Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9132B4D/C199E006B20511EBAEAE9F10C4F9AE02/59ADF1FEF36211ECA0BD276EC4F9AE02.roa
File:                     59ADF1FEF36211ECA0BD276EC4F9AE02.roa (raw, json)
Hash identifier:          J23tMFE1Ibq1HyZFmQ+5jqQiuSDnn/2GrigE5QCeQaI=
Subject key identifier:   08:28:73:26:DC:C4:FA:F9:0D:5D:46:D4:95:82:06:80:F3:72:1A:F6
Certificate issuer:       /CN=A9132B4D/serialNumber=23F5D93A82E7D7840679B1C64DA37C37CFFE77EF
Certificate serial:       0472
Authority key identifier: 23:F5:D9:3A:82:E7:D7:84:06:79:B1:C6:4D:A3:7C:37:CF:FE:77:EF
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/I_XZOoLn14QGebHGTaN8N8_-d-8.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9132B4D/C199E006B20511EBAEAE9F10C4F9AE02/59ADF1FEF36211ECA0BD276EC4F9AE02.roa
Signing time:             Mon 30 Jan 2023 08:33:08 +0000
ROA not before:           Mon 30 Jan 2023 08:33:08 +0000
ROA not after:            Sun 30 Jul 2023 00:00:00 +0000
asID:                     9231
IP address blocks:        58.82.194.0/23 maxlen: 24
                          103.15.84.0/22 maxlen: 24
                          182.239.72.0/21 maxlen: 24
                          182.239.80.0/20 maxlen: 24
                          182.239.104.0/21 maxlen: 24
                          182.239.112.0/20 maxlen: 24
                          203.142.97.0/24 maxlen: 24
                          203.142.98.0/24 maxlen: 24
                          203.142.99.0/24 maxlen: 24
                          203.142.127.0/24 maxlen: 24
                          223.122.0.0/18 maxlen: 24
                          2401:3000::/36 maxlen: 40

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1138 (0x472)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9132B4D/serialNumber=23F5D93A82E7D7840679B1C64DA37C37CFFE77EF
        Validity
            Not Before: Jan 30 08:33:08 2023 GMT
            Not After : Jul 30 00:00:00 2023 GMT
        Subject: CN=63d780c4-3f27
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:ba:f0:13:d5:37:42:0b:79:11:b3:26:fa:e2:
                    09:35:47:79:bc:37:81:f5:25:ab:14:33:08:af:d6:
                    06:cc:3e:24:f6:0e:30:18:95:c5:de:3c:59:72:25:
                    ab:7a:81:2d:06:0a:37:83:ca:0e:19:ef:d9:2f:a9:
                    31:90:2a:37:d5:53:cf:b9:25:f0:58:57:f5:e3:8a:
                    1b:6f:b2:93:7a:53:2e:16:e2:70:f6:0a:7a:c1:17:
                    a2:b8:57:6c:51:08:5e:b6:92:9a:9a:16:22:53:53:
                    b4:9f:97:02:1f:a6:f8:00:23:d4:69:61:2f:8e:72:
                    ae:54:f5:42:4d:d5:78:ee:35:5a:60:3d:7b:01:b6:
                    3d:81:cd:39:df:a4:41:b7:24:05:22:17:e0:8e:7a:
                    47:d2:46:22:35:a5:e8:ae:d3:bd:7e:60:57:fe:bc:
                    3f:be:54:25:73:b8:fa:8f:b6:ab:52:a7:a8:d8:54:
                    26:38:26:7b:d4:99:cb:0d:45:09:e2:cc:29:fa:6c:
                    b3:5c:fb:02:ac:57:c0:17:aa:62:74:0b:6a:ad:ea:
                    cc:cf:0c:25:7b:2f:c6:a9:d9:5c:f4:78:d8:f2:40:
                    28:ae:b4:b1:00:41:6e:90:8f:f0:dc:ce:3f:05:c2:
                    7c:81:0f:0a:78:4a:ec:78:5a:d4:10:f7:a2:c1:cf:
                    c5:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:28:73:26:DC:C4:FA:F9:0D:5D:46:D4:95:82:06:80:F3:72:1A:F6
            X509v3 Authority Key Identifier:
                keyid:23:F5:D9:3A:82:E7:D7:84:06:79:B1:C6:4D:A3:7C:37:CF:FE:77:EF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9132B4D/C199E006B20511EBAEAE9F10C4F9AE02/I_XZOoLn14QGebHGTaN8N8_-d-8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/I_XZOoLn14QGebHGTaN8N8_-d-8.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9132B4D/C199E006B20511EBAEAE9F10C4F9AE02/59ADF1FEF36211ECA0BD276EC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  58.82.194.0/23
                  103.15.84.0/22
                  182.239.72.0-182.239.95.255
                  182.239.104.0-182.239.127.255
                  203.142.97.0-203.142.99.255
                  203.142.127.0/24
                  223.122.0.0/18
                IPv6:
                  2401:3000::/36

    Signature Algorithm: sha256WithRSAEncryption
         1b:e8:ca:4c:6e:1a:2a:8c:93:0d:e2:75:9b:2f:3a:23:e1:0e:
         1f:bd:3d:0f:97:a0:f2:e1:cf:3c:41:e5:2a:43:d6:89:67:f2:
         28:56:50:60:ad:4b:b4:d1:8d:53:a1:f7:da:81:44:ca:45:fe:
         fe:e8:bd:26:f0:c4:74:ca:ef:cc:49:7a:88:44:91:0d:e6:e9:
         14:4d:41:7e:b0:c0:0c:5c:54:ad:52:8f:06:dc:fc:88:a7:b4:
         4f:44:c4:40:e9:88:42:c1:27:61:c6:28:02:fa:c5:08:f8:e3:
         60:79:8a:f1:93:5a:47:a8:5b:6b:b7:05:3a:f5:a2:8d:86:45:
         77:5f:7f:bb:20:35:bc:b5:e0:7a:bc:40:ab:3f:b1:90:58:39:
         cc:1a:49:50:7f:c4:cb:e8:04:b8:92:58:87:47:bc:69:cb:03:
         8c:d7:43:69:ff:37:ef:7d:1e:c4:c0:0a:89:9d:e4:48:6b:92:
         dc:ad:01:58:a0:e0:cc:36:75:3b:b3:35:32:8b:fc:15:2e:0b:
         ed:65:52:ea:c0:dc:9d:be:8a:60:75:0a:7b:75:98:ad:8d:8c:
         0e:7e:73:7e:0f:15:51:00:2a:ce:64:c5:e6:82:13:a3:1b:99:
         c2:19:c2:aa:8a:d4:a4:ab:73:3e:ec:7f:7c:9f:a2:66:e3:06:
         77:4f:cf:e3
-----BEGIN CERTIFICATE-----
MIIFvTCCBKWgAwIBAgICBHIwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MzJCNEQxMTAvBgNVBAUTKDIzRjVEOTNBODJFN0Q3ODQwNjc5QjFDNjREQTM3QzM3
Q0ZGRTc3RUYwHhcNMjMwMTMwMDgzMzA4WhcNMjMwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02M2Q3ODBjNC0zZjI3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA1LrwE9U3Qgt5EbMm+uIJNUd5vDeB9SWrFDMIr9YGzD4k9g4wGJXF3jxZciWr
eoEtBgo3g8oOGe/ZL6kxkCo31VPPuSXwWFf144obb7KTelMuFuJw9gp6wReiuFds
UQhetpKamhYiU1O0n5cCH6b4ACPUaWEvjnKuVPVCTdV47jVaYD17AbY9gc0536RB
tyQFIhfgjnpH0kYiNaXortO9fmBX/rw/vlQlc7j6j7arUqeo2FQmOCZ71JnLDUUJ
4swp+myzXPsCrFfAF6pidAtqrerMzwwley/Gqdlc9HjY8kAorrSxAEFukI/w3M4/
BcJ8gQ8KeErseFrUEPeiwc/FPwIDAQABo4IC4TCCAt0wHQYDVR0OBBYEFAgocybc
xPr5DV1G1JWCBoDzchr2MB8GA1UdIwQYMBaAFCP12TqC59eEBnmxxk2jfDfP/nfv
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEzMkI0RC9DMTk5RTAwNkIy
MDUxMUVCQUVBRTlGMTBDNEY5QUUwMi9JX1haT29MbjE0UUdlYkhHVGFOOE44Xy1k
LTguY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0lfWFpPb0xuMTRRR2ViSEdUYU44TjhfLWQtOC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MzJCNEQvQzE5OUUwMDZCMjA1MTFFQkFFQUU5RjEwQzRGOUFFMDIvNTlBREYxRkVG
MzYyMTFFQ0EwQkQyNzZFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwawYIKwYBBQUHAQcBAf8E
XDBaMEgEAgABMEIDBAE6UsIDBAJnD1QwDAMEA7bvSAMEBbbvQDAMAwQDtu9oAwQH
tu8AMAwDBADLjmEDBALLjmADBADLjn8DBAbfegAwDgQCAAIwCAMGBCQBMAAAMA0G
CSqGSIb3DQEBCwUAA4IBAQAb6MpMbhoqjJMN4nWbLzoj4Q4fvT0Pl6Dy4c88QeUq
Q9aJZ/IoVlBgrUu00Y1ToffagUTKRf7+6L0m8MR0yu/MSXqIRJEN5ukUTUF+sMAM
XFStUo8G3PyIp7RPRMRA6YhCwSdhxigC+sUI+ONgeYrxk1pHqFtrtwU69aKNhkV3
X3+7IDW8teB6vECrP7GQWDnMGklQf8TL6AS4kliHR7xpywOM10Np/zfvfR7EwAqJ
neRIa5LcrQFYoODMNnU7szUyi/wVLgvtZVLqwNydvopgdQp7dZitjYwOfnN+DxVR
ACrOZMXmghOjG5nCGcKqitSkq3M+7H98n6Jm4wZ3T8/j
-----END CERTIFICATE-----