Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9137AD6/A2CE6BD8C77611ECB73AD566C4F9AE02/2595D7A6063111EDB15E2E5FC4F9AE02.roa
File:                     2595D7A6063111EDB15E2E5FC4F9AE02.roa (raw, json)
Hash identifier:          oin8yL4zYDT5x3oDTyMv4sXImYqYMHrbBoNIU14DFXM=
Subject key identifier:   A0:02:95:34:B8:01:09:23:24:DB:68:46:F0:FA:83:E3:4D:4D:0B:D2
Certificate issuer:       /CN=A9137AD6/serialNumber=2578CBCAFCA26B172057E37AB77A61C81032222D
Certificate serial:       0253
Authority key identifier: 25:78:CB:CA:FC:A2:6B:17:20:57:E3:7A:B7:7A:61:C8:10:32:22:2D
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/JXjLyvyiaxcgV-N6t3phyBAyIi0.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9137AD6/A2CE6BD8C77611ECB73AD566C4F9AE02/2595D7A6063111EDB15E2E5FC4F9AE02.roa
Signing time:             Fri 15 Mar 2024 03:25:26 +0000
ROA not before:           Fri 15 Mar 2024 03:25:26 +0000
ROA not after:            Thu 01 May 2025 00:00:00 +0000
asID:                     133120
IP address blocks:        123.253.41.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9137AD6/A2CE6BD8C77611ECB73AD566C4F9AE02/JXjLyvyiaxcgV-N6t3phyBAyIi0.crl
                          rsync://rpki.apnic.net/member_repository/A9137AD6/A2CE6BD8C77611ECB73AD566C4F9AE02/JXjLyvyiaxcgV-N6t3phyBAyIi0.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/JXjLyvyiaxcgV-N6t3phyBAyIi0.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 24 Jun 2024 03:40:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 595 (0x253)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9137AD6/serialNumber=2578CBCAFCA26B172057E37AB77A61C81032222D
        Validity
            Not Before: Mar 15 03:25:26 2024 GMT
            Not After : May  1 00:00:00 2025 GMT
        Subject: CN=65f3bfa6-bd96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:23:8f:a5:15:a1:10:49:17:e7:77:46:af:37:
                    bd:1d:eb:1a:ef:46:1b:bf:fd:43:62:c2:6b:7b:6c:
                    05:f5:f8:5e:13:7c:91:a9:c5:aa:20:1c:3a:c8:d9:
                    83:45:d0:e0:d1:6b:4f:11:95:da:b2:db:62:bc:8c:
                    16:38:7a:6f:6e:0a:6b:a0:66:17:f0:9d:36:08:5c:
                    8a:48:d7:5b:0a:c0:7c:07:f6:c0:28:a7:54:8b:7b:
                    15:fb:b4:87:f6:9f:86:5d:ec:7c:5d:66:46:d9:66:
                    bb:9a:22:83:c5:ad:d0:42:26:bf:8d:22:a7:f6:32:
                    6b:03:8f:f9:ae:a5:e8:4d:b9:92:5c:76:f3:3f:ac:
                    22:fd:9a:9b:72:f5:a1:27:2f:a9:4e:1b:f8:6d:7f:
                    b2:cf:95:0c:f6:12:5b:e7:21:ea:25:94:9b:cd:38:
                    f3:6e:9c:56:43:f6:69:82:b0:37:fe:83:26:9e:06:
                    e4:e9:f8:7f:e5:01:d4:1b:87:38:87:25:52:e3:e3:
                    0d:13:37:ce:ba:ca:39:84:5b:02:16:a1:39:9b:3e:
                    66:04:83:30:72:d1:62:d9:fe:9d:93:96:52:e8:ba:
                    23:62:77:b1:1f:fd:57:29:6e:39:a3:75:4f:d2:09:
                    6a:ca:2e:f2:95:39:60:c9:a1:43:7b:5b:8e:25:35:
                    6c:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:02:95:34:B8:01:09:23:24:DB:68:46:F0:FA:83:E3:4D:4D:0B:D2
            X509v3 Authority Key Identifier:
                keyid:25:78:CB:CA:FC:A2:6B:17:20:57:E3:7A:B7:7A:61:C8:10:32:22:2D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9137AD6/A2CE6BD8C77611ECB73AD566C4F9AE02/JXjLyvyiaxcgV-N6t3phyBAyIi0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/JXjLyvyiaxcgV-N6t3phyBAyIi0.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9137AD6/A2CE6BD8C77611ECB73AD566C4F9AE02/2595D7A6063111EDB15E2E5FC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  123.253.41.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ba:8c:8f:9c:65:84:5d:47:79:f9:4a:76:e5:03:a4:b9:3e:68:
         aa:50:40:7e:9f:fb:66:69:2c:df:44:4e:61:9e:8a:b7:f2:f5:
         f3:7b:56:46:a2:e8:72:03:fb:a5:47:d9:cc:de:8f:dc:1e:b3:
         b0:df:10:85:d6:40:c5:76:0f:70:8f:67:56:c9:c3:5a:45:d5:
         41:9b:ec:9c:d9:01:1f:a2:12:12:cb:b6:b0:db:27:1f:a2:39:
         c2:e0:df:a6:8b:5d:12:a6:e8:33:40:61:a9:b8:13:ac:e1:ac:
         b8:92:5a:ec:10:44:cd:d2:61:0f:66:04:8d:c5:45:75:29:62:
         6d:a2:10:fe:42:96:d1:fd:84:74:dc:d4:30:dd:1d:06:56:35:
         36:7b:46:6b:74:13:4a:c0:1c:b7:e1:14:5a:31:6b:cf:04:1b:
         71:b1:45:2a:fa:e3:f9:64:8e:45:5d:58:fd:1c:c0:95:83:cf:
         c7:b9:21:0e:c2:c1:8b:1a:bb:67:cf:85:e1:d2:e6:61:13:ec:
         cd:5c:1e:06:1d:f1:67:01:8c:00:59:99:f7:b6:25:1a:8c:03:
         2b:96:4b:e5:1c:01:c8:49:29:54:0c:d9:e7:99:1f:2b:2e:be:
         9e:2f:9f:ea:72:3a:f3:91:e6:ee:44:0a:6d:1d:49:60:3a:9c:
         5c:30:a6:09
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICAlMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MzdBRDYxMTAvBgNVBAUTKDI1NzhDQkNBRkNBMjZCMTcyMDU3RTM3QUI3N0E2MUM4
MTAzMjIyMkQwHhcNMjQwMzE1MDMyNTI2WhcNMjUwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWYzYmZhNi1iZDk2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAtyOPpRWhEEkX53dGrze9Hesa70Ybv/1DYsJre2wF9fheE3yRqcWqIBw6yNmD
RdDg0WtPEZXasttivIwWOHpvbgproGYX8J02CFyKSNdbCsB8B/bAKKdUi3sV+7SH
9p+GXex8XWZG2Wa7miKDxa3QQia/jSKn9jJrA4/5rqXoTbmSXHbzP6wi/ZqbcvWh
Jy+pThv4bX+yz5UM9hJb5yHqJZSbzTjzbpxWQ/ZpgrA3/oMmngbk6fh/5QHUG4c4
hyVS4+MNEzfOuso5hFsCFqE5mz5mBIMwctFi2f6dk5ZS6LojYnexH/1XKW45o3VP
0glqyi7ylTlgyaFDe1uOJTVsyQIDAQABo4IClTCCApEwHQYDVR0OBBYEFKAClTS4
AQkjJNtoRvD6g+NNTQvSMB8GA1UdIwQYMBaAFCV4y8r8omsXIFfjerd6YcgQMiIt
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEzN0FENi9BMkNFNkJEOEM3
NzYxMUVDQjczQUQ1NjZDNEY5QUUwMi9KWGpMeXZ5aWF4Y2dWLU42dDNwaHlCQXlJ
aTAuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0pYakx5dnlpYXhjZ1YtTjZ0M3BoeUJBeUlpMC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MzdBRDYvQTJDRTZCRDhDNzc2MTFFQ0I3M0FENTY2QzRGOUFFMDIvMjU5NUQ3QTYw
NjMxMTFFREIxNUUyRTVGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAB7/SkwDQYJKoZIhvcNAQELBQADggEBALqMj5xlhF1HeflK
duUDpLk+aKpQQH6f+2ZpLN9ETmGeirfy9fN7Vkai6HID+6VH2czej9wes7DfEIXW
QMV2D3CPZ1bJw1pF1UGb7JzZAR+iEhLLtrDbJx+iOcLg36aLXRKm6DNAYam4E6zh
rLiSWuwQRM3SYQ9mBI3FRXUpYm2iEP5CltH9hHTc1DDdHQZWNTZ7Rmt0E0rAHLfh
FFoxa88EG3GxRSr64/lkjkVdWP0cwJWDz8e5IQ7CwYsau2fPheHS5mET7M1cHgYd
8WcBjABZmfe2JRqMAyuWS+UcAchJKVQM2eeZHysuvp4vn+pyOvOR5u5ECm0dSWA6
nFwwpgk=
-----END CERTIFICATE-----
Generated at Mon Jun 17 04:54:44 2024 by rpki-client on console-fra.rpki-client.org