Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91DEBE3/80AE10C6045011EABA82C415C4F9AE02/FCBD70E215DF11ECAC103B44C4F9AE02.roa
File:                     FCBD70E215DF11ECAC103B44C4F9AE02.roa (raw, json)
Hash identifier:          HmEzhoNHNoNiCAVxVxoQ8Wm+thLJssF85F6+wTHZCAM=
Subject key identifier:   1E:AD:50:0B:4F:4D:E8:B8:A5:F5:69:7D:B8:53:D7:5E:EC:1E:F6:B8
Certificate issuer:       /CN=A91DEBE3/serialNumber=DE50542BEA108201A772C00BC9F251AD17FA96CD
Certificate serial:       0775
Authority key identifier: DE:50:54:2B:EA:10:82:01:A7:72:C0:0B:C9:F2:51:AD:17:FA:96:CD
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/3lBUK-oQggGncsALyfJRrRf6ls0.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91DEBE3/80AE10C6045011EABA82C415C4F9AE02/FCBD70E215DF11ECAC103B44C4F9AE02.roa
Signing time:             Wed 15 Sep 2021 04:47:11 +0000
ROA not before:           Wed 15 Sep 2021 04:47:11 +0000
ROA not after:            Fri 01 Jul 2022 00:00:00 +0000
asID:                     4864
IP address blocks:        103.214.80.0/24 maxlen: 24
                          103.214.81.0/24 maxlen: 24
                          103.214.83.0/24 maxlen: 24
                          144.48.84.0/24 maxlen: 24
                          144.48.87.0/24 maxlen: 24
                          2404:d580::/32 maxlen: 32
                          2404:d580::/48 maxlen: 48
                          2404:d580::/120 maxlen: 120
                          2404:d580:1::/48 maxlen: 48
                          2404:d580:2::/48 maxlen: 48
                          2404:d580:3::/48 maxlen: 48
                          2404:d580:4::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1909 (0x775)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91DEBE3/serialNumber=DE50542BEA108201A772C00BC9F251AD17FA96CD
        Validity
            Not Before: Sep 15 04:47:11 2021 GMT
            Not After : Jul  1 00:00:00 2022 GMT
        Subject: CN=61417ace-755c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:9e:a0:a8:29:8d:8d:9f:4d:d6:2d:5e:12:fb:
                    71:dc:d1:c3:59:37:1b:42:48:b2:40:3c:35:75:5d:
                    97:32:41:a6:c2:89:b5:49:a4:e8:d6:11:15:f3:72:
                    b2:7e:9e:b0:2f:0f:88:e3:1f:b4:95:01:7e:9a:81:
                    b1:1e:41:3f:0d:e2:0e:86:b6:5b:17:18:87:9b:4e:
                    db:92:1d:c0:cf:ee:5f:13:12:dd:b3:15:1d:87:41:
                    8b:ef:b6:42:ba:17:76:bf:5d:3b:85:f5:e3:e2:09:
                    07:c5:2b:98:31:5e:f2:e4:7b:0c:65:5e:99:b5:64:
                    b4:85:07:3a:83:b4:f5:ce:9c:60:13:cb:fb:5a:b3:
                    92:88:f3:0f:0d:4e:d5:5e:2f:7e:30:b5:72:2e:5f:
                    a1:d5:bd:b0:ed:69:c1:39:2f:0b:7c:ff:d0:8a:ca:
                    9d:c7:40:13:d7:9f:a5:e2:ff:80:78:a1:81:77:22:
                    30:44:e2:7b:d0:22:83:60:62:45:71:bb:27:44:19:
                    04:5e:69:9b:d0:bc:89:62:28:6b:e2:5e:e4:97:27:
                    f1:57:03:81:38:f1:6e:19:75:f0:f6:82:29:08:80:
                    29:dc:7e:7c:2e:6b:bc:d4:b3:0f:1b:c1:c7:bd:51:
                    bf:ae:7a:01:ca:16:fe:02:4e:6e:ae:1e:ea:82:80:
                    1c:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:AD:50:0B:4F:4D:E8:B8:A5:F5:69:7D:B8:53:D7:5E:EC:1E:F6:B8
            X509v3 Authority Key Identifier:
                keyid:DE:50:54:2B:EA:10:82:01:A7:72:C0:0B:C9:F2:51:AD:17:FA:96:CD

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91DEBE3/80AE10C6045011EABA82C415C4F9AE02/3lBUK-oQggGncsALyfJRrRf6ls0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/3lBUK-oQggGncsALyfJRrRf6ls0.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91DEBE3/80AE10C6045011EABA82C415C4F9AE02/FCBD70E215DF11ECAC103B44C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.214.80.0/23
                  103.214.83.0/24
                  144.48.84.0/24
                  144.48.87.0/24
                IPv6:
                  2404:d580::/32

    Signature Algorithm: sha256WithRSAEncryption
         2b:0d:e0:dd:ae:e4:0d:fe:95:38:86:1c:ea:24:35:18:b6:14:
         02:ae:a5:14:4f:01:52:a7:e6:31:6c:1c:2b:47:7f:6d:2e:18:
         82:00:a7:fe:af:6c:0e:2b:7e:0b:4a:16:1d:5a:33:ff:58:05:
         0e:31:99:c3:6a:2d:ba:6f:72:ae:05:4d:b3:0c:14:4e:8f:84:
         ea:71:10:15:32:f1:a8:76:95:db:5b:1d:4a:c2:bf:a0:99:08:
         d8:f0:fc:96:ec:e1:f3:0f:90:31:c2:36:84:17:fe:9b:f5:a8:
         28:66:25:c2:95:a2:e0:6e:74:af:b4:00:8d:a6:43:9b:c9:c4:
         cc:39:ed:98:90:5c:1c:0f:6b:4e:20:4b:d7:3b:5a:25:8f:66:
         1f:c1:f4:78:2d:87:b8:01:2d:51:27:67:76:16:9d:5b:0c:83:
         b0:83:77:d6:81:bc:00:90:1b:36:d7:53:88:c5:5a:ac:cc:98:
         6f:3f:67:24:8b:78:a8:32:12:77:8c:73:65:7d:ac:f2:70:22:
         c6:59:67:bf:e5:e4:bb:48:72:31:4e:cd:77:d2:dc:0e:8e:eb:
         70:24:48:fd:59:2f:b7:b6:ab:a3:b6:9e:0f:0d:d7:cb:7f:16:
         35:56:23:e5:25:66:17:01:d7:85:01:f4:29:82:43:8e:f9:c0:
         3e:2c:03:eb
-----BEGIN CERTIFICATE-----
MIIFkjCCBHqgAwIBAgICB3UwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
REVCRTMxMTAvBgNVBAUTKERFNTA1NDJCRUExMDgyMDFBNzcyQzAwQkM5RjI1MUFE
MTdGQTk2Q0QwHhcNMjEwOTE1MDQ0NzExWhcNMjIwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MTQxN2FjZS03NTVjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA2J6gqCmNjZ9N1i1eEvtx3NHDWTcbQkiyQDw1dV2XMkGmwom1SaTo1hEV83Ky
fp6wLw+I4x+0lQF+moGxHkE/DeIOhrZbFxiHm07bkh3Az+5fExLdsxUdh0GL77ZC
uhd2v107hfXj4gkHxSuYMV7y5HsMZV6ZtWS0hQc6g7T1zpxgE8v7WrOSiPMPDU7V
Xi9+MLVyLl+h1b2w7WnBOS8LfP/Qisqdx0AT15+l4v+AeKGBdyIwROJ70CKDYGJF
cbsnRBkEXmmb0LyJYihr4l7klyfxVwOBOPFuGXXw9oIpCIAp3H58Lmu81LMPG8HH
vVG/rnoByhb+Ak5urh7qgoAcRwIDAQABo4ICtjCCArIwHQYDVR0OBBYEFB6tUAtP
Tei4pfVpfbhT117sHva4MB8GA1UdIwQYMBaAFN5QVCvqEIIBp3LAC8nyUa0X+pbN
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFERUJFMy84MEFFMTBDNjA0
NTAxMUVBQkE4MkM0MTVDNEY5QUUwMi8zbEJVSy1vUWdnR25jc0FMeWZKUnJSZjZs
czAuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzNsQlVLLW9RZ2dHbmNzQUx5ZkpSclJmNmxzMC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
REVCRTMvODBBRTEwQzYwNDUwMTFFQUJBODJDNDE1QzRGOUFFMDIvRkNCRDcwRTIx
NURGMTFFQ0FDMTAzQjQ0QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwQAYIKwYBBQUHAQcBAf8E
MTAvMB4EAgABMBgDBAFn1lADBABn1lMDBACQMFQDBACQMFcwDQQCAAIwBwMFACQE
1YAwDQYJKoZIhvcNAQELBQADggEBACsN4N2u5A3+lTiGHOokNRi2FAKupRRPAVKn
5jFsHCtHf20uGIIAp/6vbA4rfgtKFh1aM/9YBQ4xmcNqLbpvcq4FTbMMFE6PhOpx
EBUy8ah2ldtbHUrCv6CZCNjw/Jbs4fMPkDHCNoQX/pv1qChmJcKVouBudK+0AI2m
Q5vJxMw57ZiQXBwPa04gS9c7WiWPZh/B9Hgth7gBLVEnZ3YWnVsMg7CDd9aBvACQ
GzbXU4jFWqzMmG8/ZySLeKgyEneMc2V9rPJwIsZZZ7/l5LtIcjFOzXfS3A6O63Ak
SP1ZL7e2q6O2ng8N18t/FjVWI+UlZhcB14UB9CmCQ475wD4sA+s=
-----END CERTIFICATE-----