Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91919EA/6D463CFE04FD11EA82CCCA18C4F9AE02/5690B49A09B111EAB045B31EC4F9AE02.roa
File:                     5690B49A09B111EAB045B31EC4F9AE02.roa (raw, json)
Hash identifier:          rU/jrGd8jwEDd8LxQy9ov4erxV7f8fE3BXbMvU0R7ac=
Subject key identifier:   CC:7A:6F:8E:10:2D:17:77:54:7A:D0:DE:CB:C4:5F:45:1B:18:11:52
Certificate issuer:       /CN=A91919EA/serialNumber=7B01CACC170FE6A61B20304185E868946DF7285A
Certificate serial:       0F84
Authority key identifier: 7B:01:CA:CC:17:0F:E6:A6:1B:20:30:41:85:E8:68:94:6D:F7:28:5A
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ewHKzBcP5qYbIDBBheholG33KFo.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91919EA/6D463CFE04FD11EA82CCCA18C4F9AE02/5690B49A09B111EAB045B31EC4F9AE02.roa
Signing time:             Fri 28 Feb 2025 19:30:05 +0000
ROA not before:           Fri 28 Feb 2025 19:30:05 +0000
ROA not after:            Fri 01 May 2026 00:00:00 +0000
asID:                     397230
IP address blocks:        120.29.252.0/24 maxlen: 24
                          120.29.253.0/24 maxlen: 24
                          120.29.254.0/24 maxlen: 24
                          203.17.72.0/24 maxlen: 24
                          2001:dcd:1::/48 maxlen: 48
                          2001:dcd:2::/48 maxlen: 48
                          2001:dcd:3::/48 maxlen: 48
                          2001:dcd:4::/48 maxlen: 48
                          2001:dcd:5::/48 maxlen: 48
                          2001:dcd:6::/48 maxlen: 48
                          2001:dcd:7::/48 maxlen: 48
                          2001:dcd:dd05::/48 maxlen: 48
Validation:               Failed, CRL has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3972 (0xf84)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91919EA
        Validity
            Not Before: Feb 28 19:30:05 2025 GMT
            Not After : May  1 00:00:00 2026 GMT
        Subject: CN=67c20ebd-a897
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:c8:ca:4b:7e:a5:5e:90:9c:76:9f:09:cb:28:
                    5f:bd:51:36:84:1d:c7:04:0b:f2:b6:40:0e:41:12:
                    ab:11:3c:bb:90:62:8d:1b:9a:69:f5:6f:5e:37:a4:
                    03:1c:d5:a6:94:9b:42:35:a8:56:98:de:d2:e9:27:
                    99:7d:b4:59:64:9f:35:83:01:60:a5:b2:b3:5b:fe:
                    67:2b:be:6e:24:e9:fe:e0:de:7f:1b:94:ad:e2:e2:
                    69:08:0a:db:65:76:44:f5:a2:a4:18:e3:da:57:70:
                    6a:24:94:d0:bf:43:be:cb:b6:80:65:c9:e0:9e:60:
                    51:d9:9e:bc:c1:2b:d9:1c:77:36:ed:eb:84:27:7f:
                    d6:ba:af:45:b4:7d:04:33:05:4b:c0:ac:d5:99:e8:
                    0c:af:76:4c:51:ea:bf:1a:b9:49:09:c9:cc:39:5a:
                    81:2b:20:b9:a2:df:d6:29:cb:fb:50:e9:1b:76:5f:
                    15:08:3c:5a:39:64:0d:d0:23:d2:7c:ce:63:2f:63:
                    d6:41:9e:49:2b:22:0c:84:23:9b:ef:89:15:b8:f8:
                    09:dd:2e:0f:26:fd:4d:d7:db:66:41:8d:88:d3:c3:
                    bc:54:ce:2d:84:e4:f8:56:aa:bb:7e:5e:21:f8:49:
                    c8:f0:51:3f:3b:f7:81:dc:76:28:0f:c8:02:fc:a2:
                    94:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:7A:6F:8E:10:2D:17:77:54:7A:D0:DE:CB:C4:5F:45:1B:18:11:52
            X509v3 Authority Key Identifier:
                keyid:7B:01:CA:CC:17:0F:E6:A6:1B:20:30:41:85:E8:68:94:6D:F7:28:5A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91919EA/6D463CFE04FD11EA82CCCA18C4F9AE02/ewHKzBcP5qYbIDBBheholG33KFo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ewHKzBcP5qYbIDBBheholG33KFo.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91919EA/6D463CFE04FD11EA82CCCA18C4F9AE02/5690B49A09B111EAB045B31EC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  120.29.252.0-120.29.254.255
                  203.17.72.0/24
                IPv6:
                  2001:dcd:1::-2001:dcd:7:ffff:ffff:ffff:ffff:ffff
                  2001:dcd:dd05::/48

    Signature Algorithm: sha256WithRSAEncryption
         9f:c1:fb:00:0d:b8:40:d4:cb:35:81:d3:55:76:3b:03:6e:32:
         58:0c:da:a1:06:16:0a:b3:48:58:6c:5a:8f:0e:f5:33:32:9f:
         db:94:8a:06:a0:0d:0f:4c:5f:da:12:af:11:30:79:55:e6:d5:
         99:70:73:eb:ff:c3:f7:a4:29:68:6d:f7:83:81:54:db:59:ad:
         c2:ee:2f:43:df:11:d8:fe:3f:7e:1b:e9:23:1b:9b:42:6f:b3:
         72:55:8e:b8:8d:da:d9:03:8c:85:2c:18:54:2f:30:77:d4:01:
         b6:1a:43:fd:bb:4a:1a:51:d6:bd:66:07:60:08:2f:b2:c4:ea:
         c2:61:e4:10:92:99:b2:52:73:2f:85:8f:b0:6a:b0:c0:82:7f:
         07:56:91:86:ec:4e:f0:61:47:44:1a:13:f5:21:77:77:b8:b5:
         6a:f6:17:7d:4e:61:07:2b:f8:46:bb:a1:54:c7:69:6a:32:ab:
         91:5e:c5:5d:aa:86:c4:6b:24:2f:71:5d:78:e4:9a:64:8c:ea:
         3d:6a:f0:86:80:1d:78:70:4e:7a:ea:92:44:a5:8c:30:f1:e8:
         a1:de:12:9d:a8:96:31:71:8a:ae:53:31:eb:77:af:c6:f0:ee:
         7d:ce:a4:d8:3a:9a:97:7d:28:d0:1f:44:f2:ed:8a:6f:5f:a8:
         d4:c1:a0:04
-----BEGIN CERTIFICATE-----
MIIFpDCCBIygAwIBAgICD4QwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OTE5RUExMTAvBgNVBAUTKDdCMDFDQUNDMTcwRkU2QTYxQjIwMzA0MTg1RTg2ODk0
NkRGNzI4NUEwHhcNMjUwMjI4MTkzMDA1WhcNMjYwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02N2MyMGViZC1hODk3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAqsjKS36lXpCcdp8JyyhfvVE2hB3HBAvytkAOQRKrETy7kGKNG5pp9W9eN6QD
HNWmlJtCNahWmN7S6SeZfbRZZJ81gwFgpbKzW/5nK75uJOn+4N5/G5St4uJpCArb
ZXZE9aKkGOPaV3BqJJTQv0O+y7aAZcngnmBR2Z68wSvZHHc27euEJ3/Wuq9FtH0E
MwVLwKzVmegMr3ZMUeq/GrlJCcnMOVqBKyC5ot/WKcv7UOkbdl8VCDxaOWQN0CPS
fM5jL2PWQZ5JKyIMhCOb74kVuPgJ3S4PJv1N19tmQY2I08O8VM4thOT4Vqq7fl4h
+EnI8FE/O/eB3HYoD8gC/KKUMQIDAQABo4ICyDCCAsQwHQYDVR0OBBYEFMx6b44Q
LRd3VHrQ3svEX0UbGBFSMB8GA1UdIwQYMBaAFHsByswXD+amGyAwQYXoaJRt9yha
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5MTlFQS82RDQ2M0NGRTA0
RkQxMUVBODJDQ0NBMThDNEY5QUUwMi9ld0hLekJjUDVxWWJJREJCaGVob2xHMzNL
Rm8uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2V3SEt6QmNQNXFZYklEQkJoZWhvbEczM0tGby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OTE5RUEvNkQ0NjNDRkUwNEZEMTFFQTgyQ0NDQTE4QzRGOUFFMDIvNTY5MEI0OUEw
OUIxMTFFQUIwNDVCMzFFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwUgYIKwYBBQUHAQcBAf8E
QzBBMBoEAgABMBQwDAMEAngd/AMEAHgd/gMEAMsRSDAjBAIAAjAdMBIDBwAgAQ3N
AAEDBwMgAQ3NAAADBwAgAQ3N3QUwDQYJKoZIhvcNAQELBQADggEBAJ/B+wANuEDU
yzWB01V2OwNuMlgM2qEGFgqzSFhsWo8O9TMyn9uUigagDQ9MX9oSrxEweVXm1Zlw
c+v/w/ekKWht94OBVNtZrcLuL0PfEdj+P34b6SMbm0Jvs3JVjriN2tkDjIUsGFQv
MHfUAbYaQ/27ShpR1r1mB2AIL7LE6sJh5BCSmbJScy+Fj7BqsMCCfwdWkYbsTvBh
R0QaE/Uhd3e4tWr2F31OYQcr+Ea7oVTHaWoyq5FexV2qhsRrJC9xXXjkmmSM6j1q
8IaAHXhwTnrqkkSljDDx6KHeEp2oljFxiq5TMet3r8bw7n3OpNg6mpd9KNAfRPLt
im9fqNTBoAQ=
-----END CERTIFICATE-----