Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A917BED0/DDB589A0801911EDBBBE306EC4F9AE02/24AC43889DE011EDA182F455C4F9AE02.roa
File:                     24AC43889DE011EDA182F455C4F9AE02.roa (raw, json)
Hash identifier:          +5LiIA2vGdlRK4j5U+PAv4wBSf7OLNtQLm2AN9icBsc=
Subject key identifier:   32:1F:99:05:F1:8C:27:D0:0E:2A:21:48:00:A0:82:89:DE:D8:1D:F4
Certificate issuer:       /CN=A917BED0/serialNumber=692EBD3D03F258746E6843B6128DD209C51222E6
Certificate serial:       D8
Authority key identifier: 69:2E:BD:3D:03:F2:58:74:6E:68:43:B6:12:8D:D2:09:C5:12:22:E6
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/aS69PQPyWHRuaEO2Eo3SCcUSIuY.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A917BED0/DDB589A0801911EDBBBE306EC4F9AE02/24AC43889DE011EDA182F455C4F9AE02.roa
Signing time:             Thu 01 Feb 2024 05:36:47 +0000
ROA not before:           Thu 01 Feb 2024 05:36:47 +0000
ROA not after:            Mon 31 Mar 2025 00:00:00 +0000
asID:                     7600
IP address blocks:        203.5.13.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A917BED0/DDB589A0801911EDBBBE306EC4F9AE02/aS69PQPyWHRuaEO2Eo3SCcUSIuY.crl
                          rsync://rpki.apnic.net/member_repository/A917BED0/DDB589A0801911EDBBBE306EC4F9AE02/aS69PQPyWHRuaEO2Eo3SCcUSIuY.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/aS69PQPyWHRuaEO2Eo3SCcUSIuY.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 24 Jun 2024 05:48:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 216 (0xd8)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A917BED0/serialNumber=692EBD3D03F258746E6843B6128DD209C51222E6
        Validity
            Not Before: Feb  1 05:36:47 2024 GMT
            Not After : Mar 31 00:00:00 2025 GMT
        Subject: CN=65bb2def-6800
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:02:62:c9:19:c7:4b:47:c2:50:bc:cc:eb:b0:
                    98:33:56:05:88:b5:da:14:e0:cd:c6:10:9e:9b:08:
                    e9:98:58:83:ce:0b:45:d8:e3:cd:5d:d3:9a:50:22:
                    fe:c9:da:dc:c4:65:68:44:62:f7:43:db:bf:6f:e8:
                    cb:ad:33:a3:3c:8e:cf:7b:64:b1:9b:72:c2:d5:3d:
                    07:a6:56:10:dc:fe:99:3f:b3:1c:42:d6:23:56:10:
                    5e:bb:8d:84:bc:31:e1:03:35:fd:e5:38:a1:94:81:
                    50:39:cf:07:06:42:c9:d5:85:e1:da:90:ae:cf:d3:
                    75:62:39:42:08:1f:ef:cb:03:31:f5:16:36:79:f9:
                    3c:93:90:37:63:0a:7e:f3:6d:1a:fd:32:6d:9b:43:
                    c5:10:36:b2:0f:6f:a1:17:05:86:44:db:7e:e8:a8:
                    49:89:77:91:03:12:9f:8d:13:64:34:56:86:19:29:
                    2b:37:17:e1:71:6c:be:e9:cd:12:e3:22:72:3e:32:
                    f0:bf:e9:bb:5e:e7:e0:0a:9c:78:2c:b5:5f:29:e8:
                    17:a0:75:da:d7:85:f2:6a:76:ed:05:74:06:46:8a:
                    5b:47:b1:c4:25:54:1a:f3:79:d0:32:4d:ea:04:d6:
                    89:30:73:06:4f:1d:eb:65:9e:5f:25:02:d6:d7:d2:
                    e2:f7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                32:1F:99:05:F1:8C:27:D0:0E:2A:21:48:00:A0:82:89:DE:D8:1D:F4
            X509v3 Authority Key Identifier:
                keyid:69:2E:BD:3D:03:F2:58:74:6E:68:43:B6:12:8D:D2:09:C5:12:22:E6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A917BED0/DDB589A0801911EDBBBE306EC4F9AE02/aS69PQPyWHRuaEO2Eo3SCcUSIuY.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/aS69PQPyWHRuaEO2Eo3SCcUSIuY.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A917BED0/DDB589A0801911EDBBBE306EC4F9AE02/24AC43889DE011EDA182F455C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.5.13.0/24

    Signature Algorithm: sha256WithRSAEncryption
         68:2a:12:e6:55:a8:d8:40:fc:07:98:02:10:c7:b0:52:bd:70:
         56:5f:85:0f:5d:ab:25:f1:35:ea:2e:ba:65:37:c6:e7:b3:8f:
         5d:f9:af:1e:a3:37:f1:ae:10:fe:6c:7d:03:d0:bf:39:4a:82:
         b7:19:9d:b3:a3:b1:14:61:20:d0:01:8b:96:bd:56:9e:bd:67:
         bc:33:86:84:25:8b:98:da:ee:82:42:0d:24:98:a3:44:e7:89:
         1c:95:51:93:0c:ff:8a:d7:2d:f7:6e:e0:2c:95:c6:ef:f2:1f:
         a8:3c:f5:cd:56:bb:d3:c9:63:f2:a4:b8:a0:4b:d5:26:e1:91:
         a9:dc:ad:a2:1b:1c:a3:f9:a3:81:2a:50:ee:7f:2e:c8:79:26:
         84:6d:f4:4d:08:7d:0c:18:4e:e0:58:b6:21:8e:d1:fa:cf:0d:
         69:5b:0f:55:25:46:91:9c:7e:78:92:39:5e:cb:ae:ab:51:10:
         dc:07:58:37:a4:a1:c5:76:f6:8a:50:ba:83:6a:22:30:85:be:
         6c:25:79:26:2c:12:29:8b:67:43:1b:74:88:b9:cd:f1:34:7f:
         b6:97:9c:e0:d2:42:e2:76:07:02:7b:da:7e:58:08:1f:cd:de:
         e9:a6:b7:43:48:e1:0f:1c:6d:4b:64:07:cc:4e:14:91:a4:eb:
         76:a2:ea:ae
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICANgwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
N0JFRDAxMTAvBgNVBAUTKDY5MkVCRDNEMDNGMjU4NzQ2RTY4NDNCNjEyOEREMjA5
QzUxMjIyRTYwHhcNMjQwMjAxMDUzNjQ3WhcNMjUwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWJiMmRlZi02ODAwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA7QJiyRnHS0fCULzM67CYM1YFiLXaFODNxhCemwjpmFiDzgtF2OPNXdOaUCL+
ydrcxGVoRGL3Q9u/b+jLrTOjPI7Pe2Sxm3LC1T0HplYQ3P6ZP7McQtYjVhBeu42E
vDHhAzX95TihlIFQOc8HBkLJ1YXh2pCuz9N1YjlCCB/vywMx9RY2efk8k5A3Ywp+
820a/TJtm0PFEDayD2+hFwWGRNt+6KhJiXeRAxKfjRNkNFaGGSkrNxfhcWy+6c0S
4yJyPjLwv+m7XufgCpx4LLVfKegXoHXa14XyanbtBXQGRopbR7HEJVQa83nQMk3q
BNaJMHMGTx3rZZ5fJQLW19Li9wIDAQABo4IClTCCApEwHQYDVR0OBBYEFDIfmQXx
jCfQDiohSACggone2B30MB8GA1UdIwQYMBaAFGkuvT0D8lh0bmhDthKN0gnFEiLm
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3QkVEMC9EREI1ODlBMDgw
MTkxMUVEQkJCRTMwNkVDNEY5QUUwMi9hUzY5UFFQeVdIUnVhRU8yRW8zU0NjVVNJ
dVkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2FTNjlQUVB5V0hSdWFFTzJFbzNTQ2NVU0l1WS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
N0JFRDAvRERCNTg5QTA4MDE5MTFFREJCQkUzMDZFQzRGOUFFMDIvMjRBQzQzODg5
REUwMTFFREExODJGNDU1QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADLBQ0wDQYJKoZIhvcNAQELBQADggEBAGgqEuZVqNhA/AeY
AhDHsFK9cFZfhQ9dqyXxNeouumU3xuezj135rx6jN/GuEP5sfQPQvzlKgrcZnbOj
sRRhINABi5a9Vp69Z7wzhoQli5ja7oJCDSSYo0TniRyVUZMM/4rXLfdu4CyVxu/y
H6g89c1Wu9PJY/KkuKBL1SbhkancraIbHKP5o4EqUO5/Lsh5JoRt9E0IfQwYTuBY
tiGO0frPDWlbD1UlRpGcfniSOV7LrqtRENwHWDekocV29opQuoNqIjCFvmwleSYs
EimLZ0MbdIi5zfE0f7aXnODSQuJ2BwJ72n5YCB/N3ummt0NI4Q8cbUtkB8xOFJGk
63ai6q4=
-----END CERTIFICATE-----
Generated at Mon Jun 17 07:36:38 2024 by rpki-client on console-fra.rpki-client.org