Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9187E45/5F6AB10C529711ECA377E670C4F9AE02/D10182C6C4A411EC92F33D29C4F9AE02.roa
File:                     D10182C6C4A411EC92F33D29C4F9AE02.roa (raw, json)
Hash identifier:          y9PseYd3l/MMbkVqr6nQ/xnZfBol8aVmnF7gHJLcnDU=
Subject key identifier:   29:6E:9E:56:B7:0D:C1:86:82:13:DC:97:32:F1:B5:19:F0:2D:55:1B
Certificate issuer:       /CN=A9187E45/serialNumber=B7C2BECC97B42379C44AD1AEB5E073E2A3DA511E
Certificate serial:       0141
Authority key identifier: B7:C2:BE:CC:97:B4:23:79:C4:4A:D1:AE:B5:E0:73:E2:A3:DA:51:1E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/t8K-zJe0I3nEStGuteBz4qPaUR4.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9187E45/5F6AB10C529711ECA377E670C4F9AE02/D10182C6C4A411EC92F33D29C4F9AE02.roa
Signing time:             Fri 29 Apr 2022 23:13:39 +0000
ROA not before:           Fri 29 Apr 2022 23:13:39 +0000
ROA not after:            Tue 31 Jan 2023 00:00:00 +0000
asID:                     149794
IP address blocks:        103.176.189.0/24 maxlen: 24
                          2400:7060::/32 maxlen: 32
                          2400:7060::/48 maxlen: 48
                          2400:7060:1::/48 maxlen: 48
                          2400:7060:2::/48 maxlen: 48
                          2400:7060:3::/48 maxlen: 48
                          2400:7060:4::/48 maxlen: 48
                          2400:7060:5::/48 maxlen: 48
                          2400:7060:6::/48 maxlen: 48
                          2400:7060:7::/48 maxlen: 48
                          2400:7060:8::/48 maxlen: 48
                          2400:7060:9::/48 maxlen: 48
                          2400:7060:a::/48 maxlen: 48
                          2400:7060:b::/48 maxlen: 48
                          2400:7060:c::/48 maxlen: 48
                          2400:7060:d::/48 maxlen: 48
                          2400:7060:e::/48 maxlen: 48
                          2400:7060:f::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 321 (0x141)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9187E45/serialNumber=B7C2BECC97B42379C44AD1AEB5E073E2A3DA511E
        Validity
            Not Before: Apr 29 23:13:39 2022 GMT
            Not After : Jan 31 00:00:00 2023 GMT
        Subject: CN=626c7122-863c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:21:80:f3:0e:63:33:ee:88:5e:b9:d7:7f:c8:
                    29:b2:aa:b6:44:80:9f:b7:49:ab:47:28:2b:d8:2a:
                    c6:f4:58:26:34:4a:f4:ee:05:49:12:80:bd:71:a6:
                    5f:69:68:ba:c5:9a:16:ca:47:5a:7b:11:6c:46:1b:
                    6c:b9:49:93:13:c7:15:c3:3c:a3:da:3d:06:52:97:
                    3b:f7:c2:5e:40:e8:72:1a:51:4b:a0:9d:44:51:67:
                    c0:c2:e1:fe:b6:d9:f4:58:b9:cd:d5:0e:83:91:66:
                    0a:f7:a3:70:8e:3e:fd:83:a7:66:81:11:ea:93:be:
                    3f:e2:84:6b:85:1f:aa:52:46:f9:28:78:b7:09:8d:
                    81:ef:7c:8d:ac:f0:b9:f8:be:14:3a:e9:76:07:dd:
                    c7:d6:1a:eb:ba:4f:4c:32:19:39:3c:ad:37:00:da:
                    9c:d4:9e:2b:bb:d2:69:61:0d:60:e8:00:5d:a3:0f:
                    27:32:95:e0:32:9d:dc:1b:8a:5b:4b:3c:15:a3:ba:
                    a0:10:07:e8:0d:b9:5f:70:fb:57:cd:3b:40:f6:03:
                    a1:57:9e:c6:b6:df:db:b9:d5:57:f0:08:04:75:6a:
                    67:16:e4:27:60:e6:8b:22:67:9b:b2:da:25:b4:bb:
                    c9:a6:42:48:d5:cb:85:06:ee:18:0e:5c:75:a3:9d:
                    fb:e3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:6E:9E:56:B7:0D:C1:86:82:13:DC:97:32:F1:B5:19:F0:2D:55:1B
            X509v3 Authority Key Identifier:
                keyid:B7:C2:BE:CC:97:B4:23:79:C4:4A:D1:AE:B5:E0:73:E2:A3:DA:51:1E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9187E45/5F6AB10C529711ECA377E670C4F9AE02/t8K-zJe0I3nEStGuteBz4qPaUR4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/t8K-zJe0I3nEStGuteBz4qPaUR4.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9187E45/5F6AB10C529711ECA377E670C4F9AE02/D10182C6C4A411EC92F33D29C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.176.189.0/24
                IPv6:
                  2400:7060::/32

    Signature Algorithm: sha256WithRSAEncryption
         1f:30:c3:eb:2c:b4:d3:b3:d3:c2:38:5c:7d:16:06:c9:2a:86:
         a2:d8:74:d1:a7:05:92:eb:cd:ce:ff:11:b2:82:74:78:ef:ba:
         31:9e:1d:b3:f3:7b:28:b2:8f:64:a7:81:ed:c1:4f:8c:b4:4a:
         57:a8:44:4a:0e:12:07:fc:08:86:5e:92:e4:00:e3:21:4d:6c:
         3c:b7:95:9b:e5:0b:d6:98:aa:cb:7f:a6:d3:2a:6e:6d:c3:b8:
         90:ca:0f:4b:65:c1:08:bf:69:3c:d4:3a:97:25:9b:fb:c4:7c:
         09:69:d4:58:3b:50:2f:26:0a:4a:8b:e7:41:c9:fd:a6:fe:36:
         48:5d:b3:be:7f:01:3f:42:d5:da:5c:99:29:eb:c2:17:8e:1d:
         46:3f:20:59:ab:9f:f7:6f:2c:41:62:2f:ef:52:ed:ab:a6:32:
         0e:20:3f:7a:b5:0e:8b:a7:e4:57:c1:cb:39:b7:ef:dd:06:39:
         6f:3a:98:0e:7e:aa:73:cf:6d:3b:48:00:6d:41:17:f3:6e:e2:
         c2:1c:57:4b:04:23:45:fb:ca:45:8e:8e:8a:c3:92:6e:c0:b5:
         31:b8:0c:dd:45:67:14:a1:c3:e2:7e:ff:13:fa:ca:6e:2d:3a:
         d2:45:44:20:06:9f:62:cb:3f:56:6d:e9:3c:36:92:66:76:6e:
         86:94:d9:1f
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICAUEwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
ODdFNDUxMTAvBgNVBAUTKEI3QzJCRUNDOTdCNDIzNzlDNDRBRDFBRUI1RTA3M0Uy
QTNEQTUxMUUwHhcNMjIwNDI5MjMxMzM5WhcNMjMwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MjZjNzEyMi04NjNjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAtiGA8w5jM+6IXrnXf8gpsqq2RICft0mrRygr2CrG9FgmNEr07gVJEoC9caZf
aWi6xZoWykdaexFsRhtsuUmTE8cVwzyj2j0GUpc798JeQOhyGlFLoJ1EUWfAwuH+
ttn0WLnN1Q6DkWYK96Nwjj79g6dmgRHqk74/4oRrhR+qUkb5KHi3CY2B73yNrPC5
+L4UOul2B93H1hrruk9MMhk5PK03ANqc1J4ru9JpYQ1g6ABdow8nMpXgMp3cG4pb
SzwVo7qgEAfoDblfcPtXzTtA9gOhV57Gtt/budVX8AgEdWpnFuQnYOaLImebstol
tLvJpkJI1cuFBu4YDlx1o5374wIDAQABo4ICpDCCAqAwHQYDVR0OBBYEFClunla3
DcGGghPclzLxtRnwLVUbMB8GA1UdIwQYMBaAFLfCvsyXtCN5xErRrrXgc+Kj2lEe
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4N0U0NS81RjZBQjEwQzUy
OTcxMUVDQTM3N0U2NzBDNEY5QUUwMi90OEstekplMEkzbkVTdEd1dGVCejRxUGFV
UjQuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3Q4Sy16SmUwSTNuRVN0R3V0ZUJ6NHFQYVVSNC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
ODdFNDUvNUY2QUIxMEM1Mjk3MTFFQ0EzNzdFNjcwQzRGOUFFMDIvRDEwMTgyQzZD
NEE0MTFFQzkyRjMzRDI5QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLgYIKwYBBQUHAQcBAf8E
HzAdMAwEAgABMAYDBABnsL0wDQQCAAIwBwMFACQAcGAwDQYJKoZIhvcNAQELBQAD
ggEBAB8ww+sstNOz08I4XH0WBskqhqLYdNGnBZLrzc7/EbKCdHjvujGeHbPzeyiy
j2Snge3BT4y0SleoREoOEgf8CIZekuQA4yFNbDy3lZvlC9aYqst/ptMqbm3DuJDK
D0tlwQi/aTzUOpclm/vEfAlp1Fg7UC8mCkqL50HJ/ab+Nkhds75/AT9C1dpcmSnr
wheOHUY/IFmrn/dvLEFiL+9S7aumMg4gP3q1Doun5FfByzm3790GOW86mA5+qnPP
bTtIAG1BF/Nu4sIcV0sEI0X7ykWOjorDkm7AtTG4DN1FZxShw+J+/xP6ym4tOtJF
RCAGn2LLP1Zt6Tw2kmZ2boaU2R8=
-----END CERTIFICATE-----