Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A914C90B/92842702E71011EEA9DBC252C4F9AE02/52BD65B4E7D511EE8C353D2AC4F9AE02.roa
File:                     52BD65B4E7D511EE8C353D2AC4F9AE02.roa (raw, json)
Hash identifier:          zFf97/9MWDJ1OuFa86jOAQdYZPSbsznuzGtJuPn2650=
Subject key identifier:   D8:B9:16:1D:D2:F1:5D:ED:AD:53:95:48:86:F7:B0:84:D9:4E:2F:2D
Certificate issuer:       /CN=A914C90B/serialNumber=07EECC4426A8C33D4590BCDA12D9750C4904857D
Certificate serial:       03
Authority key identifier: 07:EE:CC:44:26:A8:C3:3D:45:90:BC:DA:12:D9:75:0C:49:04:85:7D
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/B-7MRCaowz1FkLzaEtl1DEkEhX0.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A914C90B/92842702E71011EEA9DBC252C4F9AE02/52BD65B4E7D511EE8C353D2AC4F9AE02.roa
Signing time:             Thu 21 Mar 2024 22:49:50 +0000
ROA not before:           Thu 21 Mar 2024 22:49:50 +0000
ROA not after:            Thu 01 May 2025 00:00:00 +0000
asID:                     135400
IP address blocks:        203.176.122.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A914C90B/92842702E71011EEA9DBC252C4F9AE02/B-7MRCaowz1FkLzaEtl1DEkEhX0.crl
                          rsync://rpki.apnic.net/member_repository/A914C90B/92842702E71011EEA9DBC252C4F9AE02/B-7MRCaowz1FkLzaEtl1DEkEhX0.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/B-7MRCaowz1FkLzaEtl1DEkEhX0.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 20 Jun 2024 07:03:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3 (0x3)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A914C90B/serialNumber=07EECC4426A8C33D4590BCDA12D9750C4904857D
        Validity
            Not Before: Mar 21 22:49:50 2024 GMT
            Not After : May  1 00:00:00 2025 GMT
        Subject: CN=65fcb98d-4b7a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:e6:00:c0:ea:b1:72:e7:5c:8a:9f:38:a9:45:
                    9a:9b:2f:25:dc:71:86:af:15:d1:a2:8b:2c:c9:de:
                    3e:2d:b5:8e:a1:62:ab:79:ef:8c:f6:90:98:a4:12:
                    a4:2b:ff:8f:a4:ec:af:40:ac:46:c9:08:bc:eb:3e:
                    8c:37:97:04:53:a7:ee:7b:51:67:aa:16:73:c2:92:
                    53:05:08:69:79:a9:4a:59:05:ec:84:e3:ec:31:9e:
                    5f:b2:ef:ea:f8:6f:12:ba:7b:0a:e6:07:9c:0e:88:
                    c3:17:d5:e2:4f:11:94:1e:6a:18:1d:67:14:d3:62:
                    fc:f8:fb:07:68:b9:08:ba:9e:1c:37:12:bc:2d:75:
                    d6:28:9e:d5:e4:3b:34:c0:5e:e7:c1:54:e3:d0:5d:
                    10:9b:2b:cf:62:dd:6b:94:b2:8b:c1:fb:09:77:d7:
                    f1:c4:0e:0b:fa:68:b7:a5:6c:e1:ef:20:4d:3b:a4:
                    c0:78:07:e9:79:d8:d5:39:54:b0:ea:d6:b3:81:3f:
                    e6:cc:fc:3f:7c:d5:30:e7:0b:1b:77:c8:2a:5a:58:
                    32:4d:8d:64:fb:50:9b:32:82:ad:48:f0:2f:d0:8f:
                    5e:f2:96:e2:e8:4c:44:d5:59:7d:8d:77:4d:ca:4e:
                    9b:51:fe:af:de:a7:12:7a:52:11:d2:0a:e5:6f:de:
                    5a:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:B9:16:1D:D2:F1:5D:ED:AD:53:95:48:86:F7:B0:84:D9:4E:2F:2D
            X509v3 Authority Key Identifier:
                keyid:07:EE:CC:44:26:A8:C3:3D:45:90:BC:DA:12:D9:75:0C:49:04:85:7D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A914C90B/92842702E71011EEA9DBC252C4F9AE02/B-7MRCaowz1FkLzaEtl1DEkEhX0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/B-7MRCaowz1FkLzaEtl1DEkEhX0.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A914C90B/92842702E71011EEA9DBC252C4F9AE02/52BD65B4E7D511EE8C353D2AC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.176.122.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1f:07:61:0d:26:4a:ec:71:26:e1:db:97:ce:f5:c6:12:c7:2a:
         d5:ca:45:22:31:23:3b:99:b5:05:26:3b:f1:9a:85:24:f5:2d:
         f0:14:a1:46:c2:da:72:c5:66:67:73:08:da:3c:3f:fc:ca:e1:
         c0:df:f0:92:00:b8:81:79:bd:5a:f2:51:f9:f4:b1:a7:40:97:
         90:52:bd:97:a1:16:4f:90:ac:8f:2c:06:04:79:be:c5:77:89:
         c4:13:27:92:8c:cd:c6:c4:5f:ce:46:65:d1:e9:8d:40:4b:a1:
         2d:b2:ce:84:99:7a:3e:89:ec:73:08:7a:00:17:d0:0f:09:a4:
         eb:65:39:f6:64:c3:57:bd:a5:ba:45:3e:bf:9d:f1:1d:74:39:
         1d:ef:8b:6b:f8:10:ae:cc:59:e0:cc:df:b9:25:c8:8a:06:3c:
         07:15:44:61:5e:c0:d0:21:9a:7a:50:4b:10:f0:84:2e:b0:45:
         06:9d:40:cd:d2:03:f4:7a:11:9f:10:97:85:f6:9b:81:af:a3:
         20:b4:1f:c4:87:2a:ac:5b:08:9d:74:25:e7:a9:12:d0:5f:e1:
         dd:66:23:94:d7:bd:08:8a:72:77:84:6d:05:1c:b5:cd:86:d9:
         65:c8:ed:d2:11:0c:98:33:16:df:08:2f:c1:81:39:5b:34:77:
         64:59:ef:74
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgIBAzANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTE0
QzkwQjExMC8GA1UEBRMoMDdFRUNDNDQyNkE4QzMzRDQ1OTBCQ0RBMTJEOTc1MEM0
OTA0ODU3RDAeFw0yNDAzMjEyMjQ5NTBaFw0yNTA1MDEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY1ZmNiOThkLTRiN2EwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDK5gDA6rFy51yKnzipRZqbLyXccYavFdGiiyzJ3j4ttY6hYqt574z2kJikEqQr
/4+k7K9ArEbJCLzrPow3lwRTp+57UWeqFnPCklMFCGl5qUpZBeyE4+wxnl+y7+r4
bxK6ewrmB5wOiMMX1eJPEZQeahgdZxTTYvz4+wdouQi6nhw3ErwtddYontXkOzTA
XufBVOPQXRCbK89i3WuUsovB+wl31/HEDgv6aLelbOHvIE07pMB4B+l52NU5VLDq
1rOBP+bM/D981TDnCxt3yCpaWDJNjWT7UJsygq1I8C/Qj17yluLoTETVWX2Nd03K
TptR/q/epxJ6UhHSCuVv3lpPAgMBAAGjggKVMIICkTAdBgNVHQ4EFgQU2LkWHdLx
Xe2tU5VIhvewhNlOLy0wHwYDVR0jBBgwFoAUB+7MRCaowz1FkLzaEtl1DEkEhX0w
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTRDOTBCLzkyODQyNzAyRTcx
MDExRUVBOURCQzI1MkM0RjlBRTAyL0ItN01SQ2Fvd3oxRmtMemFFdGwxREVrRWhY
MC5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvQi03TVJDYW93ejFGa0x6YUV0bDFERWtFaFgwLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0
QzkwQi85Mjg0MjcwMkU3MTAxMUVFQTlEQkMyNTJDNEY5QUUwMi81MkJENjVCNEU3
RDUxMUVFOEMzNTNEMkFDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEAcuwejANBgkqhkiG9w0BAQsFAAOCAQEAHwdhDSZK7HEm4duX
zvXGEscq1cpFIjEjO5m1BSY78ZqFJPUt8BShRsLacsVmZ3MI2jw//MrhwN/wkgC4
gXm9WvJR+fSxp0CXkFK9l6EWT5CsjywGBHm+xXeJxBMnkozNxsRfzkZl0emNQEuh
LbLOhJl6Ponscwh6ABfQDwmk62U59mTDV72lukU+v53xHXQ5He+La/gQrsxZ4Mzf
uSXIigY8BxVEYV7A0CGaelBLEPCELrBFBp1AzdID9HoRnxCXhfabga+jILQfxIcq
rFsInXQl56kS0F/h3WYjlNe9CIpyd4RtBRy1zYbZZcjt0hEMmDMW3wgvwYE5WzR3
ZFnvdA==
-----END CERTIFICATE-----
Generated at Thu Jun 13 10:45:07 2024 by rpki-client on console-fra.rpki-client.org