Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91606AF/A0958F305ECD11EB90876372C4F9AE02/54BCBC265ECF11EB9CBBAA76C4F9AE02.roa
File:                     54BCBC265ECF11EB9CBBAA76C4F9AE02.roa (raw, json)
Hash identifier:          XMoWctm6kKUtZeD8mX52r38bcK4mqBToDDoNJ4wrV9M=
Subject key identifier:   95:62:68:BC:C0:91:77:3A:BC:26:2D:62:D9:3B:98:E4:D8:40:4B:9B
Certificate issuer:       /CN=A91606AF/serialNumber=D1E7C24A74414CBDDCFCD88E46C5D5CD3B3EAED7
Certificate serial:       02AE
Authority key identifier: D1:E7:C2:4A:74:41:4C:BD:DC:FC:D8:8E:46:C5:D5:CD:3B:3E:AE:D7
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/0efCSnRBTL3c_NiORsXVzTs-rtc.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91606AF/A0958F305ECD11EB90876372C4F9AE02/54BCBC265ECF11EB9CBBAA76C4F9AE02.roa
Signing time:             Tue 04 Jan 2022 01:19:58 +0000
ROA not before:           Tue 04 Jan 2022 01:19:58 +0000
ROA not after:            Thu 02 Mar 2023 00:00:00 +0000
asID:                     56167
IP address blocks:        42.83.84.0/24 maxlen: 24
                          42.83.85.0/24 maxlen: 24
                          42.83.86.0/24 maxlen: 24
                          42.83.87.0/24 maxlen: 24
                          43.245.8.0/24 maxlen: 24
                          43.245.9.0/24 maxlen: 24
                          43.245.10.0/24 maxlen: 24
                          43.245.11.0/24 maxlen: 24
                          103.228.156.0/24 maxlen: 24
                          103.228.157.0/24 maxlen: 24
                          103.228.158.0/24 maxlen: 24
                          103.228.159.0/24 maxlen: 24
                          2401:ba80::/32 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 686 (0x2ae)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91606AF/serialNumber=D1E7C24A74414CBDDCFCD88E46C5D5CD3B3EAED7
        Validity
            Not Before: Jan  4 01:19:58 2022 GMT
            Not After : Mar  2 00:00:00 2023 GMT
        Subject: CN=61d3a0be-d2c7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:54:23:96:68:b4:d7:75:91:51:87:dd:19:4e:
                    ba:1a:51:65:f2:53:3b:2b:7d:e0:58:29:93:da:7f:
                    d2:b5:3d:b8:7b:b9:22:fa:58:f6:d2:27:74:a3:1a:
                    60:47:9c:a1:37:f7:a0:31:b4:2d:1d:10:91:33:9e:
                    3e:89:c7:6a:36:cb:a7:4f:0b:53:a8:55:dc:e9:60:
                    09:0c:1f:d8:36:f1:bd:03:af:b2:de:e6:f9:b7:35:
                    e2:c5:9f:12:c7:51:e7:a9:a9:e0:f7:d0:3b:e7:2a:
                    86:bf:51:cb:f8:92:46:45:81:bc:ef:d5:ea:f4:e7:
                    af:25:6c:60:09:40:e3:2b:22:93:cd:1e:9e:89:4d:
                    0e:9a:66:f8:46:4f:11:fe:4b:3f:3c:ad:0c:8a:e6:
                    73:96:d9:32:aa:6b:00:9c:74:59:6c:c3:89:73:d1:
                    5a:bf:f7:bc:80:a9:c7:08:03:94:b9:2c:d1:40:cc:
                    37:57:73:88:f1:84:27:e6:9a:b4:c7:e2:83:c1:49:
                    69:a8:35:51:51:b8:a1:49:46:13:fe:a2:f9:7a:b2:
                    dd:99:c4:e6:43:7b:f8:d5:3d:66:db:cf:d5:dd:56:
                    92:e2:a5:5c:f4:bc:f8:3a:d5:6f:e1:ca:98:bd:31:
                    b5:0b:47:cd:d1:6a:b1:4b:6e:26:25:70:b1:a7:35:
                    f2:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:62:68:BC:C0:91:77:3A:BC:26:2D:62:D9:3B:98:E4:D8:40:4B:9B
            X509v3 Authority Key Identifier:
                keyid:D1:E7:C2:4A:74:41:4C:BD:DC:FC:D8:8E:46:C5:D5:CD:3B:3E:AE:D7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91606AF/A0958F305ECD11EB90876372C4F9AE02/0efCSnRBTL3c_NiORsXVzTs-rtc.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/0efCSnRBTL3c_NiORsXVzTs-rtc.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91606AF/A0958F305ECD11EB90876372C4F9AE02/54BCBC265ECF11EB9CBBAA76C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  42.83.84.0/22
                  43.245.8.0/22
                  103.228.156.0/22
                IPv6:
                  2401:ba80::/32

    Signature Algorithm: sha256WithRSAEncryption
         24:98:e2:ed:34:dc:6c:d4:68:9a:3e:5d:b3:13:6e:bf:02:60:
         23:8c:83:f0:61:de:d1:05:05:d0:f8:cf:29:ec:74:fb:7f:9f:
         9f:7c:a3:01:c2:df:a8:44:1c:5e:a6:94:cc:46:93:e1:14:75:
         76:e0:1c:e2:af:0d:ef:ba:33:6a:6c:80:34:71:05:34:ab:cf:
         81:55:ff:74:52:42:36:b3:18:b9:c8:ae:93:ff:4a:f8:d7:79:
         36:ca:2e:15:bf:9b:c6:92:82:4c:52:c6:f1:99:2a:f4:c4:4f:
         f9:04:27:f9:f1:36:f7:68:67:ad:41:90:e0:86:f0:f0:0d:4f:
         a2:75:3b:09:df:84:60:c1:cb:13:94:04:87:e0:36:74:eb:76:
         6b:07:d6:77:7b:e4:d0:1f:8e:0e:ad:9c:d7:e2:e5:ac:57:1d:
         46:8b:ff:80:ae:5f:5e:53:90:11:90:c5:20:06:24:a3:2e:09:
         23:00:f8:ec:b9:88:7d:7d:e3:f2:cf:0c:bc:a5:13:dd:a3:b9:
         f2:a4:b5:f0:63:b2:2c:a7:ee:06:ef:c5:39:f5:30:2d:ea:2c:
         23:95:82:12:ec:88:24:e0:2f:56:ec:eb:c0:ed:ed:e4:a5:79:
         b9:86:eb:98:6a:62:24:d8:d6:df:89:eb:87:56:a3:a7:37:b6:
         a2:f4:e9:80
-----BEGIN CERTIFICATE-----
MIIFjDCCBHSgAwIBAgICAq4wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NjA2QUYxMTAvBgNVBAUTKEQxRTdDMjRBNzQ0MTRDQkREQ0ZDRDg4RTQ2QzVENUNE
M0IzRUFFRDcwHhcNMjIwMTA0MDExOTU4WhcNMjMwMzAyMDAwMDAwWjAYMRYwFAYD
VQQDEw02MWQzYTBiZS1kMmM3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA2lQjlmi013WRUYfdGU66GlFl8lM7K33gWCmT2n/StT24e7ki+lj20id0oxpg
R5yhN/egMbQtHRCRM54+icdqNsunTwtTqFXc6WAJDB/YNvG9A6+y3ub5tzXixZ8S
x1Hnqang99A75yqGv1HL+JJGRYG879Xq9OevJWxgCUDjKyKTzR6eiU0Ommb4Rk8R
/ks/PK0MiuZzltkyqmsAnHRZbMOJc9Fav/e8gKnHCAOUuSzRQMw3V3OI8YQn5pq0
x+KDwUlpqDVRUbihSUYT/qL5erLdmcTmQ3v41T1m28/V3VaS4qVc9Lz4OtVv4cqY
vTG1C0fN0WqxS24mJXCxpzXyNwIDAQABo4ICsDCCAqwwHQYDVR0OBBYEFJViaLzA
kXc6vCYtYtk7mOTYQEubMB8GA1UdIwQYMBaAFNHnwkp0QUy93PzYjkbF1c07Pq7X
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE2MDZBRi9BMDk1OEYzMDVF
Q0QxMUVCOTA4NzYzNzJDNEY5QUUwMi8wZWZDU25SQlRMM2NfTmlPUnNYVnpUcy1y
dGMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzBlZkNTblJCVEwzY19OaU9Sc1hWelRzLXJ0Yy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NjA2QUYvQTA5NThGMzA1RUNEMTFFQjkwODc2MzcyQzRGOUFFMDIvNTRCQ0JDMjY1
RUNGMTFFQjlDQkJBQTc2QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwOgYIKwYBBQUHAQcBAf8E
KzApMBgEAgABMBIDBAIqU1QDBAIr9QgDBAJn5JwwDQQCAAIwBwMFACQBuoAwDQYJ
KoZIhvcNAQELBQADggEBACSY4u003GzUaJo+XbMTbr8CYCOMg/Bh3tEFBdD4zyns
dPt/n598owHC36hEHF6mlMxGk+EUdXbgHOKvDe+6M2psgDRxBTSrz4FV/3RSQjaz
GLnIrpP/SvjXeTbKLhW/m8aSgkxSxvGZKvTET/kEJ/nxNvdoZ61BkOCG8PANT6J1
OwnfhGDByxOUBIfgNnTrdmsH1nd75NAfjg6tnNfi5axXHUaL/4CuX15TkBGQxSAG
JKMuCSMA+Oy5iH194/LPDLylE92jufKktfBjsiyn7gbvxTn1MC3qLCOVghLsiCTg
L1bs68Dt7eSlebmG65hqYiTY1t+J64dWo6c3tqL06YA=
-----END CERTIFICATE-----