Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91592B3/8917FB2A5D0E11E5B3BEAD57C4F9AE02/54EE8F7615FE11ECAF541012C4F9AE02.roa
File:                     54EE8F7615FE11ECAF541012C4F9AE02.roa (raw, json)
Hash identifier:          Mt0fQZWhWQhdOjSfwp4ovls7hDEd5rk64993ERty+U0=
Subject key identifier:   3A:7A:62:CE:26:C9:71:78:CE:F9:2E:E9:C1:83:F0:41:1B:29:0F:45
Certificate issuer:       /CN=A91592B3/serialNumber=3A5C0813C0FED0A83B3DD01B7A5AE1A130827028
Certificate serial:       233B
Authority key identifier: 3A:5C:08:13:C0:FE:D0:A8:3B:3D:D0:1B:7A:5A:E1:A1:30:82:70:28
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/OlwIE8D-0Kg7PdAbelrhoTCCcCg.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91592B3/8917FB2A5D0E11E5B3BEAD57C4F9AE02/54EE8F7615FE11ECAF541012C4F9AE02.roa
Signing time:             Mon 18 Mar 2024 16:22:57 +0000
ROA not before:           Mon 18 Mar 2024 16:22:57 +0000
ROA not after:            Wed 28 May 2025 00:00:00 +0000
asID:                     9911
IP address blocks:        202.40.224.0/19 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91592B3/8917FB2A5D0E11E5B3BEAD57C4F9AE02/OlwIE8D-0Kg7PdAbelrhoTCCcCg.crl
                          rsync://rpki.apnic.net/member_repository/A91592B3/8917FB2A5D0E11E5B3BEAD57C4F9AE02/OlwIE8D-0Kg7PdAbelrhoTCCcCg.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/OlwIE8D-0Kg7PdAbelrhoTCCcCg.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 23 Jun 2024 14:50:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 9019 (0x233b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91592B3/serialNumber=3A5C0813C0FED0A83B3DD01B7A5AE1A130827028
        Validity
            Not Before: Mar 18 16:22:57 2024 GMT
            Not After : May 28 00:00:00 2025 GMT
        Subject: CN=65f86a61-46fd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:36:fd:f7:41:35:93:0c:7d:f5:70:f6:9b:c0:
                    eb:48:4f:49:70:e3:e9:27:46:81:5e:7d:73:6b:83:
                    f2:d4:63:01:4c:62:15:da:f9:7a:70:30:95:34:2c:
                    bf:9c:cf:4d:4b:b7:08:ac:01:03:d7:25:f6:01:12:
                    3c:0b:ee:9a:95:8c:d5:4b:8e:5b:3a:3b:72:1f:20:
                    38:8e:36:1c:52:49:75:67:47:ae:52:f4:29:a8:ed:
                    58:89:a4:ee:92:65:5e:f9:c2:a3:22:e1:03:a7:b3:
                    72:5e:ce:6f:ab:33:22:2d:99:2e:f6:8c:88:86:fe:
                    3a:a9:18:a8:f6:a1:6f:f8:19:98:a7:bf:a7:0e:26:
                    1c:e5:5b:74:56:f7:b0:f5:4b:6c:b7:4f:a4:a1:8f:
                    ed:41:8b:e3:dd:42:d4:c9:3d:de:96:ac:cd:65:d4:
                    d3:21:6a:c5:a5:54:55:30:e6:9e:0a:06:36:13:f8:
                    a7:51:85:24:d7:ad:e2:5d:51:f9:29:17:1b:2b:70:
                    4a:38:2c:66:f5:2b:cf:0a:54:f8:27:51:a6:dd:15:
                    6b:b9:67:5a:90:26:c6:80:ee:ec:fa:12:42:b9:8f:
                    a8:a3:b6:93:af:54:27:d6:69:57:ba:41:2d:22:e2:
                    99:c7:00:a0:2e:c4:d6:87:53:db:56:70:e3:6d:fc:
                    dc:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:7A:62:CE:26:C9:71:78:CE:F9:2E:E9:C1:83:F0:41:1B:29:0F:45
            X509v3 Authority Key Identifier:
                keyid:3A:5C:08:13:C0:FE:D0:A8:3B:3D:D0:1B:7A:5A:E1:A1:30:82:70:28

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91592B3/8917FB2A5D0E11E5B3BEAD57C4F9AE02/OlwIE8D-0Kg7PdAbelrhoTCCcCg.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/OlwIE8D-0Kg7PdAbelrhoTCCcCg.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91592B3/8917FB2A5D0E11E5B3BEAD57C4F9AE02/54EE8F7615FE11ECAF541012C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.40.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         63:ca:92:41:41:9f:dc:4f:71:82:3e:47:cb:a0:eb:2f:5e:98:
         fa:8e:4e:cf:76:d0:6f:21:63:72:45:b9:20:07:62:77:09:09:
         28:2e:5f:8d:b7:09:c6:c2:43:14:c9:39:7e:3d:4f:82:d4:77:
         cb:78:85:9a:30:b4:69:f7:a6:08:37:66:b4:ae:f6:7d:83:de:
         d9:1c:db:cc:61:18:90:9f:5d:00:59:d7:96:ac:0d:42:ae:d7:
         ad:5e:a0:cc:aa:a2:51:b9:09:3b:34:4d:56:a8:6d:4b:52:90:
         da:4d:e3:71:f0:52:11:b2:1d:fb:c2:e0:c5:1f:fc:7e:4a:e8:
         8d:66:5a:a9:59:b6:b5:fc:4f:60:fa:f8:f5:5f:7e:ea:cf:58:
         07:2c:9d:04:78:30:c3:f0:d1:c1:29:fc:6f:77:0c:de:0d:59:
         94:f7:b8:ad:e3:4c:9a:2f:43:04:a3:6a:9f:8a:49:f0:44:61:
         ad:27:ec:00:8b:3a:0d:eb:a4:83:de:4d:2e:54:d7:1e:a0:0b:
         d4:bb:92:fa:39:65:75:50:38:06:88:63:d2:bc:c4:67:2d:38:
         37:2f:66:41:e4:e2:23:9f:f2:f4:83:e5:f4:0c:93:f6:06:ea:
         71:e2:81:49:f8:38:63:93:83:94:19:51:c4:df:21:e8:76:41:
         6b:26:51:39
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICIzswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NTkyQjMxMTAvBgNVBAUTKDNBNUMwODEzQzBGRUQwQTgzQjNERDAxQjdBNUFFMUEx
MzA4MjcwMjgwHhcNMjQwMzE4MTYyMjU3WhcNMjUwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02NWY4NmE2MS00NmZkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAxDb990E1kwx99XD2m8DrSE9JcOPpJ0aBXn1za4Py1GMBTGIV2vl6cDCVNCy/
nM9NS7cIrAED1yX2ARI8C+6alYzVS45bOjtyHyA4jjYcUkl1Z0euUvQpqO1YiaTu
kmVe+cKjIuEDp7NyXs5vqzMiLZku9oyIhv46qRio9qFv+BmYp7+nDiYc5Vt0Vvew
9Utst0+koY/tQYvj3ULUyT3elqzNZdTTIWrFpVRVMOaeCgY2E/inUYUk163iXVH5
KRcbK3BKOCxm9SvPClT4J1Gm3RVruWdakCbGgO7s+hJCuY+oo7aTr1Qn1mlXukEt
IuKZxwCgLsTWh1PbVnDjbfzcXwIDAQABo4IClTCCApEwHQYDVR0OBBYEFDp6Ys4m
yXF4zvku6cGD8EEbKQ9FMB8GA1UdIwQYMBaAFDpcCBPA/tCoOz3QG3pa4aEwgnAo
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1OTJCMy84OTE3RkIyQTVE
MEUxMUU1QjNCRUFENTdDNEY5QUUwMi9PbHdJRThELTBLZzdQZEFiZWxyaG9UQ0Nj
Q2cuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL09sd0lFOEQtMEtnN1BkQWJlbHJob1RDQ2NDZy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NTkyQjMvODkxN0ZCMkE1RDBFMTFFNUIzQkVBRDU3QzRGOUFFMDIvNTRFRThGNzYx
NUZFMTFFQ0FGNTQxMDEyQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAXKKOAwDQYJKoZIhvcNAQELBQADggEBAGPKkkFBn9xPcYI+
R8ug6y9emPqOTs920G8hY3JFuSAHYncJCSguX423CcbCQxTJOX49T4LUd8t4hZow
tGn3pgg3ZrSu9n2D3tkc28xhGJCfXQBZ15asDUKu161eoMyqolG5CTs0TVaobUtS
kNpN43HwUhGyHfvC4MUf/H5K6I1mWqlZtrX8T2D6+PVffurPWAcsnQR4MMPw0cEp
/G93DN4NWZT3uK3jTJovQwSjap+KSfBEYa0n7ACLOg3rpIPeTS5U1x6gC9S7kvo5
ZXVQOAaIY9K8xGctODcvZkHk4iOf8vSD5fQMk/YG6nHigUn4OGOTg5QZUcTfIeh2
QWsmUTk=
-----END CERTIFICATE-----
Generated at Sun Jun 16 17:32:44 2024 by rpki-client on console-fra.rpki-client.org