Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91919EA/6D463CFE04FD11EA82CCCA18C4F9AE02/7FC0AC6009AE11EAA7CED313C4F9AE02.roa
File:                     7FC0AC6009AE11EAA7CED313C4F9AE02.roa (raw, json)
Hash identifier:          /8CRhSx6FQ2DuWKrYuiKIJQOBtYH6RTwYJy2Y9pxBwk=
Subject key identifier:   48:51:DF:94:64:B3:DE:75:B8:3B:9B:66:CD:75:05:74:29:50:33:20
Certificate issuer:       /CN=A91919EA/serialNumber=7B01CACC170FE6A61B20304185E868946DF7285A
Certificate serial:       0F7C
Authority key identifier: 7B:01:CA:CC:17:0F:E6:A6:1B:20:30:41:85:E8:68:94:6D:F7:28:5A
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ewHKzBcP5qYbIDBBheholG33KFo.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91919EA/6D463CFE04FD11EA82CCCA18C4F9AE02/7FC0AC6009AE11EAA7CED313C4F9AE02.roa
Signing time:             Fri 28 Feb 2025 19:29:54 +0000
ROA not before:           Fri 28 Feb 2025 19:29:54 +0000
ROA not after:            Fri 01 May 2026 00:00:00 +0000
asID:                     397222
IP address blocks:        120.29.252.0/24 maxlen: 24
                          120.29.253.0/24 maxlen: 24
                          120.29.254.0/24 maxlen: 24
                          203.17.72.0/24 maxlen: 24
                          2001:dcd:1::/48 maxlen: 48
                          2001:dcd:2::/48 maxlen: 48
                          2001:dcd:3::/48 maxlen: 48
                          2001:dcd:4::/48 maxlen: 48
                          2001:dcd:5::/48 maxlen: 48
                          2001:dcd:6::/48 maxlen: 48
                          2001:dcd:7::/48 maxlen: 48
                          2001:dcd:dd05::/48 maxlen: 48
Validation:               Failed, CRL has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3964 (0xf7c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91919EA
        Validity
            Not Before: Feb 28 19:29:54 2025 GMT
            Not After : May  1 00:00:00 2026 GMT
        Subject: CN=67c20eb2-f98b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:9a:3e:e2:af:a7:8c:4d:c9:21:59:37:35:35:
                    be:69:23:15:9a:bf:9f:18:c3:65:2e:51:41:4a:76:
                    0a:7b:af:2d:22:40:2f:a7:1b:f8:8d:46:44:24:46:
                    69:11:a1:81:04:0b:7d:6a:6c:90:f9:a0:11:dd:ac:
                    13:c9:d4:67:de:46:73:8b:36:a6:37:ba:c8:17:a3:
                    c0:97:18:ec:18:c7:1a:3f:2d:54:be:d7:b2:57:89:
                    48:8e:2d:fe:3e:3e:21:2b:ef:88:77:e0:37:1a:d6:
                    0d:a7:5f:21:ae:d5:69:c1:dd:98:eb:3e:6b:7a:40:
                    b3:e3:e2:6b:3e:db:22:60:98:bf:69:0c:ca:11:f2:
                    88:84:f0:9f:be:06:31:13:ab:94:0e:f1:67:0a:f5:
                    29:87:d4:a3:f1:e7:eb:82:0d:bf:8e:3c:61:fb:99:
                    e6:3e:3a:ab:ed:7f:ac:a5:f5:7a:11:e7:b7:05:4f:
                    35:b1:a9:38:5e:d3:f3:de:cd:c5:6b:3b:1a:f4:bb:
                    ec:c3:d1:5f:0e:23:95:41:1f:53:40:2d:56:3e:6c:
                    5a:93:88:18:81:34:06:61:2d:12:b0:27:10:2b:c3:
                    b7:a6:ac:b8:8e:c1:ff:f3:a3:7c:87:2b:ca:ae:a5:
                    65:d1:82:34:1c:88:c8:2b:7f:e9:70:b6:b7:57:67:
                    4b:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:51:DF:94:64:B3:DE:75:B8:3B:9B:66:CD:75:05:74:29:50:33:20
            X509v3 Authority Key Identifier:
                keyid:7B:01:CA:CC:17:0F:E6:A6:1B:20:30:41:85:E8:68:94:6D:F7:28:5A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91919EA/6D463CFE04FD11EA82CCCA18C4F9AE02/ewHKzBcP5qYbIDBBheholG33KFo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ewHKzBcP5qYbIDBBheholG33KFo.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91919EA/6D463CFE04FD11EA82CCCA18C4F9AE02/7FC0AC6009AE11EAA7CED313C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  120.29.252.0-120.29.254.255
                  203.17.72.0/24
                IPv6:
                  2001:dcd:1::-2001:dcd:7:ffff:ffff:ffff:ffff:ffff
                  2001:dcd:dd05::/48

    Signature Algorithm: sha256WithRSAEncryption
         0c:68:a4:57:db:4c:0e:b3:9b:fa:ca:0b:d2:cc:81:1c:e0:21:
         9b:f3:31:35:3f:cf:c1:6e:f2:a2:c7:ca:ca:4a:a9:51:31:f9:
         be:35:0a:71:60:d3:16:26:6b:62:d3:48:d9:4d:38:f3:d6:5b:
         7b:87:4d:fc:18:d5:d9:b6:08:46:52:57:ab:df:b9:86:9e:ff:
         23:75:f4:a3:c8:66:45:4d:52:33:4e:eb:92:c3:04:55:ee:d8:
         ea:67:e5:df:6e:ac:b1:8a:27:bc:2d:c8:ee:f9:b8:d3:45:30:
         25:01:c9:1f:e4:16:f9:8a:44:df:ac:91:6e:ea:3d:eb:31:fd:
         a9:14:4d:c7:d9:d6:42:6e:91:77:08:ba:3a:8c:cc:96:e5:fd:
         27:cd:2e:4c:d3:37:92:de:c0:23:5d:63:42:90:9c:d7:aa:04:
         6f:37:de:81:a9:b5:8b:51:21:30:82:2d:bd:f8:3f:26:a4:8c:
         87:7d:b7:c1:65:26:26:2c:91:b1:65:45:44:6d:7a:5a:da:2c:
         ab:43:6d:b6:18:a3:28:cf:72:b4:4c:a1:87:5d:b7:87:a3:2e:
         94:d4:c1:16:0f:e7:b8:22:24:9e:29:63:f5:27:71:91:8d:53:
         cf:d0:35:3a:3e:0a:06:25:63:49:56:af:49:b0:6d:4d:a2:b4:
         5c:04:9f:a0
-----BEGIN CERTIFICATE-----
MIIFpDCCBIygAwIBAgICD3wwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OTE5RUExMTAvBgNVBAUTKDdCMDFDQUNDMTcwRkU2QTYxQjIwMzA0MTg1RTg2ODk0
NkRGNzI4NUEwHhcNMjUwMjI4MTkyOTU0WhcNMjYwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02N2MyMGViMi1mOThiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAvpo+4q+njE3JIVk3NTW+aSMVmr+fGMNlLlFBSnYKe68tIkAvpxv4jUZEJEZp
EaGBBAt9amyQ+aAR3awTydRn3kZzizamN7rIF6PAlxjsGMcaPy1UvteyV4lIji3+
Pj4hK++Id+A3GtYNp18hrtVpwd2Y6z5rekCz4+JrPtsiYJi/aQzKEfKIhPCfvgYx
E6uUDvFnCvUph9Sj8efrgg2/jjxh+5nmPjqr7X+spfV6Eee3BU81sak4XtPz3s3F
azsa9Lvsw9FfDiOVQR9TQC1WPmxak4gYgTQGYS0SsCcQK8O3pqy4jsH/86N8hyvK
rqVl0YI0HIjIK3/pcLa3V2dLpQIDAQABo4ICyDCCAsQwHQYDVR0OBBYEFEhR35Rk
s951uDubZs11BXQpUDMgMB8GA1UdIwQYMBaAFHsByswXD+amGyAwQYXoaJRt9yha
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5MTlFQS82RDQ2M0NGRTA0
RkQxMUVBODJDQ0NBMThDNEY5QUUwMi9ld0hLekJjUDVxWWJJREJCaGVob2xHMzNL
Rm8uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2V3SEt6QmNQNXFZYklEQkJoZWhvbEczM0tGby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OTE5RUEvNkQ0NjNDRkUwNEZEMTFFQTgyQ0NDQTE4QzRGOUFFMDIvN0ZDMEFDNjAw
OUFFMTFFQUE3Q0VEMzEzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwUgYIKwYBBQUHAQcBAf8E
QzBBMBoEAgABMBQwDAMEAngd/AMEAHgd/gMEAMsRSDAjBAIAAjAdMBIDBwAgAQ3N
AAEDBwMgAQ3NAAADBwAgAQ3N3QUwDQYJKoZIhvcNAQELBQADggEBAAxopFfbTA6z
m/rKC9LMgRzgIZvzMTU/z8Fu8qLHyspKqVEx+b41CnFg0xYma2LTSNlNOPPWW3uH
TfwY1dm2CEZSV6vfuYae/yN19KPIZkVNUjNO65LDBFXu2Opn5d9urLGKJ7wtyO75
uNNFMCUByR/kFvmKRN+skW7qPesx/akUTcfZ1kJukXcIujqMzJbl/SfNLkzTN5Le
wCNdY0KQnNeqBG833oGptYtRITCCLb34PyakjId9t8FlJiYskbFlRURtelraLKtD
bbYYoyjPcrRMoYddt4ejLpTUwRYP57giJJ4pY/UncZGNU8/QNTo+CgYlY0lWr0mw
bU2itFwEn6A=
-----END CERTIFICATE-----