Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A918742C/F28C89C4019C11E89035F919C4F9AE02/8DFAE1DA019D11E8A7804A1EC4F9AE02.roa
File:                     8DFAE1DA019D11E8A7804A1EC4F9AE02.roa (raw, json)
Hash identifier:          DwaSXkwadhXmFgNGjila+YsFoYHDPOwpBM4h3mtwuos=
Subject key identifier:   6B:15:F3:85:D5:FE:09:7F:59:25:60:DF:6C:DA:18:7A:8B:AF:45:B0
Certificate issuer:       /CN=A918742C/serialNumber=1C3F99A0C182B58CC45B8112F291E12A153331E9
Certificate serial:       15CF
Authority key identifier: 1C:3F:99:A0:C1:82:B5:8C:C4:5B:81:12:F2:91:E1:2A:15:33:31:E9
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/HD-ZoMGCtYzEW4ES8pHhKhUzMek.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A918742C/F28C89C4019C11E89035F919C4F9AE02/8DFAE1DA019D11E8A7804A1EC4F9AE02.roa
Signing time:             Fri 24 May 2024 17:25:48 +0000
ROA not before:           Fri 24 May 2024 17:25:48 +0000
ROA not after:            Wed 30 Jul 2025 00:00:00 +0000
asID:                     23900
IP address blocks:        202.136.240.0/21 maxlen: 21
                          202.136.240.0/24 maxlen: 24
                          202.136.241.0/24 maxlen: 24
                          202.136.242.0/23 maxlen: 23
                          202.136.242.0/24 maxlen: 24
                          202.136.243.0/24 maxlen: 24
                          202.136.244.0/24 maxlen: 24
                          202.136.245.0/24 maxlen: 24
                          202.136.246.0/24 maxlen: 24
                          202.136.247.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A918742C/F28C89C4019C11E89035F919C4F9AE02/HD-ZoMGCtYzEW4ES8pHhKhUzMek.crl
                          rsync://rpki.apnic.net/member_repository/A918742C/F28C89C4019C11E89035F919C4F9AE02/HD-ZoMGCtYzEW4ES8pHhKhUzMek.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/HD-ZoMGCtYzEW4ES8pHhKhUzMek.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 21 Jun 2024 17:23:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 5583 (0x15cf)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A918742C/serialNumber=1C3F99A0C182B58CC45B8112F291E12A153331E9
        Validity
            Not Before: May 24 17:25:48 2024 GMT
            Not After : Jul 30 00:00:00 2025 GMT
        Subject: CN=6650cd9c-ffc3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:7b:5d:f2:ee:7b:1f:21:87:5c:1d:85:1a:fb:
                    18:57:94:7e:c0:b9:33:1c:14:24:a6:c7:00:15:bb:
                    d7:1d:27:b8:c2:ee:11:82:20:09:5b:af:b8:39:30:
                    bf:18:8e:bd:dd:0c:e0:3f:8d:c0:df:cc:48:d1:b4:
                    1f:24:b0:6b:31:13:51:57:67:3b:6b:f5:f0:fc:49:
                    ac:e5:6d:e3:6c:4f:7b:1a:5f:2c:0e:bf:46:06:00:
                    d0:2e:ef:aa:8b:8f:8f:07:e6:b0:6d:9f:59:71:ba:
                    b6:5e:94:1f:f5:63:03:e1:f1:bf:46:5d:11:ee:48:
                    72:05:b3:12:c9:13:a0:8c:66:dc:65:4a:30:6f:f1:
                    ed:70:8e:36:60:ad:70:1a:96:9b:2c:32:34:0b:65:
                    33:ff:f1:bc:a4:31:cc:7a:80:1e:e8:8d:54:da:78:
                    7b:db:ea:97:69:17:ac:79:6e:77:c7:87:05:80:24:
                    3a:04:bf:8f:08:a9:00:28:9c:6b:eb:35:f2:4a:a1:
                    b6:8a:1e:fa:c7:e0:74:f5:9b:f0:07:cc:9d:c4:fc:
                    c8:fd:8c:6d:c3:fc:be:73:d9:79:a7:2c:ca:61:86:
                    4c:81:12:7e:45:2f:91:4b:00:4d:a6:ec:e0:eb:06:
                    39:99:26:2a:e9:bb:42:80:20:a0:82:72:7c:77:20:
                    54:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:15:F3:85:D5:FE:09:7F:59:25:60:DF:6C:DA:18:7A:8B:AF:45:B0
            X509v3 Authority Key Identifier:
                keyid:1C:3F:99:A0:C1:82:B5:8C:C4:5B:81:12:F2:91:E1:2A:15:33:31:E9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A918742C/F28C89C4019C11E89035F919C4F9AE02/HD-ZoMGCtYzEW4ES8pHhKhUzMek.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/HD-ZoMGCtYzEW4ES8pHhKhUzMek.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918742C/F28C89C4019C11E89035F919C4F9AE02/8DFAE1DA019D11E8A7804A1EC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.136.240.0/21

    Signature Algorithm: sha256WithRSAEncryption
         15:cd:67:4c:8a:e6:b2:aa:de:b6:a0:b2:80:28:96:1e:5a:8a:
         9b:e1:24:bf:f6:b5:5e:ab:9a:a9:6b:f1:3d:6b:fd:5a:d0:ba:
         4c:3a:cb:e3:25:27:3f:03:08:12:66:f0:6e:ee:54:33:82:7f:
         72:59:ca:69:a6:5b:00:0c:74:17:56:84:e5:b7:d1:8f:0a:2e:
         cd:2e:e6:d6:ed:08:74:d3:e7:4a:73:18:ea:c6:33:ec:f0:79:
         08:5e:28:65:e3:d9:97:27:cf:69:bb:54:db:8b:31:17:96:8b:
         e6:42:a4:a6:c8:6a:22:f8:e3:02:63:00:39:8c:af:f1:db:a0:
         a7:7b:07:9d:94:49:74:bf:9b:3e:6d:47:34:6c:62:08:d7:f0:
         eb:f7:93:a3:a9:6a:1e:63:33:80:ec:17:99:86:86:71:e9:f8:
         42:6c:82:2d:9f:76:9f:7d:6f:db:4e:8c:cf:a3:81:b9:a8:9b:
         87:de:23:00:af:8f:66:33:fb:5d:84:75:4a:66:06:c5:65:6a:
         4a:a9:cf:6d:6e:0c:0c:84:55:73:45:78:be:8d:d7:2e:cf:ce:
         b0:8b:be:42:41:e7:4d:05:ad:2b:10:ca:29:89:bc:3f:ac:17:
         d8:c3:c1:e4:08:64:ba:dc:58:74:25:58:6c:32:af:b8:33:f1:
         17:10:16:0f
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICFc8wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
ODc0MkMxMTAvBgNVBAUTKDFDM0Y5OUEwQzE4MkI1OENDNDVCODExMkYyOTFFMTJB
MTUzMzMxRTkwHhcNMjQwNTI0MTcyNTQ4WhcNMjUwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjUwY2Q5Yy1mZmMzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAvntd8u57HyGHXB2FGvsYV5R+wLkzHBQkpscAFbvXHSe4wu4RgiAJW6+4OTC/
GI693QzgP43A38xI0bQfJLBrMRNRV2c7a/Xw/Ems5W3jbE97Gl8sDr9GBgDQLu+q
i4+PB+awbZ9Zcbq2XpQf9WMD4fG/Rl0R7khyBbMSyROgjGbcZUowb/HtcI42YK1w
GpabLDI0C2Uz//G8pDHMeoAe6I1U2nh72+qXaReseW53x4cFgCQ6BL+PCKkAKJxr
6zXySqG2ih76x+B09ZvwB8ydxPzI/Yxtw/y+c9l5pyzKYYZMgRJ+RS+RSwBNpuzg
6wY5mSYq6btCgCCggnJ8dyBUpwIDAQABo4IClTCCApEwHQYDVR0OBBYEFGsV84XV
/gl/WSVg32zaGHqLr0WwMB8GA1UdIwQYMBaAFBw/maDBgrWMxFuBEvKR4SoVMzHp
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4NzQyQy9GMjhDODlDNDAx
OUMxMUU4OTAzNUY5MTlDNEY5QUUwMi9IRC1ab01HQ3RZekVXNEVTOHBIaEtoVXpN
ZWsuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0hELVpvTUdDdFl6RVc0RVM4cEhoS2hVek1lay5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
ODc0MkMvRjI4Qzg5QzQwMTlDMTFFODkwMzVGOTE5QzRGOUFFMDIvOERGQUUxREEw
MTlEMTFFOEE3ODA0QTFFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAPKiPAwDQYJKoZIhvcNAQELBQADggEBABXNZ0yK5rKq3rag
soAolh5aipvhJL/2tV6rmqlr8T1r/VrQukw6y+MlJz8DCBJm8G7uVDOCf3JZymmm
WwAMdBdWhOW30Y8KLs0u5tbtCHTT50pzGOrGM+zweQheKGXj2Zcnz2m7VNuLMReW
i+ZCpKbIaiL44wJjADmMr/HboKd7B52USXS/mz5tRzRsYgjX8Ov3k6Opah5jM4Ds
F5mGhnHp+EJsgi2fdp99b9tOjM+jgbmom4feIwCvj2Yz+12EdUpmBsVlakqpz21u
DAyEVXNFeL6N1y7PzrCLvkJB500FrSsQyimJvD+sF9jDweQIZLrcWHQlWGwyr7gz
8RcQFg8=
-----END CERTIFICATE-----
Generated at Fri Jun 14 18:52:11 2024 by rpki-client on console-fra.rpki-client.org