Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A914BCB6/2AB7CC5ACCF111EB91421958C4F9AE02/F2004572BAED11ECA89EC43AC4F9AE02.roa
File:                     F2004572BAED11ECA89EC43AC4F9AE02.roa (raw, json)
Hash identifier:          o9PB+UobyP+l5eMcB8QbwCGSAygZt597MmAdTrie4ro=
Subject key identifier:   A0:B4:23:09:4B:47:48:CB:88:4F:2B:D9:80:D7:89:F2:A3:34:9C:B6
Certificate issuer:       /CN=A914BCB6/serialNumber=0110BB3AB50E3A0D4490C32103BBC4054DC6821E
Certificate serial:       04A0
Authority key identifier: 01:10:BB:3A:B5:0E:3A:0D:44:90:C3:21:03:BB:C4:05:4D:C6:82:1E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ARC7OrUOOg1EkMMhA7vEBU3Ggh4.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A914BCB6/2AB7CC5ACCF111EB91421958C4F9AE02/F2004572BAED11ECA89EC43AC4F9AE02.roa
Signing time:             Fri 01 Dec 2023 01:33:15 +0000
ROA not before:           Fri 01 Dec 2023 01:33:15 +0000
ROA not after:            Mon 30 Dec 2024 00:00:00 +0000
asID:                     24184
IP address blocks:        203.82.2.0/23 maxlen: 24
                          2001:df0:7040::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A914BCB6/2AB7CC5ACCF111EB91421958C4F9AE02/ARC7OrUOOg1EkMMhA7vEBU3Ggh4.crl
                          rsync://rpki.apnic.net/member_repository/A914BCB6/2AB7CC5ACCF111EB91421958C4F9AE02/ARC7OrUOOg1EkMMhA7vEBU3Ggh4.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ARC7OrUOOg1EkMMhA7vEBU3Ggh4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 22 Jun 2024 01:32:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1184 (0x4a0)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A914BCB6/serialNumber=0110BB3AB50E3A0D4490C32103BBC4054DC6821E
        Validity
            Not Before: Dec  1 01:33:15 2023 GMT
            Not After : Dec 30 00:00:00 2024 GMT
        Subject: CN=656937db-47c4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:cc:52:05:b6:f2:1d:1c:09:e1:02:03:e5:50:
                    7c:af:dd:6d:d9:26:af:72:2f:6c:6c:a1:79:5e:bb:
                    63:0f:9b:52:40:ea:26:1a:b9:86:f5:bf:52:f3:65:
                    ca:01:76:49:ec:cd:8a:05:86:9e:f9:58:80:2b:e2:
                    f5:18:42:60:8e:f2:94:e1:96:75:4a:c9:6f:fc:97:
                    f9:10:85:fe:b6:5b:8a:82:98:ef:92:66:2e:5f:dc:
                    df:7d:42:8d:99:09:17:f9:7f:70:8c:c8:3e:18:bb:
                    7a:ce:b7:e5:a0:5a:e8:dc:e7:44:bd:46:bc:4c:5f:
                    be:37:db:83:a8:fc:73:bb:90:88:6c:f6:4a:a1:35:
                    d1:07:65:eb:80:60:c3:25:1f:13:a0:08:43:df:64:
                    b9:06:64:95:6f:cf:88:90:4e:b3:88:56:b7:07:11:
                    d8:46:21:d5:b4:0f:c7:01:28:95:0e:16:05:b8:bd:
                    3f:4f:ee:01:dc:b2:ac:28:85:95:be:be:96:5a:01:
                    85:87:2e:c7:03:42:1b:02:91:98:1b:27:be:62:75:
                    45:9b:6c:8e:ee:e9:ed:15:61:d3:f1:d4:a1:e1:a0:
                    ac:21:60:b5:10:27:52:13:80:80:4b:26:66:b1:49:
                    b7:40:5e:28:27:38:05:10:50:83:27:42:87:76:cd:
                    7a:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A0:B4:23:09:4B:47:48:CB:88:4F:2B:D9:80:D7:89:F2:A3:34:9C:B6
            X509v3 Authority Key Identifier:
                keyid:01:10:BB:3A:B5:0E:3A:0D:44:90:C3:21:03:BB:C4:05:4D:C6:82:1E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A914BCB6/2AB7CC5ACCF111EB91421958C4F9AE02/ARC7OrUOOg1EkMMhA7vEBU3Ggh4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ARC7OrUOOg1EkMMhA7vEBU3Ggh4.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A914BCB6/2AB7CC5ACCF111EB91421958C4F9AE02/F2004572BAED11ECA89EC43AC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.82.2.0/23
                IPv6:
                  2001:df0:7040::/48

    Signature Algorithm: sha256WithRSAEncryption
         0b:d6:93:1f:ad:1a:b7:f8:41:df:9e:ee:5e:fb:7b:23:ce:34:
         93:a3:37:ab:e9:1e:18:1c:2c:4d:57:07:c5:34:b6:76:07:c0:
         89:8f:bd:ce:24:75:20:12:af:08:7a:99:b8:9c:be:18:cf:d1:
         92:2b:22:c5:00:e9:0d:c3:23:36:5d:3e:e3:df:a7:96:40:ee:
         56:55:02:16:11:13:ad:71:88:99:be:86:6e:23:99:2f:64:13:
         be:f8:a7:d0:8a:47:5c:2d:47:5d:af:9a:0b:67:90:17:6d:02:
         1c:aa:41:11:2f:37:49:87:74:70:62:31:1a:c9:d9:a3:c1:76:
         e5:ba:52:86:b5:fd:ad:71:56:90:e3:96:21:bf:62:b3:18:81:
         41:9a:d5:41:b4:71:a6:6a:48:9b:84:6c:88:de:66:cb:b8:05:
         b8:b2:72:2f:b8:77:3f:85:61:b5:e5:d6:9f:e6:0b:d3:77:2b:
         0e:d5:96:28:23:f3:19:26:19:54:91:f1:5f:25:47:81:42:b9:
         5c:5c:d3:c3:27:79:b0:8f:97:6d:a6:95:23:36:a7:aa:1e:a2:
         a9:ee:e9:0d:62:dc:3b:46:79:c2:38:3e:52:2d:36:13:49:93:
         ba:00:1c:4a:88:6f:ef:44:eb:00:b7:3d:0a:23:48:50:52:b9:
         a8:b5:bf:15
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICBKAwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NEJDQjYxMTAvBgNVBAUTKDAxMTBCQjNBQjUwRTNBMEQ0NDkwQzMyMTAzQkJDNDA1
NERDNjgyMUUwHhcNMjMxMjAxMDEzMzE1WhcNMjQxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTY5MzdkYi00N2M0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA08xSBbbyHRwJ4QID5VB8r91t2Savci9sbKF5XrtjD5tSQOomGrmG9b9S82XK
AXZJ7M2KBYae+ViAK+L1GEJgjvKU4ZZ1Sslv/Jf5EIX+tluKgpjvkmYuX9zffUKN
mQkX+X9wjMg+GLt6zrfloFro3OdEvUa8TF++N9uDqPxzu5CIbPZKoTXRB2XrgGDD
JR8ToAhD32S5BmSVb8+IkE6ziFa3BxHYRiHVtA/HASiVDhYFuL0/T+4B3LKsKIWV
vr6WWgGFhy7HA0IbApGYGye+YnVFm2yO7untFWHT8dSh4aCsIWC1ECdSE4CASyZm
sUm3QF4oJzgFEFCDJ0KHds161wIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFKC0IwlL
R0jLiE8r2YDXifKjNJy2MB8GA1UdIwQYMBaAFAEQuzq1DjoNRJDDIQO7xAVNxoIe
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0QkNCNi8yQUI3Q0M1QUND
RjExMUVCOTE0MjE5NThDNEY5QUUwMi9BUkM3T3JVT09nMUVrTU1oQTd2RUJVM0dn
aDQuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0FSQzdPclVPT2cxRWtNTWhBN3ZFQlUzR2doNC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NEJDQjYvMkFCN0NDNUFDQ0YxMTFFQjkxNDIxOTU4QzRGOUFFMDIvRjIwMDQ1NzJC
QUVEMTFFQ0E4OUVDNDNBQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBAHLUgIwDwQCAAIwCQMHACABDfBwQDANBgkqhkiG9w0BAQsF
AAOCAQEAC9aTH60at/hB357uXvt7I840k6M3q+keGBwsTVcHxTS2dgfAiY+9ziR1
IBKvCHqZuJy+GM/RkisixQDpDcMjNl0+49+nlkDuVlUCFhETrXGImb6GbiOZL2QT
vvin0IpHXC1HXa+aC2eQF20CHKpBES83SYd0cGIxGsnZo8F25bpShrX9rXFWkOOW
Ib9isxiBQZrVQbRxpmpIm4RsiN5my7gFuLJyL7h3P4VhteXWn+YL03crDtWWKCPz
GSYZVJHxXyVHgUK5XFzTwyd5sI+XbaaVIzanqh6iqe7pDWLcO0Z5wjg+Ui02E0mT
ugAcSohv70TrALc9CiNIUFK5qLW/FQ==
-----END CERTIFICATE-----
Generated at Sat Jun 15 02:44:36 2024 by rpki-client on console-ams.rpki-client.org