Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91362A0/8032CBF0E3A111E6BF3B0068C4F9AE02/B21D3C5AE21311E8B9660E3EC4F9AE02.roa
File:                     B21D3C5AE21311E8B9660E3EC4F9AE02.roa (raw, json)
Hash identifier:          X/4GCRMZ/gVyKNef6s/CyH3yqYjWWcRQZHTiFuRUpcg=
Subject key identifier:   FE:8B:FE:4A:3C:93:DF:17:FE:7C:2E:EC:AB:D1:FB:6A:55:1D:7D:D7
Certificate issuer:       /CN=A91362A0/serialNumber=832005DC45D8C132A885155C431D33319ACF6D8D
Certificate serial:       1C06
Authority key identifier: 83:20:05:DC:45:D8:C1:32:A8:85:15:5C:43:1D:33:31:9A:CF:6D:8D
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gyAF3EXYwTKohRVcQx0zMZrPbY0.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91362A0/8032CBF0E3A111E6BF3B0068C4F9AE02/B21D3C5AE21311E8B9660E3EC4F9AE02.roa
Signing time:             Fri 10 Jan 2025 16:33:53 +0000
ROA not before:           Fri 10 Jan 2025 16:33:53 +0000
ROA not after:            Tue 31 Mar 2026 00:00:00 +0000
asID:                     136525
IP address blocks:        103.11.0.0/22 maxlen: 22
                          103.11.0.0/24 maxlen: 24
                          103.11.1.0/24 maxlen: 24
                          103.11.2.0/24 maxlen: 24
                          103.11.3.0/24 maxlen: 24
                          203.212.28.0/22 maxlen: 22
                          203.212.28.0/24 maxlen: 24
                          203.212.29.0/24 maxlen: 24
                          203.212.30.0/24 maxlen: 24
                          203.212.31.0/24 maxlen: 24
                          2400:9fc0::/32 maxlen: 32
                          2400:9fc0:192::/48 maxlen: 48
Validation:               Failed, CRL has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 7174 (0x1c06)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91362A0
        Validity
            Not Before: Jan 10 16:33:53 2025 GMT
            Not After : Mar 31 00:00:00 2026 GMT
        Subject: CN=67814bf1-0cfb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:9a:3c:33:fe:02:32:9b:82:7e:65:f5:36:1a:
                    72:bf:28:c3:52:a2:6b:b1:ae:4f:78:1a:43:56:32:
                    c4:d1:68:19:f4:a9:11:b1:e8:24:e2:cf:e3:d1:7e:
                    d9:bd:59:a3:f6:e2:79:aa:14:e1:c4:a7:43:08:5d:
                    84:9e:ac:e2:d5:18:5e:7f:8f:57:4c:9b:3d:f5:83:
                    44:dc:d8:0c:d8:c5:16:a2:74:d6:21:39:52:79:fd:
                    00:67:1f:88:8a:4e:ef:eb:91:4a:84:98:7c:09:ab:
                    86:dd:d6:da:13:e0:1f:a1:78:be:7a:af:66:dc:1a:
                    1d:79:d2:71:95:b9:b5:17:77:2e:bf:28:cd:23:64:
                    ce:a7:2b:72:bc:c9:a6:04:97:a9:11:16:26:d5:8f:
                    e2:58:a1:67:6e:da:96:a7:de:40:0d:0c:2e:25:9b:
                    44:0f:09:6e:01:7f:ca:67:7e:2f:68:a5:01:9f:e3:
                    f4:c6:3c:84:51:e9:3e:db:58:7b:9c:91:35:30:aa:
                    d2:2f:0b:08:f3:4f:d9:05:6b:73:4e:54:85:fa:4e:
                    c2:8d:a3:86:ad:fd:dc:d3:a7:ad:c5:f8:82:14:2c:
                    01:6f:ef:ca:de:cc:f5:d5:e5:49:95:0c:7e:be:7f:
                    83:e6:24:05:5f:3f:f0:c6:ad:b3:88:14:bc:f2:b6:
                    90:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:8B:FE:4A:3C:93:DF:17:FE:7C:2E:EC:AB:D1:FB:6A:55:1D:7D:D7
            X509v3 Authority Key Identifier:
                keyid:83:20:05:DC:45:D8:C1:32:A8:85:15:5C:43:1D:33:31:9A:CF:6D:8D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91362A0/8032CBF0E3A111E6BF3B0068C4F9AE02/gyAF3EXYwTKohRVcQx0zMZrPbY0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gyAF3EXYwTKohRVcQx0zMZrPbY0.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91362A0/8032CBF0E3A111E6BF3B0068C4F9AE02/B21D3C5AE21311E8B9660E3EC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.11.0.0/22
                  203.212.28.0/22
                IPv6:
                  2400:9fc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         0a:2a:17:91:fa:cc:94:42:9c:bb:e5:ed:8a:1e:bc:d2:a2:e2:
         ef:09:6b:21:7e:78:b4:f8:a4:f5:27:45:2c:04:cf:bc:7c:25:
         48:79:51:4f:26:fe:90:e6:1d:0a:7e:50:22:a8:37:8f:85:b6:
         63:9c:b6:42:3e:2e:34:3d:99:93:de:10:88:e0:ee:ee:c6:56:
         41:33:f7:f9:4c:ea:f2:bb:0c:f5:18:cd:e2:47:2c:ee:51:84:
         33:35:ab:68:3b:4f:ec:d0:bb:ee:66:0d:07:05:bb:b1:68:7f:
         81:76:b9:22:4b:54:cc:18:5e:09:88:1b:e0:06:20:47:be:7d:
         57:df:aa:fc:df:66:d3:35:75:66:87:d5:eb:9b:6b:be:57:f8:
         7e:d8:c7:44:54:17:cd:7e:61:62:04:21:8d:6c:cb:94:a8:dd:
         d6:e7:ea:4e:16:7f:64:06:9b:50:68:df:e2:21:52:43:e9:45:
         41:e8:3c:f9:d6:91:15:82:77:f4:c6:cd:1a:07:7e:67:93:52:
         8d:ed:34:9d:64:0f:e4:f5:cd:da:1b:b6:47:0a:07:be:d4:47:
         8a:13:24:95:13:c1:c7:79:c1:ce:3e:a7:d1:f3:d0:8c:5e:85:
         e0:6c:c1:2c:d9:c4:72:85:d0:af:3f:e5:f1:7e:a4:2e:a4:b3:
         52:ec:a7:46
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgICHAYwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MzYyQTAxMTAvBgNVBAUTKDgzMjAwNURDNDVEOEMxMzJBODg1MTU1QzQzMUQzMzMx
OUFDRjZEOEQwHhcNMjUwMTEwMTYzMzUzWhcNMjYwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzgxNGJmMS0wY2ZiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA7po8M/4CMpuCfmX1NhpyvyjDUqJrsa5PeBpDVjLE0WgZ9KkRsegk4s/j0X7Z
vVmj9uJ5qhThxKdDCF2Enqzi1Rhef49XTJs99YNE3NgM2MUWonTWITlSef0AZx+I
ik7v65FKhJh8CauG3dbaE+AfoXi+eq9m3BodedJxlbm1F3cuvyjNI2TOpytyvMmm
BJepERYm1Y/iWKFnbtqWp95ADQwuJZtEDwluAX/KZ34vaKUBn+P0xjyEUek+21h7
nJE1MKrSLwsI80/ZBWtzTlSF+k7CjaOGrf3c06etxfiCFCwBb+/K3sz11eVJlQx+
vn+D5iQFXz/wxq2ziBS88raQXQIDAQABo4ICqjCCAqYwHQYDVR0OBBYEFP6L/ko8
k98X/nwu7KvR+2pVHX3XMB8GA1UdIwQYMBaAFIMgBdxF2MEyqIUVXEMdMzGaz22N
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEzNjJBMC84MDMyQ0JGMEUz
QTExMUU2QkYzQjAwNjhDNEY5QUUwMi9neUFGM0VYWXdUS29oUlZjUXgwek1aclBi
WTAuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2d5QUYzRVhZd1RLb2hSVmNReDB6TVpyUGJZMC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MzYyQTAvODAzMkNCRjBFM0ExMTFFNkJGM0IwMDY4QzRGOUFFMDIvQjIxRDNDNUFF
MjEzMTFFOEI5NjYwRTNFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNAYIKwYBBQUHAQcBAf8E
JTAjMBIEAgABMAwDBAJnCwADBALL1BwwDQQCAAIwBwMFACQAn8AwDQYJKoZIhvcN
AQELBQADggEBAAoqF5H6zJRCnLvl7YoevNKi4u8JayF+eLT4pPUnRSwEz7x8JUh5
UU8m/pDmHQp+UCKoN4+FtmOctkI+LjQ9mZPeEIjg7u7GVkEz9/lM6vK7DPUYzeJH
LO5RhDM1q2g7T+zQu+5mDQcFu7Fof4F2uSJLVMwYXgmIG+AGIEe+fVffqvzfZtM1
dWaH1euba75X+H7Yx0RUF81+YWIEIY1sy5So3dbn6k4Wf2QGm1Bo3+IhUkPpRUHo
PPnWkRWCd/TGzRoHfmeTUo3tNJ1kD+T1zdobtkcKB77UR4oTJJUTwcd5wc4+p9Hz
0IxeheBswSzZxHKF0K8/5fF+pC6ks1Lsp0Y=
-----END CERTIFICATE-----