Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91E015D/6C474920731211EDB70BCE33C4F9AE02/A6916C32057511EEAFC9104DC4F9AE02.roa
File:                     A6916C32057511EEAFC9104DC4F9AE02.roa (raw, json)
Hash identifier:          kJQ9Cq67u9bGeMz9w3eiImailtNfKt+JRLVJns9C8YQ=
Subject key identifier:   E9:FC:B1:D0:D3:6E:82:DF:C9:18:59:4F:1E:8B:49:0C:A2:DB:9E:C1
Certificate issuer:       /CN=A91E015D/serialNumber=257A9E6914D58A745B0EE6ABE548CDBE020488D4
Certificate serial:       72
Authority key identifier: 25:7A:9E:69:14:D5:8A:74:5B:0E:E6:AB:E5:48:CD:BE:02:04:88:D4
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/JXqeaRTVinRbDuar5UjNvgIEiNQ.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91E015D/6C474920731211EDB70BCE33C4F9AE02/A6916C32057511EEAFC9104DC4F9AE02.roa
Signing time:             Wed 07 Jun 2023 22:25:41 +0000
ROA not before:           Wed 07 Jun 2023 22:25:41 +0000
ROA not after:            Wed 29 May 2024 00:00:00 +0000
asID:                     208485
IP address blocks:        103.85.200.0/24 maxlen: 24
                          103.85.201.0/24 maxlen: 24
                          103.85.202.0/24 maxlen: 24
                          103.85.203.0/24 maxlen: 24
                          110.44.108.0/24 maxlen: 24
                          110.44.109.0/24 maxlen: 24
                          110.44.110.0/24 maxlen: 24
                          110.44.111.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 114 (0x72)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E015D/serialNumber=257A9E6914D58A745B0EE6ABE548CDBE020488D4
        Validity
            Not Before: Jun  7 22:25:41 2023 GMT
            Not After : May 29 00:00:00 2024 GMT
        Subject: CN=648103e5-66ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:80:91:ea:6e:60:14:fc:74:8b:6b:61:2e:60:
                    94:35:ed:5b:a4:a1:27:db:be:3d:a9:a5:e4:b3:09:
                    ac:cf:95:e9:59:b5:10:8f:1d:1c:cb:b5:69:4d:48:
                    73:18:72:17:63:9c:e5:b3:7e:11:b0:f5:b2:f9:de:
                    69:35:10:3e:7b:40:05:8d:ef:80:f0:2b:e1:fe:ea:
                    2b:ff:0c:30:83:a3:68:a7:81:39:f9:ef:49:cf:5f:
                    f9:e2:56:95:fa:55:55:eb:ba:da:d5:17:b8:77:dd:
                    0a:ed:36:8c:3a:d2:53:27:86:7d:c1:58:54:ae:cb:
                    99:23:dc:bb:3b:37:d3:4d:35:57:40:5c:df:7d:2d:
                    f2:e9:ab:28:dc:bb:d7:0b:5c:d6:e0:8d:5e:1c:43:
                    0a:4c:4a:6b:04:77:e1:9b:74:52:be:c9:6b:da:cb:
                    65:09:a7:11:eb:13:03:ab:9c:00:ba:39:9b:10:52:
                    58:f9:83:11:55:58:0c:5d:5f:b9:c6:b8:a5:62:0e:
                    48:be:42:10:2d:1d:42:1a:c8:06:73:6a:79:28:d5:
                    49:51:8d:fc:7d:5d:49:a2:63:14:7c:61:a9:15:da:
                    dd:db:7a:e1:3d:38:50:6b:b3:df:e6:6a:bc:89:25:
                    d1:f3:d4:91:2c:ae:e9:20:9e:40:d5:43:ee:62:75:
                    c9:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:FC:B1:D0:D3:6E:82:DF:C9:18:59:4F:1E:8B:49:0C:A2:DB:9E:C1
            X509v3 Authority Key Identifier:
                keyid:25:7A:9E:69:14:D5:8A:74:5B:0E:E6:AB:E5:48:CD:BE:02:04:88:D4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91E015D/6C474920731211EDB70BCE33C4F9AE02/JXqeaRTVinRbDuar5UjNvgIEiNQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/JXqeaRTVinRbDuar5UjNvgIEiNQ.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91E015D/6C474920731211EDB70BCE33C4F9AE02/A6916C32057511EEAFC9104DC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.85.200.0/22
                  110.44.108.0/22

    Signature Algorithm: sha256WithRSAEncryption
         24:9e:57:36:81:20:e2:16:6a:1b:9a:cf:3c:b6:8b:fc:9c:e2:
         e1:73:09:43:f4:cf:85:65:a6:5b:ce:7e:92:82:68:99:40:6c:
         eb:31:1c:8a:3a:30:cd:40:1d:18:01:c4:75:d1:a6:cb:fb:9d:
         5c:d0:db:ea:c1:8e:45:fd:7c:d5:c0:a8:3b:b0:b0:32:94:55:
         58:fc:de:e8:d9:a8:67:79:de:be:b7:3d:93:7a:a7:d6:08:9b:
         15:eb:68:c1:c0:4b:01:93:36:fd:5d:97:be:96:ee:4b:f3:65:
         75:fd:bc:9d:76:bf:36:f1:5f:57:17:73:42:03:ad:f8:cd:44:
         6c:dd:a4:81:08:42:4f:ef:e3:dd:e1:49:14:a1:44:4f:55:1c:
         af:77:18:68:bb:8a:64:63:36:b3:44:28:69:92:43:39:06:06:
         aa:cf:f4:dc:87:20:bb:d1:f0:48:a7:21:35:e8:20:ea:91:fb:
         0e:48:03:76:bc:21:b0:c8:72:17:b6:2f:a9:2d:a2:97:9e:c0:
         08:6b:53:90:d1:fd:74:23:0a:10:c1:25:74:6c:9c:c5:9d:16:
         4e:31:c6:73:60:e5:56:73:5b:95:98:11:42:ff:a7:93:23:63:
         2b:7b:f8:59:85:df:f4:33:a5:f1:65:67:31:53:51:37:13:ff:
         d0:b8:4c:6d
-----BEGIN CERTIFICATE-----
MIIFdjCCBF6gAwIBAgIBcjANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFF
MDE1RDExMC8GA1UEBRMoMjU3QTlFNjkxNEQ1OEE3NDVCMEVFNkFCRTU0OENEQkUw
MjA0ODhENDAeFw0yMzA2MDcyMjI1NDFaFw0yNDA1MjkwMDAwMDBaMBgxFjAUBgNV
BAMTDTY0ODEwM2U1LTY2YWIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDMgJHqbmAU/HSLa2EuYJQ17VukoSfbvj2ppeSzCazPlelZtRCPHRzLtWlNSHMY
chdjnOWzfhGw9bL53mk1ED57QAWN74DwK+H+6iv/DDCDo2ingTn570nPX/niVpX6
VVXrutrVF7h33QrtNow60lMnhn3BWFSuy5kj3Ls7N9NNNVdAXN99LfLpqyjcu9cL
XNbgjV4cQwpMSmsEd+GbdFK+yWvay2UJpxHrEwOrnAC6OZsQUlj5gxFVWAxdX7nG
uKViDki+QhAtHUIayAZzanko1UlRjfx9XUmiYxR8YakV2t3beuE9OFBrs9/maryJ
JdHz1JEsrukgnkDVQ+5idcmrAgMBAAGjggKbMIIClzAdBgNVHQ4EFgQU6fyx0NNu
gt/JGFlPHotJDKLbnsEwHwYDVR0jBBgwFoAUJXqeaRTVinRbDuar5UjNvgIEiNQw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUUwMTVELzZDNDc0OTIwNzMx
MjExRURCNzBCQ0UzM0M0RjlBRTAyL0pYcWVhUlRWaW5SYkR1YXI1VWpOdmdJRWlO
US5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvSlhxZWFSVFZpblJiRHVhcjVVak52Z0lFaU5RLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFF
MDE1RC82QzQ3NDkyMDczMTIxMUVEQjcwQkNFMzNDNEY5QUUwMi9BNjkxNkMzMjA1
NzUxMUVFQUZDOTEwNERDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAlBggrBgEFBQcBBwEB/wQW
MBQwEgQCAAEwDAMEAmdVyAMEAm4sbDANBgkqhkiG9w0BAQsFAAOCAQEAJJ5XNoEg
4hZqG5rPPLaL/Jzi4XMJQ/TPhWWmW85+koJomUBs6zEcijowzUAdGAHEddGmy/ud
XNDb6sGORf181cCoO7CwMpRVWPze6NmoZ3nevrc9k3qn1gibFetowcBLAZM2/V2X
vpbuS/Nldf28nXa/NvFfVxdzQgOt+M1EbN2kgQhCT+/j3eFJFKFET1Ucr3cYaLuK
ZGM2s0QoaZJDOQYGqs/03Icgu9HwSKchNegg6pH7DkgDdrwhsMhyF7YvqS2il57A
CGtTkNH9dCMKEMEldGycxZ0WTjHGc2DlVnNblZgRQv+nkyNjK3v4WYXf9DOl8WVn
MVNRNxP/0LhMbQ==
-----END CERTIFICATE-----