Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A917E0A8/0C47490AEAB311EB9811A465C4F9AE02/78D4FFEEEAB411EB95BFB566C4F9AE02.roa
File:                     78D4FFEEEAB411EB95BFB566C4F9AE02.roa (raw, json)
Hash identifier:          +5HXeZzaqL8Fd/KKvyuXF2mNME+6yWjEsjlZ9TCANS8=
Subject key identifier:   86:9D:A3:1F:CC:BB:22:3A:14:43:52:33:60:6E:51:74:27:B1:D8:F3
Certificate issuer:       /CN=A917E0A8/serialNumber=0508CBE9AB6EE7F629F1E17385F3E0FDEF8C3D3B
Certificate serial:       04AE
Authority key identifier: 05:08:CB:E9:AB:6E:E7:F6:29:F1:E1:73:85:F3:E0:FD:EF:8C:3D:3B
Authority info access:    rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/BQjL6atu5_Yp8eFzhfPg_e-MPTs.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A917E0A8/0C47490AEAB311EB9811A465C4F9AE02/78D4FFEEEAB411EB95BFB566C4F9AE02.roa
Signing time:             Fri 26 Apr 2024 21:10:01 +0000
ROA not before:           Fri 26 Apr 2024 21:10:01 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     23959
IP address blocks:        85.113.70.0/24 maxlen: 24
                          91.199.209.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A917E0A8/0C47490AEAB311EB9811A465C4F9AE02/BQjL6atu5_Yp8eFzhfPg_e-MPTs.crl
                          rsync://rpki.apnic.net/member_repository/A917E0A8/0C47490AEAB311EB9811A465C4F9AE02/BQjL6atu5_Yp8eFzhfPg_e-MPTs.mft
                          rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/BQjL6atu5_Yp8eFzhfPg_e-MPTs.cer
                          rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/DPzneFf88B852ZpitKpi5hWedvg.crl
                          rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/DPzneFf88B852ZpitKpi5hWedvg.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DPzneFf88B852ZpitKpi5hWedvg.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 21 Jun 2024 14:50:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1198 (0x4ae)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A917E0A8/serialNumber=0508CBE9AB6EE7F629F1E17385F3E0FDEF8C3D3B
        Validity
            Not Before: Apr 26 21:10:01 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=662c1829-8e9b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:79:18:26:77:09:88:e5:c9:4a:3f:3e:0b:b4:
                    ad:00:3e:31:32:0b:84:cf:58:9d:59:c1:8f:cb:70:
                    89:69:b2:74:ae:3b:16:da:ac:1f:8f:5a:11:22:7c:
                    ed:50:17:75:b9:1c:7b:4e:c6:3d:6a:f5:18:a3:10:
                    eb:e6:75:52:2f:ba:e7:11:b8:d9:d5:d3:22:7f:ff:
                    22:4b:24:31:7e:55:69:eb:11:2e:81:25:85:4d:fc:
                    e8:a7:e3:4d:8c:21:d8:10:cd:ad:44:93:f4:9e:8e:
                    02:63:03:ca:8c:a5:61:58:8f:94:d8:6c:01:11:ab:
                    c4:4a:db:6f:a8:c0:30:1f:93:75:7f:94:ba:ef:1b:
                    c3:62:a4:5d:77:31:eb:36:67:32:d7:64:63:6d:6c:
                    80:4e:29:16:6c:bb:c1:95:c8:5c:01:2b:f7:ee:4d:
                    fe:be:9a:72:5f:cb:61:9a:a3:2a:c9:63:11:5f:d9:
                    65:39:28:a0:d6:0e:61:bc:ce:c4:01:27:93:ad:b3:
                    c8:2c:ec:39:22:61:bd:76:2c:98:99:24:3b:8c:49:
                    b4:aa:c3:fc:e7:69:6f:e1:a2:e6:3a:5a:cd:d6:a2:
                    8f:23:7a:59:bc:4e:85:ca:e9:86:8c:98:5f:c1:08:
                    ad:ec:f4:12:e3:94:06:c5:23:70:e0:9b:30:d7:55:
                    e3:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:9D:A3:1F:CC:BB:22:3A:14:43:52:33:60:6E:51:74:27:B1:D8:F3
            X509v3 Authority Key Identifier:
                keyid:05:08:CB:E9:AB:6E:E7:F6:29:F1:E1:73:85:F3:E0:FD:EF:8C:3D:3B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A917E0A8/0C47490AEAB311EB9811A465C4F9AE02/BQjL6atu5_Yp8eFzhfPg_e-MPTs.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/BQjL6atu5_Yp8eFzhfPg_e-MPTs.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A917E0A8/0C47490AEAB311EB9811A465C4F9AE02/78D4FFEEEAB411EB95BFB566C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  85.113.70.0/24
                  91.199.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:55:08:6a:b7:39:bf:41:09:6d:4e:4b:f0:f7:bb:d5:7a:24:
         7d:67:41:a3:c3:34:7b:59:6a:3e:e6:ae:f6:c0:79:58:c0:63:
         58:29:9d:af:d1:e9:6c:e3:41:1b:5c:cc:07:0d:ca:4e:d7:a7:
         f6:c9:7e:0c:6e:de:3a:f2:35:2c:89:bf:c0:78:0d:a7:eb:9a:
         cd:8d:80:f0:d2:24:3d:30:03:70:c5:c7:7d:03:25:e3:52:2b:
         50:58:35:ab:c3:c5:a3:96:ce:08:eb:6f:0e:5f:7f:66:4f:84:
         a5:f2:de:75:60:41:a7:4c:bd:0c:a9:66:36:b3:75:4c:9b:4e:
         39:42:16:04:ac:7e:e6:ef:60:4b:1c:b2:3a:2a:0b:e9:ea:6f:
         8c:cc:90:18:46:dd:5e:4c:4a:36:76:32:3c:57:bc:ed:04:c1:
         8b:52:c8:9e:14:05:55:8e:6a:13:37:d5:84:fc:a3:b5:47:42:
         d8:46:3c:54:e8:f7:78:81:b4:e5:a0:94:d1:ae:7b:fd:64:97:
         cc:b6:0c:7a:07:f9:18:fc:18:c2:ee:0c:cf:ce:9d:0e:cb:27:
         a1:8f:1b:bc:4d:2f:72:29:da:66:a4:96:37:42:4b:49:31:9c:
         85:11:51:80:9e:b4:ba:38:ab:3a:a3:88:fd:07:69:d8:3f:e8:
         7f:bb:fb:b7
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICBK4wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
N0UwQTgxMTAvBgNVBAUTKDA1MDhDQkU5QUI2RUU3RjYyOUYxRTE3Mzg1RjNFMEZE
RUY4QzNEM0IwHhcNMjQwNDI2MjExMDAxWhcNMjUwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjJjMTgyOS04ZTliMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAwHkYJncJiOXJSj8+C7StAD4xMguEz1idWcGPy3CJabJ0rjsW2qwfj1oRInzt
UBd1uRx7TsY9avUYoxDr5nVSL7rnEbjZ1dMif/8iSyQxflVp6xEugSWFTfzop+NN
jCHYEM2tRJP0no4CYwPKjKVhWI+U2GwBEavESttvqMAwH5N1f5S67xvDYqRddzHr
Nmcy12RjbWyATikWbLvBlchcASv37k3+vppyX8thmqMqyWMRX9llOSig1g5hvM7E
ASeTrbPILOw5ImG9diyYmSQ7jEm0qsP852lv4aLmOlrN1qKPI3pZvE6FyumGjJhf
wQit7PQS45QGxSNw4Jsw11XjMQIDAQABo4ICmzCCApcwHQYDVR0OBBYEFIadox/M
uyI6FENSM2BuUXQnsdjzMB8GA1UdIwQYMBaAFAUIy+mrbuf2KfHhc4Xz4P3vjD07
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3RTBBOC8wQzQ3NDkwQUVB
QjMxMUVCOTgxMUE0NjVDNEY5QUUwMi9CUWpMNmF0dTVfWXA4ZUZ6aGZQZ19lLU1Q
VHMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzMjJBNUY0MUQ2NjExRTJBM0YyN0Y3Qzcy
RkQxRkYyL0JRakw2YXR1NV9ZcDhlRnpoZlBnX2UtTVBUcy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
N0UwQTgvMEM0NzQ5MEFFQUIzMTFFQjk4MTFBNDY1QzRGOUFFMDIvNzhENEZGRUVF
QUI0MTFFQjk1QkZCNTY2QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBABVcUYDBABbx9EwDQYJKoZIhvcNAQELBQADggEBACdVCGq3
Ob9BCW1OS/D3u9V6JH1nQaPDNHtZaj7mrvbAeVjAY1gpna/R6WzjQRtczAcNyk7X
p/bJfgxu3jryNSyJv8B4Dafrms2NgPDSJD0wA3DFx30DJeNSK1BYNavDxaOWzgjr
bw5ff2ZPhKXy3nVgQadMvQypZjazdUybTjlCFgSsfubvYEscsjoqC+nqb4zMkBhG
3V5MSjZ2MjxXvO0EwYtSyJ4UBVWOahM31YT8o7VHQthGPFTo93iBtOWglNGue/1k
l8y2DHoH+Rj8GMLuDM/OnQ7LJ6GPG7xNL3Ip2makljdCS0kxnIURUYCetLo4qzqj
iP0Hadg/6H+7+7c=
-----END CERTIFICATE-----
Generated at Fri Jun 14 22:02:28 2024 by rpki-client on console-ams.rpki-client.org