Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/4F75E130BDCF11EA8755D90DC4F9AE02.roa
File:                     4F75E130BDCF11EA8755D90DC4F9AE02.roa (raw, json)
Hash identifier:          IlhHGOAJQOIr+mexPSQJj00zlLWWpMRvIPa+R2Bu4TU=
Subject key identifier:   F3:71:E2:F8:9C:B1:1F:04:FD:FE:5A:F5:C0:58:E9:FB:5A:2E:62:EC
Certificate issuer:       /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial:       7EB1
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/4F75E130BDCF11EA8755D90DC4F9AE02.roa
Signing time:             Thu 23 Nov 2023 07:26:26 +0000
ROA not before:           Thu 23 Nov 2023 07:26:26 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     132757
IP address blocks:        45.251.232.0/22 maxlen: 24
                          103.141.92.0/23 maxlen: 24
                          103.166.109.0/24 maxlen: 24
                          103.220.208.0/22 maxlen: 24
                          103.240.26.0/23 maxlen: 24
                          2401:2ba0::/32 maxlen: 34
Validation:               Failed, CRL has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 32433 (0x7eb1)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A918EDB2
        Validity
            Not Before: Nov 23 07:26:26 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=655efea1-bfdd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:9e:75:3a:96:2d:b1:06:e8:35:4e:12:8d:bb:
                    69:fb:2d:84:e1:16:bc:fa:25:2d:0d:86:e9:0a:51:
                    14:6c:f4:53:63:00:61:6e:2b:2e:4b:f1:d1:e8:ca:
                    0e:94:86:f2:f5:e6:98:4f:9e:68:87:7e:0c:65:2d:
                    40:6e:d9:64:23:5c:60:6f:fd:1f:3b:e2:ee:55:d0:
                    47:14:31:54:36:d4:b7:4a:14:39:72:45:e1:32:2e:
                    83:30:09:f6:91:5b:f0:12:76:82:43:bc:79:a4:6c:
                    dd:42:6a:ec:80:41:9f:f5:ce:87:db:ea:cf:6a:be:
                    c4:a2:0c:fa:75:b1:66:89:39:23:05:22:ee:b5:a5:
                    06:98:9d:d8:33:37:2d:70:05:f6:30:cd:e2:10:c2:
                    49:53:ef:7b:70:36:2f:84:46:4c:dc:80:25:30:c8:
                    b0:c7:6b:ed:3f:1a:c8:26:15:6d:31:7f:31:85:2a:
                    7a:14:5f:23:91:ac:f8:e3:49:5e:cd:94:fe:10:4f:
                    ea:c3:87:b1:5a:d0:79:6e:5f:df:ec:43:46:f4:87:
                    ae:f0:fa:73:9a:4f:ef:31:45:56:fa:24:44:6e:ce:
                    71:dd:90:c9:41:fb:fe:5f:b7:44:2b:d0:40:db:24:
                    71:86:91:a4:7b:ed:2f:21:1f:81:7e:c6:20:6b:f4:
                    39:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:71:E2:F8:9C:B1:1F:04:FD:FE:5A:F5:C0:58:E9:FB:5A:2E:62:EC
            X509v3 Authority Key Identifier:
                keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/4F75E130BDCF11EA8755D90DC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.251.232.0/22
                  103.141.92.0/23
                  103.166.109.0/24
                  103.220.208.0/22
                  103.240.26.0/23
                IPv6:
                  2401:2ba0::/32

    Signature Algorithm: sha256WithRSAEncryption
         77:e9:05:3e:0a:60:35:45:cd:2c:77:b3:f2:46:82:f7:3c:8b:
         4e:40:33:05:9f:88:91:ca:f2:8d:b7:05:de:c7:73:92:ff:e4:
         bf:74:2e:66:69:26:02:e8:83:34:94:40:57:d5:07:c0:18:1d:
         3e:14:db:e0:a4:d7:45:b3:40:3d:7e:60:ec:02:3a:30:8c:e6:
         c8:f1:a0:22:a0:b5:5d:91:d3:59:93:60:0c:87:04:3e:8a:f9:
         72:9c:e5:fa:76:9e:1b:99:61:63:73:03:d5:9c:3f:c0:d7:d1:
         49:e1:a9:ce:ce:7f:64:c1:a1:0c:ec:da:c9:e2:f5:1a:f9:80:
         03:0e:13:72:0e:65:89:85:1a:2d:b9:fc:ef:9f:fa:e1:9e:04:
         84:e9:ab:5c:5d:31:46:22:70:c9:9c:32:84:d7:ed:42:6e:35:
         c4:ab:17:36:da:23:73:3d:d3:fa:54:8a:84:db:3c:25:54:de:
         30:4b:f9:49:e0:7d:9e:85:01:40:7b:37:99:63:2f:c8:db:71:
         56:ef:5e:37:79:f0:51:55:5f:73:bb:97:70:83:8a:f5:22:11:
         4a:f0:2f:df:7a:66:e1:d0:99:ed:e8:36:b3:ac:69:fc:47:ec:
         f1:a5:64:7b:e5:78:cb:85:bd:47:d1:b6:dc:42:16:3b:57:f3:
         91:37:9c:3a
-----BEGIN CERTIFICATE-----
MIIFmDCCBICgAwIBAgICfrEwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OEVEQjIxMTAvBgNVBAUTKDI5NkVEQjY0RjNBRjZFOUQ5ODA5MzJFODE2Rjk1OTgz
RTNBQkM4MjMwHhcNMjMxMTIzMDcyNjI2WhcNMjQwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTVlZmVhMS1iZmRkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA2J51OpYtsQboNU4Sjbtp+y2E4Ra8+iUtDYbpClEUbPRTYwBhbisuS/HR6MoO
lIby9eaYT55oh34MZS1AbtlkI1xgb/0fO+LuVdBHFDFUNtS3ShQ5ckXhMi6DMAn2
kVvwEnaCQ7x5pGzdQmrsgEGf9c6H2+rPar7Eogz6dbFmiTkjBSLutaUGmJ3YMzct
cAX2MM3iEMJJU+97cDYvhEZM3IAlMMiwx2vtPxrIJhVtMX8xhSp6FF8jkaz440le
zZT+EE/qw4exWtB5bl/f7ENG9Ieu8Ppzmk/vMUVW+iREbs5x3ZDJQfv+X7dEK9BA
2yRxhpGke+0vIR+BfsYga/Q5nwIDAQABo4ICvDCCArgwHQYDVR0OBBYEFPNx4vic
sR8E/f5a9cBY6ftaLmLsMB8GA1UdIwQYMBaAFClu22Tzr26dmAky6Bb5WYPjq8gj
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4RURCMi8yQTQzRTMwQzcw
RTkxMUUyQjM2RDRCNkIyOTc5QkIyMC9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5
Q00uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0tXN2JaUE92YnAyWUNUTG9GdmxaZy1PcnlDTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OEVEQjIvMkE0M0UzMEM3MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvNEY3NUUxMzBC
RENGMTFFQTg3NTVEOTBEQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwRgYIKwYBBQUHAQcBAf8E
NzA1MCQEAgABMB4DBAIt++gDBAFnjVwDBABnpm0DBAJn3NADBAFn8BowDQQCAAIw
BwMFACQBK6AwDQYJKoZIhvcNAQELBQADggEBAHfpBT4KYDVFzSx3s/JGgvc8i05A
MwWfiJHK8o23Bd7Hc5L/5L90LmZpJgLogzSUQFfVB8AYHT4U2+Ck10WzQD1+YOwC
OjCM5sjxoCKgtV2R01mTYAyHBD6K+XKc5fp2nhuZYWNzA9WcP8DX0Unhqc7Of2TB
oQzs2sni9Rr5gAMOE3IOZYmFGi25/O+f+uGeBITpq1xdMUYicMmcMoTX7UJuNcSr
FzbaI3M90/pUioTbPCVU3jBL+UngfZ6FAUB7N5ljL8jbcVbvXjd58FFVX3O7l3CD
ivUiEUrwL996ZuHQme3oNrOsafxH7PGlZHvleMuFvUfRttxCFjtX85E3nDo=
-----END CERTIFICATE-----