Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91BB493/5FCAB67268F311EA832DDB37C4F9AE02/8A533506C9DC11EE8B24C55EC4F9AE02.roa
File:                     8A533506C9DC11EE8B24C55EC4F9AE02.roa (raw, json)
Hash identifier:          YQ93vpgeMhab/R8ZlFAYYEI4TgKyYiC1Ypil0/nPvE0=
Subject key identifier:   80:4D:AE:A8:A4:73:94:A6:03:F4:22:D9:9F:FB:18:7C:3D:B4:12:94
Certificate issuer:       /CN=A91BB493/serialNumber=9A3FE54122A5096D3EDD88060ED4D9183CBE1867
Certificate serial:       098C
Authority key identifier: 9A:3F:E5:41:22:A5:09:6D:3E:DD:88:06:0E:D4:D9:18:3C:BE:18:67
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/mj_lQSKlCW0-3YgGDtTZGDy-GGc.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91BB493/5FCAB67268F311EA832DDB37C4F9AE02/8A533506C9DC11EE8B24C55EC4F9AE02.roa
Signing time:             Tue 26 Mar 2024 21:10:15 +0000
ROA not before:           Tue 26 Mar 2024 21:10:15 +0000
ROA not after:            Wed 28 May 2025 00:00:00 +0000
asID:                     135373
IP address blocks:        203.131.253.0/27 maxlen: 27

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91BB493/5FCAB67268F311EA832DDB37C4F9AE02/mj_lQSKlCW0-3YgGDtTZGDy-GGc.crl
                          rsync://rpki.apnic.net/member_repository/A91BB493/5FCAB67268F311EA832DDB37C4F9AE02/mj_lQSKlCW0-3YgGDtTZGDy-GGc.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/mj_lQSKlCW0-3YgGDtTZGDy-GGc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 21 Jun 2024 20:56:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2444 (0x98c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91BB493/serialNumber=9A3FE54122A5096D3EDD88060ED4D9183CBE1867
        Validity
            Not Before: Mar 26 21:10:15 2024 GMT
            Not After : May 28 00:00:00 2025 GMT
        Subject: CN=660339b7-9dc4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:b0:60:f7:e4:82:40:79:8a:6b:b0:7a:3c:3b:
                    20:2e:3d:6f:61:e9:ad:d5:12:f4:6d:8c:94:18:84:
                    be:e9:72:0e:29:f9:07:d4:fa:59:55:42:fe:2e:dc:
                    97:21:18:03:9b:ea:cc:5b:bc:6f:1c:47:20:50:fe:
                    d4:65:ae:f4:93:f7:22:fe:0f:0c:a2:e6:f6:48:3a:
                    9f:1a:d9:03:a0:3e:ce:03:78:bd:a7:35:2e:49:20:
                    01:7a:40:2f:24:cb:99:dc:79:d3:40:41:86:b4:24:
                    3b:6c:77:54:82:6c:f6:72:55:f8:d7:7e:52:71:21:
                    62:66:d9:98:18:f0:35:fb:83:58:e9:9a:ec:bd:e3:
                    1b:6f:30:47:8e:ec:f5:77:04:82:da:20:1b:d7:7e:
                    f5:ff:62:aa:78:ce:c2:0e:ab:cc:1e:12:e8:86:62:
                    c0:14:ab:a7:9a:38:31:2c:42:04:b2:68:f4:65:19:
                    78:2a:09:cf:45:aa:d6:34:a9:08:e2:b9:ea:94:d7:
                    a3:9e:18:f0:2b:6a:32:5c:a7:35:56:42:06:7a:7b:
                    04:7c:37:3f:5e:99:ef:90:83:a5:cf:8d:cb:82:c5:
                    30:d9:c5:38:64:fa:b7:b5:6d:78:65:be:22:39:58:
                    16:58:14:04:3e:71:be:8a:4a:fc:23:f4:15:92:f1:
                    54:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                80:4D:AE:A8:A4:73:94:A6:03:F4:22:D9:9F:FB:18:7C:3D:B4:12:94
            X509v3 Authority Key Identifier:
                keyid:9A:3F:E5:41:22:A5:09:6D:3E:DD:88:06:0E:D4:D9:18:3C:BE:18:67

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91BB493/5FCAB67268F311EA832DDB37C4F9AE02/mj_lQSKlCW0-3YgGDtTZGDy-GGc.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/mj_lQSKlCW0-3YgGDtTZGDy-GGc.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91BB493/5FCAB67268F311EA832DDB37C4F9AE02/8A533506C9DC11EE8B24C55EC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.131.253.0/27

    Signature Algorithm: sha256WithRSAEncryption
         21:b1:e2:e5:79:79:db:76:f6:9d:f4:14:e5:2a:97:82:87:5a:
         44:e7:75:c3:ac:7b:0c:e9:33:a8:19:92:0a:86:bf:3a:b1:85:
         2e:80:9a:5d:2e:6b:b1:82:5d:a0:f4:8b:8f:91:48:09:59:ba:
         75:a6:8a:f0:6f:28:a0:27:f1:da:44:e5:ba:74:43:c5:ba:4e:
         d7:72:03:4c:a3:d6:aa:e8:aa:d2:50:4e:6a:5b:19:a3:14:34:
         de:a0:26:e4:70:ce:01:84:a2:e8:44:a4:7f:11:b5:d9:c9:25:
         e3:3d:70:79:73:22:44:73:6f:44:5b:09:1d:65:f6:f8:f6:1a:
         97:c0:9b:fd:ab:e4:20:a8:c3:37:21:c1:37:71:88:55:3b:51:
         b6:29:fb:43:71:24:7e:3c:12:6d:cd:09:d9:59:25:42:37:38:
         14:97:e0:87:6a:49:5c:9b:78:fa:4c:72:1e:f4:0d:9d:1e:3b:
         ba:00:6f:b7:c5:10:0b:2d:ef:89:6b:54:cd:cd:43:65:c4:ef:
         51:8e:5b:d1:7e:74:e0:8d:5b:61:43:60:3a:0a:c1:2d:81:fb:
         04:40:c3:e8:b8:2c:8b:b2:5a:18:fe:a2:de:06:a6:48:32:5b:
         00:3b:17:2f:86:18:8c:01:12:2b:32:1e:49:bf:2e:84:d4:38:
         d9:48:b3:12
-----BEGIN CERTIFICATE-----
MIIFcjCCBFqgAwIBAgICCYwwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QkI0OTMxMTAvBgNVBAUTKDlBM0ZFNTQxMjJBNTA5NkQzRUREODgwNjBFRDREOTE4
M0NCRTE4NjcwHhcNMjQwMzI2MjExMDE1WhcNMjUwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02NjAzMzliNy05ZGM0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAnLBg9+SCQHmKa7B6PDsgLj1vYemt1RL0bYyUGIS+6XIOKfkH1PpZVUL+LtyX
IRgDm+rMW7xvHEcgUP7UZa70k/ci/g8Moub2SDqfGtkDoD7OA3i9pzUuSSABekAv
JMuZ3HnTQEGGtCQ7bHdUgmz2clX4135ScSFiZtmYGPA1+4NY6ZrsveMbbzBHjuz1
dwSC2iAb1371/2KqeM7CDqvMHhLohmLAFKunmjgxLEIEsmj0ZRl4KgnPRarWNKkI
4rnqlNejnhjwK2oyXKc1VkIGensEfDc/XpnvkIOlz43LgsUw2cU4ZPq3tW14Zb4i
OVgWWBQEPnG+ikr8I/QVkvFUeQIDAQABo4ICljCCApIwHQYDVR0OBBYEFIBNrqik
c5SmA/Qi2Z/7GHw9tBKUMB8GA1UdIwQYMBaAFJo/5UEipQltPt2IBg7U2Rg8vhhn
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCQjQ5My81RkNBQjY3MjY4
RjMxMUVBODMyRERCMzdDNEY5QUUwMi9tal9sUVNLbENXMC0zWWdHRHRUWkdEeS1H
R2MuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL21qX2xRU0tsQ1cwLTNZZ0dEdFRaR0R5LUdHYy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QkI0OTMvNUZDQUI2NzI2OEYzMTFFQTgzMkREQjM3QzRGOUFFMDIvOEE1MzM1MDZD
OURDMTFFRThCMjRDNTVFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwIAYIKwYBBQUHAQcBAf8E
ETAPMA0EAgABMAcDBQXLg/0AMA0GCSqGSIb3DQEBCwUAA4IBAQAhseLleXnbdvad
9BTlKpeCh1pE53XDrHsM6TOoGZIKhr86sYUugJpdLmuxgl2g9IuPkUgJWbp1porw
byigJ/HaROW6dEPFuk7XcgNMo9aq6KrSUE5qWxmjFDTeoCbkcM4BhKLoRKR/EbXZ
ySXjPXB5cyJEc29EWwkdZfb49hqXwJv9q+QgqMM3IcE3cYhVO1G2KftDcSR+PBJt
zQnZWSVCNzgUl+CHaklcm3j6THIe9A2dHju6AG+3xRALLe+Ja1TNzUNlxO9RjlvR
fnTgjVthQ2A6CsEtgfsEQMPouCyLsloY/qLeBqZIMlsAOxcvhhiMARIrMh5Jvy6E
1DjZSLMS
-----END CERTIFICATE-----
Generated at Fri Jun 14 21:52:16 2024 by rpki-client on console-fra.rpki-client.org