Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9188F6D/9A5B1A9EF66A11E9BF50697AC4F9AE02/A5BB8C80B19211EC9EAAD44EC4F9AE02.roa
File:                     A5BB8C80B19211EC9EAAD44EC4F9AE02.roa (raw, json)
Hash identifier:          AhI8kK3Orl2/Y/jS9QCpzdLW4kh/sqAY8R73MleJCO4=
Subject key identifier:   D1:6C:F8:F6:B7:4A:CC:DC:60:85:3C:E0:21:E5:D8:8E:9C:FB:C9:87
Certificate issuer:       /CN=A9188F6D/serialNumber=FD06B1508557F65F68CCBA3C203ECAAD075DD19B
Certificate serial:       0989
Authority key identifier: FD:06:B1:50:85:57:F6:5F:68:CC:BA:3C:20:3E:CA:AD:07:5D:D1:9B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_QaxUIVX9l9ozLo8ID7KrQdd0Zs.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9188F6D/9A5B1A9EF66A11E9BF50697AC4F9AE02/A5BB8C80B19211EC9EAAD44EC4F9AE02.roa
Signing time:             Thu 14 Apr 2022 07:46:08 +0000
ROA not before:           Thu 14 Apr 2022 07:46:08 +0000
ROA not after:            Mon 01 May 2023 00:00:00 +0000
asID:                     134599
IP address blocks:        103.214.200.0/24 maxlen: 24
                          103.214.203.0/24 maxlen: 24
                          144.48.150.0/24 maxlen: 24
                          144.48.151.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2441 (0x989)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9188F6D/serialNumber=FD06B1508557F65F68CCBA3C203ECAAD075DD19B
        Validity
            Not Before: Apr 14 07:46:08 2022 GMT
            Not After : May  1 00:00:00 2023 GMT
        Subject: CN=6257d140-a94d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:dc:5e:7f:bd:bf:b5:17:0d:5b:c2:17:48:6f:
                    30:75:e3:12:64:bc:da:67:ea:c8:59:25:9f:68:af:
                    a6:50:8a:e6:d0:73:20:87:fb:9b:c3:12:86:6e:cd:
                    4b:f6:16:84:ad:32:6f:c8:fa:92:d6:70:fc:9e:18:
                    ab:df:90:44:24:b9:b2:cd:20:a2:fb:e4:b6:76:e6:
                    e4:78:e1:fd:90:4f:a6:ef:84:21:d8:22:df:ec:15:
                    e1:4b:87:53:ce:03:8e:d4:74:9d:6e:75:9b:3d:4e:
                    bd:77:01:3d:0a:b2:03:1a:08:98:37:f6:63:ba:96:
                    13:36:b6:78:dd:ed:a7:da:42:7e:1b:cf:6a:1e:c2:
                    f5:9f:2a:c5:5c:37:43:b9:e7:b6:19:a1:05:29:38:
                    da:d5:51:74:ea:58:b3:b9:77:24:89:94:db:2a:e1:
                    53:64:35:8e:15:8c:03:5a:80:6e:e5:5d:6a:1d:2e:
                    ce:a6:75:99:2e:52:30:b4:22:04:7c:68:17:fa:3b:
                    3a:73:14:78:b7:c1:b6:1d:6c:17:1c:67:76:a6:ac:
                    55:bc:40:b4:43:11:95:1a:e8:e0:27:e3:a5:d2:85:
                    41:fd:65:dd:37:e3:71:c2:8f:84:60:63:a7:ca:a2:
                    b1:39:3a:5c:14:9d:d1:5a:ee:57:50:cb:bd:fb:f9:
                    a3:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D1:6C:F8:F6:B7:4A:CC:DC:60:85:3C:E0:21:E5:D8:8E:9C:FB:C9:87
            X509v3 Authority Key Identifier:
                keyid:FD:06:B1:50:85:57:F6:5F:68:CC:BA:3C:20:3E:CA:AD:07:5D:D1:9B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9188F6D/9A5B1A9EF66A11E9BF50697AC4F9AE02/_QaxUIVX9l9ozLo8ID7KrQdd0Zs.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_QaxUIVX9l9ozLo8ID7KrQdd0Zs.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9188F6D/9A5B1A9EF66A11E9BF50697AC4F9AE02/A5BB8C80B19211EC9EAAD44EC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.214.200.0/24
                  103.214.203.0/24
                  144.48.150.0/23

    Signature Algorithm: sha256WithRSAEncryption
         17:7c:0d:68:16:5e:df:f7:19:2c:42:1f:ac:2e:d7:74:dc:ad:
         5c:3c:57:72:e9:13:5c:c2:75:30:12:65:b8:8b:cb:53:f2:03:
         16:0e:57:f9:4d:ad:f2:37:36:94:ca:37:9e:5c:c3:64:2f:ca:
         cf:f8:bb:ad:3a:0b:2d:33:b5:ef:c7:17:3e:98:f0:dd:ec:dd:
         86:a8:4c:10:46:9b:f3:c8:3e:e1:07:42:8e:62:0c:b5:9e:bb:
         9e:56:37:3a:bc:a9:53:bf:dd:f1:ec:c4:9c:5e:1a:fe:37:e3:
         2d:6d:16:cb:f7:c3:c2:4b:5e:90:71:04:2f:4f:cd:b5:c9:1d:
         dc:49:b4:94:45:0d:08:4a:e1:59:e1:bc:d5:71:01:47:e5:a3:
         60:38:df:48:59:e7:54:7e:44:57:55:56:e3:57:03:28:3d:94:
         b8:b0:c4:fa:5a:5a:bc:75:98:97:ee:d5:2c:51:a4:42:21:cf:
         f8:43:40:9d:9b:e2:c1:a9:2e:5d:62:ad:94:80:d2:90:28:f5:
         e9:0a:fa:a0:f8:82:16:75:57:d1:77:77:ec:77:d4:24:ba:84:
         a4:39:5e:3f:35:48:ce:67:9e:86:a3:02:86:87:0a:60:c8:3c:
         60:9e:af:a1:c8:82:7c:d2:bf:70:98:30:d7:53:95:56:a7:f9:
         2b:a1:e0:90
-----BEGIN CERTIFICATE-----
MIIFfTCCBGWgAwIBAgICCYkwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
ODhGNkQxMTAvBgNVBAUTKEZEMDZCMTUwODU1N0Y2NUY2OENDQkEzQzIwM0VDQUFE
MDc1REQxOUIwHhcNMjIwNDE0MDc0NjA4WhcNMjMwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MjU3ZDE0MC1hOTRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAy9xef72/tRcNW8IXSG8wdeMSZLzaZ+rIWSWfaK+mUIrm0HMgh/ubwxKGbs1L
9haErTJvyPqS1nD8nhir35BEJLmyzSCi++S2dubkeOH9kE+m74Qh2CLf7BXhS4dT
zgOO1HSdbnWbPU69dwE9CrIDGgiYN/ZjupYTNrZ43e2n2kJ+G89qHsL1nyrFXDdD
uee2GaEFKTja1VF06lizuXckiZTbKuFTZDWOFYwDWoBu5V1qHS7OpnWZLlIwtCIE
fGgX+js6cxR4t8G2HWwXHGd2pqxVvEC0QxGVGujgJ+Ol0oVB/WXdN+Nxwo+EYGOn
yqKxOTpcFJ3RWu5XUMu9+/mjNwIDAQABo4ICoTCCAp0wHQYDVR0OBBYEFNFs+Pa3
SszcYIU84CHl2I6c+8mHMB8GA1UdIwQYMBaAFP0GsVCFV/ZfaMy6PCA+yq0HXdGb
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4OEY2RC85QTVCMUE5RUY2
NkExMUU5QkY1MDY5N0FDNEY5QUUwMi9fUWF4VUlWWDlsOW96TG84SUQ3S3JRZGQw
WnMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL19RYXhVSVZYOWw5b3pMbzhJRDdLclFkZDBacy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
ODhGNkQvOUE1QjFBOUVGNjZBMTFFOUJGNTA2OTdBQzRGOUFFMDIvQTVCQjhDODBC
MTkyMTFFQzlFQUFENDRFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwKwYIKwYBBQUHAQcBAf8E
HDAaMBgEAgABMBIDBABn1sgDBABn1ssDBAGQMJYwDQYJKoZIhvcNAQELBQADggEB
ABd8DWgWXt/3GSxCH6wu13TcrVw8V3LpE1zCdTASZbiLy1PyAxYOV/lNrfI3NpTK
N55cw2Qvys/4u606Cy0zte/HFz6Y8N3s3YaoTBBGm/PIPuEHQo5iDLWeu55WNzq8
qVO/3fHsxJxeGv434y1tFsv3w8JLXpBxBC9PzbXJHdxJtJRFDQhK4VnhvNVxAUfl
o2A430hZ51R+RFdVVuNXAyg9lLiwxPpaWrx1mJfu1SxRpEIhz/hDQJ2b4sGpLl1i
rZSA0pAo9ekK+qD4ghZ1V9F3d+x31CS6hKQ5Xj81SM5nnoajAoaHCmDIPGCer6HI
gnzSv3CYMNdTlVan+Suh4JA=
-----END CERTIFICATE-----