Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9153646/6B8EFA5AFF9811E987C80A6AC4F9AE02/9E1A4B86526511EE869BEC82C4F9AE02.roa
File:                     9E1A4B86526511EE869BEC82C4F9AE02.roa (raw, json)
Hash identifier:          /Gt//5TXUFWHrpjTWO/wAx+DZp6dKRqm04fYDYPiaOs=
Subject key identifier:   69:FA:89:DE:98:17:2F:31:3C:AA:EF:76:2C:A1:A6:A5:0E:53:96:16
Certificate issuer:       /CN=A9153646/serialNumber=3492EFFE9622B1FFF881597003763C1BA24A1E06
Certificate serial:       05F5
Authority key identifier: 34:92:EF:FE:96:22:B1:FF:F8:81:59:70:03:76:3C:1B:A2:4A:1E:06
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/NJLv_pYisf_4gVlwA3Y8G6JKHgY.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9153646/6B8EFA5AFF9811E987C80A6AC4F9AE02/9E1A4B86526511EE869BEC82C4F9AE02.roa
Signing time:             Sun 24 Dec 2023 19:07:07 +0000
ROA not before:           Sun 24 Dec 2023 19:07:07 +0000
ROA not after:            Fri 31 Jan 2025 00:00:00 +0000
asID:                     141731
IP address blocks:        223.29.214.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9153646/6B8EFA5AFF9811E987C80A6AC4F9AE02/NJLv_pYisf_4gVlwA3Y8G6JKHgY.crl
                          rsync://rpki.apnic.net/member_repository/A9153646/6B8EFA5AFF9811E987C80A6AC4F9AE02/NJLv_pYisf_4gVlwA3Y8G6JKHgY.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/NJLv_pYisf_4gVlwA3Y8G6JKHgY.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 21 Jun 2024 19:29:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1525 (0x5f5)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9153646/serialNumber=3492EFFE9622B1FFF881597003763C1BA24A1E06
        Validity
            Not Before: Dec 24 19:07:07 2023 GMT
            Not After : Jan 31 00:00:00 2025 GMT
        Subject: CN=6588815a-40e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:cc:e2:c2:c6:a8:20:96:e0:af:0d:1b:6b:7f:
                    58:88:f9:35:ad:98:f1:f8:66:ba:33:84:f9:91:37:
                    ac:98:ce:c2:16:d7:66:9c:9d:d3:b2:a0:26:65:75:
                    87:18:5b:01:34:d3:6c:87:7d:85:a7:a2:65:bd:d1:
                    21:e8:f4:40:29:8f:b9:83:43:14:c6:b5:29:09:36:
                    fe:66:7d:03:16:f4:63:77:e7:94:d8:04:61:94:8d:
                    23:df:4f:db:f9:c1:09:30:28:84:43:36:2d:9e:aa:
                    d1:5e:12:12:5c:74:cd:ff:f8:66:bf:1f:ec:21:1b:
                    fc:74:b3:81:c8:e3:2b:ba:36:2a:db:a4:96:c8:a8:
                    56:2d:d7:17:cc:17:4c:bb:6b:95:0e:5c:c6:a9:f8:
                    d8:da:d1:c8:f5:3f:fe:15:f8:f8:17:12:b0:3f:46:
                    0a:c4:63:de:d7:a7:45:0c:00:c9:23:4b:5f:f0:87:
                    e5:40:7a:82:40:1f:1c:3d:df:00:56:b1:20:63:7f:
                    42:14:8e:98:6d:a1:82:27:a1:e3:70:66:7b:fe:ca:
                    ac:56:87:ce:89:58:40:63:1d:fb:85:b5:f0:7d:44:
                    42:4c:bf:ac:21:42:ed:e1:6e:14:db:37:48:40:57:
                    3d:d6:58:b9:d3:75:ff:0c:85:eb:60:35:7a:6d:58:
                    f8:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:FA:89:DE:98:17:2F:31:3C:AA:EF:76:2C:A1:A6:A5:0E:53:96:16
            X509v3 Authority Key Identifier:
                keyid:34:92:EF:FE:96:22:B1:FF:F8:81:59:70:03:76:3C:1B:A2:4A:1E:06

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9153646/6B8EFA5AFF9811E987C80A6AC4F9AE02/NJLv_pYisf_4gVlwA3Y8G6JKHgY.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/NJLv_pYisf_4gVlwA3Y8G6JKHgY.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9153646/6B8EFA5AFF9811E987C80A6AC4F9AE02/9E1A4B86526511EE869BEC82C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  223.29.214.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:d1:1c:70:cc:ce:1f:89:1c:fa:c0:a8:f1:e7:23:8f:f7:9a:
         4c:3f:78:02:50:b4:af:34:8b:c3:61:7a:97:0b:5e:ca:7d:e8:
         bc:2d:6a:df:06:17:02:72:e2:23:09:a8:13:f0:37:92:de:9a:
         33:30:ec:bd:64:77:38:70:f8:3e:c3:69:6d:da:5c:c4:e4:88:
         95:9c:8c:90:c5:81:ee:77:31:33:e6:94:77:19:4e:2f:2c:6c:
         d5:c4:5c:bf:69:88:0e:49:66:80:48:66:3a:ac:6c:df:17:b8:
         7c:9b:db:c5:21:ec:78:af:c2:64:9c:47:a8:6f:ce:e1:18:1d:
         fc:87:74:b2:fd:a0:71:52:86:af:3a:c2:89:ea:e5:16:85:ec:
         45:c9:4d:77:9d:69:1f:0d:b7:e7:f6:90:d4:4a:d5:73:78:77:
         e3:bf:53:c7:4c:bf:80:ff:6d:c3:33:17:2c:0e:dc:21:a2:c7:
         ae:bb:cb:c4:ae:ea:e9:53:61:6c:cc:48:d0:ba:ff:94:7d:43:
         eb:c3:b4:8a:59:2d:81:31:81:4a:46:3a:2d:39:b3:e7:91:43:
         4c:bc:46:13:b8:be:3f:be:dc:37:51:20:72:37:aa:27:5b:3a:
         a2:35:2b:7b:82:5d:80:71:13:74:ae:70:29:81:01:63:7a:3a:
         dd:86:88:e9
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICBfUwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NTM2NDYxMTAvBgNVBAUTKDM0OTJFRkZFOTYyMkIxRkZGODgxNTk3MDAzNzYzQzFC
QTI0QTFFMDYwHhcNMjMxMjI0MTkwNzA3WhcNMjUwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTg4ODE1YS00MGUxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAzMziwsaoIJbgrw0ba39YiPk1rZjx+Ga6M4T5kTesmM7CFtdmnJ3TsqAmZXWH
GFsBNNNsh32Fp6JlvdEh6PRAKY+5g0MUxrUpCTb+Zn0DFvRjd+eU2ARhlI0j30/b
+cEJMCiEQzYtnqrRXhISXHTN//hmvx/sIRv8dLOByOMrujYq26SWyKhWLdcXzBdM
u2uVDlzGqfjY2tHI9T/+Ffj4FxKwP0YKxGPe16dFDADJI0tf8IflQHqCQB8cPd8A
VrEgY39CFI6YbaGCJ6HjcGZ7/sqsVofOiVhAYx37hbXwfURCTL+sIULt4W4U2zdI
QFc91li503X/DIXrYDV6bVj40QIDAQABo4IClTCCApEwHQYDVR0OBBYEFGn6id6Y
Fy8xPKrvdiyhpqUOU5YWMB8GA1UdIwQYMBaAFDSS7/6WIrH/+IFZcAN2PBuiSh4G
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1MzY0Ni82QjhFRkE1QUZG
OTgxMUU5ODdDODBBNkFDNEY5QUUwMi9OSkx2X3BZaXNmXzRnVmx3QTNZOEc2SktI
Z1kuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL05KTHZfcFlpc2ZfNGdWbHdBM1k4RzZKS0hnWS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NTM2NDYvNkI4RUZBNUFGRjk4MTFFOTg3QzgwQTZBQzRGOUFFMDIvOUUxQTRCODY1
MjY1MTFFRTg2OUJFQzgyQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADfHdYwDQYJKoZIhvcNAQELBQADggEBAFTRHHDMzh+JHPrA
qPHnI4/3mkw/eAJQtK80i8NhepcLXsp96Lwtat8GFwJy4iMJqBPwN5LemjMw7L1k
dzhw+D7DaW3aXMTkiJWcjJDFge53MTPmlHcZTi8sbNXEXL9piA5JZoBIZjqsbN8X
uHyb28Uh7HivwmScR6hvzuEYHfyHdLL9oHFShq86wonq5RaF7EXJTXedaR8Nt+f2
kNRK1XN4d+O/U8dMv4D/bcMzFywO3CGix667y8Su6ulTYWzMSNC6/5R9Q+vDtIpZ
LYExgUpGOi05s+eRQ0y8RhO4vj++3DdRIHI3qidbOqI1K3uCXYBxE3SucCmBAWN6
Ot2GiOk=
-----END CERTIFICATE-----
Generated at Fri Jun 14 20:34:03 2024 by rpki-client on console-fra.rpki-client.org