Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91452AC/A48D5966BB3E11EAA29EE321C4F9AE02/B618A96287AB11EB93DAEE20C4F9AE02.roa
File:                     B618A96287AB11EB93DAEE20C4F9AE02.roa (raw, json)
Hash identifier:          wCOVJt7DV86a/JgGICEPaXP6Uo0xhib/POw8RP4gvTg=
Subject key identifier:   D2:C4:C2:86:D1:1E:AA:A6:39:6B:63:D0:61:12:EC:FE:E6:29:AD:80
Certificate issuer:       /CN=A91452AC/serialNumber=36D77E9243ABBA2FD5496A291830B7D38B0BCBC4
Certificate serial:       041E
Authority key identifier: 36:D7:7E:92:43:AB:BA:2F:D5:49:6A:29:18:30:B7:D3:8B:0B:CB:C4
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Ntd-kkOrui_VSWopGDC304sLy8Q.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91452AC/A48D5966BB3E11EAA29EE321C4F9AE02/B618A96287AB11EB93DAEE20C4F9AE02.roa
Signing time:             Mon 01 Nov 2021 11:28:41 +0000
ROA not before:           Mon 01 Nov 2021 11:28:41 +0000
ROA not after:            Tue 31 Jan 2023 00:00:00 +0000
asID:                     133115
IP address blocks:        43.249.28.0/24 maxlen: 24
                          43.249.29.0/24 maxlen: 24
                          43.249.30.0/24 maxlen: 24
                          43.249.31.0/24 maxlen: 24
                          103.43.160.0/24 maxlen: 24
                          103.43.161.0/24 maxlen: 24
                          103.43.162.0/24 maxlen: 24
                          103.43.163.0/24 maxlen: 24
                          103.243.180.0/24 maxlen: 24
                          103.243.181.0/24 maxlen: 24
                          103.243.182.0/24 maxlen: 24
                          103.243.183.0/24 maxlen: 24
                          202.43.238.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1054 (0x41e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91452AC/serialNumber=36D77E9243ABBA2FD5496A291830B7D38B0BCBC4
        Validity
            Not Before: Nov  1 11:28:41 2021 GMT
            Not After : Jan 31 00:00:00 2023 GMT
        Subject: CN=617fcf69-66e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:8d:82:af:14:49:3a:63:97:51:eb:e0:6b:02:
                    54:4b:6f:3d:9e:d4:78:56:1a:18:d1:b5:46:4e:8f:
                    d0:e1:42:d0:4b:97:b6:be:03:64:27:8f:71:48:67:
                    62:64:45:7c:31:6f:f5:69:41:a5:d8:82:51:e9:c5:
                    07:ec:64:9d:9c:0d:76:72:f5:3a:19:ac:bc:db:ce:
                    3c:8e:44:9b:b5:82:ac:7e:82:5d:3a:3e:53:b5:f0:
                    f4:ca:f7:ff:e7:3c:23:a3:aa:09:ee:37:d9:f1:9a:
                    13:d6:d2:48:8b:f4:7a:ee:cf:df:4d:f9:2d:c8:d9:
                    42:c5:98:fb:48:d2:66:34:96:68:3d:c6:79:81:6e:
                    98:ac:73:1a:f6:93:b4:d3:9b:06:51:06:28:53:f4:
                    45:8f:75:f5:a2:7e:cf:4b:ea:4a:d1:08:28:53:c5:
                    75:6a:e9:7b:ae:bb:6c:2e:d9:80:d4:fe:04:02:8a:
                    ee:f4:81:9b:96:81:94:14:95:95:03:1d:b3:6e:6a:
                    07:51:34:ff:0c:8b:b3:83:91:89:55:e9:4f:04:83:
                    fd:24:2d:89:10:11:01:72:b3:8a:3d:ba:73:55:6a:
                    0a:4b:61:c9:6e:cc:5b:2a:8b:09:87:72:11:d9:c5:
                    67:40:72:06:cd:41:53:fb:12:36:65:8c:e6:fa:41:
                    7c:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:C4:C2:86:D1:1E:AA:A6:39:6B:63:D0:61:12:EC:FE:E6:29:AD:80
            X509v3 Authority Key Identifier:
                keyid:36:D7:7E:92:43:AB:BA:2F:D5:49:6A:29:18:30:B7:D3:8B:0B:CB:C4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91452AC/A48D5966BB3E11EAA29EE321C4F9AE02/Ntd-kkOrui_VSWopGDC304sLy8Q.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Ntd-kkOrui_VSWopGDC304sLy8Q.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91452AC/A48D5966BB3E11EAA29EE321C4F9AE02/B618A96287AB11EB93DAEE20C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.249.28.0/22
                  103.43.160.0/22
                  103.243.180.0/22
                  202.43.238.0/24

    Signature Algorithm: sha256WithRSAEncryption
         71:53:e1:db:16:52:5d:7a:e1:3b:7c:06:a6:0e:c0:62:59:6a:
         8b:e2:19:ce:ff:50:01:8f:77:52:0f:39:27:7e:44:ec:cb:a0:
         b2:9d:88:4b:96:2a:75:b4:99:58:d0:ce:65:cb:f2:66:76:da:
         04:fe:d3:bb:f6:ad:f4:8e:b8:82:33:bf:04:b1:26:3e:4e:8a:
         46:3c:24:6e:78:fe:a5:29:a5:0e:96:bf:50:37:7f:3c:5f:8b:
         db:2e:d4:75:02:0e:4a:5b:d5:65:5a:c1:98:b4:78:58:9d:71:
         07:f9:b7:df:d2:e3:71:40:d8:28:46:95:e5:e5:ec:45:14:99:
         8b:96:0b:21:7c:84:d5:8b:87:13:b3:a7:88:1c:d3:df:a2:cb:
         dd:cb:f2:a7:a0:4e:de:85:bf:e3:e7:64:68:a8:61:35:27:32:
         5e:39:f2:1f:0b:76:e9:81:b9:f9:52:11:40:88:c9:45:6e:62:
         c1:1c:59:2c:f2:02:84:5b:07:1d:32:b3:29:d0:5a:fe:37:ba:
         5b:c9:6e:ad:63:7b:47:2e:51:a5:02:7d:4a:85:ad:4e:72:8d:
         db:b6:a4:a1:cf:c5:a8:1c:e5:bc:a5:3f:0f:d0:55:08:92:3b:
         81:5d:0e:7e:a1:65:12:42:9f:ee:8b:4a:0c:85:7a:4e:56:e1:
         75:04:40:91
-----BEGIN CERTIFICATE-----
MIIFgzCCBGugAwIBAgICBB4wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDUyQUMxMTAvBgNVBAUTKDM2RDc3RTkyNDNBQkJBMkZENTQ5NkEyOTE4MzBCN0Qz
OEIwQkNCQzQwHhcNMjExMTAxMTEyODQxWhcNMjMwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MTdmY2Y2OS02NmUzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAtY2CrxRJOmOXUevgawJUS289ntR4VhoY0bVGTo/Q4ULQS5e2vgNkJ49xSGdi
ZEV8MW/1aUGl2IJR6cUH7GSdnA12cvU6Gay82848jkSbtYKsfoJdOj5TtfD0yvf/
5zwjo6oJ7jfZ8ZoT1tJIi/R67s/fTfktyNlCxZj7SNJmNJZoPcZ5gW6YrHMa9pO0
05sGUQYoU/RFj3X1on7PS+pK0QgoU8V1aul7rrtsLtmA1P4EAoru9IGbloGUFJWV
Ax2zbmoHUTT/DIuzg5GJVelPBIP9JC2JEBEBcrOKPbpzVWoKS2HJbsxbKosJh3IR
2cVnQHIGzUFT+xI2ZYzm+kF8jQIDAQABo4ICpzCCAqMwHQYDVR0OBBYEFNLEwobR
HqqmOWtj0GES7P7mKa2AMB8GA1UdIwQYMBaAFDbXfpJDq7ov1UlqKRgwt9OLC8vE
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0NTJBQy9BNDhENTk2NkJC
M0UxMUVBQTI5RUUzMjFDNEY5QUUwMi9OdGQta2tPcnVpX1ZTV29wR0RDMzA0c0x5
OFEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL050ZC1ra09ydWlfVlNXb3BHREMzMDRzTHk4US5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDUyQUMvQTQ4RDU5NjZCQjNFMTFFQUEyOUVFMzIxQzRGOUFFMDIvQjYxOEE5NjI4
N0FCMTFFQjkzREFFRTIwQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMQYIKwYBBQUHAQcBAf8E
IjAgMB4EAgABMBgDBAIr+RwDBAJnK6ADBAJn87QDBADKK+4wDQYJKoZIhvcNAQEL
BQADggEBAHFT4dsWUl164Tt8BqYOwGJZaoviGc7/UAGPd1IPOSd+ROzLoLKdiEuW
KnW0mVjQzmXL8mZ22gT+07v2rfSOuIIzvwSxJj5OikY8JG54/qUppQ6Wv1A3fzxf
i9su1HUCDkpb1WVawZi0eFidcQf5t9/S43FA2ChGleXl7EUUmYuWCyF8hNWLhxOz
p4gc09+iy93L8qegTt6Fv+PnZGioYTUnMl458h8LdumBuflSEUCIyUVuYsEcWSzy
AoRbBx0ysynQWv43ulvJbq1je0cuUaUCfUqFrU5yjdu2pKHPxagc5bylPw/QVQiS
O4FdDn6hZRJCn+6LSgyFek5W4XUEQJE=
-----END CERTIFICATE-----