Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9111926/7C6A0E4421FF11EAA7232A3DC4F9AE02/4D5E29F6BEA111EB9D19D662C4F9AE02.roa
File:                     4D5E29F6BEA111EB9D19D662C4F9AE02.roa (raw, json)
Hash identifier:          GVfQCeuu2VSfdrg7kmYbyTvj2S+30bCEUg6ohI3D9VA=
Subject key identifier:   5A:E9:3A:A9:28:B3:89:25:6E:10:1B:9A:24:9B:1E:A3:FE:D0:49:9C
Certificate issuer:       /CN=A9111926/serialNumber=6F23BB4BE82F34B0E7461279520C73977AB1D23C
Certificate serial:       0AD6
Authority key identifier: 6F:23:BB:4B:E8:2F:34:B0:E7:46:12:79:52:0C:73:97:7A:B1:D2:3C
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/byO7S-gvNLDnRhJ5Ugxzl3qx0jw.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9111926/7C6A0E4421FF11EAA7232A3DC4F9AE02/4D5E29F6BEA111EB9D19D662C4F9AE02.roa
Signing time:             Wed 28 Feb 2024 19:58:05 +0000
ROA not before:           Wed 28 Feb 2024 19:58:05 +0000
ROA not after:            Thu 01 May 2025 00:00:00 +0000
asID:                     38442
IP address blocks:        27.123.128.0/18 maxlen: 24
                          103.244.228.0/22 maxlen: 24
                          183.81.128.0/20 maxlen: 24
                          2401:5100::/32 maxlen: 40

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9111926/7C6A0E4421FF11EAA7232A3DC4F9AE02/byO7S-gvNLDnRhJ5Ugxzl3qx0jw.crl
                          rsync://rpki.apnic.net/member_repository/A9111926/7C6A0E4421FF11EAA7232A3DC4F9AE02/byO7S-gvNLDnRhJ5Ugxzl3qx0jw.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/byO7S-gvNLDnRhJ5Ugxzl3qx0jw.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 29 Nov 2024 18:55:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2774 (0xad6)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9111926/serialNumber=6F23BB4BE82F34B0E7461279520C73977AB1D23C
        Validity
            Not Before: Feb 28 19:58:05 2024 GMT
            Not After : May  1 00:00:00 2025 GMT
        Subject: CN=65df904c-97dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b0:5d:83:bb:10:3a:67:ba:50:7f:cb:72:64:07:
                    98:85:41:8f:46:d9:76:e7:87:f7:85:95:a8:69:c1:
                    f4:ae:8b:47:bc:f5:67:1e:df:78:0c:b1:51:72:cf:
                    95:4d:57:f2:d7:33:19:03:3a:ee:50:58:e7:94:03:
                    c3:7a:74:a1:4c:d0:12:58:b8:80:7a:96:f6:48:48:
                    2e:99:5f:d4:e7:be:1c:d9:02:24:3f:01:ff:0e:fa:
                    cf:39:18:40:0c:e4:e0:12:cb:7f:7a:31:1b:51:e7:
                    ca:ea:e0:df:ec:d5:df:1c:a4:2c:cf:40:cc:13:ad:
                    fd:f1:c7:4a:02:05:ac:03:2f:2c:19:02:63:92:b1:
                    eb:e4:40:bb:5f:a7:14:11:a4:c1:38:6d:dd:53:a6:
                    dc:27:05:ac:cb:1d:56:dd:60:61:20:62:67:e7:93:
                    40:58:92:6e:12:58:03:5f:4d:ed:6a:10:82:62:ef:
                    33:d6:47:99:03:9a:82:f5:24:82:3e:78:00:72:98:
                    df:c0:c7:5a:8d:a4:2f:86:a9:b2:07:60:47:a5:c4:
                    b7:2d:91:f0:26:13:c6:1e:6f:ea:de:5b:a7:c2:44:
                    a4:93:e5:8c:27:a9:4e:34:a4:99:1e:60:cc:1b:4c:
                    4f:7b:bc:ab:9d:37:a7:41:3e:b0:14:7d:4f:45:1a:
                    98:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:E9:3A:A9:28:B3:89:25:6E:10:1B:9A:24:9B:1E:A3:FE:D0:49:9C
            X509v3 Authority Key Identifier:
                keyid:6F:23:BB:4B:E8:2F:34:B0:E7:46:12:79:52:0C:73:97:7A:B1:D2:3C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9111926/7C6A0E4421FF11EAA7232A3DC4F9AE02/byO7S-gvNLDnRhJ5Ugxzl3qx0jw.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/byO7S-gvNLDnRhJ5Ugxzl3qx0jw.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9111926/7C6A0E4421FF11EAA7232A3DC4F9AE02/4D5E29F6BEA111EB9D19D662C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  27.123.128.0/18
                  103.244.228.0/22
                  183.81.128.0/20
                IPv6:
                  2401:5100::/32

    Signature Algorithm: sha256WithRSAEncryption
         2e:e5:44:7f:96:7b:ed:c8:48:79:9f:1e:71:5b:c9:4b:bf:28:
         19:86:92:af:09:c5:02:6d:23:3c:ae:73:03:d4:b9:36:65:a9:
         48:ea:6b:28:59:09:d1:8d:5b:d8:1f:fe:a1:03:36:da:cf:eb:
         e9:69:17:78:a5:bc:58:9d:30:ee:07:f1:0a:15:d9:37:89:48:
         01:3a:85:46:96:68:91:2d:9e:6c:6e:cb:5a:f4:d0:f4:80:99:
         06:14:62:8c:3a:30:14:5e:59:ed:d6:dc:56:17:cc:e9:9a:51:
         cf:99:f8:94:0f:63:67:97:60:9b:11:67:be:dd:2e:94:2e:27:
         68:59:f9:f3:df:0e:92:4c:2d:87:ad:cb:cf:e7:1e:29:09:0f:
         ce:2b:71:75:be:47:e9:53:d4:e6:1f:a2:5b:96:03:62:13:dc:
         2b:03:2d:25:5b:d6:58:49:f9:3e:62:8b:1e:b5:b3:db:74:e3:
         e3:f6:53:a5:82:c7:3c:c0:80:d0:de:65:1b:d3:64:f5:ea:34:
         35:02:fe:ae:67:5d:04:27:3a:80:3d:f4:28:11:94:7e:c7:e8:
         e8:c9:71:c2:af:54:4b:74:15:1a:41:4c:64:eb:e2:25:68:12:
         d1:10:05:9c:fc:b9:24:28:b6:a3:a2:a5:64:a5:b4:f4:8c:b8:
         c3:a1:3b:77
-----BEGIN CERTIFICATE-----
MIIFjDCCBHSgAwIBAgICCtYwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MTE5MjYxMTAvBgNVBAUTKDZGMjNCQjRCRTgyRjM0QjBFNzQ2MTI3OTUyMEM3Mzk3
N0FCMUQyM0MwHhcNMjQwMjI4MTk1ODA1WhcNMjUwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWRmOTA0Yy05N2RkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAsF2DuxA6Z7pQf8tyZAeYhUGPRtl254f3hZWoacH0rotHvPVnHt94DLFRcs+V
TVfy1zMZAzruUFjnlAPDenShTNASWLiAepb2SEgumV/U574c2QIkPwH/DvrPORhA
DOTgEst/ejEbUefK6uDf7NXfHKQsz0DME6398cdKAgWsAy8sGQJjkrHr5EC7X6cU
EaTBOG3dU6bcJwWsyx1W3WBhIGJn55NAWJJuElgDX03tahCCYu8z1keZA5qC9SSC
PngAcpjfwMdajaQvhqmyB2BHpcS3LZHwJhPGHm/q3lunwkSkk+WMJ6lONKSZHmDM
G0xPe7yrnTenQT6wFH1PRRqYlQIDAQABo4ICsDCCAqwwHQYDVR0OBBYEFFrpOqko
s4klbhAbmiSbHqP+0EmcMB8GA1UdIwQYMBaAFG8ju0voLzSw50YSeVIMc5d6sdI8
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTExMTkyNi83QzZBMEU0NDIx
RkYxMUVBQTcyMzJBM0RDNEY5QUUwMi9ieU83Uy1ndk5MRG5SaEo1VWd4emwzcXgw
ancuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2J5TzdTLWd2TkxEblJoSjVVZ3h6bDNxeDBqdy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MTE5MjYvN0M2QTBFNDQyMUZGMTFFQUE3MjMyQTNEQzRGOUFFMDIvNEQ1RTI5RjZC
RUExMTFFQjlEMTlENjYyQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwOgYIKwYBBQUHAQcBAf8E
KzApMBgEAgABMBIDBAYbe4ADBAJn9OQDBAS3UYAwDQQCAAIwBwMFACQBUQAwDQYJ
KoZIhvcNAQELBQADggEBAC7lRH+We+3ISHmfHnFbyUu/KBmGkq8JxQJtIzyucwPU
uTZlqUjqayhZCdGNW9gf/qEDNtrP6+lpF3ilvFidMO4H8QoV2TeJSAE6hUaWaJEt
nmxuy1r00PSAmQYUYow6MBReWe3W3FYXzOmaUc+Z+JQPY2eXYJsRZ77dLpQuJ2hZ
+fPfDpJMLYety8/nHikJD84rcXW+R+lT1OYfoluWA2IT3CsDLSVb1lhJ+T5iix61
s9t04+P2U6WCxzzAgNDeZRvTZPXqNDUC/q5nXQQnOoA99CgRlH7H6OjJccKvVEt0
FRpBTGTr4iVoEtEQBZz8uSQotqOipWSltPSMuMOhO3c=
-----END CERTIFICATE-----
Generated at Fri Nov 22 22:14:20 2024 by rpki-client on console-ams.rpki-client.org