Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A919EAAD/87C3168809D511EAB76C7317C4F9AE02/97DC58040B5B11EAB69DC64FC4F9AE02.roa
File:                     97DC58040B5B11EAB69DC64FC4F9AE02.roa (raw, json)
Hash identifier:          Va4decWdeWxreZuiKTEPDvc8po9KZonZg6UYKOuHMpE=
Subject key identifier:   7C:6F:69:03:CB:E7:D7:8F:2E:39:17:8F:31:DF:2C:52:48:9E:E3:FE
Certificate issuer:       /CN=A919EAAD/serialNumber=F53983B7AB8386C69958784FFAF0E697262457A7
Certificate serial:       0B4B
Authority key identifier: F5:39:83:B7:AB:83:86:C6:99:58:78:4F:FA:F0:E6:97:26:24:57:A7
Authority info access:    rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/9TmDt6uDhsaZWHhP-vDmlyYkV6c.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A919EAAD/87C3168809D511EAB76C7317C4F9AE02/97DC58040B5B11EAB69DC64FC4F9AE02.roa
Signing time:             Tue 06 Feb 2024 19:37:43 +0000
ROA not before:           Tue 06 Feb 2024 19:37:43 +0000
ROA not after:            Mon 31 Mar 2025 00:00:00 +0000
asID:                     133385
IP address blocks:        37.111.0.0/21 maxlen: 22
                          37.111.0.0/24 maxlen: 24
                          37.111.1.0/24 maxlen: 24
                          37.111.2.0/24 maxlen: 24
                          37.111.3.0/24 maxlen: 24
                          37.111.4.0/24 maxlen: 24
                          37.111.5.0/24 maxlen: 24
                          37.111.6.0/24 maxlen: 24
                          37.111.7.0/24 maxlen: 24
                          37.111.8.0/21 maxlen: 22
                          37.111.8.0/24 maxlen: 24
                          37.111.9.0/24 maxlen: 24
                          37.111.10.0/24 maxlen: 24
                          37.111.11.0/24 maxlen: 24
                          37.111.12.0/24 maxlen: 24
                          37.111.13.0/24 maxlen: 24
                          37.111.14.0/24 maxlen: 24
                          37.111.15.0/24 maxlen: 24
                          37.111.16.0/21 maxlen: 22
                          37.111.16.0/24 maxlen: 24
                          37.111.17.0/24 maxlen: 24
                          37.111.18.0/24 maxlen: 24
                          37.111.19.0/24 maxlen: 24
                          37.111.20.0/24 maxlen: 24
                          37.111.21.0/24 maxlen: 24
                          37.111.22.0/24 maxlen: 24
                          37.111.23.0/24 maxlen: 24
                          37.111.32.0/21 maxlen: 24
                          37.111.40.0/22 maxlen: 24
                          37.111.44.0/22 maxlen: 22
                          37.111.44.0/23 maxlen: 23
                          37.111.44.0/24 maxlen: 24
                          37.111.45.0/24 maxlen: 24
                          37.111.46.0/23 maxlen: 23
                          37.111.46.0/24 maxlen: 24
                          37.111.47.0/24 maxlen: 24
                          37.111.48.0/22 maxlen: 22
                          37.111.48.0/23 maxlen: 23
                          37.111.48.0/24 maxlen: 24
                          37.111.49.0/24 maxlen: 24
                          37.111.50.0/23 maxlen: 23
                          37.111.50.0/24 maxlen: 24
                          37.111.51.0/24 maxlen: 24
                          37.111.52.0/23 maxlen: 23
                          37.111.52.0/24 maxlen: 24
                          37.111.53.0/24 maxlen: 24
                          37.111.60.0/22 maxlen: 22
                          37.111.60.0/23 maxlen: 23
                          37.111.60.0/24 maxlen: 24
                          37.111.61.0/24 maxlen: 24
                          37.111.62.0/23 maxlen: 23
                          37.111.62.0/24 maxlen: 24
                          37.111.63.0/24 maxlen: 24
                          37.111.64.0/20 maxlen: 22
                          37.111.64.0/24 maxlen: 24
                          37.111.65.0/24 maxlen: 24
                          37.111.66.0/24 maxlen: 24
                          37.111.67.0/24 maxlen: 24
                          37.111.68.0/24 maxlen: 24
                          37.111.69.0/24 maxlen: 24
                          37.111.70.0/24 maxlen: 24
                          37.111.71.0/24 maxlen: 24
                          37.111.72.0/24 maxlen: 24
                          37.111.73.0/24 maxlen: 24
                          37.111.74.0/24 maxlen: 24
                          37.111.75.0/24 maxlen: 24
                          37.111.76.0/24 maxlen: 24
                          37.111.77.0/24 maxlen: 24
                          37.111.78.0/24 maxlen: 24
                          37.111.79.0/24 maxlen: 24
                          37.111.80.0/20 maxlen: 22
                          37.111.80.0/24 maxlen: 24
                          37.111.81.0/24 maxlen: 24
                          37.111.82.0/24 maxlen: 24
                          37.111.83.0/24 maxlen: 24
                          37.111.84.0/24 maxlen: 24
                          37.111.85.0/24 maxlen: 24
                          37.111.86.0/24 maxlen: 24
                          37.111.87.0/24 maxlen: 24
                          37.111.88.0/24 maxlen: 24
                          37.111.89.0/24 maxlen: 24
                          37.111.90.0/24 maxlen: 24
                          37.111.91.0/24 maxlen: 24
                          37.111.92.0/24 maxlen: 24
                          37.111.93.0/24 maxlen: 24
                          37.111.94.0/24 maxlen: 24
                          37.111.95.0/24 maxlen: 24
                          37.111.124.0/22 maxlen: 22
                          37.111.124.0/23 maxlen: 23
                          37.111.124.0/24 maxlen: 24
                          37.111.125.0/24 maxlen: 24
                          37.111.126.0/23 maxlen: 23
                          37.111.126.0/24 maxlen: 24
                          37.111.127.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A919EAAD/87C3168809D511EAB76C7317C4F9AE02/9TmDt6uDhsaZWHhP-vDmlyYkV6c.crl
                          rsync://rpki.apnic.net/member_repository/A919EAAD/87C3168809D511EAB76C7317C4F9AE02/9TmDt6uDhsaZWHhP-vDmlyYkV6c.mft
                          rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/9TmDt6uDhsaZWHhP-vDmlyYkV6c.cer
                          rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/DPzneFf88B852ZpitKpi5hWedvg.crl
                          rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/DPzneFf88B852ZpitKpi5hWedvg.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DPzneFf88B852ZpitKpi5hWedvg.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 29 Nov 2024 14:50:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2891 (0xb4b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A919EAAD/serialNumber=F53983B7AB8386C69958784FFAF0E697262457A7
        Validity
            Not Before: Feb  6 19:37:43 2024 GMT
            Not After : Mar 31 00:00:00 2025 GMT
        Subject: CN=65c28a86-b4e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:ef:c2:e0:20:9f:fd:8d:81:4f:e5:78:fb:4c:
                    87:7e:b0:09:f0:8a:f9:db:48:77:97:71:11:8b:f6:
                    f4:f5:9a:fc:6b:0c:6b:24:1d:2a:5a:95:60:3a:96:
                    2c:c5:f9:2d:28:17:37:a4:41:7b:0f:70:c0:e3:ca:
                    af:ac:d8:af:0a:8d:09:68:60:08:62:97:0e:8a:b4:
                    c8:66:e4:df:7d:bc:03:dd:f0:e4:ba:83:0c:fd:7a:
                    b2:2e:1b:1c:20:9e:d7:56:04:04:e0:90:2c:8b:31:
                    f0:07:84:93:c3:0d:9b:78:2e:37:c5:c5:f9:62:1f:
                    51:86:0a:b7:9f:83:89:1c:c7:4f:e2:b0:51:45:0a:
                    da:fb:07:e5:40:ad:6e:f9:39:41:39:4e:c1:7a:81:
                    e6:10:cf:01:5d:15:23:56:e5:ba:f1:68:bf:a4:59:
                    97:e2:0e:a8:70:1d:9d:79:3f:4e:21:6b:20:34:7e:
                    df:b8:61:9a:ec:b7:42:87:02:89:8a:47:76:79:fd:
                    cd:b2:a4:89:85:73:a3:4f:40:a1:f5:d1:7b:a1:7d:
                    53:7c:3c:0a:25:53:e5:59:d8:f6:a8:00:9b:32:61:
                    64:96:53:55:6b:cf:12:8b:88:aa:50:37:ed:fe:5d:
                    6c:08:b7:50:ff:c9:c1:59:b9:a6:d7:41:e3:f3:29:
                    70:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:6F:69:03:CB:E7:D7:8F:2E:39:17:8F:31:DF:2C:52:48:9E:E3:FE
            X509v3 Authority Key Identifier:
                keyid:F5:39:83:B7:AB:83:86:C6:99:58:78:4F:FA:F0:E6:97:26:24:57:A7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A919EAAD/87C3168809D511EAB76C7317C4F9AE02/9TmDt6uDhsaZWHhP-vDmlyYkV6c.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/9TmDt6uDhsaZWHhP-vDmlyYkV6c.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A919EAAD/87C3168809D511EAB76C7317C4F9AE02/97DC58040B5B11EAB69DC64FC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  37.111.0.0-37.111.23.255
                  37.111.32.0-37.111.53.255
                  37.111.60.0-37.111.95.255
                  37.111.124.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0d:29:cd:0f:8b:6d:ce:88:f7:89:ab:41:20:55:ee:ef:94:3f:
         07:75:20:82:b3:6f:a0:50:29:25:3b:49:5b:01:1d:9c:2e:82:
         59:ec:5b:89:fe:85:da:17:97:0a:8c:23:28:52:af:2e:78:be:
         a9:f1:1b:7c:3d:d4:41:73:99:0b:8e:35:a2:37:4d:8f:4a:92:
         cd:87:c3:04:a9:bf:78:e4:c9:fe:2e:fc:00:49:0a:99:b5:90:
         40:ce:de:cb:ee:47:ce:00:7d:64:d8:fa:94:d2:75:c6:7e:2c:
         9e:85:9f:cd:09:a6:ed:fc:24:e8:61:91:78:3f:8e:4f:30:c7:
         e7:5a:6a:ae:d1:37:f6:a3:16:bd:8d:bb:9d:15:88:89:95:b4:
         26:70:b7:07:f4:c9:d1:1e:cb:db:06:ec:ac:67:ad:06:d6:58:
         aa:ad:5c:a1:dd:72:36:cd:ad:5c:28:3f:d9:4b:b4:33:65:f1:
         85:a3:2b:f2:46:f2:45:01:7c:01:0d:6d:85:99:a9:e6:ae:14:
         52:e9:64:4d:8b:2d:52:6a:5f:bb:f5:d3:ec:6f:a1:a9:0d:f6:
         4a:17:12:69:22:3c:82:90:b5:e6:17:0d:45:b0:46:26:56:69:
         ab:26:76:b7:10:24:ab:df:eb:4e:78:80:8b:6b:da:17:27:bc:
         36:6a:13:c3
-----BEGIN CERTIFICATE-----
MIIFmjCCBIKgAwIBAgICC0swDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OUVBQUQxMTAvBgNVBAUTKEY1Mzk4M0I3QUI4Mzg2QzY5OTU4Nzg0RkZBRjBFNjk3
MjYyNDU3QTcwHhcNMjQwMjA2MTkzNzQzWhcNMjUwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWMyOGE4Ni1iNGUzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAze/C4CCf/Y2BT+V4+0yHfrAJ8Ir520h3l3ERi/b09Zr8awxrJB0qWpVgOpYs
xfktKBc3pEF7D3DA48qvrNivCo0JaGAIYpcOirTIZuTffbwD3fDkuoMM/XqyLhsc
IJ7XVgQE4JAsizHwB4STww2beC43xcX5Yh9Rhgq3n4OJHMdP4rBRRQra+wflQK1u
+TlBOU7BeoHmEM8BXRUjVuW68Wi/pFmX4g6ocB2deT9OIWsgNH7fuGGa7LdChwKJ
ikd2ef3NsqSJhXOjT0Ch9dF7oX1TfDwKJVPlWdj2qACbMmFkllNVa88Si4iqUDft
/l1sCLdQ/8nBWbmm10Hj8ylwgwIDAQABo4ICvjCCArowHQYDVR0OBBYEFHxvaQPL
59ePLjkXjzHfLFJInuP+MB8GA1UdIwQYMBaAFPU5g7erg4bGmVh4T/rw5pcmJFen
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5RUFBRC84N0MzMTY4ODA5
RDUxMUVBQjc2QzczMTdDNEY5QUUwMi85VG1EdDZ1RGhzYVpXSGhQLXZEbWx5WWtW
NmMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzMjJBNUY0MUQ2NjExRTJBM0YyN0Y3Qzcy
RkQxRkYyLzlUbUR0NnVEaHNhWldIaFAtdkRtbHlZa1Y2Yy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OUVBQUQvODdDMzE2ODgwOUQ1MTFFQUI3NkM3MzE3QzRGOUFFMDIvOTdEQzU4MDQw
QjVCMTFFQUI2OURDNjRGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwSAYIKwYBBQUHAQcBAf8E
OTA3MDUEAgABMC8wCwMDACVvAwQDJW8QMAwDBAUlbyADBAElbzQwDAMEAiVvPAME
BSVvQAMEAiVvfDANBgkqhkiG9w0BAQsFAAOCAQEADSnND4ttzoj3iatBIFXu75Q/
B3UggrNvoFApJTtJWwEdnC6CWexbif6F2heXCowjKFKvLni+qfEbfD3UQXOZC441
ojdNj0qSzYfDBKm/eOTJ/i78AEkKmbWQQM7ey+5HzgB9ZNj6lNJ1xn4snoWfzQmm
7fwk6GGReD+OTzDH51pqrtE39qMWvY27nRWIiZW0JnC3B/TJ0R7L2wbsrGetBtZY
qq1cod1yNs2tXCg/2Uu0M2XxhaMr8kbyRQF8AQ1thZmp5q4UUulkTYstUmpfu/XT
7G+hqQ32ShcSaSI8gpC15hcNRbBGJlZpqyZ2txAkq9/rTniAi2vaFye8NmoTww==
-----END CERTIFICATE-----
Generated at Fri Nov 22 19:50:14 2024 by rpki-client on console-ams.rpki-client.org