Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91B0720/209F8B74A79B11EC8DD2B157C4F9AE02/C630B2F4C0BB11EDB310CF2FC4F9AE02.roa
File:                     C630B2F4C0BB11EDB310CF2FC4F9AE02.roa (raw, json)
Hash identifier:          6zxNSEB8OcsjADiuU+yIQppJ9fcVtwipuRxUW4QiYto=
Subject key identifier:   DF:1A:2A:B1:20:61:FB:02:29:D3:05:39:19:4B:5E:31:FD:08:B3:99
Certificate issuer:       /CN=A91B0720/serialNumber=1B036BFF87807CBFC6E91236CB086D4FE2B0993D
Certificate serial:       01FA
Authority key identifier: 1B:03:6B:FF:87:80:7C:BF:C6:E9:12:36:CB:08:6D:4F:E2:B0:99:3D
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/GwNr_4eAfL_G6RI2ywhtT-KwmT0.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91B0720/209F8B74A79B11EC8DD2B157C4F9AE02/C630B2F4C0BB11EDB310CF2FC4F9AE02.roa
Signing time:             Sun 12 Mar 2023 09:53:44 +0000
ROA not before:           Sun 12 Mar 2023 09:53:43 +0000
ROA not after:            Sun 30 Jul 2023 00:00:00 +0000
asID:                     149058
IP address blocks:        103.138.147.0/24 maxlen: 24
                          2407:3b40::/32 maxlen: 32
                          2407:3b40::/36 maxlen: 36
                          2407:3b40:1000::/36 maxlen: 36
                          2407:3b40:2000::/36 maxlen: 36
                          2407:3b40:3000::/36 maxlen: 36
                          2407:3b40:4000::/36 maxlen: 36
                          2407:3b40:5000::/36 maxlen: 36
                          2407:3b40:6000::/36 maxlen: 36
                          2407:3b40:7000::/36 maxlen: 36
                          2407:3b40:8000::/36 maxlen: 36
                          2407:3b40:9000::/36 maxlen: 36
                          2407:3b40:a000::/36 maxlen: 36
                          2407:3b40:b000::/36 maxlen: 36
                          2407:3b40:c000::/36 maxlen: 36

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 506 (0x1fa)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91B0720/serialNumber=1B036BFF87807CBFC6E91236CB086D4FE2B0993D
        Validity
            Not Before: Mar 12 09:53:43 2023 GMT
            Not After : Jul 30 00:00:00 2023 GMT
        Subject: CN=640da127-2d1e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:96:e3:7c:3f:f7:b1:7a:46:e7:f0:07:35:23:cf:
                    2d:f0:1f:12:ae:4b:a3:f7:8e:ec:ae:cf:49:20:f4:
                    c7:7a:c9:a5:c5:01:37:07:fe:71:97:15:8e:c6:34:
                    d5:9d:38:1a:d2:4b:82:00:e5:f2:58:30:13:3d:30:
                    c8:cc:66:cc:88:0e:2c:a3:11:0e:64:24:94:ba:9c:
                    d2:64:66:18:1a:63:dc:f5:9c:84:81:71:6b:19:a1:
                    99:4d:95:c0:9b:e8:5a:46:7f:ef:c0:42:ec:bc:16:
                    13:ee:73:cd:2a:86:34:23:2e:08:21:a4:e8:68:9a:
                    91:b8:28:0a:bc:d0:57:ba:1f:25:bd:2a:90:82:c0:
                    1b:64:9b:62:49:26:9e:14:0e:a2:40:b0:52:fc:e2:
                    c6:ec:71:fb:9f:32:ec:fc:8b:bc:87:af:d4:ef:e9:
                    c7:1e:7d:bf:20:88:2a:d0:dc:b5:f6:b9:6f:57:73:
                    52:de:74:ee:27:38:cd:99:b6:c6:a7:0a:84:e6:63:
                    d9:30:b3:92:a9:15:09:37:95:a9:45:d3:29:9f:0d:
                    fe:7a:85:97:d5:af:db:77:1b:e7:88:d2:a1:24:e5:
                    43:9c:a3:4e:42:bf:c1:4b:e8:ae:c1:fc:b9:69:fd:
                    ce:60:48:52:cc:98:a6:be:5c:f5:e8:59:11:c8:f4:
                    b5:93
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DF:1A:2A:B1:20:61:FB:02:29:D3:05:39:19:4B:5E:31:FD:08:B3:99
            X509v3 Authority Key Identifier:
                keyid:1B:03:6B:FF:87:80:7C:BF:C6:E9:12:36:CB:08:6D:4F:E2:B0:99:3D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91B0720/209F8B74A79B11EC8DD2B157C4F9AE02/GwNr_4eAfL_G6RI2ywhtT-KwmT0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/GwNr_4eAfL_G6RI2ywhtT-KwmT0.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B0720/209F8B74A79B11EC8DD2B157C4F9AE02/C630B2F4C0BB11EDB310CF2FC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.138.147.0/24
                IPv6:
                  2407:3b40::/32

    Signature Algorithm: sha256WithRSAEncryption
         74:31:c9:ad:d8:d3:18:13:9f:d6:64:25:d8:e4:41:16:3e:c2:
         8e:ff:65:b5:f2:8e:59:b6:d0:2f:a1:86:41:63:cf:d0:18:79:
         b6:76:4e:7f:b2:cb:85:5a:46:db:d9:fb:8e:52:85:3e:cc:69:
         82:e9:ec:5d:33:a4:ae:1e:68:7a:57:41:97:37:2d:fb:f5:ea:
         d0:09:e1:09:75:e3:3d:21:ae:b5:8f:55:7d:50:4f:9c:99:60:
         23:7a:62:28:36:44:ad:b0:e7:17:69:34:49:41:fa:f0:02:35:
         2e:40:4c:f3:76:9f:1e:63:d3:4c:07:c7:78:ec:59:7b:a1:3c:
         cb:63:b8:c4:72:4d:0d:fe:e1:9e:d8:8f:4e:02:0d:ca:34:bb:
         e0:85:71:31:5f:00:b9:76:be:c7:0f:6c:70:1a:35:2d:5d:fb:
         1b:f1:48:a2:18:cb:c6:7b:48:a6:5c:65:05:cc:60:0f:c0:79:
         73:d1:6f:0d:47:6f:18:3e:ec:89:24:5d:31:15:1a:bc:b9:5c:
         27:95:0a:c3:57:7d:15:c0:2a:0e:b5:39:5f:c2:47:cf:b8:3f:
         c7:a7:98:e2:c3:a4:a1:6f:ba:5e:dc:2d:80:38:4b:ac:28:ed:
         9d:d3:d2:a4:bb:b0:a4:8a:df:48:ca:ab:e5:4e:c8:8a:51:cb:
         bc:21:37:e1
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICAfowDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QjA3MjAxMTAvBgNVBAUTKDFCMDM2QkZGODc4MDdDQkZDNkU5MTIzNkNCMDg2RDRG
RTJCMDk5M0QwHhcNMjMwMzEyMDk1MzQzWhcNMjMwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDBkYTEyNy0yZDFlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAluN8P/exekbn8Ac1I88t8B8Srkuj947srs9JIPTHesmlxQE3B/5xlxWOxjTV
nTga0kuCAOXyWDATPTDIzGbMiA4soxEOZCSUupzSZGYYGmPc9ZyEgXFrGaGZTZXA
m+haRn/vwELsvBYT7nPNKoY0Iy4IIaToaJqRuCgKvNBXuh8lvSqQgsAbZJtiSSae
FA6iQLBS/OLG7HH7nzLs/Iu8h6/U7+nHHn2/IIgq0Ny19rlvV3NS3nTuJzjNmbbG
pwqE5mPZMLOSqRUJN5WpRdMpnw3+eoWX1a/bdxvniNKhJOVDnKNOQr/BS+iuwfy5
af3OYEhSzJimvlz16FkRyPS1kwIDAQABo4ICpDCCAqAwHQYDVR0OBBYEFN8aKrEg
YfsCKdMFORlLXjH9CLOZMB8GA1UdIwQYMBaAFBsDa/+HgHy/xukSNssIbU/isJk9
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCMDcyMC8yMDlGOEI3NEE3
OUIxMUVDOEREMkIxNTdDNEY5QUUwMi9Hd05yXzRlQWZMX0c2UkkyeXdodFQtS3dt
VDAuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0d3TnJfNGVBZkxfRzZSSTJ5d2h0VC1Ld21UMC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QjA3MjAvMjA5RjhCNzRBNzlCMTFFQzhERDJCMTU3QzRGOUFFMDIvQzYzMEIyRjRD
MEJCMTFFREIzMTBDRjJGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLgYIKwYBBQUHAQcBAf8E
HzAdMAwEAgABMAYDBABnipMwDQQCAAIwBwMFACQHO0AwDQYJKoZIhvcNAQELBQAD
ggEBAHQxya3Y0xgTn9ZkJdjkQRY+wo7/ZbXyjlm20C+hhkFjz9AYebZ2Tn+yy4Va
RtvZ+45ShT7MaYLp7F0zpK4eaHpXQZc3Lfv16tAJ4Ql14z0hrrWPVX1QT5yZYCN6
Yig2RK2w5xdpNElB+vACNS5ATPN2nx5j00wHx3jsWXuhPMtjuMRyTQ3+4Z7Yj04C
Dco0u+CFcTFfALl2vscPbHAaNS1d+xvxSKIYy8Z7SKZcZQXMYA/AeXPRbw1Hbxg+
7IkkXTEVGry5XCeVCsNXfRXAKg61OV/CR8+4P8enmOLDpKFvul7cLYA4S6wo7Z3T
0qS7sKSK30jKq+VOyIpRy7whN+E=
-----END CERTIFICATE-----