Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91919EA/6D463CFE04FD11EA82CCCA18C4F9AE02/48366FBA072D11EAAE8E1D56C4F9AE02.roa
File:                     48366FBA072D11EAAE8E1D56C4F9AE02.roa (raw, json)
Hash identifier:          rA48W6mbmo1cUrHauh26/2axU9t4pVig1MM7fwr4HYM=
Subject key identifier:   32:16:FB:DF:0A:EF:FE:41:3E:5D:EF:AB:84:F4:C9:0C:B2:D5:18:C8
Certificate issuer:       /CN=A91919EA/serialNumber=7B01CACC170FE6A61B20304185E868946DF7285A
Certificate serial:       0F80
Authority key identifier: 7B:01:CA:CC:17:0F:E6:A6:1B:20:30:41:85:E8:68:94:6D:F7:28:5A
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ewHKzBcP5qYbIDBBheholG33KFo.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91919EA/6D463CFE04FD11EA82CCCA18C4F9AE02/48366FBA072D11EAAE8E1D56C4F9AE02.roa
Signing time:             Fri 28 Feb 2025 19:29:58 +0000
ROA not before:           Fri 28 Feb 2025 19:29:58 +0000
ROA not after:            Fri 01 May 2026 00:00:00 +0000
asID:                     397226
IP address blocks:        120.29.252.0/24 maxlen: 24
                          120.29.253.0/24 maxlen: 24
                          120.29.254.0/24 maxlen: 24
                          203.17.72.0/24 maxlen: 24
                          2001:dcd:1::/48 maxlen: 48
                          2001:dcd:2::/48 maxlen: 48
                          2001:dcd:3::/48 maxlen: 48
                          2001:dcd:4::/48 maxlen: 48
                          2001:dcd:5::/48 maxlen: 48
                          2001:dcd:6::/48 maxlen: 48
                          2001:dcd:7::/48 maxlen: 48
                          2001:dcd:dd05::/48 maxlen: 48
Validation:               Failed, CRL has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3968 (0xf80)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91919EA
        Validity
            Not Before: Feb 28 19:29:58 2025 GMT
            Not After : May  1 00:00:00 2026 GMT
        Subject: CN=67c20eb6-0f07
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:29:16:b6:5d:6b:45:27:cc:ae:d3:fe:0d:3d:
                    71:84:44:71:53:7e:60:fb:36:5f:1d:8a:0b:3b:54:
                    5f:f8:db:a0:50:66:40:a5:cd:1c:3b:52:2a:39:b3:
                    5e:e3:f0:90:2e:8e:03:8a:20:e2:88:cd:07:19:78:
                    c8:ec:c1:c3:96:79:b1:1b:78:c0:12:a6:e7:e8:e7:
                    2d:6c:e6:33:2d:a1:a1:14:dd:4e:ee:1b:9f:6c:5d:
                    e6:33:c2:93:fe:fa:a7:d5:73:d8:62:2e:0b:06:39:
                    77:c1:3a:df:f4:b5:78:a6:ec:a8:a6:8a:c9:04:15:
                    4a:f0:8e:80:c4:d0:69:68:c8:32:1d:7a:3d:a5:4a:
                    b7:a6:b3:ef:a7:73:24:02:67:84:f2:2e:fc:a6:da:
                    19:0c:f3:28:f8:84:8d:bd:0d:61:c9:e6:4b:cf:ef:
                    bd:3c:b9:8a:8c:2e:de:d3:a6:a3:d7:9b:9f:d3:2f:
                    11:4f:0e:6c:4f:21:6f:c9:28:c5:64:59:60:6a:48:
                    56:30:c3:3b:71:66:47:e9:31:f0:d8:09:2c:d1:4c:
                    9e:2f:81:ba:7c:69:3e:ce:f7:ad:29:60:95:1b:f9:
                    1f:1a:b7:58:21:69:71:ee:22:69:f1:e4:6b:fc:22:
                    dc:a5:b5:29:37:d7:38:3a:9c:bd:52:2a:33:dc:b1:
                    3a:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:16:FB:DF:0A:EF:FE:41:3E:5D:EF:AB:84:F4:C9:0C:B2:D5:18:C8
            X509v3 Authority Key Identifier:
                keyid:7B:01:CA:CC:17:0F:E6:A6:1B:20:30:41:85:E8:68:94:6D:F7:28:5A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91919EA/6D463CFE04FD11EA82CCCA18C4F9AE02/ewHKzBcP5qYbIDBBheholG33KFo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ewHKzBcP5qYbIDBBheholG33KFo.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91919EA/6D463CFE04FD11EA82CCCA18C4F9AE02/48366FBA072D11EAAE8E1D56C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  120.29.252.0-120.29.254.255
                  203.17.72.0/24
                IPv6:
                  2001:dcd:1::-2001:dcd:7:ffff:ffff:ffff:ffff:ffff
                  2001:dcd:dd05::/48

    Signature Algorithm: sha256WithRSAEncryption
         8e:82:68:cb:06:19:fb:0d:1c:d0:5a:29:b7:15:7e:f6:a3:59:
         40:75:b7:c4:dc:8c:39:12:c2:11:67:ac:a3:fa:25:d1:d4:a5:
         c4:36:ea:93:71:49:f6:22:87:44:f3:98:00:3e:27:0c:10:3d:
         8d:76:b7:31:90:4a:5d:d2:48:ad:08:8b:78:1a:03:a2:1e:47:
         da:e8:23:06:77:24:d4:69:c8:53:ad:73:67:9b:7d:b4:41:0b:
         34:75:90:52:14:f8:d5:1d:9e:53:a5:4a:4c:fd:e2:8c:eb:e2:
         2e:6d:14:e3:86:b4:ea:a2:34:4f:8a:2b:93:d5:3e:45:74:50:
         8a:f1:af:bb:c2:09:60:b6:0d:65:31:86:26:d4:5c:04:25:95:
         e6:50:17:ff:59:46:36:a7:6b:91:c1:5e:e5:4d:14:43:18:8c:
         3f:85:91:ac:f8:7a:47:ab:c6:14:16:a3:a7:cb:73:a2:10:ee:
         af:4f:ae:fe:f8:e6:c3:67:d8:fd:20:4d:a3:0e:31:17:72:81:
         8a:d1:2f:b1:46:dd:9b:c4:27:c9:04:f6:11:b4:f2:10:b1:ec:
         9e:ab:d3:3a:96:79:05:ed:8f:d1:8c:0a:16:12:cd:ba:04:f0:
         13:26:8a:f2:61:24:ad:03:1f:04:50:bf:70:fb:5e:43:06:da:
         1e:22:27:c4
-----BEGIN CERTIFICATE-----
MIIFpDCCBIygAwIBAgICD4AwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OTE5RUExMTAvBgNVBAUTKDdCMDFDQUNDMTcwRkU2QTYxQjIwMzA0MTg1RTg2ODk0
NkRGNzI4NUEwHhcNMjUwMjI4MTkyOTU4WhcNMjYwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02N2MyMGViNi0wZjA3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAuCkWtl1rRSfMrtP+DT1xhERxU35g+zZfHYoLO1Rf+NugUGZApc0cO1IqObNe
4/CQLo4DiiDiiM0HGXjI7MHDlnmxG3jAEqbn6OctbOYzLaGhFN1O7hufbF3mM8KT
/vqn1XPYYi4LBjl3wTrf9LV4puyoporJBBVK8I6AxNBpaMgyHXo9pUq3prPvp3Mk
AmeE8i78ptoZDPMo+ISNvQ1hyeZLz++9PLmKjC7e06aj15uf0y8RTw5sTyFvySjF
ZFlgakhWMMM7cWZH6THw2Aks0UyeL4G6fGk+zvetKWCVG/kfGrdYIWlx7iJp8eRr
/CLcpbUpN9c4Opy9Uioz3LE6XwIDAQABo4ICyDCCAsQwHQYDVR0OBBYEFDIW+98K
7/5BPl3vq4T0yQyy1RjIMB8GA1UdIwQYMBaAFHsByswXD+amGyAwQYXoaJRt9yha
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5MTlFQS82RDQ2M0NGRTA0
RkQxMUVBODJDQ0NBMThDNEY5QUUwMi9ld0hLekJjUDVxWWJJREJCaGVob2xHMzNL
Rm8uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2V3SEt6QmNQNXFZYklEQkJoZWhvbEczM0tGby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OTE5RUEvNkQ0NjNDRkUwNEZEMTFFQTgyQ0NDQTE4QzRGOUFFMDIvNDgzNjZGQkEw
NzJEMTFFQUFFOEUxRDU2QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwUgYIKwYBBQUHAQcBAf8E
QzBBMBoEAgABMBQwDAMEAngd/AMEAHgd/gMEAMsRSDAjBAIAAjAdMBIDBwAgAQ3N
AAEDBwMgAQ3NAAADBwAgAQ3N3QUwDQYJKoZIhvcNAQELBQADggEBAI6CaMsGGfsN
HNBaKbcVfvajWUB1t8TcjDkSwhFnrKP6JdHUpcQ26pNxSfYih0TzmAA+JwwQPY12
tzGQSl3SSK0Ii3gaA6IeR9roIwZ3JNRpyFOtc2ebfbRBCzR1kFIU+NUdnlOlSkz9
4ozr4i5tFOOGtOqiNE+KK5PVPkV0UIrxr7vCCWC2DWUxhibUXAQlleZQF/9ZRjan
a5HBXuVNFEMYjD+Fkaz4ekerxhQWo6fLc6IQ7q9Prv745sNn2P0gTaMOMRdygYrR
L7FG3ZvEJ8kE9hG08hCx7J6r0zqWeQXtj9GMChYSzboE8BMmivJhJK0DHwRQv3D7
XkMG2h4iJ8Q=
-----END CERTIFICATE-----