Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91568F6/37D03DF6CE2811E9A6B6C17BC4F9AE02/867F7384822711ED94C3212CC4F9AE02.roa
File:                     867F7384822711ED94C3212CC4F9AE02.roa (raw, json)
Hash identifier:          q7hq6HECrwK3K/Xw738rCnHWXJB7WZGubMywXNFI/NQ=
Subject key identifier:   83:F8:F7:46:2A:F1:B7:19:B3:F1:F3:88:5D:24:AA:73:41:61:96:6B
Certificate issuer:       /CN=A91568F6/serialNumber=1E329E98F67692E9B576023A2FBC557D57DD556C
Certificate serial:       0BA2
Authority key identifier: 1E:32:9E:98:F6:76:92:E9:B5:76:02:3A:2F:BC:55:7D:57:DD:55:6C
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/HjKemPZ2kum1dgI6L7xVfVfdVWw.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91568F6/37D03DF6CE2811E9A6B6C17BC4F9AE02/867F7384822711ED94C3212CC4F9AE02.roa
Signing time:             Thu 22 Dec 2022 18:36:19 +0000
ROA not before:           Thu 22 Dec 2022 18:36:19 +0000
ROA not after:            Sun 30 Jul 2023 00:00:00 +0000
asID:                     136547
IP address blocks:        103.251.36.0/24 maxlen: 24
                          103.251.37.0/24 maxlen: 24
                          103.251.38.0/24 maxlen: 24
                          103.251.39.0/24 maxlen: 24
                          150.242.228.0/24 maxlen: 24
                          150.242.229.0/24 maxlen: 24
                          150.242.230.0/24 maxlen: 24
                          150.242.231.0/24 maxlen: 24

Validation:               Failed, certificate has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2978 (0xba2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91568F6/serialNumber=1E329E98F67692E9B576023A2FBC557D57DD556C
        Validity
            Not Before: Dec 22 18:36:19 2022 GMT
            Not After : Jul 30 00:00:00 2023 GMT
        Subject: CN=63a4a3a3-5cd1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:10:6e:ae:9c:b1:2e:61:80:1d:01:88:28:5b:
                    30:6c:c3:e2:df:a4:e3:bf:ea:4a:2c:1d:ac:53:40:
                    10:d8:bd:81:80:a3:33:07:78:c9:8d:23:cc:84:ae:
                    bd:12:1d:63:86:40:b1:da:bd:e7:4b:33:ac:28:e7:
                    b1:23:a9:c9:c4:43:51:12:98:0c:f0:eb:6b:29:a2:
                    ef:ac:41:cb:0b:e5:ed:71:10:f0:a1:61:d6:02:7a:
                    6b:e2:dd:85:ac:35:28:89:95:b7:dd:e6:72:88:33:
                    b5:74:d0:bd:c7:ac:ce:b1:14:b7:7b:fe:a0:5c:19:
                    df:5f:f1:08:63:52:de:6c:10:1a:30:41:85:cd:4c:
                    6e:46:b9:9b:96:c9:12:e1:51:c7:97:08:50:95:d6:
                    1d:b1:a6:de:e0:2c:db:70:09:07:42:00:43:b1:fc:
                    16:e4:6b:4b:0f:11:ee:df:a7:24:e4:85:6e:36:1e:
                    0e:f4:7c:51:6f:f4:17:fe:c0:82:b1:e1:70:b5:4b:
                    b8:e0:76:13:7e:57:a6:df:a8:6f:3c:51:b5:e5:fb:
                    19:29:5f:63:ca:f1:8c:9a:cb:6f:64:a0:5a:f1:e4:
                    f8:4a:87:5f:04:39:5a:9a:b7:6b:28:ee:8a:b7:85:
                    6e:6b:bd:eb:a8:84:bc:81:20:4b:c7:c2:3d:a9:c4:
                    b7:4b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:F8:F7:46:2A:F1:B7:19:B3:F1:F3:88:5D:24:AA:73:41:61:96:6B
            X509v3 Authority Key Identifier:
                keyid:1E:32:9E:98:F6:76:92:E9:B5:76:02:3A:2F:BC:55:7D:57:DD:55:6C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91568F6/37D03DF6CE2811E9A6B6C17BC4F9AE02/HjKemPZ2kum1dgI6L7xVfVfdVWw.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/HjKemPZ2kum1dgI6L7xVfVfdVWw.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91568F6/37D03DF6CE2811E9A6B6C17BC4F9AE02/867F7384822711ED94C3212CC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.251.36.0/22
                  150.242.228.0/22

    Signature Algorithm: sha256WithRSAEncryption
         4b:78:5d:f9:4d:6f:78:40:d9:5b:5c:9c:77:9a:99:44:7e:89:
         79:54:44:f4:81:fc:28:23:98:35:5f:29:c3:9b:2a:ce:f9:e8:
         41:96:d2:72:1a:bc:78:8f:3e:32:07:2f:71:8e:d2:91:eb:f4:
         b3:fa:52:1d:de:87:86:93:18:be:08:bf:ed:bd:54:98:76:48:
         16:fc:63:70:4d:e1:32:ee:29:9b:68:cd:0b:ef:05:18:0d:8e:
         39:d4:f3:53:cc:2e:41:e4:fa:4e:10:0c:14:10:37:a7:01:8b:
         c2:8e:ab:29:c9:81:32:24:ad:2a:4d:e5:6a:1b:03:16:28:9c:
         79:ed:8b:62:dd:5a:89:95:37:03:7d:5a:d7:bd:e6:2a:d9:c2:
         52:61:19:0d:08:61:31:0f:14:f8:7c:c9:34:91:2e:e4:9f:3a:
         2c:05:c9:24:7f:6c:ce:ba:9d:30:d0:66:d8:30:b0:da:1f:2e:
         ec:13:31:3d:7e:d8:99:0e:91:84:1f:d0:75:98:07:96:a1:ef:
         cc:90:91:64:46:12:29:c6:86:23:79:57:81:1a:b5:7a:3f:ee:
         51:27:dc:71:ba:cc:74:14:f6:84:48:83:a1:eb:4e:fd:1c:ca:
         8e:b0:5a:ee:4e:03:1c:a7:81:9a:2d:51:06:6d:46:60:75:c2:
         98:95:60:72
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICC6IwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NTY4RjYxMTAvBgNVBAUTKDFFMzI5RTk4RjY3NjkyRTlCNTc2MDIzQTJGQkM1NTdE
NTdERDU1NkMwHhcNMjIxMjIyMTgzNjE5WhcNMjMwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02M2E0YTNhMy01Y2QxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAwRBurpyxLmGAHQGIKFswbMPi36Tjv+pKLB2sU0AQ2L2BgKMzB3jJjSPMhK69
Eh1jhkCx2r3nSzOsKOexI6nJxENREpgM8OtrKaLvrEHLC+XtcRDwoWHWAnpr4t2F
rDUoiZW33eZyiDO1dNC9x6zOsRS3e/6gXBnfX/EIY1LebBAaMEGFzUxuRrmblskS
4VHHlwhQldYdsabe4CzbcAkHQgBDsfwW5GtLDxHu36ck5IVuNh4O9HxRb/QX/sCC
seFwtUu44HYTflem36hvPFG15fsZKV9jyvGMmstvZKBa8eT4SodfBDlamrdrKO6K
t4Vua73rqIS8gSBLx8I9qcS3SwIDAQABo4ICmzCCApcwHQYDVR0OBBYEFIP490Yq
8bcZs/HziF0kqnNBYZZrMB8GA1UdIwQYMBaAFB4ynpj2dpLptXYCOi+8VX1X3VVs
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1NjhGNi8zN0QwM0RGNkNF
MjgxMUU5QTZCNkMxN0JDNEY5QUUwMi9IaktlbVBaMmt1bTFkZ0k2TDd4VmZWZmRW
V3cuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0hqS2VtUFoya3VtMWRnSTZMN3hWZlZmZFZXdy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NTY4RjYvMzdEMDNERjZDRTI4MTFFOUE2QjZDMTdCQzRGOUFFMDIvODY3RjczODQ4
MjI3MTFFRDk0QzMyMTJDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBAJn+yQDBAKW8uQwDQYJKoZIhvcNAQELBQADggEBAEt4XflN
b3hA2VtcnHeamUR+iXlURPSB/CgjmDVfKcObKs756EGW0nIavHiPPjIHL3GO0pHr
9LP6Uh3eh4aTGL4Iv+29VJh2SBb8Y3BN4TLuKZtozQvvBRgNjjnU81PMLkHk+k4Q
DBQQN6cBi8KOqynJgTIkrSpN5WobAxYonHnti2LdWomVNwN9Wte95irZwlJhGQ0I
YTEPFPh8yTSRLuSfOiwFySR/bM66nTDQZtgwsNofLuwTMT1+2JkOkYQf0HWYB5ah
78yQkWRGEinGhiN5V4EatXo/7lEn3HG6zHQU9oRIg6HrTv0cyo6wWu5OAxyngZot
UQZtRmB1wpiVYHI=
-----END CERTIFICATE-----