Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91EAAF5/E99F523A6EC411ECAFD27331C4F9AE02/1FD09BC86EC711EC9BA24E32C4F9AE02.roa
File:                     1FD09BC86EC711EC9BA24E32C4F9AE02.roa (raw, json)
Hash identifier:          oidSWMJJsJnOFQm0W9Aii3d4MvHaIeEBerKMaCVda+s=
Subject key identifier:   93:9B:2D:B7:4A:E7:86:DE:3C:75:48:7E:36:2F:96:50:F7:A2:13:7B
Certificate issuer:       /CN=A91EAAF5/serialNumber=4584AEA2394C46D6934E63ED6887D4726FDF7A13
Certificate serial:       0244
Authority key identifier: 45:84:AE:A2:39:4C:46:D6:93:4E:63:ED:68:87:D4:72:6F:DF:7A:13
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/RYSuojlMRtaTTmPtaIfUcm_fehM.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91EAAF5/E99F523A6EC411ECAFD27331C4F9AE02/1FD09BC86EC711EC9BA24E32C4F9AE02.roa
Signing time:             Tue 13 Dec 2022 12:02:53 +0000
ROA not before:           Tue 13 Dec 2022 12:02:53 +0000
ROA not after:            Mon 01 May 2023 00:00:00 +0000
asID:                     16509
IP address blocks:        103.179.36.0/24 maxlen: 24
                          103.179.37.0/24 maxlen: 24
                          2001:df0:45c4::/48 maxlen: 48
                          2001:df0:45c5::/48 maxlen: 48
                          2001:df0:45c6::/48 maxlen: 48
                          2001:df0:45c7::/48 maxlen: 48

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 580 (0x244)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91EAAF5/serialNumber=4584AEA2394C46D6934E63ED6887D4726FDF7A13
        Validity
            Not Before: Dec 13 12:02:53 2022 GMT
            Not After : May  1 00:00:00 2023 GMT
        Subject: CN=639869ed-502a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:df:5e:00:e9:7e:d1:87:48:30:f8:d0:e9:ed:
                    18:79:f4:a9:45:78:dc:f5:a7:b8:9a:8c:38:78:36:
                    ba:a1:f9:fa:ba:92:51:e0:18:d6:b8:3c:40:b8:48:
                    b1:da:0d:e6:6e:7d:06:2f:26:21:2c:78:52:23:49:
                    f9:e0:6b:83:4b:06:ca:0b:28:c7:f5:fc:40:bf:d4:
                    eb:fc:a8:cd:ad:41:ed:48:31:bd:78:b5:0f:96:9b:
                    c1:72:a6:72:76:2a:33:3f:e2:69:e7:43:11:22:ef:
                    a6:34:e1:e8:6f:1d:0a:b8:56:a4:a0:74:45:db:72:
                    d9:53:6e:62:04:f3:b6:77:4c:9b:78:f5:7a:ab:d0:
                    65:e5:fe:93:2f:8c:ee:84:58:c3:0a:1f:6d:d5:2b:
                    38:09:26:83:dd:85:69:a5:df:15:4f:17:f3:6f:79:
                    97:38:40:de:ae:75:38:a6:e7:65:a2:57:0e:03:ec:
                    c0:8f:f6:29:01:bf:b1:2c:37:76:94:5c:e3:d3:b3:
                    6e:7e:54:a2:3a:7c:19:4c:82:dc:4c:b1:b7:c2:b4:
                    5e:e6:30:67:48:3b:ae:43:ae:21:2a:30:9f:ee:75:
                    f1:f3:6d:9d:9e:8d:17:2a:a3:37:4f:6d:03:66:08:
                    84:a2:e4:48:0b:b5:cb:2c:60:d2:ef:e8:6f:fc:62:
                    aa:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:9B:2D:B7:4A:E7:86:DE:3C:75:48:7E:36:2F:96:50:F7:A2:13:7B
            X509v3 Authority Key Identifier:
                keyid:45:84:AE:A2:39:4C:46:D6:93:4E:63:ED:68:87:D4:72:6F:DF:7A:13

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91EAAF5/E99F523A6EC411ECAFD27331C4F9AE02/RYSuojlMRtaTTmPtaIfUcm_fehM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/RYSuojlMRtaTTmPtaIfUcm_fehM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91EAAF5/E99F523A6EC411ECAFD27331C4F9AE02/1FD09BC86EC711EC9BA24E32C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.179.36.0/23
                IPv6:
                  2001:df0:45c4::/46

    Signature Algorithm: sha256WithRSAEncryption
         45:3f:7b:c0:11:6f:d2:4f:58:0f:0c:64:b3:35:6c:f5:10:9e:
         1e:ac:12:bd:7b:e2:93:dc:7d:74:a3:9c:b3:a7:71:af:74:75:
         3d:13:b3:11:6e:a2:fe:6a:7a:ce:b1:56:1d:4f:59:14:51:9a:
         7c:ad:f6:e5:c1:14:57:6d:c0:7b:24:e0:38:9d:58:84:e0:65:
         f2:3d:c9:63:52:13:11:79:f0:29:3d:62:b6:91:25:e3:e7:6b:
         e6:97:50:c5:f5:ec:f4:d9:a0:b6:41:63:6d:54:f6:7b:a5:78:
         9b:e3:99:d1:90:06:71:5c:d7:d1:09:78:45:57:27:f1:ed:19:
         31:4d:52:80:ee:15:30:f4:a6:7e:25:67:d0:78:89:47:11:0a:
         08:c7:34:ec:42:13:81:f3:38:03:71:ba:e2:54:a5:11:06:0e:
         10:8a:43:68:cc:f7:22:00:5e:76:fb:50:8a:ba:d7:3a:da:b0:
         e4:90:59:b7:4e:b9:30:27:78:aa:09:cb:79:19:f5:a3:de:07:
         74:22:a6:00:a5:bc:59:95:1d:cd:0f:bc:b5:0d:45:2c:8b:f5:
         b4:3d:38:18:8b:d1:86:2a:d9:10:9a:20:8a:81:55:41:ca:72:
         a8:25:ee:8e:1c:e1:67:e7:2b:03:ed:c2:d3:96:8e:82:7e:b3:
         2d:09:c4:11
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICAkQwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RUFBRjUxMTAvBgNVBAUTKDQ1ODRBRUEyMzk0QzQ2RDY5MzRFNjNFRDY4ODdENDcy
NkZERjdBMTMwHhcNMjIxMjEzMTIwMjUzWhcNMjMwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02Mzk4NjllZC01MDJhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAyd9eAOl+0YdIMPjQ6e0YefSpRXjc9ae4mow4eDa6ofn6upJR4BjWuDxAuEix
2g3mbn0GLyYhLHhSI0n54GuDSwbKCyjH9fxAv9Tr/KjNrUHtSDG9eLUPlpvBcqZy
diozP+Jp50MRIu+mNOHobx0KuFakoHRF23LZU25iBPO2d0ybePV6q9Bl5f6TL4zu
hFjDCh9t1Ss4CSaD3YVppd8VTxfzb3mXOEDernU4pudlolcOA+zAj/YpAb+xLDd2
lFzj07NuflSiOnwZTILcTLG3wrRe5jBnSDuuQ64hKjCf7nXx822dno0XKqM3T20D
ZgiEouRIC7XLLGDS7+hv/GKq2QIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFJObLbdK
54bePHVIfjYvllD3ohN7MB8GA1UdIwQYMBaAFEWErqI5TEbWk05j7WiH1HJv33oT
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFQUFGNS9FOTlGNTIzQTZF
QzQxMUVDQUZEMjczMzFDNEY5QUUwMi9SWVN1b2psTVJ0YVRUbVB0YUlmVWNtX2Zl
aE0uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1JZU3VvamxNUnRhVFRtUHRhSWZVY21fZmVoTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RUFBRjUvRTk5RjUyM0E2RUM0MTFFQ0FGRDI3MzMxQzRGOUFFMDIvMUZEMDlCQzg2
RUM3MTFFQzlCQTI0RTMyQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBAFnsyQwDwQCAAIwCQMHAiABDfBFxDANBgkqhkiG9w0BAQsF
AAOCAQEART97wBFv0k9YDwxkszVs9RCeHqwSvXvik9x9dKOcs6dxr3R1PROzEW6i
/mp6zrFWHU9ZFFGafK325cEUV23AeyTgOJ1YhOBl8j3JY1ITEXnwKT1itpEl4+dr
5pdQxfXs9NmgtkFjbVT2e6V4m+OZ0ZAGcVzX0Ql4RVcn8e0ZMU1SgO4VMPSmfiVn
0HiJRxEKCMc07EITgfM4A3G64lSlEQYOEIpDaMz3IgBedvtQirrXOtqw5JBZt065
MCd4qgnLeRn1o94HdCKmAKW8WZUdzQ+8tQ1FLIv1tD04GIvRhirZEJogioFVQcpy
qCXujhzhZ+crA+3C05aOgn6zLQnEEQ==
-----END CERTIFICATE-----