Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91127B5/0F194EAE890C11EE9DF72C50C4F9AE02/AA02862E890C11EE87862551C4F9AE02.roa
File:                     AA02862E890C11EE87862551C4F9AE02.roa (raw, json)
Hash identifier:          If7gROK16zr/SZJjbOJJFTa1P8/BQcHi3NBwMSreHp8=
Subject key identifier:   08:E5:1E:67:F5:1B:6F:0A:3D:FE:BF:A8:41:5E:0A:F5:6A:86:70:D8
Certificate issuer:       /CN=A91127B5/serialNumber=FDE81CA7695E94A90BFDFD83F11A7734630817E8
Certificate serial:       1E
Authority key identifier: FD:E8:1C:A7:69:5E:94:A9:0B:FD:FD:83:F1:1A:77:34:63:08:17:E8
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_egcp2lelKkL_f2D8Rp3NGMIF-g.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91127B5/0F194EAE890C11EE9DF72C50C4F9AE02/AA02862E890C11EE87862551C4F9AE02.roa
Signing time:             Thu 28 Dec 2023 03:29:14 +0000
ROA not before:           Thu 28 Dec 2023 03:29:14 +0000
ROA not after:            Sun 02 Mar 2025 00:00:00 +0000
asID:                     140543
IP address blocks:        115.187.16.0/24 maxlen: 24
                          115.187.17.0/24 maxlen: 24
                          2401:4ea0::/48 maxlen: 48
                          2401:4ea0:1::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91127B5/0F194EAE890C11EE9DF72C50C4F9AE02/_egcp2lelKkL_f2D8Rp3NGMIF-g.crl
                          rsync://rpki.apnic.net/member_repository/A91127B5/0F194EAE890C11EE9DF72C50C4F9AE02/_egcp2lelKkL_f2D8Rp3NGMIF-g.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_egcp2lelKkL_f2D8Rp3NGMIF-g.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 24 Jun 2024 08:08:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 30 (0x1e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91127B5/serialNumber=FDE81CA7695E94A90BFDFD83F11A7734630817E8
        Validity
            Not Before: Dec 28 03:29:14 2023 GMT
            Not After : Mar  2 00:00:00 2025 GMT
        Subject: CN=658ceb8a-b294
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:14:37:fd:06:20:28:5c:07:c3:aa:ef:da:7b:
                    b2:a1:ca:ac:e7:44:98:c6:a3:e5:93:96:14:9b:cd:
                    6e:79:e1:ea:9c:6e:b7:84:29:68:89:6e:55:11:30:
                    6f:97:9b:e4:47:23:01:b1:c4:42:8a:c5:17:18:13:
                    70:ae:ae:7c:d6:a0:9c:6b:e7:59:aa:d0:6a:e8:82:
                    e1:9b:d6:fd:d6:db:28:70:15:8e:d9:c8:90:e0:6f:
                    a7:3c:d7:68:18:55:c0:f6:54:c6:4a:ce:e9:d1:e5:
                    60:22:72:d2:be:ab:53:d5:46:36:04:ef:4b:cc:b9:
                    1f:77:e7:df:79:cf:58:c5:42:31:ae:92:8f:6a:fc:
                    e8:84:fc:38:77:f9:8e:3c:b6:4b:69:57:98:0d:93:
                    89:eb:2c:64:bc:65:03:c1:d9:4d:68:c3:e5:7e:e4:
                    e3:43:da:89:30:42:64:df:28:97:55:f6:b5:a9:85:
                    d0:75:cd:61:44:83:f4:f9:81:61:39:0c:dd:3c:9f:
                    70:ca:ce:92:ea:c5:78:63:fb:fb:17:7f:cc:d7:4e:
                    66:d4:0c:56:cd:74:53:db:95:1c:f3:74:cd:e6:56:
                    5d:10:46:c3:3f:79:84:ba:5b:b4:15:2e:f4:1d:ab:
                    3a:a1:d9:13:1b:83:22:fc:6a:3a:7b:b8:cc:21:b7:
                    8d:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:E5:1E:67:F5:1B:6F:0A:3D:FE:BF:A8:41:5E:0A:F5:6A:86:70:D8
            X509v3 Authority Key Identifier:
                keyid:FD:E8:1C:A7:69:5E:94:A9:0B:FD:FD:83:F1:1A:77:34:63:08:17:E8

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91127B5/0F194EAE890C11EE9DF72C50C4F9AE02/_egcp2lelKkL_f2D8Rp3NGMIF-g.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_egcp2lelKkL_f2D8Rp3NGMIF-g.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91127B5/0F194EAE890C11EE9DF72C50C4F9AE02/AA02862E890C11EE87862551C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  115.187.16.0/23
                IPv6:
                  2401:4ea0::/47

    Signature Algorithm: sha256WithRSAEncryption
         ab:80:f0:6d:4f:f9:24:50:d8:e0:38:5f:32:de:83:71:3a:b3:
         0a:f6:33:48:c4:0c:b8:ea:fb:95:6d:03:01:4d:61:9d:a2:16:
         c5:c1:e6:c8:19:f3:09:3b:ea:f9:cd:49:58:23:91:cf:03:ad:
         e7:ee:7f:4d:b1:30:28:12:4c:27:c1:2e:92:67:e3:b0:02:83:
         74:91:d7:96:7c:03:d7:d4:2e:7a:18:39:09:5b:ff:16:08:8e:
         0b:17:38:71:36:db:ba:32:9e:eb:31:4b:1d:1e:87:25:57:89:
         68:03:de:53:ce:27:88:13:90:52:82:c2:6a:14:3d:67:58:2b:
         90:18:df:cd:d8:55:00:d5:b6:53:eb:45:e0:be:16:8b:ce:62:
         a8:09:4e:5d:3a:48:ba:4b:99:cf:5e:fb:3a:8e:79:1a:61:be:
         7a:4c:8b:b8:12:85:c9:56:40:b5:2b:75:28:7d:48:29:aa:e1:
         fc:2b:c7:38:00:26:e3:b8:57:4f:c2:40:89:d5:e1:a3:d5:f7:
         5c:89:08:06:fb:0f:53:8a:15:5c:e4:a6:9d:95:67:f0:69:a6:
         4a:8e:61:6d:06:d1:01:4f:de:89:19:9b:4e:32:db:95:ea:16:
         b9:af:ef:bc:0a:d3:c9:42:ba:c6:05:2e:f9:ff:c2:55:fd:30:
         dc:f5:76:f1
-----BEGIN CERTIFICATE-----
MIIFgTCCBGmgAwIBAgIBHjANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTEx
MjdCNTExMC8GA1UEBRMoRkRFODFDQTc2OTVFOTRBOTBCRkRGRDgzRjExQTc3MzQ2
MzA4MTdFODAeFw0yMzEyMjgwMzI5MTRaFw0yNTAzMDIwMDAwMDBaMBgxFjAUBgNV
BAMTDTY1OGNlYjhhLWIyOTQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCVFDf9BiAoXAfDqu/ae7KhyqznRJjGo+WTlhSbzW554eqcbreEKWiJblURMG+X
m+RHIwGxxEKKxRcYE3CurnzWoJxr51mq0GroguGb1v3W2yhwFY7ZyJDgb6c812gY
VcD2VMZKzunR5WAictK+q1PVRjYE70vMuR935995z1jFQjGuko9q/OiE/Dh3+Y48
tktpV5gNk4nrLGS8ZQPB2U1ow+V+5OND2okwQmTfKJdV9rWphdB1zWFEg/T5gWE5
DN08n3DKzpLqxXhj+/sXf8zXTmbUDFbNdFPblRzzdM3mVl0QRsM/eYS6W7QVLvQd
qzqh2RMbgyL8ajp7uMwht42dAgMBAAGjggKmMIICojAdBgNVHQ4EFgQUCOUeZ/Ub
bwo9/r+oQV4K9WqGcNgwHwYDVR0jBBgwFoAU/egcp2lelKkL/f2D8Rp3NGMIF+gw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTEyN0I1LzBGMTk0RUFFODkw
QzExRUU5REY3MkM1MEM0RjlBRTAyL19lZ2NwMmxlbEtrTF9mMkQ4UnAzTkdNSUYt
Zy5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvX2VnY3AybGVsS2tMX2YyRDhScDNOR01JRi1nLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEx
MjdCNS8wRjE5NEVBRTg5MEMxMUVFOURGNzJDNTBDNEY5QUUwMi9BQTAyODYyRTg5
MEMxMUVFODc4NjI1NTFDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAwBggrBgEFBQcBBwEB/wQh
MB8wDAQCAAEwBgMEAXO7EDAPBAIAAjAJAwcBJAFOoAAAMA0GCSqGSIb3DQEBCwUA
A4IBAQCrgPBtT/kkUNjgOF8y3oNxOrMK9jNIxAy46vuVbQMBTWGdohbFwebIGfMJ
O+r5zUlYI5HPA63n7n9NsTAoEkwnwS6SZ+OwAoN0kdeWfAPX1C56GDkJW/8WCI4L
FzhxNtu6Mp7rMUsdHoclV4loA95TzieIE5BSgsJqFD1nWCuQGN/N2FUA1bZT60Xg
vhaLzmKoCU5dOki6S5nPXvs6jnkaYb56TIu4EoXJVkC1K3UofUgpquH8K8c4ACbj
uFdPwkCJ1eGj1fdciQgG+w9TihVc5KadlWfwaaZKjmFtBtEBT96JGZtOMtuV6ha5
r++8CtPJQrrGBS75/8JV/TDc9Xbx
-----END CERTIFICATE-----
Generated at Mon Jun 17 09:40:47 2024 by rpki-client on console-fra.rpki-client.org