Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91919EA/6D463CFE04FD11EA82CCCA18C4F9AE02/48DF5EAE072D11EAAE8E1D56C4F9AE02.roa
File:                     48DF5EAE072D11EAAE8E1D56C4F9AE02.roa (raw, json)
Hash identifier:          EVnYxkLHFo2SdnBBwhslFrJor1VJ1G+vg7jcTYwtGck=
Subject key identifier:   A7:83:10:6A:73:7E:FA:77:45:FB:D4:0E:11:00:73:D0:59:01:05:3A
Certificate issuer:       /CN=A91919EA/serialNumber=7B01CACC170FE6A61B20304185E868946DF7285A
Certificate serial:       0F85
Authority key identifier: 7B:01:CA:CC:17:0F:E6:A6:1B:20:30:41:85:E8:68:94:6D:F7:28:5A
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ewHKzBcP5qYbIDBBheholG33KFo.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91919EA/6D463CFE04FD11EA82CCCA18C4F9AE02/48DF5EAE072D11EAAE8E1D56C4F9AE02.roa
Signing time:             Fri 28 Feb 2025 19:30:08 +0000
ROA not before:           Fri 28 Feb 2025 19:30:08 +0000
ROA not after:            Fri 01 May 2026 00:00:00 +0000
asID:                     397231
IP address blocks:        120.29.252.0/24 maxlen: 24
                          120.29.253.0/24 maxlen: 24
                          120.29.254.0/24 maxlen: 24
                          203.17.72.0/24 maxlen: 24
                          2001:dcd:1::/48 maxlen: 48
                          2001:dcd:2::/48 maxlen: 48
                          2001:dcd:3::/48 maxlen: 48
                          2001:dcd:4::/48 maxlen: 48
                          2001:dcd:5::/48 maxlen: 48
                          2001:dcd:6::/48 maxlen: 48
                          2001:dcd:7::/48 maxlen: 48
                          2001:dcd:dd05::/48 maxlen: 48
Validation:               Failed, CRL has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3973 (0xf85)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91919EA
        Validity
            Not Before: Feb 28 19:30:08 2025 GMT
            Not After : May  1 00:00:00 2026 GMT
        Subject: CN=67c20ec0-54bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f8:1e:99:0d:3a:fc:1d:9d:e9:fb:65:b4:36:73:
                    c4:20:43:b5:c2:fb:f6:80:86:20:6e:39:42:f3:c5:
                    ed:a9:d1:12:f3:d0:c2:d0:18:86:4c:56:dd:94:5d:
                    76:a9:69:92:42:12:d6:79:c3:e9:d4:90:32:a4:33:
                    c2:0d:27:2d:98:d2:7a:86:36:14:24:de:27:da:27:
                    bb:e6:4d:9d:8a:a3:a0:88:9c:de:ea:41:c4:f2:3d:
                    56:d7:9f:51:bf:51:30:a2:40:b5:ec:35:ef:56:d2:
                    f2:8e:02:1c:e5:35:f2:cc:f1:b9:b1:01:90:b7:cf:
                    e3:fc:73:ce:98:8e:7e:7c:dc:2a:0d:fb:67:cd:16:
                    12:a2:05:46:db:03:c2:9a:14:1c:fa:58:af:8f:06:
                    ee:58:84:e9:f5:be:95:6d:a2:17:25:8d:c5:40:04:
                    92:2f:a1:06:b0:44:0a:50:13:ff:3f:0b:8b:32:7c:
                    ad:ae:eb:a3:1c:15:76:2e:88:0e:28:06:c4:25:55:
                    a0:4f:e1:75:48:35:20:25:8e:7e:f7:9c:e4:cc:f0:
                    96:0e:90:11:5c:a7:67:4a:76:9e:3b:18:58:12:34:
                    b5:14:bd:38:8a:3d:3f:7c:64:ba:0e:7f:24:23:86:
                    c7:bd:6e:ce:db:e3:6d:a9:db:5f:20:0f:90:6b:f6:
                    8a:15
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:83:10:6A:73:7E:FA:77:45:FB:D4:0E:11:00:73:D0:59:01:05:3A
            X509v3 Authority Key Identifier:
                keyid:7B:01:CA:CC:17:0F:E6:A6:1B:20:30:41:85:E8:68:94:6D:F7:28:5A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91919EA/6D463CFE04FD11EA82CCCA18C4F9AE02/ewHKzBcP5qYbIDBBheholG33KFo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ewHKzBcP5qYbIDBBheholG33KFo.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91919EA/6D463CFE04FD11EA82CCCA18C4F9AE02/48DF5EAE072D11EAAE8E1D56C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  120.29.252.0-120.29.254.255
                  203.17.72.0/24
                IPv6:
                  2001:dcd:1::-2001:dcd:7:ffff:ffff:ffff:ffff:ffff
                  2001:dcd:dd05::/48

    Signature Algorithm: sha256WithRSAEncryption
         66:ad:ec:d4:46:af:b3:53:78:82:32:90:89:0c:3e:65:2b:4b:
         ef:f6:19:a7:49:ad:5d:5c:ce:49:a4:83:f9:d5:7d:43:c5:4b:
         71:36:2a:47:06:cd:bc:11:23:13:17:e3:86:6a:f8:e6:a4:ac:
         5b:3e:fc:2c:6d:ec:d6:6c:b5:e1:e4:e9:d1:dd:5f:1f:04:38:
         c7:0b:d2:f4:24:44:51:3c:eb:67:d8:83:cb:23:26:a6:c8:33:
         1a:2c:29:a7:ca:3d:25:3d:9e:43:ef:af:5a:fa:6f:53:9e:c7:
         56:a1:bc:0e:28:8a:76:72:83:d8:2f:3d:97:33:00:8e:68:da:
         1d:06:60:83:e7:b2:a3:29:d0:cd:7f:0b:c8:9a:19:a4:1e:0e:
         75:68:2e:5f:2f:4d:75:a7:49:1f:ce:c0:1e:2e:97:b4:74:5e:
         8f:a3:57:ae:56:ab:0e:19:fa:d3:3a:4e:c7:da:f0:2d:fc:c8:
         c1:21:9e:6c:88:4c:e7:91:d4:21:30:56:49:39:81:63:a3:14:
         41:88:22:51:e1:cb:37:8d:55:d7:8b:b6:55:1e:e7:3a:29:fb:
         fb:58:f2:3b:aa:a3:ab:d5:99:49:79:7d:0e:43:3b:51:a1:53:
         16:b0:d3:69:7e:92:55:36:b4:db:d1:af:48:2d:06:5e:12:30:
         64:92:98:58
-----BEGIN CERTIFICATE-----
MIIFpDCCBIygAwIBAgICD4UwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OTE5RUExMTAvBgNVBAUTKDdCMDFDQUNDMTcwRkU2QTYxQjIwMzA0MTg1RTg2ODk0
NkRGNzI4NUEwHhcNMjUwMjI4MTkzMDA4WhcNMjYwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02N2MyMGVjMC01NGJmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA+B6ZDTr8HZ3p+2W0NnPEIEO1wvv2gIYgbjlC88XtqdES89DC0BiGTFbdlF12
qWmSQhLWecPp1JAypDPCDSctmNJ6hjYUJN4n2ie75k2diqOgiJze6kHE8j1W159R
v1EwokC17DXvVtLyjgIc5TXyzPG5sQGQt8/j/HPOmI5+fNwqDftnzRYSogVG2wPC
mhQc+livjwbuWITp9b6VbaIXJY3FQASSL6EGsEQKUBP/PwuLMnytruujHBV2LogO
KAbEJVWgT+F1SDUgJY5+95zkzPCWDpARXKdnSnaeOxhYEjS1FL04ij0/fGS6Dn8k
I4bHvW7O2+NtqdtfIA+Qa/aKFQIDAQABo4ICyDCCAsQwHQYDVR0OBBYEFKeDEGpz
fvp3RfvUDhEAc9BZAQU6MB8GA1UdIwQYMBaAFHsByswXD+amGyAwQYXoaJRt9yha
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5MTlFQS82RDQ2M0NGRTA0
RkQxMUVBODJDQ0NBMThDNEY5QUUwMi9ld0hLekJjUDVxWWJJREJCaGVob2xHMzNL
Rm8uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2V3SEt6QmNQNXFZYklEQkJoZWhvbEczM0tGby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OTE5RUEvNkQ0NjNDRkUwNEZEMTFFQTgyQ0NDQTE4QzRGOUFFMDIvNDhERjVFQUUw
NzJEMTFFQUFFOEUxRDU2QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwUgYIKwYBBQUHAQcBAf8E
QzBBMBoEAgABMBQwDAMEAngd/AMEAHgd/gMEAMsRSDAjBAIAAjAdMBIDBwAgAQ3N
AAEDBwMgAQ3NAAADBwAgAQ3N3QUwDQYJKoZIhvcNAQELBQADggEBAGat7NRGr7NT
eIIykIkMPmUrS+/2GadJrV1czkmkg/nVfUPFS3E2KkcGzbwRIxMX44Zq+OakrFs+
/Cxt7NZsteHk6dHdXx8EOMcL0vQkRFE862fYg8sjJqbIMxosKafKPSU9nkPvr1r6
b1Oex1ahvA4oinZyg9gvPZczAI5o2h0GYIPnsqMp0M1/C8iaGaQeDnVoLl8vTXWn
SR/OwB4ul7R0Xo+jV65Wqw4Z+tM6Tsfa8C38yMEhnmyITOeR1CEwVkk5gWOjFEGI
IlHhyzeNVdeLtlUe5zop+/tY8juqo6vVmUl5fQ5DO1GhUxaw02l+klU2tNvRr0gt
Bl4SMGSSmFg=
-----END CERTIFICATE-----