Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91E0875/6D91AABC593111EAAA31B40AC4F9AE02/7AC83C8EE99611EDB0837738C4F9AE02.roa
File:                     7AC83C8EE99611EDB0837738C4F9AE02.roa (raw, json)
Hash identifier:          K2UuWauOaK3hw1GhIItYJCyv5rSLmdGSn7JeLfVOyLU=
Subject key identifier:   97:63:4A:23:49:FC:11:1F:21:59:26:C2:C3:4D:0E:80:F6:38:FB:5B
Certificate issuer:       /CN=A91E0875/serialNumber=F973492ED646928ED1F10DE84662E5523F55CC8D
Certificate serial:       092B
Authority key identifier: F9:73:49:2E:D6:46:92:8E:D1:F1:0D:E8:46:62:E5:52:3F:55:CC:8D
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/-XNJLtZGko7R8Q3oRmLlUj9VzI0.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91E0875/6D91AABC593111EAAA31B40AC4F9AE02/7AC83C8EE99611EDB0837738C4F9AE02.roa
Signing time:             Fri 05 May 2023 04:18:48 +0000
ROA not before:           Fri 05 May 2023 04:18:48 +0000
ROA not after:            Wed 01 May 2024 00:00:00 +0000
asID:                     134069
IP address blocks:        43.231.224.0/22 maxlen: 22
                          45.115.220.0/22 maxlen: 22
                          45.115.220.0/24 maxlen: 24
                          45.115.221.0/24 maxlen: 24
                          103.51.48.0/22 maxlen: 22
                          103.51.50.0/24 maxlen: 24
                          103.51.51.0/24 maxlen: 24
                          202.6.248.0/22 maxlen: 22
                          202.6.248.0/23 maxlen: 23
                          202.6.250.0/24 maxlen: 24
                          202.6.251.0/24 maxlen: 24
                          2402:1a80::/32 maxlen: 32

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2347 (0x92b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E0875/serialNumber=F973492ED646928ED1F10DE84662E5523F55CC8D
        Validity
            Not Before: May  5 04:18:48 2023 GMT
            Not After : May  1 00:00:00 2024 GMT
        Subject: CN=645483a7-8638
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:17:3f:4f:74:84:09:dc:f9:37:df:71:10:ff:
                    b1:6c:86:ff:fe:9e:7d:93:5d:f1:06:23:ff:22:12:
                    97:2b:ea:4f:6c:54:b7:aa:d0:ad:fc:29:9f:92:e2:
                    6c:fe:ca:fc:24:a6:72:b3:f0:e3:88:d8:ab:5a:66:
                    24:5d:74:09:ba:d2:ea:15:62:3e:75:37:2b:f4:69:
                    bd:f2:9d:7b:74:99:d9:c4:d4:0c:ad:b0:a2:bf:81:
                    f4:79:25:c1:f5:0c:e7:bb:83:12:87:ba:c1:f9:97:
                    64:40:b9:6a:90:e2:7f:ee:36:43:ef:c0:09:eb:78:
                    84:4a:e7:1b:0b:13:53:c9:d0:52:4b:31:91:4b:d3:
                    81:07:fe:da:15:33:12:b0:e2:d4:f4:1e:d1:6d:40:
                    b0:6a:75:22:40:f5:27:ba:b9:bb:be:3c:f1:0c:04:
                    9e:3b:3a:b4:fb:19:ce:c9:13:dc:af:cf:f1:39:e6:
                    2d:99:b2:ae:d2:02:40:c5:39:7d:50:5e:10:2b:76:
                    32:82:6a:1f:9e:de:52:cb:ae:1c:a0:7c:a8:fd:4d:
                    fa:9d:6d:4b:86:f8:aa:19:b3:5d:57:b6:bc:f7:52:
                    88:73:be:68:24:2f:b2:af:57:62:27:c8:21:b6:41:
                    d1:5c:33:b2:d2:ae:cd:74:54:41:e5:c8:da:f0:15:
                    61:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:63:4A:23:49:FC:11:1F:21:59:26:C2:C3:4D:0E:80:F6:38:FB:5B
            X509v3 Authority Key Identifier:
                keyid:F9:73:49:2E:D6:46:92:8E:D1:F1:0D:E8:46:62:E5:52:3F:55:CC:8D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91E0875/6D91AABC593111EAAA31B40AC4F9AE02/-XNJLtZGko7R8Q3oRmLlUj9VzI0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/-XNJLtZGko7R8Q3oRmLlUj9VzI0.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91E0875/6D91AABC593111EAAA31B40AC4F9AE02/7AC83C8EE99611EDB0837738C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.231.224.0/22
                  45.115.220.0/22
                  103.51.48.0/22
                  202.6.248.0/22
                IPv6:
                  2402:1a80::/32

    Signature Algorithm: sha256WithRSAEncryption
         ac:73:4c:e8:e4:61:0e:6b:4e:63:b4:27:23:9c:fe:54:03:77:
         54:2f:a0:b6:23:c2:f0:bc:01:64:f4:ce:7c:8b:4f:51:08:76:
         f0:d4:3b:4d:77:59:35:e5:f9:8c:79:93:29:37:01:96:e4:79:
         a0:c1:33:80:61:3c:b6:0b:a7:3c:68:a3:ff:fa:15:2f:33:58:
         1d:f5:ea:3e:27:cb:0e:99:45:24:d8:99:0b:1d:03:6b:f9:0d:
         0d:fd:ed:15:16:6d:89:17:bd:84:6c:50:09:dc:03:1c:9f:71:
         e1:ea:60:a0:92:40:88:a2:4f:cc:eb:e6:f3:ae:b4:67:36:cb:
         d0:d7:df:dc:3a:5a:7e:29:b5:fa:80:b5:99:33:47:3b:11:1d:
         c5:1d:d2:84:ac:e2:22:f3:d7:50:d6:93:c5:43:53:5d:5b:5e:
         a8:34:a5:13:78:d1:17:42:86:1a:0d:2a:d6:67:5e:87:a2:34:
         f4:11:6f:86:9c:b3:18:57:cd:7d:b3:11:18:d0:ba:72:f3:6a:
         09:b1:19:e4:3e:f5:b0:69:d0:32:51:e7:a7:54:ef:79:0f:e9:
         4f:57:69:36:2e:15:3a:3f:23:17:c0:d9:3e:72:2f:d2:2a:ff:
         bc:71:70:df:b7:17:b0:f9:44:eb:98:59:64:7e:61:0b:e6:4a:
         53:25:5a:dd
-----BEGIN CERTIFICATE-----
MIIFkjCCBHqgAwIBAgICCSswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RTA4NzUxMTAvBgNVBAUTKEY5NzM0OTJFRDY0NjkyOEVEMUYxMERFODQ2NjJFNTUy
M0Y1NUNDOEQwHhcNMjMwNTA1MDQxODQ4WhcNMjQwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDU0ODNhNy04NjM4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAthc/T3SECdz5N99xEP+xbIb//p59k13xBiP/IhKXK+pPbFS3qtCt/CmfkuJs
/sr8JKZys/DjiNirWmYkXXQJutLqFWI+dTcr9Gm98p17dJnZxNQMrbCiv4H0eSXB
9Qznu4MSh7rB+ZdkQLlqkOJ/7jZD78AJ63iESucbCxNTydBSSzGRS9OBB/7aFTMS
sOLU9B7RbUCwanUiQPUnurm7vjzxDASeOzq0+xnOyRPcr8/xOeYtmbKu0gJAxTl9
UF4QK3Yygmofnt5Sy64coHyo/U36nW1LhviqGbNdV7a891KIc75oJC+yr1diJ8gh
tkHRXDOy0q7NdFRB5cja8BVh0wIDAQABo4ICtjCCArIwHQYDVR0OBBYEFJdjSiNJ
/BEfIVkmwsNNDoD2OPtbMB8GA1UdIwQYMBaAFPlzSS7WRpKO0fEN6EZi5VI/VcyN
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFMDg3NS82RDkxQUFCQzU5
MzExMUVBQUEzMUI0MEFDNEY5QUUwMi8tWE5KTHRaR2tvN1I4UTNvUm1MbFVqOVZ6
STAuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLy1YTkpMdFpHa283UjhRM29SbUxsVWo5VnpJMC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RTA4NzUvNkQ5MUFBQkM1OTMxMTFFQUFBMzFCNDBBQzRGOUFFMDIvN0FDODNDOEVF
OTk2MTFFREIwODM3NzM4QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwQAYIKwYBBQUHAQcBAf8E
MTAvMB4EAgABMBgDBAIr5+ADBAItc9wDBAJnMzADBALKBvgwDQQCAAIwBwMFACQC
GoAwDQYJKoZIhvcNAQELBQADggEBAKxzTOjkYQ5rTmO0JyOc/lQDd1QvoLYjwvC8
AWT0znyLT1EIdvDUO013WTXl+Yx5kyk3AZbkeaDBM4BhPLYLpzxoo//6FS8zWB31
6j4nyw6ZRSTYmQsdA2v5DQ397RUWbYkXvYRsUAncAxyfceHqYKCSQIiiT8zr5vOu
tGc2y9DX39w6Wn4ptfqAtZkzRzsRHcUd0oSs4iLz11DWk8VDU11bXqg0pRN40RdC
hhoNKtZnXoeiNPQRb4acsxhXzX2zERjQunLzagmxGeQ+9bBp0DJR56dU73kP6U9X
aTYuFTo/IxfA2T5yL9Iq/7xxcN+3F7D5ROuYWWR+YQvmSlMlWt0=
-----END CERTIFICATE-----