:16:be:49:f0:01:1b:ef:89:fc:f2:
         20:64:6a:a3
-----BEGIN CERTIFICATE-----
MIIFkjCCBHqgAwIBAgICIAwwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MkZDRDYxMTAvBgNVBAUTKDUzQkYwREQ3ODBEQjAzOEVDRTE0RDQwNDU5QkFCOUM2
OEY2OTg1M0IwHhcNMjMwMTEyMTU1NTE2WhcNMjMwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02M2MwMmQ2NC1hNzA1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAtmxMNPwpP+sQRdCj7c6YvUyPW2eGVMbf+fTsKHhzo0W472ajow2CH6oW8+yJ
JPkjI9csfzGgddExmDOI+RR3AqBfHRnzeOn6o5ZMrdwGZSJ35qcuIsf2BcmXY9PG
MGlLd+3hXhhadbehDG1/ci4ZAvO6PRhtLTS8cQdiDMzuAgJaIWHIzpcLeiYIZLgL
va7Y6yBxvDB1L6HYKsSZN02wkcqxU2zhnVMypk+g/5sllibzG63Zr6+MRULaE0Wg
jNJdww6xR8mXxwlr0UNop3pj+BffPAjabyTLpyBekTqo/Akb25rCkSmlHQRA4sBo
k8NQ0FgNGzqrK0B0K9CkK19AyQIDAQABo4ICtjCCArIwHQYDVR0OBBYEFHi3nxvQ
V3BpY4brbiqlrsTQWKaMMB8GA1UdIwQYMBaAFFO/DdeA2wOOzhTUBFm6ucaPaYU7
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEyRkNENi8xRTlFMUFBQ0Qy
RUExMUU1QUZCMUUyNENDNEY5QUUwMi9VNzhOMTREYkE0N09GTlFFV2JxNXhvOXBo
VHMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1U3OE4xNERiQTQ3T0ZOUUVXYnE1eG85cGhUcy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MkZDRDYvMUU5RTFBQUNEMkVBMTFFNUFGQjFFMjRDQzRGOUFFMDIvQUVEODBGRUE3
NEEyMTFFREE1MTdBQzM2QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwQAYIKwYBBQUHAQcBAf8E
MTAvMB4EAgABMBgDBAI7mRwDBAJnElADBAJnNpQDBAK00twwDQQCAAIwBwMFACQC
O4AwDQYJKoZIhvcNAQELBQADggEBAI8W8y7j5X1FTpwkON7yjI1I41xIBV0b+LZh
ithEnCUT0usF3lMw5VkDpwV2TDuig4xByALa0Bou93aiwWS8Wt/1I/loftdRm7vU
oAqR3D79WnL1Le3+/3XsEL21s8858QgLCz4Hts6lvRQh+xenxyt7RRlp8R93mzbI
1MMPtoCDQGjPeZXiALGImJodRr7+GYMJtHA85CPVBJIC3YsTRqsvKKQiRNi9WfCG
BEXY+rHK+5+WSMDMZRvMl30/pDtGE5CqZ7we2PLsvznJW0rf8qunejOWhdbUrf6J
xMfeuezPhQPr7PGEh/xKROGbtDQszeYhFr5J8AEb74n88iBkaqM=
-----END CERTIFICATE-----