Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91AABB1/8874E9E81D9811E29788A98208B02CD2/696BEACA16C111ECB341F934C4F9AE02.roa
File:                     696BEACA16C111ECB341F934C4F9AE02.roa (raw, json)
Hash identifier:          2v8bmTA5buXsEIDvpxPGwiwZ7MGc+vLsOl8w+GUhwEs=
Subject key identifier:   FD:C6:A7:F4:D1:52:9B:8C:02:33:27:AE:53:3E:A3:3D:BE:22:32:E9
Certificate issuer:       /CN=A91AABB1/serialNumber=EB7FE9892DF000255FCF3AC0B2B4D12AEA6FF806
Certificate serial:       304D
Authority key identifier: EB:7F:E9:89:2D:F0:00:25:5F:CF:3A:C0:B2:B4:D1:2A:EA:6F:F8:06
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/63_piS3wACVfzzrAsrTRKupv-AY.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91AABB1/8874E9E81D9811E29788A98208B02CD2/696BEACA16C111ECB341F934C4F9AE02.roa
Signing time:             Thu 16 Sep 2021 07:40:50 +0000
ROA not before:           Thu 16 Sep 2021 07:40:50 +0000
ROA not after:            Sat 30 Jul 2022 00:00:00 +0000
asID:                     17806
IP address blocks:        103.248.204.0/22 maxlen: 24
                          114.130.0.0/17 maxlen: 24
                          114.130.192.0/19 maxlen: 19
                          2403:ec00::/32 maxlen: 32
                          2403:ec00:c::/48 maxlen: 48
                          2403:ec00:d::/48 maxlen: 48
                          2403:ec00:34::/48 maxlen: 48
                          2403:ec00:35::/48 maxlen: 48
                          2403:ec00:36::/48 maxlen: 48
                          2403:ec00:37::/48 maxlen: 48
                          2403:ec00:38::/48 maxlen: 48
                          2403:ec00:39::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 12365 (0x304d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91AABB1/serialNumber=EB7FE9892DF000255FCF3AC0B2B4D12AEA6FF806
        Validity
            Not Before: Sep 16 07:40:50 2021 GMT
            Not After : Jul 30 00:00:00 2022 GMT
        Subject: CN=6142f501-9f2f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a4:20:9c:3f:81:68:11:ce:84:74:16:db:82:06:
                    81:7d:d9:59:66:3b:b3:3d:3e:58:e7:32:ae:a7:98:
                    9b:2c:ff:5c:66:ec:59:16:fe:d5:aa:01:d2:c0:ae:
                    07:59:13:59:3b:2f:a5:21:68:35:bc:a9:76:da:5e:
                    10:fe:ac:c8:e6:09:f2:35:9c:07:46:63:dd:22:d3:
                    96:5a:31:10:f6:0e:df:f4:94:7c:ca:5f:66:de:6d:
                    73:7f:ae:ea:06:40:01:2c:55:86:98:28:08:c2:2a:
                    27:0d:49:bf:02:c8:76:35:a0:5f:45:aa:ff:3b:d2:
                    d3:d1:bc:f7:1f:7d:4e:05:74:6d:3f:01:8e:0a:a5:
                    31:37:ce:dd:16:0b:2e:64:0b:21:53:0c:0a:ff:6b:
                    c9:8a:3a:ed:21:f7:49:1d:35:57:58:5e:63:74:5f:
                    f1:d0:a3:d7:04:25:4c:40:71:f2:65:13:d0:7b:0e:
                    d8:9b:e6:8e:99:bd:68:3e:2b:c7:a4:82:7a:85:13:
                    09:d4:4d:40:cf:32:f7:11:9f:a0:68:7b:39:3a:24:
                    1a:65:47:69:54:7e:21:f3:e5:27:a4:92:b0:5f:38:
                    4f:68:ef:fc:54:d1:fa:92:a5:b2:76:8d:c1:04:55:
                    33:11:f5:b8:9b:e6:e2:36:5a:09:03:5e:cd:e3:8a:
                    18:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:C6:A7:F4:D1:52:9B:8C:02:33:27:AE:53:3E:A3:3D:BE:22:32:E9
            X509v3 Authority Key Identifier:
                keyid:EB:7F:E9:89:2D:F0:00:25:5F:CF:3A:C0:B2:B4:D1:2A:EA:6F:F8:06

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91AABB1/8874E9E81D9811E29788A98208B02CD2/63_piS3wACVfzzrAsrTRKupv-AY.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/63_piS3wACVfzzrAsrTRKupv-AY.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91AABB1/8874E9E81D9811E29788A98208B02CD2/696BEACA16C111ECB341F934C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.248.204.0/22
                  114.130.0.0/17
                  114.130.192.0/19
                IPv6:
                  2403:ec00::/32

    Signature Algorithm: sha256WithRSAEncryption
         92:ea:41:d3:5c:3a:d8:8b:2f:93:6b:2a:e7:53:3f:a2:8f:94:
         6c:2c:d9:0c:fe:2c:f5:3d:82:17:40:9d:2e:47:04:c7:6f:36:
         27:ae:dc:ad:c6:33:18:66:0a:4b:d5:57:2f:09:05:22:33:e5:
         91:61:10:7b:ed:38:c7:a8:c7:12:14:f9:75:9c:02:b5:72:25:
         cf:7e:78:fe:03:5a:ee:fb:da:bb:2c:97:3c:36:e6:25:9f:41:
         30:5c:cf:60:0c:61:3c:25:f6:42:21:50:1d:42:a0:3a:a2:eb:
         d4:3e:15:f1:43:94:b1:94:6f:dc:a3:96:28:86:a4:05:d0:53:
         54:7f:94:de:5e:a5:41:fd:29:11:85:e9:56:d2:29:a8:6c:d4:
         4a:4d:c0:50:88:b9:f7:e5:95:24:50:13:31:8b:c1:d1:5e:a3:
         21:4f:a8:0c:67:d1:7b:64:c9:44:40:eb:5b:be:10:55:ca:56:
         84:06:0f:49:ec:09:46:15:7e:52:09:96:56:16:e9:96:6a:d6:
         f2:e3:1f:a5:65:fb:c7:d7:04:33:03:05:c3:a3:82:92:07:a4:
         66:77:19:2a:84:d4:58:2d:46:28:fc:37:5f:db:3e:6b:08:e8:
         1e:01:03:f6:f9:1f:45:d4:b4:89:94:ef:27:ef:06:33:0d:50:
         fa:e6:f0:e7
-----BEGIN CERTIFICATE-----
MIIFjDCCBHSgAwIBAgICME0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QUFCQjExMTAvBgNVBAUTKEVCN0ZFOTg5MkRGMDAwMjU1RkNGM0FDMEIyQjREMTJB
RUE2RkY4MDYwHhcNMjEwOTE2MDc0MDUwWhcNMjIwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02MTQyZjUwMS05ZjJmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEApCCcP4FoEc6EdBbbggaBfdlZZjuzPT5Y5zKup5ibLP9cZuxZFv7VqgHSwK4H
WRNZOy+lIWg1vKl22l4Q/qzI5gnyNZwHRmPdItOWWjEQ9g7f9JR8yl9m3m1zf67q
BkABLFWGmCgIwionDUm/Ash2NaBfRar/O9LT0bz3H31OBXRtPwGOCqUxN87dFgsu
ZAshUwwK/2vJijrtIfdJHTVXWF5jdF/x0KPXBCVMQHHyZRPQew7Ym+aOmb1oPivH
pIJ6hRMJ1E1AzzL3EZ+gaHs5OiQaZUdpVH4h8+UnpJKwXzhPaO/8VNH6kqWydo3B
BFUzEfW4m+biNloJA17N44oYwQIDAQABo4ICsDCCAqwwHQYDVR0OBBYEFP3Gp/TR
UpuMAjMnrlM+oz2+IjLpMB8GA1UdIwQYMBaAFOt/6Ykt8AAlX886wLK00Srqb/gG
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBQUJCMS84ODc0RTlFODFE
OTgxMUUyOTc4OEE5ODIwOEIwMkNEMi82M19waVMzd0FDVmZ6enJBc3JUUkt1cHYt
QVkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzYzX3BpUzN3QUNWZnp6ckFzclRSS3Vwdi1BWS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QUFCQjEvODg3NEU5RTgxRDk4MTFFMjk3ODhBOTgyMDhCMDJDRDIvNjk2QkVBQ0Ex
NkMxMTFFQ0IzNDFGOTM0QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwOgYIKwYBBQUHAQcBAf8E
KzApMBgEAgABMBIDBAJn+MwDBAdyggADBAVygsAwDQQCAAIwBwMFACQD7AAwDQYJ
KoZIhvcNAQELBQADggEBAJLqQdNcOtiLL5NrKudTP6KPlGws2Qz+LPU9ghdAnS5H
BMdvNieu3K3GMxhmCkvVVy8JBSIz5ZFhEHvtOMeoxxIU+XWcArVyJc9+eP4DWu77
2rsslzw25iWfQTBcz2AMYTwl9kIhUB1CoDqi69Q+FfFDlLGUb9yjliiGpAXQU1R/
lN5epUH9KRGF6VbSKahs1EpNwFCIuffllSRQEzGLwdFeoyFPqAxn0XtkyURA61u+
EFXKVoQGD0nsCUYVflIJllYW6ZZq1vLjH6Vl+8fXBDMDBcOjgpIHpGZ3GSqE1Fgt
Rij8N1/bPmsI6B4BA/b5H0XUtImU7yfvBjMNUPrm8Oc=
-----END CERTIFICATE-----