Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91406AA/8F5BB4F886C111EBBAB3184BC4F9AE02/8205A466A73111ED97576186C4F9AE02.roa
File:                     8205A466A73111ED97576186C4F9AE02.roa (raw, json)
Hash identifier:          TNYo4/mkmU8nb5HKQOBxXwZvc4it5w2GIhCmllv4qwg=
Subject key identifier:   F3:92:63:38:99:13:1E:61:41:D3:5B:37:9B:46:18:3C:D1:2D:95:FD
Certificate issuer:       /CN=A91406AA/serialNumber=315513E54AB0C99B8BCA84042E38358B60DB1B2C
Certificate serial:       05B7
Authority key identifier: 31:55:13:E5:4A:B0:C9:9B:8B:CA:84:04:2E:38:35:8B:60:DB:1B:2C
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/MVUT5UqwyZuLyoQELjg1i2DbGyw.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91406AA/8F5BB4F886C111EBBAB3184BC4F9AE02/8205A466A73111ED97576186C4F9AE02.roa
Signing time:             Wed 04 Oct 2023 23:41:31 +0000
ROA not before:           Wed 04 Oct 2023 23:41:31 +0000
ROA not after:            Sun 01 Dec 2024 00:00:00 +0000
asID:                     45459
IP address blocks:        202.89.57.0/24 maxlen: 24
                          203.89.178.0/24 maxlen: 24
                          203.89.187.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91406AA/8F5BB4F886C111EBBAB3184BC4F9AE02/MVUT5UqwyZuLyoQELjg1i2DbGyw.crl
                          rsync://rpki.apnic.net/member_repository/A91406AA/8F5BB4F886C111EBBAB3184BC4F9AE02/MVUT5UqwyZuLyoQELjg1i2DbGyw.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/MVUT5UqwyZuLyoQELjg1i2DbGyw.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 19 Jun 2024 22:27:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1463 (0x5b7)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91406AA/serialNumber=315513E54AB0C99B8BCA84042E38358B60DB1B2C
        Validity
            Not Before: Oct  4 23:41:31 2023 GMT
            Not After : Dec  1 00:00:00 2024 GMT
        Subject: CN=651df82a-01d0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:de:38:34:b2:a8:bb:47:88:e2:f1:d8:10:2e:
                    bf:84:83:27:b7:a5:2e:df:a8:83:80:07:5d:16:66:
                    7e:ab:fb:db:f6:bc:c9:f6:49:86:36:5a:6b:b2:76:
                    91:44:35:b2:f7:f4:3d:28:4e:1e:67:e8:79:ae:87:
                    d5:40:22:a5:47:d9:34:bc:1a:c6:4a:cd:98:26:05:
                    b7:40:00:6e:c1:9b:0a:9a:92:f6:c0:7c:96:a3:c5:
                    7a:69:81:80:29:9b:02:b8:2a:98:4d:7e:10:be:0c:
                    c5:1c:a0:8c:f9:a0:01:de:d1:72:47:f2:0d:ce:d4:
                    04:a9:97:96:66:80:f2:c1:69:be:51:af:31:16:01:
                    dd:00:fc:42:1e:da:76:6d:c5:f8:79:18:65:a8:1d:
                    3b:52:e2:e6:be:8a:01:f7:aa:84:d6:0e:58:44:15:
                    1e:23:17:dc:d7:64:89:5a:11:d7:eb:b2:bf:95:20:
                    7d:bb:35:d5:4b:9c:90:3d:4a:d4:4b:ad:1a:57:0a:
                    75:31:b7:90:3c:e1:4e:01:95:ef:54:cc:a3:42:f2:
                    f9:37:3f:23:41:96:26:3d:58:e4:cc:2e:43:67:c7:
                    dd:81:e3:88:c3:79:43:dd:d9:bf:75:f3:c0:2b:21:
                    9c:ec:3f:50:18:ea:92:67:0c:1d:a9:8d:a9:7e:4e:
                    d0:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F3:92:63:38:99:13:1E:61:41:D3:5B:37:9B:46:18:3C:D1:2D:95:FD
            X509v3 Authority Key Identifier:
                keyid:31:55:13:E5:4A:B0:C9:9B:8B:CA:84:04:2E:38:35:8B:60:DB:1B:2C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91406AA/8F5BB4F886C111EBBAB3184BC4F9AE02/MVUT5UqwyZuLyoQELjg1i2DbGyw.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/MVUT5UqwyZuLyoQELjg1i2DbGyw.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91406AA/8F5BB4F886C111EBBAB3184BC4F9AE02/8205A466A73111ED97576186C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.89.57.0/24
                  203.89.178.0/24
                  203.89.187.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3d:d9:72:76:d3:19:48:7f:9e:a6:c9:54:22:2d:a9:c0:e8:dd:
         c6:b8:4b:19:3c:6f:9d:25:5a:20:02:1d:8a:a9:f9:41:0e:a1:
         da:00:80:d8:4c:5c:89:25:fa:6d:3f:0c:28:09:33:c2:96:09:
         27:a0:b0:e4:27:ca:76:0d:b1:32:bc:f1:ee:4b:1c:b6:c1:92:
         85:4f:f8:7f:dd:82:bc:e7:2b:36:b3:29:c6:d8:cf:53:82:ec:
         cb:6b:84:24:5b:63:16:c1:71:23:5f:ca:99:b5:cd:f9:00:a0:
         37:79:3b:b2:64:2d:c0:6f:11:e0:40:97:66:64:b2:ac:4e:29:
         16:5d:7d:01:9d:08:0d:55:2e:03:45:96:dc:6a:00:e6:64:76:
         e4:29:af:be:2b:6f:5e:4b:95:5c:eb:21:52:9e:48:73:06:db:
         85:cc:df:50:bd:21:19:a0:6c:98:24:b7:9d:3d:2e:81:f5:ba:
         ed:50:dc:50:df:58:82:60:78:08:a9:fb:6e:da:71:21:ce:5d:
         86:f0:84:c5:ce:80:8b:b2:6a:a4:15:10:c0:1c:e7:2e:fa:b4:
         7b:ab:68:e2:09:fe:9d:e6:6d:8f:de:b3:2b:11:13:ff:8d:d7:
         96:30:1e:f6:e3:0e:f3:5f:e6:53:83:60:ce:0a:26:cc:c4:98:
         74:53:2b:06
-----BEGIN CERTIFICATE-----
MIIFfTCCBGWgAwIBAgICBbcwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDA2QUExMTAvBgNVBAUTKDMxNTUxM0U1NEFCMEM5OUI4QkNBODQwNDJFMzgzNThC
NjBEQjFCMkMwHhcNMjMxMDA0MjM0MTMxWhcNMjQxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTFkZjgyYS0wMWQwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAwN44NLKou0eI4vHYEC6/hIMnt6Uu36iDgAddFmZ+q/vb9rzJ9kmGNlprsnaR
RDWy9/Q9KE4eZ+h5rofVQCKlR9k0vBrGSs2YJgW3QABuwZsKmpL2wHyWo8V6aYGA
KZsCuCqYTX4QvgzFHKCM+aAB3tFyR/INztQEqZeWZoDywWm+Ua8xFgHdAPxCHtp2
bcX4eRhlqB07UuLmvooB96qE1g5YRBUeIxfc12SJWhHX67K/lSB9uzXVS5yQPUrU
S60aVwp1MbeQPOFOAZXvVMyjQvL5Nz8jQZYmPVjkzC5DZ8fdgeOIw3lD3dm/dfPA
KyGc7D9QGOqSZwwdqY2pfk7QrwIDAQABo4ICoTCCAp0wHQYDVR0OBBYEFPOSYziZ
Ex5hQdNbN5tGGDzRLZX9MB8GA1UdIwQYMBaAFDFVE+VKsMmbi8qEBC44NYtg2xss
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0MDZBQS84RjVCQjRGODg2
QzExMUVCQkFCMzE4NEJDNEY5QUUwMi9NVlVUNVVxd3ladUx5b1FFTGpnMWkyRGJH
eXcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL01WVVQ1VXF3eVp1THlvUUVMamcxaTJEYkd5dy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDA2QUEvOEY1QkI0Rjg4NkMxMTFFQkJBQjMxODRCQzRGOUFFMDIvODIwNUE0NjZB
NzMxMTFFRDk3NTc2MTg2QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwKwYIKwYBBQUHAQcBAf8E
HDAaMBgEAgABMBIDBADKWTkDBADLWbIDBADLWbswDQYJKoZIhvcNAQELBQADggEB
AD3ZcnbTGUh/nqbJVCItqcDo3ca4Sxk8b50lWiACHYqp+UEOodoAgNhMXIkl+m0/
DCgJM8KWCSegsOQnynYNsTK88e5LHLbBkoVP+H/dgrznKzazKcbYz1OC7MtrhCRb
YxbBcSNfypm1zfkAoDd5O7JkLcBvEeBAl2ZksqxOKRZdfQGdCA1VLgNFltxqAOZk
duQpr74rb15LlVzrIVKeSHMG24XM31C9IRmgbJgkt509LoH1uu1Q3FDfWIJgeAip
+27acSHOXYbwhMXOgIuyaqQVEMAc5y76tHuraOIJ/p3mbY/esysRE/+N15YwHvbj
DvNf5lODYM4KJszEmHRTKwY=
-----END CERTIFICATE-----
Generated at Thu Jun 13 00:57:49 2024 by rpki-client on console-fra.rpki-client.org