Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91DC46A/00500164943211E68C1B824AC4F9AE02/527AA5C69F4F11EAA7970484C4F9AE02.roa
File:                     527AA5C69F4F11EAA7970484C4F9AE02.roa (raw, json)
Hash identifier:          zuUsKZCcjPOj5pM09o9z0mAoFhewcmu+fcIGUoGJ1jw=
Subject key identifier:   D3:2A:94:7A:D3:E2:A5:4C:F7:A1:0F:FE:91:9B:63:B3:07:32:03:0A
Certificate issuer:       /CN=A91DC46A/serialNumber=F8D4A632D069964C61A33E41D6243D535B007D54
Certificate serial:       1DEE
Authority key identifier: F8:D4:A6:32:D0:69:96:4C:61:A3:3E:41:D6:24:3D:53:5B:00:7D:54
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/-NSmMtBplkxhoz5B1iQ9U1sAfVQ.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91DC46A/00500164943211E68C1B824AC4F9AE02/527AA5C69F4F11EAA7970484C4F9AE02.roa
Signing time:             Wed 22 Jan 2025 16:23:27 +0000
ROA not before:           Wed 22 Jan 2025 16:23:27 +0000
ROA not after:            Tue 31 Mar 2026 00:00:00 +0000
asID:                     45121
IP address blocks:        27.131.62.0/23 maxlen: 23
                          27.131.62.0/24 maxlen: 24
                          27.131.63.0/24 maxlen: 24
                          103.221.63.0/24 maxlen: 24
                          122.0.31.0/24 maxlen: 24
                          202.133.108.0/22 maxlen: 22
                          202.133.108.0/23 maxlen: 24
                          202.133.110.0/23 maxlen: 24
                          2405:6400:4000::/36 maxlen: 36
Validation:               Failed, CRL has expired

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 7662 (0x1dee)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91DC46A
        Validity
            Not Before: Jan 22 16:23:27 2025 GMT
            Not After : Mar 31 00:00:00 2026 GMT
        Subject: CN=67911b7f-6c0a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:c4:59:02:01:c0:50:ae:e6:61:ce:1d:1b:03:
                    68:80:c7:e6:67:8e:0f:9a:bd:b2:a0:10:2c:cf:19:
                    2d:cd:2f:6a:6a:c8:6f:70:dd:8d:8e:93:36:51:d6:
                    ee:e3:c1:62:74:08:d5:a5:94:5f:36:aa:6f:a1:53:
                    6d:57:d8:91:6b:57:62:fd:c0:41:69:3d:9a:4b:a9:
                    49:43:1b:df:4b:4a:23:17:91:0c:d2:60:3e:fb:ca:
                    c3:fe:97:83:b3:9d:4d:16:d9:7a:30:c9:c0:99:23:
                    8c:a5:bd:d7:f6:dd:22:c5:d3:f8:e9:dc:2c:9e:20:
                    93:d1:77:c3:0e:70:94:26:2b:29:48:92:0f:ff:2a:
                    b4:58:4e:bf:31:5b:68:9a:37:99:04:30:a1:4b:9e:
                    35:c1:d2:04:ee:25:72:7b:fa:37:17:2b:a2:c3:5e:
                    eb:3d:8b:19:46:76:3f:a2:89:d3:99:a4:d5:7f:34:
                    b5:29:39:21:a6:33:20:2a:f8:85:58:d4:15:52:f5:
                    69:79:5a:7e:f7:79:15:8c:3e:a9:3f:3e:99:64:67:
                    a3:ea:2f:ed:a7:dd:ea:75:fb:ce:da:ec:14:95:31:
                    71:1f:08:cc:b2:8b:10:ab:33:f6:8c:fa:c4:c1:7e:
                    11:78:af:aa:2e:ab:05:28:5b:1f:0b:c9:5d:24:98:
                    d8:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:2A:94:7A:D3:E2:A5:4C:F7:A1:0F:FE:91:9B:63:B3:07:32:03:0A
            X509v3 Authority Key Identifier:
                keyid:F8:D4:A6:32:D0:69:96:4C:61:A3:3E:41:D6:24:3D:53:5B:00:7D:54

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91DC46A/00500164943211E68C1B824AC4F9AE02/-NSmMtBplkxhoz5B1iQ9U1sAfVQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/-NSmMtBplkxhoz5B1iQ9U1sAfVQ.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91DC46A/00500164943211E68C1B824AC4F9AE02/527AA5C69F4F11EAA7970484C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  27.131.62.0/23
                  103.221.63.0/24
                  122.0.31.0/24
                  202.133.108.0/22
                IPv6:
                  2405:6400:4000::/36

    Signature Algorithm: sha256WithRSAEncryption
         46:7f:11:35:8a:1b:cd:2f:bd:d5:f0:85:0e:f8:1e:e6:b7:23:
         47:73:78:3f:05:2b:3f:58:30:03:ef:a0:c8:36:d7:b6:49:c7:
         fa:8d:4b:40:bb:6c:31:c8:85:32:52:04:6a:52:f6:74:d4:78:
         b1:05:f9:0f:e8:48:a2:41:a5:93:fd:2d:7b:86:70:b1:85:3d:
         2e:83:0e:5e:a5:f0:4d:42:87:41:28:e1:3f:23:9e:c3:af:d6:
         d2:fd:6c:a7:63:41:5f:66:21:40:60:93:42:c3:86:39:89:17:
         06:2b:59:07:72:be:27:02:28:78:77:e0:0b:96:52:71:36:c9:
         24:08:d5:68:2f:c1:9d:43:8f:a5:f6:10:9b:76:0a:8e:83:2a:
         45:f0:1f:aa:c0:b4:7a:84:d3:41:00:a9:b7:79:e5:2a:3c:ce:
         71:58:a0:26:e1:c1:4b:2a:c2:61:24:76:a1:98:9c:29:34:08:
         6d:1c:34:20:0d:0a:2f:3e:e8:64:4e:b3:84:13:9e:94:16:4a:
         30:b5:64:0b:9b:32:b2:a2:38:73:9f:b2:16:95:06:2b:29:e6:
         dc:76:9b:0a:eb:38:ff:6d:e4:0f:d6:a2:9b:85:ac:00:28:e1:
         63:bb:90:b4:bd:7f:1a:cb:a1:3e:46:8f:23:a0:68:e7:07:2b:
         f5:20:8f:fe
-----BEGIN CERTIFICATE-----
MIIFkzCCBHugAwIBAgICHe4wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
REM0NkExMTAvBgNVBAUTKEY4RDRBNjMyRDA2OTk2NEM2MUEzM0U0MUQ2MjQzRDUz
NUIwMDdENTQwHhcNMjUwMTIyMTYyMzI3WhcNMjYwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzkxMWI3Zi02YzBhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA1MRZAgHAUK7mYc4dGwNogMfmZ44Pmr2yoBAszxktzS9qashvcN2NjpM2Udbu
48FidAjVpZRfNqpvoVNtV9iRa1di/cBBaT2aS6lJQxvfS0ojF5EM0mA++8rD/peD
s51NFtl6MMnAmSOMpb3X9t0ixdP46dwsniCT0XfDDnCUJispSJIP/yq0WE6/MVto
mjeZBDChS541wdIE7iVye/o3Fyuiw17rPYsZRnY/oonTmaTVfzS1KTkhpjMgKviF
WNQVUvVpeVp+93kVjD6pPz6ZZGej6i/tp93qdfvO2uwUlTFxHwjMsosQqzP2jPrE
wX4ReK+qLqsFKFsfC8ldJJjY1wIDAQABo4ICtzCCArMwHQYDVR0OBBYEFNMqlHrT
4qVM96EP/pGbY7MHMgMKMB8GA1UdIwQYMBaAFPjUpjLQaZZMYaM+QdYkPVNbAH1U
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFEQzQ2QS8wMDUwMDE2NDk0
MzIxMUU2OEMxQjgyNEFDNEY5QUUwMi8tTlNtTXRCcGxreGhvejVCMWlROVUxc0Fm
VlEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLy1OU21NdEJwbGt4aG96NUIxaVE5VTFzQWZWUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
REM0NkEvMDA1MDAxNjQ5NDMyMTFFNjhDMUI4MjRBQzRGOUFFMDIvNTI3QUE1QzY5
RjRGMTFFQUE3OTcwNDg0QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwQQYIKwYBBQUHAQcBAf8E
MjAwMB4EAgABMBgDBAEbgz4DBABn3T8DBAB6AB8DBALKhWwwDgQCAAIwCAMGBCQF
ZABAMA0GCSqGSIb3DQEBCwUAA4IBAQBGfxE1ihvNL73V8IUO+B7mtyNHc3g/BSs/
WDAD76DINte2Scf6jUtAu2wxyIUyUgRqUvZ01HixBfkP6EiiQaWT/S17hnCxhT0u
gw5epfBNQodBKOE/I57Dr9bS/WynY0FfZiFAYJNCw4Y5iRcGK1kHcr4nAih4d+AL
llJxNskkCNVoL8GdQ4+l9hCbdgqOgypF8B+qwLR6hNNBAKm3eeUqPM5xWKAm4cFL
KsJhJHahmJwpNAhtHDQgDQovPuhkTrOEE56UFkowtWQLmzKyojhzn7IWlQYrKebc
dpsK6zj/beQP1qKbhawAKOFju5C0vX8ay6E+Ro8joGjnByv1II/+
-----END CERTIFICATE-----