Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A916988B/F36B79B0807711EBB925F154C4F9AE02/D24316B48D6D11EB9DB49A32C4F9AE02.roa
File:                     D24316B48D6D11EB9DB49A32C4F9AE02.roa (raw, json)
Hash identifier:          rlfIH0ZwliEvlqG5urlm+/gDatsreGRKOGrlouZdTF8=
Subject key identifier:   86:DE:82:EB:F5:4C:C5:86:61:46:C9:DF:A2:97:3D:0F:18:E6:93:87
Certificate issuer:       /CN=A916988B/serialNumber=BA49F2E02A635DD075F564166F111F5FADE5A7CB
Certificate serial:       0511
Authority key identifier: BA:49:F2:E0:2A:63:5D:D0:75:F5:64:16:6F:11:1F:5F:AD:E5:A7:CB
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ukny4CpjXdB19WQWbxEfX63lp8s.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A916988B/F36B79B0807711EBB925F154C4F9AE02/D24316B48D6D11EB9DB49A32C4F9AE02.roa
Signing time:             Fri 14 Jul 2023 23:19:50 +0000
ROA not before:           Fri 14 Jul 2023 23:19:50 +0000
ROA not after:            Mon 30 Sep 2024 00:00:00 +0000
asID:                     139862
IP address blocks:        203.5.33.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A916988B/F36B79B0807711EBB925F154C4F9AE02/ukny4CpjXdB19WQWbxEfX63lp8s.crl
                          rsync://rpki.apnic.net/member_repository/A916988B/F36B79B0807711EBB925F154C4F9AE02/ukny4CpjXdB19WQWbxEfX63lp8s.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ukny4CpjXdB19WQWbxEfX63lp8s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 22 Jun 2024 00:47:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1297 (0x511)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A916988B/serialNumber=BA49F2E02A635DD075F564166F111F5FADE5A7CB
        Validity
            Not Before: Jul 14 23:19:50 2023 GMT
            Not After : Sep 30 00:00:00 2024 GMT
        Subject: CN=64b1d815-b103
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:47:87:39:98:58:03:8b:9a:79:1b:c5:97:78:
                    c0:c9:d0:f0:4e:b4:07:e8:1b:bc:1c:0e:3f:b4:d9:
                    30:a3:f3:de:99:86:db:5c:4f:fd:a7:a4:1a:ad:b3:
                    61:44:cd:7c:c3:85:d1:4e:42:68:f2:7c:a9:2e:03:
                    85:ac:69:46:b2:c1:b9:0d:5c:71:51:7d:c7:d3:e3:
                    67:5b:21:84:d2:e9:4f:93:0f:db:32:2a:55:2e:46:
                    a0:71:a9:aa:e1:b9:c6:a9:89:55:52:58:32:69:a3:
                    fb:4e:bf:38:3f:75:67:e5:ba:0f:6c:57:40:8e:da:
                    3a:14:57:ff:70:51:f2:ca:cb:3c:82:8e:5f:65:33:
                    05:0c:30:24:ae:58:eb:1c:f2:90:59:6a:96:4a:96:
                    d3:4b:f8:e8:67:18:fd:4a:7f:23:47:3b:5f:f3:70:
                    fe:45:d7:1b:ae:e9:ce:73:95:c7:45:59:46:31:94:
                    32:5e:53:ca:0d:73:d6:c7:79:4e:b4:38:30:d0:27:
                    ed:e0:5e:42:93:65:f3:c0:69:c1:0a:42:ed:c7:e9:
                    36:9e:87:99:33:95:e0:1e:41:11:f3:ea:07:cd:5e:
                    e0:9a:7f:f2:1a:87:54:4e:e4:62:18:c9:93:93:ee:
                    73:2d:20:69:e2:0c:07:02:18:40:c3:15:62:b3:0e:
                    38:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:DE:82:EB:F5:4C:C5:86:61:46:C9:DF:A2:97:3D:0F:18:E6:93:87
            X509v3 Authority Key Identifier:
                keyid:BA:49:F2:E0:2A:63:5D:D0:75:F5:64:16:6F:11:1F:5F:AD:E5:A7:CB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A916988B/F36B79B0807711EBB925F154C4F9AE02/ukny4CpjXdB19WQWbxEfX63lp8s.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ukny4CpjXdB19WQWbxEfX63lp8s.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A916988B/F36B79B0807711EBB925F154C4F9AE02/D24316B48D6D11EB9DB49A32C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.5.33.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:71:69:51:83:c3:63:41:69:d6:4c:79:c1:eb:80:b7:f9:ac:
         2e:2b:21:c6:01:40:3a:31:e5:6f:88:08:ea:1f:42:4a:7b:e6:
         8d:1c:cb:26:89:98:09:c5:e2:36:24:bf:63:a0:ca:5f:fd:1c:
         cd:5d:ba:d7:17:ac:9e:a2:cd:d0:3d:7b:b3:09:80:a1:f3:6a:
         65:84:eb:8f:40:a9:7b:8a:9a:25:39:1f:b9:99:38:e4:97:3e:
         3a:af:7c:53:54:5a:4a:c1:27:96:50:72:4e:ac:29:4e:cd:1b:
         c6:85:e9:d0:9d:dc:54:fe:76:2f:86:eb:8c:7e:26:85:02:83:
         c0:74:c3:23:4e:1a:dd:25:74:fb:e0:e5:8e:ee:d5:7f:fc:f4:
         b8:0c:83:86:57:31:67:54:e6:e5:44:d2:5d:a1:b1:c3:af:9a:
         71:45:11:16:53:bc:dd:83:51:3e:76:85:b6:48:be:34:cb:12:
         66:6d:92:63:34:05:31:6c:6e:1d:7e:46:ae:63:48:9c:1e:3a:
         da:24:f9:e8:35:71:a9:09:c4:ce:4c:2a:fa:98:95:3f:cc:26:
         bb:5f:d4:e4:b9:d3:25:85:3d:47:20:c0:ae:f2:6a:f0:f8:26:
         fd:33:0f:c3:08:7f:87:99:1a:a2:ab:b4:7a:af:15:86:13:24:
         c6:46:5f:45
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICBREwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Njk4OEIxMTAvBgNVBAUTKEJBNDlGMkUwMkE2MzVERDA3NUY1NjQxNjZGMTExRjVG
QURFNUE3Q0IwHhcNMjMwNzE0MjMxOTUwWhcNMjQwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NGIxZDgxNS1iMTAzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA6UeHOZhYA4uaeRvFl3jAydDwTrQH6Bu8HA4/tNkwo/PemYbbXE/9p6QarbNh
RM18w4XRTkJo8nypLgOFrGlGssG5DVxxUX3H0+NnWyGE0ulPkw/bMipVLkagcamq
4bnGqYlVUlgyaaP7Tr84P3Vn5boPbFdAjto6FFf/cFHyyss8go5fZTMFDDAkrljr
HPKQWWqWSpbTS/joZxj9Sn8jRztf83D+RdcbrunOc5XHRVlGMZQyXlPKDXPWx3lO
tDgw0Cft4F5Ck2XzwGnBCkLtx+k2noeZM5XgHkER8+oHzV7gmn/yGodUTuRiGMmT
k+5zLSBp4gwHAhhAwxVisw44zQIDAQABo4IClTCCApEwHQYDVR0OBBYEFIbeguv1
TMWGYUbJ36KXPQ8Y5pOHMB8GA1UdIwQYMBaAFLpJ8uAqY13QdfVkFm8RH1+t5afL
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE2OTg4Qi9GMzZCNzlCMDgw
NzcxMUVCQjkyNUYxNTRDNEY5QUUwMi91a255NENwalhkQjE5V1FXYnhFZlg2M2xw
OHMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3Vrbnk0Q3BqWGRCMTlXUVdieEVmWDYzbHA4cy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Njk4OEIvRjM2Qjc5QjA4MDc3MTFFQkI5MjVGMTU0QzRGOUFFMDIvRDI0MzE2QjQ4
RDZEMTFFQjlEQjQ5QTMyQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADLBSEwDQYJKoZIhvcNAQELBQADggEBAGhxaVGDw2NBadZM
ecHrgLf5rC4rIcYBQDox5W+ICOofQkp75o0cyyaJmAnF4jYkv2Ogyl/9HM1dutcX
rJ6izdA9e7MJgKHzamWE649AqXuKmiU5H7mZOOSXPjqvfFNUWkrBJ5ZQck6sKU7N
G8aF6dCd3FT+di+G64x+JoUCg8B0wyNOGt0ldPvg5Y7u1X/89LgMg4ZXMWdU5uVE
0l2hscOvmnFFERZTvN2DUT52hbZIvjTLEmZtkmM0BTFsbh1+Rq5jSJweOtok+eg1
cakJxM5MKvqYlT/MJrtf1OS50yWFPUcgwK7yavD4Jv0zD8MIf4eZGqKrtHqvFYYT
JMZGX0U=
-----END CERTIFICATE-----
Generated at Sat Jun 15 02:44:42 2024 by rpki-client on console-ams.rpki-client.org