Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91C2CC7/791C6A347B3811E9BC0D3B32C4F9AE02/FE4D2B24A97A11E98A628266C4F9AE02.roa
File:                     FE4D2B24A97A11E98A628266C4F9AE02.roa (raw, json)
Hash identifier:          SuShVmkGNsgyUXxAMrZrTvQHDwW/TgrtvQ26PsR6Tq4=
Subject key identifier:   8C:05:34:F6:E7:3D:3C:25:31:87:EA:22:03:B0:A5:DB:77:05:03:82
Certificate issuer:       /CN=A91C2CC7/serialNumber=77486B610D333AEBDA8F255C501411B01F18FF49
Certificate serial:       0D33
Authority key identifier: 77:48:6B:61:0D:33:3A:EB:DA:8F:25:5C:50:14:11:B0:1F:18:FF:49
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/d0hrYQ0zOuvajyVcUBQRsB8Y_0k.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91C2CC7/791C6A347B3811E9BC0D3B32C4F9AE02/FE4D2B24A97A11E98A628266C4F9AE02.roa
Signing time:             Wed 07 Dec 2022 15:25:39 +0000
ROA not before:           Wed 07 Dec 2022 15:25:39 +0000
ROA not after:            Sun 28 May 2023 00:00:00 +0000
asID:                     17916
IP address blocks:        103.30.184.0/23 maxlen: 23
                          103.30.186.0/23 maxlen: 23
                          202.53.192.0/21 maxlen: 21
                          202.53.197.0/24 maxlen: 24
                          202.53.200.0/23 maxlen: 23
                          202.53.202.0/24 maxlen: 24
                          202.53.203.0/24 maxlen: 24
                          202.53.204.0/22 maxlen: 23
                          2401:df00::/32 maxlen: 32
                          2401:df01::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3379 (0xd33)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91C2CC7/serialNumber=77486B610D333AEBDA8F255C501411B01F18FF49
        Validity
            Not Before: Dec  7 15:25:39 2022 GMT
            Not After : May 28 00:00:00 2023 GMT
        Subject: CN=6390b073-8426
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:e3:f2:ff:42:dd:67:74:43:2d:69:91:1c:1f:
                    19:3a:5c:73:2a:80:cf:98:77:ab:0b:2b:ca:f9:f8:
                    90:79:09:09:60:73:b1:2a:52:02:ea:4c:7a:09:ce:
                    8d:aa:2b:fe:6b:d1:71:5c:15:c7:ed:6f:cd:2a:92:
                    21:17:57:88:bc:fb:ae:7b:19:d4:65:ce:2e:06:31:
                    c9:b7:f8:68:b6:84:75:32:0c:86:03:cf:22:df:9b:
                    fe:1b:82:ea:af:70:0d:df:5e:d7:4e:df:69:15:10:
                    52:9a:a4:d3:2c:08:13:b7:3d:a0:55:55:88:fd:c0:
                    46:ed:f9:e8:17:7b:f5:79:41:62:e0:c3:95:a6:bb:
                    7d:64:fa:01:24:f6:37:fa:86:c7:ed:31:c8:24:23:
                    6e:a0:d6:33:21:3a:13:22:ad:91:4b:7d:de:30:1d:
                    9a:2d:d5:8b:06:08:8c:41:d4:46:47:52:56:2a:62:
                    4f:ad:27:b0:f2:ea:6a:38:c6:70:2e:0e:59:b4:dd:
                    10:eb:19:b0:8e:63:31:5a:41:80:ac:25:4c:30:e2:
                    75:ed:05:3d:e1:cd:a7:45:4a:76:ae:fc:7f:48:3f:
                    af:75:4a:44:3f:df:1a:94:0d:2d:a1:a4:cd:90:f1:
                    0c:fc:1d:86:6c:c7:22:65:4d:da:e9:07:19:97:bb:
                    d7:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:05:34:F6:E7:3D:3C:25:31:87:EA:22:03:B0:A5:DB:77:05:03:82
            X509v3 Authority Key Identifier:
                keyid:77:48:6B:61:0D:33:3A:EB:DA:8F:25:5C:50:14:11:B0:1F:18:FF:49

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91C2CC7/791C6A347B3811E9BC0D3B32C4F9AE02/d0hrYQ0zOuvajyVcUBQRsB8Y_0k.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/d0hrYQ0zOuvajyVcUBQRsB8Y_0k.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91C2CC7/791C6A347B3811E9BC0D3B32C4F9AE02/FE4D2B24A97A11E98A628266C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.30.184.0/22
                  202.53.192.0/20
                IPv6:
                  2401:df00::/31

    Signature Algorithm: sha256WithRSAEncryption
         5c:9f:76:86:c1:30:31:44:71:41:ed:d4:c0:24:05:2f:71:2b:
         51:e7:72:98:5f:80:20:38:87:5d:eb:7b:e2:7c:78:dc:01:63:
         65:a3:65:7d:53:67:84:ad:a8:dd:67:ee:6b:a5:ac:ce:7f:f2:
         7d:77:30:ef:b5:6e:1f:ca:2c:96:d3:89:34:6f:ee:4c:e6:5f:
         bf:d8:46:22:1e:22:9a:ef:57:14:56:2a:6c:f5:e7:b7:22:9d:
         f1:0f:a3:0f:1a:ea:96:a2:2a:d3:d6:0b:f3:ff:c5:49:bc:db:
         92:71:6f:b3:08:c7:bc:4d:dd:e7:4f:94:e9:d6:de:ba:85:23:
         f7:72:e1:a9:0b:16:49:1e:54:19:21:6c:e7:73:a7:0e:6d:8e:
         10:27:6f:0d:3f:a9:c7:2b:ba:aa:7a:3d:88:c7:8a:32:56:6c:
         ef:6f:77:38:c3:38:e4:ec:42:e4:53:29:1f:ef:f2:36:64:f1:
         b5:38:3b:b8:a2:58:5d:d9:35:4b:7d:6e:c5:81:14:d0:1f:1d:
         13:e8:51:5c:65:74:66:a7:72:31:65:13:08:bb:dc:bb:bd:44:
         df:3f:88:83:17:70:f1:bf:40:b4:49:3e:a4:47:42:5d:c9:11:
         2d:a6:0e:4f:87:44:1a:d8:b4:83:d0:4d:2c:13:6b:97:93:74:
         de:60:c3:be
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgICDTMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QzJDQzcxMTAvBgNVBAUTKDc3NDg2QjYxMEQzMzNBRUJEQThGMjU1QzUwMTQxMUIw
MUYxOEZGNDkwHhcNMjIxMjA3MTUyNTM5WhcNMjMwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02MzkwYjA3My04NDI2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAvePy/0LdZ3RDLWmRHB8ZOlxzKoDPmHerCyvK+fiQeQkJYHOxKlIC6kx6Cc6N
qiv+a9FxXBXH7W/NKpIhF1eIvPuuexnUZc4uBjHJt/hotoR1MgyGA88i35v+G4Lq
r3AN317XTt9pFRBSmqTTLAgTtz2gVVWI/cBG7fnoF3v1eUFi4MOVprt9ZPoBJPY3
+obH7THIJCNuoNYzIToTIq2RS33eMB2aLdWLBgiMQdRGR1JWKmJPrSew8upqOMZw
Lg5ZtN0Q6xmwjmMxWkGArCVMMOJ17QU94c2nRUp2rvx/SD+vdUpEP98alA0toaTN
kPEM/B2GbMciZU3a6QcZl7vXkQIDAQABo4ICqjCCAqYwHQYDVR0OBBYEFIwFNPbn
PTwlMYfqIgOwpdt3BQOCMB8GA1UdIwQYMBaAFHdIa2ENMzrr2o8lXFAUEbAfGP9J
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDMkNDNy83OTFDNkEzNDdC
MzgxMUU5QkMwRDNCMzJDNEY5QUUwMi9kMGhyWVEwek91dmFqeVZjVUJRUnNCOFlf
MGsuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2QwaHJZUTB6T3V2YWp5VmNVQlFSc0I4WV8way5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QzJDQzcvNzkxQzZBMzQ3QjM4MTFFOUJDMEQzQjMyQzRGOUFFMDIvRkU0RDJCMjRB
OTdBMTFFOThBNjI4MjY2QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNAYIKwYBBQUHAQcBAf8E
JTAjMBIEAgABMAwDBAJnHrgDBATKNcAwDQQCAAIwBwMFASQB3wAwDQYJKoZIhvcN
AQELBQADggEBAFyfdobBMDFEcUHt1MAkBS9xK1HncphfgCA4h13re+J8eNwBY2Wj
ZX1TZ4StqN1n7mulrM5/8n13MO+1bh/KLJbTiTRv7kzmX7/YRiIeIprvVxRWKmz1
57cinfEPow8a6paiKtPWC/P/xUm825Jxb7MIx7xN3edPlOnW3rqFI/dy4akLFkke
VBkhbOdzpw5tjhAnbw0/qccruqp6PYjHijJWbO9vdzjDOOTsQuRTKR/v8jZk8bU4
O7iiWF3ZNUt9bsWBFNAfHRPoUVxldGancjFlEwi73Lu9RN8/iIMXcPG/QLRJPqRH
Ql3JES2mDk+HRBrYtIPQTSwTa5eTdN5gw74=
-----END CERTIFICATE-----