Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9146207/FE75634002CB11E6865B8F3BC4F9AE02/DFBA3AD2555611E7A82D327CC4F9AE02.roa
File:                     DFBA3AD2555611E7A82D327CC4F9AE02.roa (raw, json)
Hash identifier:          jxAuvtreGVrH771JiowGNlvA0zgyufdgnc3hbb1cfJg=
Subject key identifier:   16:82:C5:87:94:51:CB:1C:7E:E0:32:19:25:5D:68:24:25:11:B2:5B
Certificate issuer:       /CN=A9146207/serialNumber=9E668E6E67BAD0ACF940A228C4BC093B8B24002B
Certificate serial:       227C
Authority key identifier: 9E:66:8E:6E:67:BA:D0:AC:F9:40:A2:28:C4:BC:09:3B:8B:24:00:2B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/nmaObme60Kz5QKIoxLwJO4skACs.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9146207/FE75634002CB11E6865B8F3BC4F9AE02/DFBA3AD2555611E7A82D327CC4F9AE02.roa
Signing time:             Thu 20 Jul 2023 16:13:00 +0000
ROA not before:           Thu 20 Jul 2023 16:13:00 +0000
ROA not after:            Mon 30 Sep 2024 00:00:00 +0000
asID:                     23689
IP address blocks:        120.28.28.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9146207/FE75634002CB11E6865B8F3BC4F9AE02/nmaObme60Kz5QKIoxLwJO4skACs.crl
                          rsync://rpki.apnic.net/member_repository/A9146207/FE75634002CB11E6865B8F3BC4F9AE02/nmaObme60Kz5QKIoxLwJO4skACs.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/nmaObme60Kz5QKIoxLwJO4skACs.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 21 Jun 2024 16:27:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 8828 (0x227c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9146207/serialNumber=9E668E6E67BAD0ACF940A228C4BC093B8B24002B
        Validity
            Not Before: Jul 20 16:13:00 2023 GMT
            Not After : Sep 30 00:00:00 2024 GMT
        Subject: CN=64b95d0b-255e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:a3:28:cc:37:30:b2:ff:21:2d:9b:d6:bf:cb:
                    b2:6b:50:af:fb:bc:49:95:28:b8:54:49:7f:1d:3d:
                    02:38:7e:ac:98:a8:a1:52:93:44:13:aa:8b:f7:8e:
                    5c:30:3b:98:f6:56:06:3f:59:f3:d7:ba:85:21:4e:
                    a6:39:c8:dd:e1:2a:e0:cf:bf:9a:66:03:84:ac:56:
                    b6:b3:b2:3a:d0:3e:32:85:a9:99:81:b0:eb:53:6f:
                    5e:1b:4d:28:4b:a2:56:33:24:b4:e0:c7:53:ad:59:
                    66:30:43:4c:b5:2c:ed:a9:fe:2b:d3:ea:0c:4c:7c:
                    3c:55:17:62:e4:26:19:7c:1d:7e:26:67:46:e1:68:
                    2a:00:e3:b7:71:3f:50:b4:f7:b1:5c:e4:bc:2c:a1:
                    c8:c4:0f:7f:b6:c7:44:6c:ea:48:f6:32:c9:79:bf:
                    16:ef:16:67:1a:4f:ff:84:2d:d0:e3:4e:79:4f:d1:
                    38:e1:91:4a:60:72:b1:cd:68:e5:de:33:a9:e8:46:
                    2d:44:30:a1:28:06:90:c8:90:c7:c3:7b:f0:89:42:
                    6a:ab:5f:0a:ab:c8:3a:b6:c3:3d:46:1c:23:1b:b2:
                    e9:81:36:57:2c:d8:38:6c:29:af:8b:9c:be:f3:fa:
                    bb:e1:c8:f4:93:fe:03:d6:a1:78:70:e8:cb:5d:50:
                    19:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:82:C5:87:94:51:CB:1C:7E:E0:32:19:25:5D:68:24:25:11:B2:5B
            X509v3 Authority Key Identifier:
                keyid:9E:66:8E:6E:67:BA:D0:AC:F9:40:A2:28:C4:BC:09:3B:8B:24:00:2B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9146207/FE75634002CB11E6865B8F3BC4F9AE02/nmaObme60Kz5QKIoxLwJO4skACs.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/nmaObme60Kz5QKIoxLwJO4skACs.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9146207/FE75634002CB11E6865B8F3BC4F9AE02/DFBA3AD2555611E7A82D327CC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  120.28.28.0/23

    Signature Algorithm: sha256WithRSAEncryption
         61:d9:f4:bd:c9:03:60:79:d0:ac:e4:48:dd:9b:81:b8:4f:78:
         73:64:8f:04:c4:51:ae:9e:7b:91:ff:c5:a1:3e:2c:a8:32:6c:
         eb:d4:07:89:7b:13:92:cc:e4:73:6c:8a:1d:e7:1e:50:5f:d2:
         a9:cf:40:5a:57:f0:77:35:76:af:20:79:d5:39:ec:40:da:9c:
         53:d2:ab:12:14:e4:0a:6c:61:2b:c6:d6:02:d0:56:37:3f:a6:
         3a:18:52:f1:b4:3d:7f:60:5e:79:c2:21:0f:80:cb:7e:ef:77:
         07:02:c6:21:d7:0f:45:78:2c:0c:3a:28:4f:17:7f:d6:ee:e2:
         73:e2:5b:c0:c6:17:b9:79:5a:15:e7:46:b7:0a:12:4b:39:87:
         36:f6:c8:8c:b6:6b:a5:04:02:b7:17:99:a7:c7:6b:14:1b:6f:
         0f:3f:f7:0f:33:02:6f:53:78:2a:f5:93:37:f3:cd:e2:31:73:
         82:5a:94:ec:03:ce:e1:fa:09:cd:48:d5:5f:ca:6c:44:4e:7e:
         82:16:eb:27:dc:3f:40:31:38:0e:6b:0d:4f:aa:9e:ba:55:71:
         2e:e0:9b:d4:62:a3:ac:6e:58:24:bf:1f:49:e2:43:7d:ef:95:
         43:26:a2:ce:13:ac:a5:39:7e:89:d3:f3:e5:7e:96:9d:07:9f:
         21:cc:b8:0c
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICInwwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDYyMDcxMTAvBgNVBAUTKDlFNjY4RTZFNjdCQUQwQUNGOTQwQTIyOEM0QkMwOTNC
OEIyNDAwMkIwHhcNMjMwNzIwMTYxMzAwWhcNMjQwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NGI5NWQwYi0yNTVlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAp6MozDcwsv8hLZvWv8uya1Cv+7xJlSi4VEl/HT0COH6smKihUpNEE6qL945c
MDuY9lYGP1nz17qFIU6mOcjd4Srgz7+aZgOErFa2s7I60D4yhamZgbDrU29eG00o
S6JWMyS04MdTrVlmMENMtSztqf4r0+oMTHw8VRdi5CYZfB1+JmdG4WgqAOO3cT9Q
tPexXOS8LKHIxA9/tsdEbOpI9jLJeb8W7xZnGk//hC3Q4055T9E44ZFKYHKxzWjl
3jOp6EYtRDChKAaQyJDHw3vwiUJqq18Kq8g6tsM9RhwjG7LpgTZXLNg4bCmvi5y+
8/q74cj0k/4D1qF4cOjLXVAZ3QIDAQABo4IClTCCApEwHQYDVR0OBBYEFBaCxYeU
UcscfuAyGSVdaCQlEbJbMB8GA1UdIwQYMBaAFJ5mjm5nutCs+UCiKMS8CTuLJAAr
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0NjIwNy9GRTc1NjM0MDAy
Q0IxMUU2ODY1QjhGM0JDNEY5QUUwMi9ubWFPYm1lNjBLejVRS0lveEx3Sk80c2tB
Q3MuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL25tYU9ibWU2MEt6NVFLSW94THdKTzRza0FDcy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDYyMDcvRkU3NTYzNDAwMkNCMTFFNjg2NUI4RjNCQzRGOUFFMDIvREZCQTNBRDI1
NTU2MTFFN0E4MkQzMjdDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAF4HBwwDQYJKoZIhvcNAQELBQADggEBAGHZ9L3JA2B50Kzk
SN2bgbhPeHNkjwTEUa6ee5H/xaE+LKgybOvUB4l7E5LM5HNsih3nHlBf0qnPQFpX
8Hc1dq8gedU57EDanFPSqxIU5ApsYSvG1gLQVjc/pjoYUvG0PX9gXnnCIQ+Ay37v
dwcCxiHXD0V4LAw6KE8Xf9bu4nPiW8DGF7l5WhXnRrcKEks5hzb2yIy2a6UEArcX
mafHaxQbbw8/9w8zAm9TeCr1kzfzzeIxc4JalOwDzuH6Cc1I1V/KbEROfoIW6yfc
P0AxOA5rDU+qnrpVcS7gm9Rio6xuWCS/H0niQ33vlUMmos4TrKU5fonT8+V+lp0H
nyHMuAw=
-----END CERTIFICATE-----
Generated at Fri Jun 14 19:09:19 2024 by rpki-client on console-ams.rpki-client.org