Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91C3B8A/08C43924384D11EAA4F55B73C4F9AE02/2314CE1E59DA11ECB418E05DC4F9AE02.roa
File:                     2314CE1E59DA11ECB418E05DC4F9AE02.roa (raw, json)
Hash identifier:          zQ2m7wEliKEFXxOYQWlEW4WkJ+XNClEq8nb7sFmFRLw=
Subject key identifier:   5C:95:E4:F5:36:7E:1E:B1:20:70:61:1C:68:22:B2:A3:CC:F1:8D:6D
Certificate issuer:       /CN=A91C3B8A/serialNumber=4550C69051BAA18AF112DC76B5F5DF9E6B7940D5
Certificate serial:       0786
Authority key identifier: 45:50:C6:90:51:BA:A1:8A:F1:12:DC:76:B5:F5:DF:9E:6B:79:40:D5
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/RVDGkFG6oYrxEtx2tfXfnmt5QNU.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91C3B8A/08C43924384D11EAA4F55B73C4F9AE02/2314CE1E59DA11ECB418E05DC4F9AE02.roa
Signing time:             Tue 08 Feb 2022 09:08:49 +0000
ROA not before:           Tue 08 Feb 2022 09:08:49 +0000
ROA not after:            Mon 01 May 2023 00:00:00 +0000
asID:                     56111
IP address blocks:        27.121.108.0/22 maxlen: 22
                          27.121.108.0/24 maxlen: 24
                          27.121.109.0/24 maxlen: 24
                          27.121.110.0/24 maxlen: 24
                          27.121.111.0/24 maxlen: 24
                          103.229.196.0/23 maxlen: 23
                          103.229.196.0/24 maxlen: 24
                          103.229.197.0/24 maxlen: 24
                          103.229.198.0/23 maxlen: 23
                          103.229.199.0/24 maxlen: 24
                          2402:5700::/32 maxlen: 32
Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1926 (0x786)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91C3B8A
        Validity
            Not Before: Feb  8 09:08:49 2022 GMT
            Not After : May  1 00:00:00 2023 GMT
        Subject: CN=62023320-e6f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:fc:ee:7a:9b:83:ca:da:52:43:4e:9c:97:1d:
                    13:89:4d:1a:7c:fa:be:5c:0d:20:53:1b:30:43:9f:
                    7c:83:af:94:90:02:5b:5e:4e:bb:34:fe:46:d6:3d:
                    ca:25:6c:5d:8c:66:09:77:c0:ed:14:95:25:78:a8:
                    b2:84:fc:4a:fd:ea:d6:69:f1:0b:b6:ae:8c:dd:3a:
                    d9:d8:ea:1e:93:00:b1:04:08:41:cb:2a:15:fc:34:
                    36:d5:42:61:65:e7:f8:75:a3:b3:c5:34:fb:0e:13:
                    8b:9d:85:49:7d:21:14:93:4e:65:73:00:4c:58:e1:
                    0c:e6:11:9d:da:eb:db:d6:f6:4f:7b:64:ac:42:f7:
                    0f:f7:33:22:4e:62:74:e8:4e:5f:76:fd:d8:d6:87:
                    da:e1:4c:00:b5:09:a2:f1:f6:9a:7f:b7:04:84:ae:
                    b9:97:bf:88:9a:06:ca:a3:97:26:f2:a4:f8:5d:d9:
                    5d:4a:20:e2:03:4e:56:cb:38:80:b1:b2:b4:65:ce:
                    67:af:97:f9:c9:cf:e3:4b:0a:db:6d:b1:14:af:ce:
                    86:57:30:fc:53:e7:85:64:51:01:65:08:c0:d6:27:
                    fd:15:61:c0:cb:c0:77:de:b7:93:c6:f9:31:96:5b:
                    14:28:1e:5c:6f:40:92:13:ce:d7:1c:19:a1:19:f3:
                    8c:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:95:E4:F5:36:7E:1E:B1:20:70:61:1C:68:22:B2:A3:CC:F1:8D:6D
            X509v3 Authority Key Identifier:
                keyid:45:50:C6:90:51:BA:A1:8A:F1:12:DC:76:B5:F5:DF:9E:6B:79:40:D5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91C3B8A/08C43924384D11EAA4F55B73C4F9AE02/RVDGkFG6oYrxEtx2tfXfnmt5QNU.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/RVDGkFG6oYrxEtx2tfXfnmt5QNU.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91C3B8A/08C43924384D11EAA4F55B73C4F9AE02/2314CE1E59DA11ECB418E05DC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  27.121.108.0/22
                  103.229.196.0/22
                IPv6:
                  2402:5700::/32

    Signature Algorithm: sha256WithRSAEncryption
         2b:7f:08:fe:28:2a:d9:12:0d:11:dd:40:f2:d2:c3:a4:20:7b:
         04:58:c3:bb:2b:c5:91:5f:4a:7c:96:8e:22:01:54:79:d3:8b:
         fc:7e:8d:00:0a:8d:b0:d0:09:51:e9:29:a8:32:bf:81:27:3d:
         db:9b:31:79:5d:db:8b:28:58:40:83:9b:56:85:4d:32:2a:13:
         00:ef:a5:97:d5:06:e8:30:27:37:e4:53:e4:9b:6a:09:28:78:
         64:7d:04:72:e3:9c:cc:74:8f:af:bb:7a:95:3d:9a:ad:34:ef:
         4f:62:eb:94:f6:9d:6c:a8:9d:93:1e:4a:52:a8:13:28:75:ec:
         dd:05:98:cb:c8:7b:53:a0:3a:17:29:de:4d:25:6b:d1:c6:2c:
         1c:0b:52:d8:ea:de:bd:45:dc:1e:0e:fa:0c:39:90:64:19:c8:
         f7:89:69:6f:5c:df:cf:45:0b:9b:75:23:d1:e5:01:6c:b7:ab:
         cd:59:94:47:4b:29:c8:a7:37:c8:f1:c1:df:47:14:81:db:db:
         a2:05:be:e8:97:b5:c7:f3:6b:2c:d1:a8:67:db:fe:7a:e4:8b:
         f9:08:7f:26:91:22:97:0f:32:42:08:c6:37:2b:94:43:01:8b:
         8d:d1:60:33:f4:b5:fa:57:c5:ae:79:4a:2b:ca:6d:01:e9:9e:
         e7:50:99:ce
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgICB4YwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QzNCOEExMTAvBgNVBAUTKDQ1NTBDNjkwNTFCQUExOEFGMTEyREM3NkI1RjVERjlF
NkI3OTQwRDUwHhcNMjIwMjA4MDkwODQ5WhcNMjMwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MjAyMzMyMC1lNmY4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAvfzuepuDytpSQ06clx0TiU0afPq+XA0gUxswQ598g6+UkAJbXk67NP5G1j3K
JWxdjGYJd8DtFJUleKiyhPxK/erWafELtq6M3TrZ2OoekwCxBAhByyoV/DQ21UJh
Zef4daOzxTT7DhOLnYVJfSEUk05lcwBMWOEM5hGd2uvb1vZPe2SsQvcP9zMiTmJ0
6E5fdv3Y1ofa4UwAtQmi8faaf7cEhK65l7+ImgbKo5cm8qT4XdldSiDiA05WyziA
sbK0Zc5nr5f5yc/jSwrbbbEUr86GVzD8U+eFZFEBZQjA1if9FWHAy8B33reTxvkx
llsUKB5cb0CSE87XHBmhGfOMYwIDAQABo4ICqjCCAqYwHQYDVR0OBBYEFFyV5PU2
fh6xIHBhHGgisqPM8Y1tMB8GA1UdIwQYMBaAFEVQxpBRuqGK8RLcdrX1355reUDV
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDM0I4QS8wOEM0MzkyNDM4
NEQxMUVBQTRGNTVCNzNDNEY5QUUwMi9SVkRHa0ZHNm9ZcnhFdHgydGZYZm5tdDVR
TlUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1JWREdrRkc2b1lyeEV0eDJ0Zlhmbm10NVFOVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QzNCOEEvMDhDNDM5MjQzODREMTFFQUE0RjU1QjczQzRGOUFFMDIvMjMxNENFMUU1
OURBMTFFQ0I0MThFMDVEQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNAYIKwYBBQUHAQcBAf8E
JTAjMBIEAgABMAwDBAIbeWwDBAJn5cQwDQQCAAIwBwMFACQCVwAwDQYJKoZIhvcN
AQELBQADggEBACt/CP4oKtkSDRHdQPLSw6QgewRYw7srxZFfSnyWjiIBVHnTi/x+
jQAKjbDQCVHpKagyv4EnPdubMXld24soWECDm1aFTTIqEwDvpZfVBugwJzfkU+Sb
agkoeGR9BHLjnMx0j6+7epU9mq00709i65T2nWyonZMeSlKoEyh17N0FmMvIe1Og
Ohcp3k0la9HGLBwLUtjq3r1F3B4O+gw5kGQZyPeJaW9c389FC5t1I9HlAWy3q81Z
lEdLKcinN8jxwd9HFIHb26IFvuiXtcfzayzRqGfb/nrki/kIfyaRIpcPMkIIxjcr
lEMBi43RYDP0tfpXxa55SivKbQHpnudQmc4=
-----END CERTIFICATE-----