Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A917E678/72583AFA695711E8A42BE680C4F9AE02/9F69EF1C92BA11EC85F52130C4F9AE02.roa
File:                     9F69EF1C92BA11EC85F52130C4F9AE02.roa (raw, json)
Hash identifier:          0Y2AjKgUxsLyZLjZ3eROrXxkXoZLo/cP63Tj+sP9ev4=
Subject key identifier:   63:73:D1:15:14:6F:35:C6:AA:01:EB:08:D8:54:D2:D4:2B:AB:B9:61
Certificate issuer:       /CN=A917E678/serialNumber=4DB035D374C8412CE680D9DA0ADBEC06429D88B8
Certificate serial:       10F0
Authority key identifier: 4D:B0:35:D3:74:C8:41:2C:E6:80:D9:DA:0A:DB:EC:06:42:9D:88:B8
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/TbA103TIQSzmgNnaCtvsBkKdiLg.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A917E678/72583AFA695711E8A42BE680C4F9AE02/9F69EF1C92BA11EC85F52130C4F9AE02.roa
Signing time:             Mon 21 Feb 2022 02:24:25 +0000
ROA not before:           Mon 21 Feb 2022 02:24:25 +0000
ROA not after:            Fri 30 Sep 2022 00:00:00 +0000
asID:                     45474
IP address blocks:        103.239.72.0/24 maxlen: 24
                          103.239.73.0/24 maxlen: 24
                          103.240.156.0/24 maxlen: 24
                          103.240.157.0/24 maxlen: 24
                          103.240.158.0/24 maxlen: 24
                          103.240.159.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4336 (0x10f0)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A917E678/serialNumber=4DB035D374C8412CE680D9DA0ADBEC06429D88B8
        Validity
            Not Before: Feb 21 02:24:25 2022 GMT
            Not After : Sep 30 00:00:00 2022 GMT
        Subject: CN=6212f7d9-b87a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:27:e0:dd:26:d9:ea:83:04:16:6d:66:b3:dc:
                    b4:64:6f:7e:57:eb:1c:d1:4f:d9:95:63:b3:ce:94:
                    b8:3e:90:04:1d:5f:81:b0:a1:ac:8f:80:4b:8b:2c:
                    e7:fb:50:b1:96:84:23:00:d6:df:a0:0c:ae:f3:62:
                    73:99:07:e5:3e:7a:4c:9d:92:a3:e3:bc:c1:50:d6:
                    96:2c:1f:db:b2:82:d8:aa:45:56:6b:27:2d:ec:f7:
                    3c:51:25:3f:5b:17:58:70:4c:b4:e7:a9:f2:ec:43:
                    ef:48:f9:45:ac:b6:63:ea:1c:11:6c:59:a9:47:d0:
                    71:ff:33:99:bf:a5:9c:48:6a:71:bb:f4:90:e6:5d:
                    26:84:12:b2:2f:e0:c4:8a:74:58:b7:89:8e:fd:f0:
                    50:e8:c7:bc:b6:4a:08:6d:5d:3c:3c:8e:da:37:ec:
                    cf:e4:3b:77:f5:53:e6:c9:20:b0:0f:67:48:b6:ce:
                    f6:e5:ff:fd:b3:58:6f:7c:a6:03:96:c5:10:8a:da:
                    74:75:a3:6b:59:38:3a:97:99:ca:d3:b6:a4:7a:a2:
                    08:f3:16:c5:e6:4c:a6:f4:60:23:50:c4:ac:1a:f8:
                    c2:20:66:bf:06:90:60:bb:91:e5:0a:61:e0:bd:88:
                    e5:f4:c1:cd:dd:86:82:0c:9c:bd:c3:28:39:62:95:
                    27:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:73:D1:15:14:6F:35:C6:AA:01:EB:08:D8:54:D2:D4:2B:AB:B9:61
            X509v3 Authority Key Identifier:
                keyid:4D:B0:35:D3:74:C8:41:2C:E6:80:D9:DA:0A:DB:EC:06:42:9D:88:B8

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A917E678/72583AFA695711E8A42BE680C4F9AE02/TbA103TIQSzmgNnaCtvsBkKdiLg.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/TbA103TIQSzmgNnaCtvsBkKdiLg.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A917E678/72583AFA695711E8A42BE680C4F9AE02/9F69EF1C92BA11EC85F52130C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.239.72.0/23
                  103.240.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4e:1c:2b:9f:a8:b0:56:4f:14:ed:15:7a:cf:89:6c:b7:57:42:
         9b:61:66:72:6e:df:dd:8a:9c:f8:ee:b1:84:5e:9a:76:2f:e8:
         f7:88:92:0b:f8:92:32:8d:61:cb:2e:70:64:e7:01:17:cc:f1:
         8d:89:5c:8d:ea:fd:42:54:c2:fa:b5:e7:7d:1d:f6:47:3f:9d:
         6f:d8:ee:c7:84:bd:63:db:87:18:6c:16:2b:5d:e5:99:7a:5c:
         71:1d:f3:4e:45:e6:f9:83:08:6c:9c:32:06:6c:75:1b:9f:00:
         b1:90:a6:23:fe:41:bb:ef:e5:6e:43:94:7e:25:ef:5a:5d:c3:
         28:a1:5d:73:06:10:0e:a1:55:89:b3:9d:ab:86:f6:4f:71:69:
         4a:c5:9f:ec:5b:16:a2:6f:bb:82:f7:a2:cd:46:11:a7:2f:ea:
         cf:a6:b5:6c:c0:9c:5a:75:49:2a:ba:b2:a3:8b:7a:cd:69:87:
         49:48:fd:9c:45:85:16:e3:f5:54:55:a9:c5:48:e4:bd:e6:aa:
         e1:0f:e9:9d:f1:43:0b:ea:0a:be:e9:b6:06:a8:c0:77:ac:2f:
         1e:3f:18:eb:08:e1:4f:bc:b4:e7:9c:db:be:6f:de:a9:77:52:
         cd:fc:04:41:86:80:7c:a5:f7:1a:66:8b:d5:eb:41:f8:df:7a:
         3b:42:ac:18
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICEPAwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
N0U2NzgxMTAvBgNVBAUTKDREQjAzNUQzNzRDODQxMkNFNjgwRDlEQTBBREJFQzA2
NDI5RDg4QjgwHhcNMjIwMjIxMDIyNDI1WhcNMjIwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02MjEyZjdkOS1iODdhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAwifg3SbZ6oMEFm1ms9y0ZG9+V+sc0U/ZlWOzzpS4PpAEHV+BsKGsj4BLiyzn
+1CxloQjANbfoAyu82JzmQflPnpMnZKj47zBUNaWLB/bsoLYqkVWayct7Pc8USU/
WxdYcEy056ny7EPvSPlFrLZj6hwRbFmpR9Bx/zOZv6WcSGpxu/SQ5l0mhBKyL+DE
inRYt4mO/fBQ6Me8tkoIbV08PI7aN+zP5Dt39VPmySCwD2dIts725f/9s1hvfKYD
lsUQitp0daNrWTg6l5nK07akeqII8xbF5kym9GAjUMSsGvjCIGa/BpBgu5HlCmHg
vYjl9MHN3YaCDJy9wyg5YpUnOwIDAQABo4ICmzCCApcwHQYDVR0OBBYEFGNz0RUU
bzXGqgHrCNhU0tQrq7lhMB8GA1UdIwQYMBaAFE2wNdN0yEEs5oDZ2grb7AZCnYi4
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3RTY3OC83MjU4M0FGQTY5
NTcxMUU4QTQyQkU2ODBDNEY5QUUwMi9UYkExMDNUSVFTem1nTm5hQ3R2c0JrS2Rp
TGcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1RiQTEwM1RJUVN6bWdObmFDdHZzQmtLZGlMZy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
N0U2NzgvNzI1ODNBRkE2OTU3MTFFOEE0MkJFNjgwQzRGOUFFMDIvOUY2OUVGMUM5
MkJBMTFFQzg1RjUyMTMwQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBAFn70gDBAJn8JwwDQYJKoZIhvcNAQELBQADggEBAE4cK5+o
sFZPFO0Ves+JbLdXQpthZnJu392KnPjusYRemnYv6PeIkgv4kjKNYcsucGTnARfM
8Y2JXI3q/UJUwvq1530d9kc/nW/Y7seEvWPbhxhsFitd5Zl6XHEd805F5vmDCGyc
MgZsdRufALGQpiP+Qbvv5W5DlH4l71pdwyihXXMGEA6hVYmznauG9k9xaUrFn+xb
FqJvu4L3os1GEacv6s+mtWzAnFp1SSq6sqOLes1ph0lI/ZxFhRbj9VRVqcVI5L3m
quEP6Z3xQwvqCr7ptgaowHesLx4/GOsI4U+8tOec275v3ql3Us38BEGGgHyl9xpm
i9XrQfjfejtCrBg=
-----END CERTIFICATE-----