Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91919EA/6D463CFE04FD11EA82CCCA18C4F9AE02/54E1D22809B111EAB045B31EC4F9AE02.roa
File:                     54E1D22809B111EAB045B31EC4F9AE02.roa (raw, json)
Hash identifier:          sUa2A0DKHHPCMb/UX/61BJJiVNKNcVnpCjKm83fwetQ=
Subject key identifier:   8C:11:55:3D:98:0A:FB:53:AC:98:F2:C9:49:E5:11:C3:01:17:D7:48
Certificate issuer:       /CN=A91919EA/serialNumber=7B01CACC170FE6A61B20304185E868946DF7285A
Certificate serial:       0F7D
Authority key identifier: 7B:01:CA:CC:17:0F:E6:A6:1B:20:30:41:85:E8:68:94:6D:F7:28:5A
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ewHKzBcP5qYbIDBBheholG33KFo.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91919EA/6D463CFE04FD11EA82CCCA18C4F9AE02/54E1D22809B111EAB045B31EC4F9AE02.roa
Signing time:             Fri 28 Feb 2025 19:29:55 +0000
ROA not before:           Fri 28 Feb 2025 19:29:55 +0000
ROA not after:            Fri 01 May 2026 00:00:00 +0000
asID:                     397223
IP address blocks:        120.29.252.0/24 maxlen: 24
                          120.29.253.0/24 maxlen: 24
                          120.29.254.0/24 maxlen: 24
                          203.17.72.0/24 maxlen: 24
                          2001:dcd:1::/48 maxlen: 48
                          2001:dcd:2::/48 maxlen: 48
                          2001:dcd:3::/48 maxlen: 48
                          2001:dcd:4::/48 maxlen: 48
                          2001:dcd:5::/48 maxlen: 48
                          2001:dcd:6::/48 maxlen: 48
                          2001:dcd:7::/48 maxlen: 48
                          2001:dcd:dd05::/48 maxlen: 48
Validation:               Failed, CRL has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3965 (0xf7d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91919EA
        Validity
            Not Before: Feb 28 19:29:55 2025 GMT
            Not After : May  1 00:00:00 2026 GMT
        Subject: CN=67c20eb3-c429
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:a6:4a:02:52:a1:29:92:ea:74:92:e3:f9:f9:
                    8d:c5:76:6f:da:00:67:3a:04:45:71:31:d4:4b:84:
                    a7:d7:5c:2c:1b:f6:9f:f2:61:65:a8:5a:e8:7e:ef:
                    74:ec:5f:3b:64:f5:51:5a:62:ee:7a:77:90:32:d8:
                    28:56:39:27:c9:8a:7a:c2:84:51:7a:48:e6:c1:0e:
                    d2:b5:1a:2e:78:90:a6:02:66:1a:8a:c0:f8:d7:44:
                    c8:61:b2:2b:3d:b0:2a:2f:af:61:73:fa:cf:2e:29:
                    6e:cc:8c:cf:4e:fe:cc:a7:8c:96:43:e9:b4:ca:6e:
                    90:25:5d:67:63:d4:cb:47:7f:b9:5d:63:6b:2d:d7:
                    80:d3:48:7c:f8:8d:25:13:fe:e8:71:3b:a1:2c:32:
                    0e:3a:e5:f4:8b:51:23:f0:6e:55:1f:6a:df:58:da:
                    01:66:71:23:e3:f4:90:62:cd:3a:bf:5a:57:3e:02:
                    2d:d1:72:d2:0b:9f:55:09:66:97:e1:88:3c:71:4f:
                    6c:f5:28:dc:d1:0a:11:d5:13:d2:75:55:c8:3b:1a:
                    9e:1f:7b:16:67:e0:c8:7c:35:0c:80:e8:e6:25:f0:
                    ee:c6:ae:7c:c5:a6:b7:13:90:8f:c7:dc:c1:26:be:
                    f1:06:60:ec:e9:95:60:d2:b5:53:18:1e:15:d9:52:
                    d3:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:11:55:3D:98:0A:FB:53:AC:98:F2:C9:49:E5:11:C3:01:17:D7:48
            X509v3 Authority Key Identifier:
                keyid:7B:01:CA:CC:17:0F:E6:A6:1B:20:30:41:85:E8:68:94:6D:F7:28:5A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91919EA/6D463CFE04FD11EA82CCCA18C4F9AE02/ewHKzBcP5qYbIDBBheholG33KFo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ewHKzBcP5qYbIDBBheholG33KFo.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91919EA/6D463CFE04FD11EA82CCCA18C4F9AE02/54E1D22809B111EAB045B31EC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  120.29.252.0-120.29.254.255
                  203.17.72.0/24
                IPv6:
                  2001:dcd:1::-2001:dcd:7:ffff:ffff:ffff:ffff:ffff
                  2001:dcd:dd05::/48

    Signature Algorithm: sha256WithRSAEncryption
         52:a5:f0:a9:3d:18:8b:e8:c2:25:aa:90:f4:87:50:d6:e8:76:
         3e:50:af:09:db:23:11:1d:68:88:f5:80:73:8c:30:03:a2:c8:
         d6:e9:b5:5e:5b:01:c0:74:db:05:b0:08:d3:25:f2:8d:d4:a6:
         f4:93:dc:ea:e7:f9:61:c4:57:66:76:49:c1:86:a3:7f:45:5b:
         e5:66:f1:0e:f4:2c:8b:4f:3c:d9:7b:fe:6f:a2:5e:c4:1f:57:
         e7:58:b5:f5:39:ed:67:ae:09:e9:a7:c6:01:25:95:19:4e:0c:
         b4:57:e0:d6:e0:29:0a:ba:d8:9b:71:72:2a:d6:65:4f:8e:d7:
         81:10:dd:98:5c:6c:0b:37:e7:16:ac:09:89:65:5d:b4:d8:31:
         81:8f:04:0b:cc:99:57:14:22:de:fc:d2:41:1f:09:87:d8:85:
         08:44:c0:a1:32:59:1b:44:58:58:42:50:1f:d7:1a:cf:9c:e8:
         7e:4c:e3:27:09:e6:3d:0e:8b:39:98:8d:5d:ca:2e:03:20:87:
         a8:27:c8:ef:43:5f:db:b4:8c:24:f7:28:6a:02:ac:e8:04:e9:
         d6:a3:f4:90:86:ce:e3:e2:74:03:ad:67:06:31:e7:c6:14:bd:
         ba:c5:6e:75:e8:8f:4e:04:ea:a0:f7:ce:a6:87:8b:ce:8d:4e:
         b7:1b:3d:b9
-----BEGIN CERTIFICATE-----
MIIFpDCCBIygAwIBAgICD30wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OTE5RUExMTAvBgNVBAUTKDdCMDFDQUNDMTcwRkU2QTYxQjIwMzA0MTg1RTg2ODk0
NkRGNzI4NUEwHhcNMjUwMjI4MTkyOTU1WhcNMjYwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02N2MyMGViMy1jNDI5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAsqZKAlKhKZLqdJLj+fmNxXZv2gBnOgRFcTHUS4Sn11wsG/af8mFlqFrofu90
7F87ZPVRWmLueneQMtgoVjknyYp6woRRekjmwQ7StRoueJCmAmYaisD410TIYbIr
PbAqL69hc/rPLiluzIzPTv7Mp4yWQ+m0ym6QJV1nY9TLR3+5XWNrLdeA00h8+I0l
E/7ocTuhLDIOOuX0i1Ej8G5VH2rfWNoBZnEj4/SQYs06v1pXPgIt0XLSC59VCWaX
4Yg8cU9s9Sjc0QoR1RPSdVXIOxqeH3sWZ+DIfDUMgOjmJfDuxq58xaa3E5CPx9zB
Jr7xBmDs6ZVg0rVTGB4V2VLTkQIDAQABo4ICyDCCAsQwHQYDVR0OBBYEFIwRVT2Y
CvtTrJjyyUnlEcMBF9dIMB8GA1UdIwQYMBaAFHsByswXD+amGyAwQYXoaJRt9yha
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5MTlFQS82RDQ2M0NGRTA0
RkQxMUVBODJDQ0NBMThDNEY5QUUwMi9ld0hLekJjUDVxWWJJREJCaGVob2xHMzNL
Rm8uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2V3SEt6QmNQNXFZYklEQkJoZWhvbEczM0tGby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OTE5RUEvNkQ0NjNDRkUwNEZEMTFFQTgyQ0NDQTE4QzRGOUFFMDIvNTRFMUQyMjgw
OUIxMTFFQUIwNDVCMzFFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwUgYIKwYBBQUHAQcBAf8E
QzBBMBoEAgABMBQwDAMEAngd/AMEAHgd/gMEAMsRSDAjBAIAAjAdMBIDBwAgAQ3N
AAEDBwMgAQ3NAAADBwAgAQ3N3QUwDQYJKoZIhvcNAQELBQADggEBAFKl8Kk9GIvo
wiWqkPSHUNbodj5QrwnbIxEdaIj1gHOMMAOiyNbptV5bAcB02wWwCNMl8o3UpvST
3Orn+WHEV2Z2ScGGo39FW+Vm8Q70LItPPNl7/m+iXsQfV+dYtfU57WeuCemnxgEl
lRlODLRX4NbgKQq62JtxcirWZU+O14EQ3ZhcbAs35xasCYllXbTYMYGPBAvMmVcU
It780kEfCYfYhQhEwKEyWRtEWFhCUB/XGs+c6H5M4ycJ5j0OizmYjV3KLgMgh6gn
yO9DX9u0jCT3KGoCrOgE6daj9JCGzuPidAOtZwYx58YUvbrFbnXoj04E6qD3zqaH
i86NTrcbPbk=
-----END CERTIFICATE-----