Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91C3B8A/08C43924384D11EAA4F55B73C4F9AE02/3DC8EF44C06211EC93514712C4F9AE02.roa
File:                     3DC8EF44C06211EC93514712C4F9AE02.roa (raw, json)
Hash identifier:          3zpWYAlRIGqF9ITI/Urz18NuVBZ63QXs9xQXm/lRnmY=
Subject key identifier:   38:3D:56:E6:2B:F3:9D:11:F9:D8:B5:1D:EE:DF:53:9A:16:29:13:79
Certificate issuer:       /CN=A91C3B8A/serialNumber=4550C69051BAA18AF112DC76B5F5DF9E6B7940D5
Certificate serial:       0816
Authority key identifier: 45:50:C6:90:51:BA:A1:8A:F1:12:DC:76:B5:F5:DF:9E:6B:79:40:D5
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/RVDGkFG6oYrxEtx2tfXfnmt5QNU.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91C3B8A/08C43924384D11EAA4F55B73C4F9AE02/3DC8EF44C06211EC93514712C4F9AE02.roa
Signing time:             Wed 20 Apr 2022 04:27:52 +0000
ROA not before:           Wed 20 Apr 2022 04:27:52 +0000
ROA not after:            Mon 01 May 2023 00:00:00 +0000
asID:                     56111
IP address blocks:        27.121.108.0/22 maxlen: 22
                          27.121.108.0/24 maxlen: 24
                          27.121.109.0/24 maxlen: 24
                          27.121.110.0/24 maxlen: 24
                          27.121.111.0/24 maxlen: 24
                          103.229.196.0/23 maxlen: 23
                          103.229.196.0/24 maxlen: 24
                          103.229.197.0/24 maxlen: 24
                          103.229.199.0/24 maxlen: 24
                          2402:5700::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2070 (0x816)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91C3B8A/serialNumber=4550C69051BAA18AF112DC76B5F5DF9E6B7940D5
        Validity
            Not Before: Apr 20 04:27:52 2022 GMT
            Not After : May  1 00:00:00 2023 GMT
        Subject: CN=625f8bc8-1026
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:91:0d:30:b2:3e:c1:05:66:c5:c7:77:93:3d:
                    43:46:28:16:5b:03:11:85:8f:73:da:c1:f9:85:23:
                    cc:55:32:b5:28:56:73:67:bf:86:8f:63:92:87:44:
                    b6:df:4e:d3:ea:6a:02:55:a5:67:eb:78:f4:e8:03:
                    0b:fc:d7:0c:ff:22:cc:c8:5f:ef:7e:c0:e1:4d:af:
                    8f:22:c0:7d:8e:15:ee:98:7c:61:c6:d8:31:a0:d0:
                    2d:91:5a:67:f0:6c:d4:b4:5e:7c:8d:ee:f5:6b:4a:
                    a9:22:5c:04:3f:e5:79:98:44:4f:2b:78:f1:59:59:
                    39:f0:9b:ee:2f:08:8f:98:39:26:ce:7c:c0:d0:37:
                    89:b4:d2:cb:9c:39:29:15:46:b9:70:b6:11:11:a2:
                    b0:72:ad:af:9d:f1:60:89:0b:ba:b7:d5:39:41:98:
                    22:3f:cb:33:7e:ed:81:20:33:1d:77:ff:f2:a7:0d:
                    b9:24:e8:ef:ea:53:66:4b:f1:06:46:03:2b:9a:0c:
                    8b:9e:c7:5a:40:30:1f:7c:56:6a:94:ef:4e:44:c2:
                    58:82:dc:f6:ce:e0:7f:d8:62:77:93:bd:65:36:64:
                    01:4f:23:64:0b:ba:f8:24:3a:cb:a7:bc:52:ac:8d:
                    15:9b:b0:bb:c3:84:5a:9e:25:8f:f4:a7:dc:e9:e2:
                    bb:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:3D:56:E6:2B:F3:9D:11:F9:D8:B5:1D:EE:DF:53:9A:16:29:13:79
            X509v3 Authority Key Identifier:
                keyid:45:50:C6:90:51:BA:A1:8A:F1:12:DC:76:B5:F5:DF:9E:6B:79:40:D5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91C3B8A/08C43924384D11EAA4F55B73C4F9AE02/RVDGkFG6oYrxEtx2tfXfnmt5QNU.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/RVDGkFG6oYrxEtx2tfXfnmt5QNU.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91C3B8A/08C43924384D11EAA4F55B73C4F9AE02/3DC8EF44C06211EC93514712C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  27.121.108.0/22
                  103.229.196.0/23
                  103.229.199.0/24
                IPv6:
                  2402:5700::/32

    Signature Algorithm: sha256WithRSAEncryption
         06:7e:99:9a:1c:9d:db:12:90:f5:ae:f7:13:8c:0f:92:e6:90:
         2e:04:3d:a7:01:b5:99:ae:1c:64:fa:19:77:ba:fd:af:e9:ec:
         a6:d7:c4:fd:22:d4:9c:7e:eb:0d:1d:e5:04:07:91:1c:2b:70:
         ea:e3:d1:5d:97:8a:c3:21:f9:9f:81:e4:78:5c:09:f6:34:60:
         7a:40:21:0b:4f:6c:cf:a3:9a:b4:16:f1:19:08:73:58:51:1e:
         2b:d9:dd:39:72:f7:33:2a:13:1a:f4:6d:cb:06:96:0a:0b:98:
         1a:e8:91:0a:5b:2c:58:40:9d:c1:e3:35:fe:fb:2e:12:4b:0f:
         0b:1a:51:73:eb:13:b8:80:fa:0b:5c:d0:82:05:1b:05:82:80:
         4a:bf:12:b4:a5:86:dc:f1:3c:5c:b4:6e:dd:65:00:34:1b:5a:
         a2:3b:05:29:30:f5:f7:43:c3:bb:15:85:76:1a:1d:0b:3b:ed:
         a5:ed:3f:d2:71:1d:1e:5b:12:b9:89:36:9f:89:c0:61:42:34:
         31:12:1c:b1:a5:e4:f2:63:dd:8a:75:d6:3f:55:18:5b:00:f1:
         82:2a:ad:08:f8:90:01:fb:5b:e0:94:17:46:a7:6a:f0:88:64:
         52:11:1f:3e:94:20:45:d4:d6:33:23:e8:a5:e1:b0:20:a8:be:
         14:ef:c1:4b
-----BEGIN CERTIFICATE-----
MIIFjDCCBHSgAwIBAgICCBYwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QzNCOEExMTAvBgNVBAUTKDQ1NTBDNjkwNTFCQUExOEFGMTEyREM3NkI1RjVERjlF
NkI3OTQwRDUwHhcNMjIwNDIwMDQyNzUyWhcNMjMwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MjVmOGJjOC0xMDI2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAzZENMLI+wQVmxcd3kz1DRigWWwMRhY9z2sH5hSPMVTK1KFZzZ7+Gj2OSh0S2
307T6moCVaVn63j06AML/NcM/yLMyF/vfsDhTa+PIsB9jhXumHxhxtgxoNAtkVpn
8GzUtF58je71a0qpIlwEP+V5mERPK3jxWVk58JvuLwiPmDkmznzA0DeJtNLLnDkp
FUa5cLYREaKwcq2vnfFgiQu6t9U5QZgiP8szfu2BIDMdd//ypw25JOjv6lNmS/EG
RgMrmgyLnsdaQDAffFZqlO9ORMJYgtz2zuB/2GJ3k71lNmQBTyNkC7r4JDrLp7xS
rI0Vm7C7w4RaniWP9Kfc6eK7KwIDAQABo4ICsDCCAqwwHQYDVR0OBBYEFDg9VuYr
850R+di1He7fU5oWKRN5MB8GA1UdIwQYMBaAFEVQxpBRuqGK8RLcdrX1355reUDV
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDM0I4QS8wOEM0MzkyNDM4
NEQxMUVBQTRGNTVCNzNDNEY5QUUwMi9SVkRHa0ZHNm9ZcnhFdHgydGZYZm5tdDVR
TlUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1JWREdrRkc2b1lyeEV0eDJ0Zlhmbm10NVFOVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QzNCOEEvMDhDNDM5MjQzODREMTFFQUE0RjU1QjczQzRGOUFFMDIvM0RDOEVGNDRD
MDYyMTFFQzkzNTE0NzEyQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwOgYIKwYBBQUHAQcBAf8E
KzApMBgEAgABMBIDBAIbeWwDBAFn5cQDBABn5ccwDQQCAAIwBwMFACQCVwAwDQYJ
KoZIhvcNAQELBQADggEBAAZ+mZocndsSkPWu9xOMD5LmkC4EPacBtZmuHGT6GXe6
/a/p7KbXxP0i1Jx+6w0d5QQHkRwrcOrj0V2XisMh+Z+B5HhcCfY0YHpAIQtPbM+j
mrQW8RkIc1hRHivZ3Tly9zMqExr0bcsGlgoLmBrokQpbLFhAncHjNf77LhJLDwsa
UXPrE7iA+gtc0IIFGwWCgEq/ErSlhtzxPFy0bt1lADQbWqI7BSkw9fdDw7sVhXYa
HQs77aXtP9JxHR5bErmJNp+JwGFCNDESHLGl5PJj3Yp11j9VGFsA8YIqrQj4kAH7
W+CUF0anavCIZFIRHz6UIEXU1jMj6KXhsCCovhTvwUs=
-----END CERTIFICATE-----