Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A913F0E3/291576BE6B3411E69184B66CC4F9AE02/C58C2EA605AB11EA8F802947C4F9AE02.roa
File:                     C58C2EA605AB11EA8F802947C4F9AE02.roa (raw, json)
Hash identifier:          bYgpbZ5EVoT9VWk+ffqIZQzg/OmPCsRFBORdzxuIMDM=
Subject key identifier:   FD:81:2E:CD:FF:3E:40:D4:B4:83:53:E1:91:2F:7F:92:23:E4:54:4D
Certificate issuer:       /CN=A913F0E3/serialNumber=8E8377810CF9C204BB12584F3E5B5F050368246F
Certificate serial:       1A17
Authority key identifier: 8E:83:77:81:0C:F9:C2:04:BB:12:58:4F:3E:5B:5F:05:03:68:24:6F
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/joN3gQz5wgS7ElhPPltfBQNoJG8.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A913F0E3/291576BE6B3411E69184B66CC4F9AE02/C58C2EA605AB11EA8F802947C4F9AE02.roa
Signing time:             Fri 29 Oct 2021 17:03:01 +0000
ROA not before:           Fri 29 Oct 2021 17:03:01 +0000
ROA not after:            Fri 30 Dec 2022 00:00:00 +0000
asID:                     58631
IP address blocks:        103.5.28.0/24 maxlen: 24
                          103.192.197.0/24 maxlen: 24
                          103.193.8.0/23 maxlen: 23
                          2001:df0:247::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 6679 (0x1a17)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A913F0E3/serialNumber=8E8377810CF9C204BB12584F3E5B5F050368246F
        Validity
            Not Before: Oct 29 17:03:01 2021 GMT
            Not After : Dec 30 00:00:00 2022 GMT
        Subject: CN=617c2944-3212
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:9e:63:b7:f9:63:c6:15:66:a6:32:d5:d0:f8:
                    7b:02:4d:82:92:49:58:7e:cc:63:0e:87:ee:1f:3d:
                    1f:18:79:b7:a2:55:8c:54:1d:2e:95:e0:c8:46:ad:
                    bb:45:7d:9a:79:56:c5:a4:f2:31:66:e9:6e:37:0a:
                    6c:c0:11:99:d0:3f:f8:7b:ea:58:8f:7e:ce:5c:9d:
                    fb:3c:03:86:74:ee:1c:55:62:2a:8f:cb:6e:cb:2c:
                    5c:75:fb:da:ef:0d:84:80:4f:40:a1:db:93:c3:10:
                    f3:17:af:0b:4f:4b:69:e6:87:a5:24:43:69:31:85:
                    85:83:c1:74:3c:c0:20:c1:37:17:20:06:c4:ba:5c:
                    75:25:f8:0b:d2:30:21:63:4a:4e:55:85:11:7f:15:
                    c1:40:3a:02:e9:94:92:c6:68:d5:ab:c8:01:b2:a4:
                    d7:e2:7f:9a:54:3c:b3:35:31:4b:12:94:cd:98:26:
                    ef:b6:6f:75:6c:30:07:3d:23:33:f7:bd:78:30:a9:
                    3c:2f:b8:5c:ab:a2:c4:02:8b:3b:42:08:70:b8:92:
                    29:13:b5:76:cf:29:d9:f3:24:62:4f:31:d3:ba:b0:
                    97:3d:87:96:82:4d:0e:d0:3f:00:d5:aa:22:d3:ed:
                    52:d9:c8:af:dc:79:e5:2d:45:54:27:c7:a4:6d:a1:
                    9a:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:81:2E:CD:FF:3E:40:D4:B4:83:53:E1:91:2F:7F:92:23:E4:54:4D
            X509v3 Authority Key Identifier:
                keyid:8E:83:77:81:0C:F9:C2:04:BB:12:58:4F:3E:5B:5F:05:03:68:24:6F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A913F0E3/291576BE6B3411E69184B66CC4F9AE02/joN3gQz5wgS7ElhPPltfBQNoJG8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/joN3gQz5wgS7ElhPPltfBQNoJG8.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A913F0E3/291576BE6B3411E69184B66CC4F9AE02/C58C2EA605AB11EA8F802947C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.5.28.0/24
                  103.192.197.0/24
                  103.193.8.0/23
                IPv6:
                  2001:df0:247::/48

    Signature Algorithm: sha256WithRSAEncryption
         34:04:a1:e4:a1:43:71:99:b5:23:b4:ca:44:72:4c:f3:3a:ee:
         e6:f0:98:c2:2f:1f:52:c6:01:7f:93:a0:0a:00:7d:ee:a6:03:
         37:c4:b2:50:ea:5f:2f:49:96:13:60:58:89:e6:7d:35:5c:8c:
         a5:98:7e:c6:ed:79:c5:2f:cf:d5:c9:49:d3:ec:c0:78:35:c7:
         b9:8f:df:1c:e8:69:17:03:05:61:f6:cb:bd:dc:e0:63:3d:12:
         e8:d7:70:85:b4:2b:ee:de:fe:4a:ee:ec:5d:b5:e6:5f:03:02:
         4f:96:f9:d8:ad:04:c1:1c:ae:94:46:c5:16:65:b5:e4:28:9d:
         a0:35:9b:5c:57:54:26:23:ee:8f:82:ab:ef:0d:70:18:c6:21:
         7f:25:b5:5e:7b:f5:89:70:c1:12:24:10:ed:66:ea:1c:e3:a8:
         15:6c:d6:a0:96:8a:8b:2f:b4:48:87:75:c2:9c:13:04:cc:8a:
         d9:d4:a7:76:11:5b:7a:00:90:fb:b4:e8:d4:e1:1c:e8:df:8b:
         17:01:3e:7b:8a:70:2d:70:ce:82:11:14:70:1f:17:1f:4e:33:
         23:ff:89:12:33:11:55:08:c8:47:cd:46:a8:32:33:39:a4:3f:
         ed:8c:f7:75:ca:0a:7b:d6:d9:62:c3:0c:d2:cc:12:81:fa:df:
         7e:fe:9e:88
-----BEGIN CERTIFICATE-----
MIIFjjCCBHagAwIBAgICGhcwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
M0YwRTMxMTAvBgNVBAUTKDhFODM3NzgxMENGOUMyMDRCQjEyNTg0RjNFNUI1RjA1
MDM2ODI0NkYwHhcNMjExMDI5MTcwMzAxWhcNMjIxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02MTdjMjk0NC0zMjEyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA855jt/ljxhVmpjLV0Ph7Ak2CkklYfsxjDofuHz0fGHm3olWMVB0uleDIRq27
RX2aeVbFpPIxZuluNwpswBGZ0D/4e+pYj37OXJ37PAOGdO4cVWIqj8tuyyxcdfva
7w2EgE9AoduTwxDzF68LT0tp5oelJENpMYWFg8F0PMAgwTcXIAbEulx1JfgL0jAh
Y0pOVYURfxXBQDoC6ZSSxmjVq8gBsqTX4n+aVDyzNTFLEpTNmCbvtm91bDAHPSMz
9714MKk8L7hcq6LEAos7QghwuJIpE7V2zynZ8yRiTzHTurCXPYeWgk0O0D8A1aoi
0+1S2civ3HnlLUVUJ8ekbaGa9wIDAQABo4ICsjCCAq4wHQYDVR0OBBYEFP2BLs3/
PkDUtINT4ZEvf5Ij5FRNMB8GA1UdIwQYMBaAFI6Dd4EM+cIEuxJYTz5bXwUDaCRv
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEzRjBFMy8yOTE1NzZCRTZC
MzQxMUU2OTE4NEI2NkNDNEY5QUUwMi9qb04zZ1F6NXdnUzdFbGhQUGx0ZkJRTm9K
RzguY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2pvTjNnUXo1d2dTN0VsaFBQbHRmQlFOb0pHOC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
M0YwRTMvMjkxNTc2QkU2QjM0MTFFNjkxODRCNjZDQzRGOUFFMDIvQzU4QzJFQTYw
NUFCMTFFQThGODAyOTQ3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwPAYIKwYBBQUHAQcBAf8E
LTArMBgEAgABMBIDBABnBRwDBABnwMUDBAFnwQgwDwQCAAIwCQMHACABDfACRzAN
BgkqhkiG9w0BAQsFAAOCAQEANASh5KFDcZm1I7TKRHJM8zru5vCYwi8fUsYBf5Og
CgB97qYDN8SyUOpfL0mWE2BYieZ9NVyMpZh+xu15xS/P1clJ0+zAeDXHuY/fHOhp
FwMFYfbLvdzgYz0S6NdwhbQr7t7+Su7sXbXmXwMCT5b52K0EwRyulEbFFmW15Cid
oDWbXFdUJiPuj4Kr7w1wGMYhfyW1Xnv1iXDBEiQQ7WbqHOOoFWzWoJaKiy+0SId1
wpwTBMyK2dSndhFbegCQ+7To1OEc6N+LFwE+e4pwLXDOghEUcB8XH04zI/+JEjMR
VQjIR81GqDIzOaQ/7Yz3dcoKe9bZYsMM0swSgfrffv6eiA==
-----END CERTIFICATE-----