Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91DF93A/F7DFA72EE5F311EAB3A91561C4F9AE02/696F7C02D1C511EC94826269C4F9AE02.roa
File:                     696F7C02D1C511EC94826269C4F9AE02.roa (raw, json)
Hash identifier:          xjBN8mkIr4ggyPaJZcpFoa4He+KRsKUi5BhbsgABJGE=
Subject key identifier:   85:DB:38:9D:38:4C:54:7A:72:3F:DC:91:1E:C1:28:EB:36:13:57:52
Certificate issuer:       /CN=A91DF93A/serialNumber=7E244310D7A456EB127B926C42F26D79E9ACDB88
Certificate serial:       052A
Authority key identifier: 7E:24:43:10:D7:A4:56:EB:12:7B:92:6C:42:F2:6D:79:E9:AC:DB:88
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/fiRDENekVusSe5JsQvJteems24g.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91DF93A/F7DFA72EE5F311EAB3A91561C4F9AE02/696F7C02D1C511EC94826269C4F9AE02.roa
Signing time:             Thu 12 May 2022 07:30:35 +0000
ROA not before:           Thu 12 May 2022 07:30:35 +0000
ROA not after:            Wed 31 Aug 2022 00:00:00 +0000
asID:                     36131
IP address blocks:        169.136.68.0/24 maxlen: 24
                          169.136.69.0/24 maxlen: 24
                          169.136.70.0/24 maxlen: 24
                          169.136.71.0/24 maxlen: 24
                          169.136.72.0/24 maxlen: 24
                          169.136.73.0/24 maxlen: 24
                          169.136.74.0/24 maxlen: 24
                          169.136.75.0/24 maxlen: 24
                          169.136.128.0/24 maxlen: 24
                          169.136.129.0/24 maxlen: 24
                          169.136.130.0/24 maxlen: 24
                          169.136.132.0/24 maxlen: 24
                          169.136.140.0/24 maxlen: 24
                          169.136.141.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1322 (0x52a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91DF93A/serialNumber=7E244310D7A456EB127B926C42F26D79E9ACDB88
        Validity
            Not Before: May 12 07:30:35 2022 GMT
            Not After : Aug 31 00:00:00 2022 GMT
        Subject: CN=627cb79b-5c17
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:99:c4:10:49:81:0c:66:a5:39:5b:2e:43:71:
                    25:2f:72:ad:c9:7d:67:de:d2:b4:0d:54:49:44:31:
                    63:31:37:80:f0:2b:15:16:f8:db:fa:bc:20:e8:c2:
                    5d:80:ad:25:84:b7:e7:06:b4:09:95:73:53:b0:11:
                    6e:65:8b:4d:2b:de:80:5b:5c:fe:a8:77:18:d5:fd:
                    75:65:7c:a6:f5:ab:1c:2a:38:26:6a:06:31:bb:de:
                    b3:76:ed:d8:d5:48:92:ef:c6:e0:30:84:f5:0d:f1:
                    31:6c:d2:c0:ed:8d:20:83:07:71:0f:5e:3a:78:de:
                    83:67:f4:c3:73:0a:2f:01:af:f7:fa:e4:05:bd:6f:
                    8a:6f:c0:2b:92:ad:1a:8a:99:91:86:ec:e4:09:e5:
                    a8:28:bd:14:6e:01:1d:43:7f:4b:db:93:fa:fb:d3:
                    6c:9b:6f:b3:5e:eb:fc:a4:e5:47:f3:0c:36:84:a1:
                    21:eb:bd:60:16:80:c2:ea:d6:60:e9:9e:6d:97:95:
                    77:b0:c0:4c:16:e5:78:fe:ec:58:30:86:a2:a0:3f:
                    a0:8f:9a:7a:27:f6:dc:04:c9:0d:72:0f:13:c5:04:
                    29:11:85:ed:af:ed:e5:c4:60:b7:ff:5a:b2:aa:f6:
                    df:93:df:35:82:df:43:49:d0:a6:f4:e0:ff:e9:71:
                    fe:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:DB:38:9D:38:4C:54:7A:72:3F:DC:91:1E:C1:28:EB:36:13:57:52
            X509v3 Authority Key Identifier:
                keyid:7E:24:43:10:D7:A4:56:EB:12:7B:92:6C:42:F2:6D:79:E9:AC:DB:88

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91DF93A/F7DFA72EE5F311EAB3A91561C4F9AE02/fiRDENekVusSe5JsQvJteems24g.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/fiRDENekVusSe5JsQvJteems24g.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91DF93A/F7DFA72EE5F311EAB3A91561C4F9AE02/696F7C02D1C511EC94826269C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  169.136.68.0-169.136.75.255
                  169.136.128.0-169.136.130.255
                  169.136.132.0/24
                  169.136.140.0/23

    Signature Algorithm: sha256WithRSAEncryption
         57:67:93:f3:e0:b8:0b:38:ff:3a:76:56:80:0e:78:e8:fc:00:
         55:23:36:50:97:7b:46:89:68:78:70:70:b2:af:bf:09:7e:eb:
         ba:9a:5a:9e:e8:87:74:1d:d3:0b:93:39:f2:c8:37:8f:47:a0:
         a2:a3:cf:8a:27:49:0c:72:29:b9:4d:bc:01:6e:76:bc:13:1f:
         51:dc:e3:53:dc:04:3b:c1:8d:1c:3b:c2:5e:f7:42:34:ba:eb:
         16:23:c3:15:78:25:bc:77:c7:41:96:2c:0d:11:6a:62:a9:fb:
         71:51:ab:69:57:a1:9e:c6:4e:1c:5d:66:f2:71:c5:85:83:66:
         8e:9a:63:40:a9:20:c6:d6:65:a7:b5:af:b2:61:17:6b:2a:b4:
         0d:e3:b8:ed:e3:4c:f2:ed:dc:b5:a8:ad:66:41:cc:f7:b8:ae:
         d5:af:0d:57:a6:ec:db:4c:f0:96:60:0e:4d:b1:2c:a8:a4:7e:
         39:1e:01:7f:00:5d:54:bf:b2:f5:7c:1a:4a:cf:f7:78:df:ff:
         f5:a5:cf:49:1a:db:58:06:cb:0c:cb:05:9e:7f:a8:ae:63:83:
         9e:8e:0d:21:93:f0:d3:e3:be:79:8f:4e:6c:dc:04:00:a4:31:
         2d:b8:69:d2:01:e7:2e:6b:b9:93:3b:ef:bb:af:89:76:6e:9b:
         83:76:73:25
-----BEGIN CERTIFICATE-----
MIIFkzCCBHugAwIBAgICBSowDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
REY5M0ExMTAvBgNVBAUTKDdFMjQ0MzEwRDdBNDU2RUIxMjdCOTI2QzQyRjI2RDc5
RTlBQ0RCODgwHhcNMjIwNTEyMDczMDM1WhcNMjIwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MjdjYjc5Yi01YzE3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAwpnEEEmBDGalOVsuQ3ElL3KtyX1n3tK0DVRJRDFjMTeA8CsVFvjb+rwg6MJd
gK0lhLfnBrQJlXNTsBFuZYtNK96AW1z+qHcY1f11ZXym9ascKjgmagYxu96zdu3Y
1UiS78bgMIT1DfExbNLA7Y0ggwdxD146eN6DZ/TDcwovAa/3+uQFvW+Kb8Arkq0a
ipmRhuzkCeWoKL0UbgEdQ39L25P6+9Nsm2+zXuv8pOVH8ww2hKEh671gFoDC6tZg
6Z5tl5V3sMBMFuV4/uxYMIaioD+gj5p6J/bcBMkNcg8TxQQpEYXtr+3lxGC3/1qy
qvbfk981gt9DSdCm9OD/6XH+JwIDAQABo4ICtzCCArMwHQYDVR0OBBYEFIXbOJ04
TFR6cj/ckR7BKOs2E1dSMB8GA1UdIwQYMBaAFH4kQxDXpFbrEnuSbELybXnprNuI
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFERjkzQS9GN0RGQTcyRUU1
RjMxMUVBQjNBOTE1NjFDNEY5QUUwMi9maVJERU5la1Z1c1NlNUpzUXZKdGVlbXMy
NGcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL2ZpUkRFTmVrVnVzU2U1SnNRdkp0ZWVtczI0Zy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
REY5M0EvRjdERkE3MkVFNUYzMTFFQUIzQTkxNTYxQzRGOUFFMDIvNjk2RjdDMDJE
MUM1MTFFQzk0ODI2MjY5QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwQQYIKwYBBQUHAQcBAf8E
MjAwMC4EAgABMCgwDAMEAqmIRAMEAqmISDAMAwQHqYiAAwQAqYiCAwQAqYiEAwQB
qYiMMA0GCSqGSIb3DQEBCwUAA4IBAQBXZ5Pz4LgLOP86dlaADnjo/ABVIzZQl3tG
iWh4cHCyr78Jfuu6mlqe6Id0HdMLkznyyDePR6Cio8+KJ0kMcim5TbwBbna8Ex9R
3ONT3AQ7wY0cO8Je90I0uusWI8MVeCW8d8dBliwNEWpiqftxUatpV6Gexk4cXWby
ccWFg2aOmmNAqSDG1mWnta+yYRdrKrQN47jt40zy7dy1qK1mQcz3uK7Vrw1Xpuzb
TPCWYA5NsSyopH45HgF/AF1Uv7L1fBpKz/d43//1pc9JGttYBssMywWef6iuY4Oe
jg0hk/DT4755j05s3AQApDEtuGnSAecua7mTO++7r4l2bpuDdnMl
-----END CERTIFICATE-----