Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91B7770/E6810410C0AE11EAB95AB572C4F9AE02/C2D59FD87A9111EB803F9663C4F9AE02.roa
File:                     C2D59FD87A9111EB803F9663C4F9AE02.roa (raw, json)
Hash identifier:          q0WJgGRiWuPsFy5gNiGPcDselBm4F176UAcq4LcqTpM=
Subject key identifier:   57:C1:92:B6:2F:73:D8:92:5D:1A:2B:E2:84:55:0B:DC:E7:D3:88:01
Certificate issuer:       /CN=A91B7770/serialNumber=7D55469926D1F934F3AF29645EB6C10BB6069BC9
Certificate serial:       05F6
Authority key identifier: 7D:55:46:99:26:D1:F9:34:F3:AF:29:64:5E:B6:C1:0B:B6:06:9B:C9
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/fVVGmSbR-TTzrylkXrbBC7YGm8k.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91B7770/E6810410C0AE11EAB95AB572C4F9AE02/C2D59FD87A9111EB803F9663C4F9AE02.roa
Signing time:             Thu 05 May 2022 03:29:54 +0000
ROA not before:           Thu 05 May 2022 03:29:54 +0000
ROA not after:            Fri 30 Sep 2022 00:00:00 +0000
asID:                     38074
IP address blocks:        103.152.178.0/24 maxlen: 25
                          103.160.48.0/24 maxlen: 25
                          2001:df4:1780::/48 maxlen: 56
                          2001:df4:1781::/48 maxlen: 48
                          2406:7ec0::/32 maxlen: 32
                          2406:7ec0::/33 maxlen: 33
                          2406:7ec0::/35 maxlen: 39
                          2406:7ec0::/40 maxlen: 48
                          2406:7ec0:2000::/35 maxlen: 39
                          2406:7ec0:2000::/40 maxlen: 48
                          2406:7ec0:3000::/40 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1526 (0x5f6)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91B7770/serialNumber=7D55469926D1F934F3AF29645EB6C10BB6069BC9
        Validity
            Not Before: May  5 03:29:54 2022 GMT
            Not After : Sep 30 00:00:00 2022 GMT
        Subject: CN=627344b1-a9f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:2a:d8:e8:b2:42:a9:67:81:e2:dc:c9:85:e2:
                    3f:26:f4:7a:36:6e:87:92:6c:f2:26:74:33:9d:3b:
                    dc:4d:52:2e:a4:7c:f8:4c:6c:23:f8:7d:2a:91:fa:
                    74:42:70:02:e3:2f:e4:b2:07:49:f6:5f:88:46:f8:
                    d7:24:42:54:2f:ac:ef:2f:c6:7d:c2:60:7e:35:4e:
                    e1:3d:24:f2:ec:32:f3:72:b3:0d:ac:e8:76:81:1e:
                    e1:eb:b7:63:96:96:43:57:00:55:4c:40:92:37:1d:
                    4f:f3:bb:c3:ba:3c:7d:a8:d1:44:98:27:9e:0e:94:
                    db:9a:72:7d:dc:27:76:a3:06:80:4c:24:73:2e:e6:
                    43:8a:33:e1:13:66:e7:08:9d:75:ee:f6:66:fc:1e:
                    fb:db:26:46:79:b1:0b:b3:8f:7c:5f:34:00:b0:7e:
                    76:b2:a0:b1:d2:15:41:03:09:69:9f:b0:fb:0f:39:
                    bc:b4:22:e0:96:a2:98:7b:cc:ca:07:ad:fd:64:47:
                    14:0b:e0:93:2e:6c:b1:61:e9:d7:7a:11:75:b1:f2:
                    09:2b:89:18:fd:8b:8d:38:3b:66:fe:c5:52:19:31:
                    9e:bb:0d:11:94:a2:19:42:57:2b:26:3c:89:06:07:
                    62:cf:79:c3:04:49:9d:23:6c:fd:b3:d7:be:e6:1d:
                    f8:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                57:C1:92:B6:2F:73:D8:92:5D:1A:2B:E2:84:55:0B:DC:E7:D3:88:01
            X509v3 Authority Key Identifier:
                keyid:7D:55:46:99:26:D1:F9:34:F3:AF:29:64:5E:B6:C1:0B:B6:06:9B:C9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91B7770/E6810410C0AE11EAB95AB572C4F9AE02/fVVGmSbR-TTzrylkXrbBC7YGm8k.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/fVVGmSbR-TTzrylkXrbBC7YGm8k.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B7770/E6810410C0AE11EAB95AB572C4F9AE02/C2D59FD87A9111EB803F9663C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.152.178.0/24
                  103.160.48.0/24
                IPv6:
                  2001:df4:1780::/47
                  2406:7ec0::/32

    Signature Algorithm: sha256WithRSAEncryption
         87:a9:d4:86:9a:00:f2:35:1f:28:d4:cb:0c:10:84:b3:69:49:
         5b:3c:33:95:b9:c8:c8:07:5a:02:7b:00:e8:fc:63:e1:54:a4:
         95:f1:14:42:a0:86:4d:9c:96:ac:4d:73:ec:f1:11:29:3d:cc:
         5f:d9:0f:90:bb:50:b7:30:84:09:25:08:7c:d4:6c:5f:56:e0:
         d3:07:ff:74:0e:37:62:cd:33:74:c6:e2:e8:30:90:8f:0b:37:
         2b:3a:02:2e:82:7d:3b:e8:53:21:2e:5c:8c:c0:d3:49:b2:32:
         f1:c6:da:ff:dc:a4:97:35:2e:e0:ec:46:dd:7c:90:09:af:fe:
         e8:d2:65:36:60:72:04:b2:98:15:ce:40:9f:80:5a:53:6a:25:
         42:3a:ab:33:60:17:c1:69:e2:ab:89:44:5c:da:82:3d:7f:1b:
         dc:0e:01:51:64:45:85:db:8d:74:16:91:ac:71:c5:25:2a:d3:
         11:f3:cb:22:f7:4b:fe:0c:d8:39:fe:b9:bd:73:3a:9d:c2:bb:
         7b:10:b1:86:31:cf:0f:fb:39:56:ad:55:07:ae:c5:59:27:90:
         5e:e9:21:2e:2e:50:df:9e:26:a4:cd:01:19:bb:52:83:64:9d:
         4a:83:4b:50:f0:86:eb:13:67:ff:0b:65:9e:b2:04:5f:1c:67:
         c7:51:56:08
-----BEGIN CERTIFICATE-----
MIIFjzCCBHegAwIBAgICBfYwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Qjc3NzAxMTAvBgNVBAUTKDdENTU0Njk5MjZEMUY5MzRGM0FGMjk2NDVFQjZDMTBC
QjYwNjlCQzkwHhcNMjIwNTA1MDMyOTU0WhcNMjIwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02MjczNDRiMS1hOWY4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA3yrY6LJCqWeB4tzJheI/JvR6Nm6HkmzyJnQznTvcTVIupHz4TGwj+H0qkfp0
QnAC4y/ksgdJ9l+IRvjXJEJUL6zvL8Z9wmB+NU7hPSTy7DLzcrMNrOh2gR7h67dj
lpZDVwBVTECSNx1P87vDujx9qNFEmCeeDpTbmnJ93Cd2owaATCRzLuZDijPhE2bn
CJ117vZm/B772yZGebELs498XzQAsH52sqCx0hVBAwlpn7D7Dzm8tCLglqKYe8zK
B639ZEcUC+CTLmyxYenXehF1sfIJK4kY/YuNODtm/sVSGTGeuw0RlKIZQlcrJjyJ
Bgdiz3nDBEmdI2z9s9e+5h34ZwIDAQABo4ICszCCAq8wHQYDVR0OBBYEFFfBkrYv
c9iSXRor4oRVC9zn04gBMB8GA1UdIwQYMBaAFH1VRpkm0fk0868pZF62wQu2BpvJ
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCNzc3MC9FNjgxMDQxMEMw
QUUxMUVBQjk1QUI1NzJDNEY5QUUwMi9mVlZHbVNiUi1UVHpyeWxrWHJiQkM3WUdt
OGsuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2ZWVkdtU2JSLVRUenJ5bGtYcmJCQzdZR204ay5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Qjc3NzAvRTY4MTA0MTBDMEFFMTFFQUI5NUFCNTcyQzRGOUFFMDIvQzJENTlGRDg3
QTkxMTFFQjgwM0Y5NjYzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwPQYIKwYBBQUHAQcBAf8E
LjAsMBIEAgABMAwDBABnmLIDBABnoDAwFgQCAAIwEAMHASABDfQXgAMFACQGfsAw
DQYJKoZIhvcNAQELBQADggEBAIep1IaaAPI1HyjUywwQhLNpSVs8M5W5yMgHWgJ7
AOj8Y+FUpJXxFEKghk2clqxNc+zxESk9zF/ZD5C7ULcwhAklCHzUbF9W4NMH/3QO
N2LNM3TG4ugwkI8LNys6Ai6CfTvoUyEuXIzA00myMvHG2v/cpJc1LuDsRt18kAmv
/ujSZTZgcgSymBXOQJ+AWlNqJUI6qzNgF8Fp4quJRFzagj1/G9wOAVFkRYXbjXQW
kaxxxSUq0xHzyyL3S/4M2Dn+ub1zOp3Cu3sQsYYxzw/7OVatVQeuxVknkF7pIS4u
UN+eJqTNARm7UoNknUqDS1DwhusTZ/8LZZ6yBF8cZ8dRVgg=
-----END CERTIFICATE-----