Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9142661/4CC7727669BC11EAAF1B9F69C4F9AE02/C886E53A69BD11EA9206C86EC4F9AE02.roa
File:                     C886E53A69BD11EA9206C86EC4F9AE02.roa (raw, json)
Hash identifier:          4hDd2sbCHyxQFxeeSY3aorWtde8PYCg9SXc2jNvsSwI=
Subject key identifier:   9E:39:DA:59:FB:89:9C:99:E0:43:D5:77:4B:BC:D3:27:B6:BF:59:13
Certificate issuer:       /CN=A9142661/serialNumber=7AE9622F834CF4C6CF5AD1A98AF07D501545A4BF
Certificate serial:       072E
Authority key identifier: 7A:E9:62:2F:83:4C:F4:C6:CF:5A:D1:A9:8A:F0:7D:50:15:45:A4:BF
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/euliL4NM9MbPWtGpivB9UBVFpL8.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9142661/4CC7727669BC11EAAF1B9F69C4F9AE02/C886E53A69BD11EA9206C86EC4F9AE02.roa
Signing time:             Wed 11 May 2022 22:08:43 +0000
ROA not before:           Wed 11 May 2022 22:08:43 +0000
ROA not after:            Sat 01 Jul 2023 00:00:00 +0000
asID:                     58895
IP address blocks:        103.87.192.0/22 maxlen: 22
                          103.87.192.0/24 maxlen: 24
                          103.87.193.0/24 maxlen: 24
                          103.87.194.0/24 maxlen: 24
                          103.87.195.0/24 maxlen: 24
                          203.96.168.0/22 maxlen: 22
                          203.96.168.0/24 maxlen: 24
                          203.96.169.0/24 maxlen: 24
                          203.96.170.0/24 maxlen: 24
                          203.96.171.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1838 (0x72e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9142661/serialNumber=7AE9622F834CF4C6CF5AD1A98AF07D501545A4BF
        Validity
            Not Before: May 11 22:08:43 2022 GMT
            Not After : Jul  1 00:00:00 2023 GMT
        Subject: CN=627c33eb-b1d5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:ac:45:87:4c:9b:ac:85:9c:14:6c:a0:5c:1e:
                    43:20:28:b5:18:2b:36:de:0b:ac:eb:fd:0c:6a:2e:
                    57:1f:bf:cf:80:fb:22:b8:96:ce:1b:e4:d4:c6:03:
                    5f:19:f5:19:d2:87:42:1a:52:dd:7e:ea:d9:55:56:
                    4a:58:1a:60:43:e9:b6:65:3a:f0:1f:00:7c:60:b8:
                    96:8e:79:46:a7:85:74:f9:dd:0b:4e:28:55:c9:ce:
                    e4:2b:d1:be:ee:ed:fc:11:8a:9e:fc:9b:a7:b2:53:
                    cf:02:cd:b4:ac:3a:e8:1a:38:8f:5b:20:fc:d4:33:
                    24:ad:9b:99:b3:df:a0:28:ea:39:81:3c:31:d2:fc:
                    c0:5f:85:cd:ae:05:67:df:5e:0c:28:a7:e8:2e:3c:
                    bb:af:c2:e7:09:c1:78:b1:1a:99:04:19:e6:89:7e:
                    58:20:87:32:4c:fe:43:aa:33:63:34:c2:f2:29:98:
                    2f:8d:01:3e:52:f6:31:20:68:ab:57:9a:1d:d4:29:
                    c8:2f:73:8b:e7:64:df:bd:bc:24:dc:20:06:f5:6a:
                    e8:ac:7d:85:51:9c:57:2f:08:ac:f5:c3:31:df:24:
                    8e:9b:b8:8d:4b:ea:0d:e1:2f:e1:f3:ec:2f:ce:ed:
                    4d:7f:ce:dd:82:63:8d:8e:57:76:5c:26:66:bc:64:
                    03:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:39:DA:59:FB:89:9C:99:E0:43:D5:77:4B:BC:D3:27:B6:BF:59:13
            X509v3 Authority Key Identifier:
                keyid:7A:E9:62:2F:83:4C:F4:C6:CF:5A:D1:A9:8A:F0:7D:50:15:45:A4:BF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9142661/4CC7727669BC11EAAF1B9F69C4F9AE02/euliL4NM9MbPWtGpivB9UBVFpL8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/euliL4NM9MbPWtGpivB9UBVFpL8.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9142661/4CC7727669BC11EAAF1B9F69C4F9AE02/C886E53A69BD11EA9206C86EC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.87.192.0/22
                  203.96.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         9e:b5:35:30:0a:56:07:c2:72:32:85:19:5f:5e:5d:2c:8f:4e:
         2d:40:f5:91:b8:97:a8:2f:68:b5:7a:82:06:b6:70:e6:1f:46:
         3c:e7:78:7d:39:5e:48:04:9b:72:36:e6:91:cc:34:0f:17:61:
         11:14:94:2f:d5:9e:c6:75:fc:a0:89:1d:0a:d4:ce:24:56:f4:
         f8:60:78:b5:4b:5e:b3:3f:c0:66:1f:8d:a5:96:a3:b0:b3:3d:
         f3:76:99:e7:1f:d1:77:04:85:84:2b:d9:ed:22:f8:05:39:8b:
         de:56:e3:af:73:83:8c:ee:c7:4e:8b:46:a2:34:dd:bd:2e:8e:
         ec:e7:f3:6b:d2:33:7d:32:7f:17:aa:ce:7f:69:fd:96:94:ae:
         ae:3b:25:70:40:3b:0e:85:46:89:a0:17:a9:62:f1:eb:19:bf:
         b9:67:2e:f2:98:1f:89:48:a1:ee:b9:74:12:61:20:ce:c6:73:
         df:c5:b4:93:95:da:fa:33:cb:c8:cd:8f:41:ef:a1:11:f5:0f:
         29:3c:17:22:23:c5:ca:92:b0:2f:05:b8:20:3a:c1:02:60:9f:
         43:ae:71:ca:75:b9:df:ae:c4:df:6c:23:18:2f:52:3e:22:12:
         cf:1a:f2:99:98:12:9c:71:90:f2:7c:b0:b5:d3:b4:91:95:f0:
         33:f9:c8:32
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICBy4wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDI2NjExMTAvBgNVBAUTKDdBRTk2MjJGODM0Q0Y0QzZDRjVBRDFBOThBRjA3RDUw
MTU0NUE0QkYwHhcNMjIwNTExMjIwODQzWhcNMjMwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MjdjMzNlYi1iMWQ1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA5KxFh0ybrIWcFGygXB5DICi1GCs23gus6/0Mai5XH7/PgPsiuJbOG+TUxgNf
GfUZ0odCGlLdfurZVVZKWBpgQ+m2ZTrwHwB8YLiWjnlGp4V0+d0LTihVyc7kK9G+
7u38EYqe/JunslPPAs20rDroGjiPWyD81DMkrZuZs9+gKOo5gTwx0vzAX4XNrgVn
314MKKfoLjy7r8LnCcF4sRqZBBnmiX5YIIcyTP5DqjNjNMLyKZgvjQE+UvYxIGir
V5od1CnIL3OL52Tfvbwk3CAG9WrorH2FUZxXLwis9cMx3ySOm7iNS+oN4S/h8+wv
zu1Nf87dgmONjld2XCZmvGQDQwIDAQABo4ICmzCCApcwHQYDVR0OBBYEFJ452ln7
iZyZ4EPVd0u80ye2v1kTMB8GA1UdIwQYMBaAFHrpYi+DTPTGz1rRqYrwfVAVRaS/
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0MjY2MS80Q0M3NzI3NjY5
QkMxMUVBQUYxQjlGNjlDNEY5QUUwMi9ldWxpTDROTTlNYlBXdEdwaXZCOVVCVkZw
TDguY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2V1bGlMNE5NOU1iUFd0R3BpdkI5VUJWRnBMOC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDI2NjEvNENDNzcyNzY2OUJDMTFFQUFGMUI5RjY5QzRGOUFFMDIvQzg4NkU1M0E2
OUJEMTFFQTkyMDZDODZFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBAJnV8ADBALLYKgwDQYJKoZIhvcNAQELBQADggEBAJ61NTAK
VgfCcjKFGV9eXSyPTi1A9ZG4l6gvaLV6gga2cOYfRjzneH05XkgEm3I25pHMNA8X
YREUlC/VnsZ1/KCJHQrUziRW9PhgeLVLXrM/wGYfjaWWo7CzPfN2mecf0XcEhYQr
2e0i+AU5i95W469zg4zux06LRqI03b0ujuzn82vSM30yfxeqzn9p/ZaUrq47JXBA
Ow6FRomgF6li8esZv7lnLvKYH4lIoe65dBJhIM7Gc9/FtJOV2vozy8jNj0HvoRH1
Dyk8FyIjxcqSsC8FuCA6wQJgn0Ouccp1ud+uxN9sIxgvUj4iEs8a8pmYEpxxkPJ8
sLXTtJGV8DP5yDI=
-----END CERTIFICATE-----