Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91C0BDE/7E5AC3E0897111EA92402A0AC4F9AE02/7C5507DE01D411EE9AB2054DC4F9AE02.roa
File:                     7C5507DE01D411EE9AB2054DC4F9AE02.roa (raw, json)
Hash identifier:          AHpl6HoSp34zJT3fkZblvMhqT2BKLTJ3xt+0cCMuruE=
Subject key identifier:   F9:7B:FD:46:3D:CD:6E:5B:64:39:EF:41:65:0A:44:91:4B:16:13:BD
Certificate issuer:       /CN=A91C0BDE/serialNumber=A4B50BECD8BBA285587128D5919283DBE1690918
Certificate serial:       0761
Authority key identifier: A4:B5:0B:EC:D8:BB:A2:85:58:71:28:D5:91:92:83:DB:E1:69:09:18
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/pLUL7Ni7ooVYcSjVkZKD2-FpCRg.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91C0BDE/7E5AC3E0897111EA92402A0AC4F9AE02/7C5507DE01D411EE9AB2054DC4F9AE02.roa
Signing time:             Sat 03 Jun 2023 06:04:23 +0000
ROA not before:           Sat 03 Jun 2023 06:04:23 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     59239
IP address blocks:        114.129.12.0/22 maxlen: 22
                          114.129.12.0/23 maxlen: 23
                          114.129.12.0/24 maxlen: 24
                          114.129.13.0/24 maxlen: 24
                          114.129.14.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91C0BDE/7E5AC3E0897111EA92402A0AC4F9AE02/pLUL7Ni7ooVYcSjVkZKD2-FpCRg.crl
                          rsync://rpki.apnic.net/member_repository/A91C0BDE/7E5AC3E0897111EA92402A0AC4F9AE02/pLUL7Ni7ooVYcSjVkZKD2-FpCRg.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/pLUL7Ni7ooVYcSjVkZKD2-FpCRg.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 11 Jun 2024 21:38:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1889 (0x761)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91C0BDE/serialNumber=A4B50BECD8BBA285587128D5919283DBE1690918
        Validity
            Not Before: Jun  3 06:04:23 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=647ad7e6-907c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:73:5e:3b:16:85:44:39:19:ca:72:ff:35:11:
                    df:c0:fc:cc:25:f8:fe:bb:10:a9:c6:60:31:3c:84:
                    6c:92:10:10:3d:0c:cc:21:3d:fc:38:a9:43:2a:a5:
                    07:f0:70:2a:bf:91:3a:53:36:b1:58:82:01:60:cc:
                    9a:c5:da:80:dd:bd:96:8e:48:98:9c:19:ee:11:3c:
                    22:67:33:55:d3:13:42:6d:13:3f:b9:4f:42:d6:34:
                    31:e8:08:b3:fe:a1:29:b3:8d:3f:df:50:8b:5e:19:
                    8c:42:e4:28:bb:27:48:ef:f5:5e:84:e5:9a:be:f4:
                    22:dc:46:88:f0:36:ea:ed:91:66:e7:b6:75:b8:e5:
                    d1:6a:8a:a7:6c:8c:4e:00:30:1d:af:78:01:95:92:
                    e3:2c:2d:e3:bf:8c:54:69:86:5c:5f:82:44:65:33:
                    58:ea:b7:70:0e:e2:1a:89:6a:00:0a:eb:c6:25:92:
                    fd:a5:1e:50:b6:de:47:2a:5c:62:58:bd:c0:b6:a4:
                    16:8f:94:a4:8e:a1:ed:fb:19:e6:36:ae:b2:65:4d:
                    3c:87:3a:f6:69:fe:36:14:1e:6f:11:7f:1f:1b:ab:
                    45:90:f0:44:ea:11:7c:30:da:0e:53:ef:f5:a3:6f:
                    99:32:b2:b2:03:0b:f7:ae:65:96:32:d5:2a:21:bd:
                    3b:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F9:7B:FD:46:3D:CD:6E:5B:64:39:EF:41:65:0A:44:91:4B:16:13:BD
            X509v3 Authority Key Identifier:
                keyid:A4:B5:0B:EC:D8:BB:A2:85:58:71:28:D5:91:92:83:DB:E1:69:09:18

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91C0BDE/7E5AC3E0897111EA92402A0AC4F9AE02/pLUL7Ni7ooVYcSjVkZKD2-FpCRg.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/pLUL7Ni7ooVYcSjVkZKD2-FpCRg.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91C0BDE/7E5AC3E0897111EA92402A0AC4F9AE02/7C5507DE01D411EE9AB2054DC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  114.129.12.0/22

    Signature Algorithm: sha256WithRSAEncryption
         11:60:ec:e5:c4:8d:8c:13:f1:6f:0d:82:5a:5f:82:13:f7:7c:
         7d:d9:f9:74:1b:8a:6f:bb:a0:85:65:39:da:be:10:34:8f:86:
         e8:6f:5b:53:1d:ab:b4:8e:84:23:4d:c9:df:39:a3:9f:c1:2e:
         a1:94:6f:8e:58:bb:d9:ea:b5:bc:ac:0f:89:e8:87:9b:e6:4d:
         9c:9d:8b:23:2d:5e:b5:73:73:02:3d:a9:e8:d9:4d:f1:8e:df:
         fc:dc:9c:1f:0b:95:70:84:5d:10:08:59:5d:48:bd:20:3b:3d:
         e2:a9:04:47:bb:31:9b:44:d6:4c:e2:30:6c:9f:0d:cd:32:65:
         07:6f:13:b0:ee:6a:76:71:1e:3c:84:ad:34:d2:b4:b4:96:87:
         83:1a:fb:d7:08:be:c3:cd:3d:2e:bb:ca:3b:2a:ed:87:57:88:
         bd:70:bb:11:b1:76:d1:98:fb:48:14:bd:4a:cf:00:d5:e4:30:
         f7:a1:26:b7:ae:48:5b:ec:76:84:c4:c4:7d:89:7e:81:fb:86:
         3c:04:3f:25:6a:a3:83:d1:67:25:a3:6a:2a:5e:53:2a:2c:dd:
         c6:f6:42:3b:33:9a:b0:b6:e8:50:ad:3b:c8:dc:9d:a0:10:a8:
         22:ef:1c:15:60:16:81:a1:b1:2b:f7:00:ed:b3:d4:95:f3:95:
         c1:a9:5b:74
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICB2EwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QzBCREUxMTAvBgNVBAUTKEE0QjUwQkVDRDhCQkEyODU1ODcxMjhENTkxOTI4M0RC
RTE2OTA5MTgwHhcNMjMwNjAzMDYwNDIzWhcNMjQwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDdhZDdlNi05MDdjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAx3NeOxaFRDkZynL/NRHfwPzMJfj+uxCpxmAxPIRskhAQPQzMIT38OKlDKqUH
8HAqv5E6UzaxWIIBYMyaxdqA3b2WjkiYnBnuETwiZzNV0xNCbRM/uU9C1jQx6Aiz
/qEps40/31CLXhmMQuQouydI7/VehOWavvQi3EaI8Dbq7ZFm57Z1uOXRaoqnbIxO
ADAdr3gBlZLjLC3jv4xUaYZcX4JEZTNY6rdwDuIaiWoACuvGJZL9pR5Qtt5HKlxi
WL3AtqQWj5SkjqHt+xnmNq6yZU08hzr2af42FB5vEX8fG6tFkPBE6hF8MNoOU+/1
o2+ZMrKyAwv3rmWWMtUqIb07uwIDAQABo4IClTCCApEwHQYDVR0OBBYEFPl7/UY9
zW5bZDnvQWUKRJFLFhO9MB8GA1UdIwQYMBaAFKS1C+zYu6KFWHEo1ZGSg9vhaQkY
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDMEJERS83RTVBQzNFMDg5
NzExMUVBOTI0MDJBMEFDNEY5QUUwMi9wTFVMN05pN29vVlljU2pWa1pLRDItRnBD
UmcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3BMVUw3Tmk3b29WWWNTalZrWktEMi1GcENSZy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QzBCREUvN0U1QUMzRTA4OTcxMTFFQTkyNDAyQTBBQzRGOUFFMDIvN0M1NTA3REUw
MUQ0MTFFRTlBQjIwNTREQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAJygQwwDQYJKoZIhvcNAQELBQADggEBABFg7OXEjYwT8W8N
glpfghP3fH3Z+XQbim+7oIVlOdq+EDSPhuhvW1Mdq7SOhCNNyd85o5/BLqGUb45Y
u9nqtbysD4noh5vmTZydiyMtXrVzcwI9qejZTfGO3/zcnB8LlXCEXRAIWV1IvSA7
PeKpBEe7MZtE1kziMGyfDc0yZQdvE7DuanZxHjyErTTStLSWh4Ma+9cIvsPNPS67
yjsq7YdXiL1wuxGxdtGY+0gUvUrPANXkMPehJreuSFvsdoTExH2JfoH7hjwEPyVq
o4PRZyWjaipeUyos3cb2QjszmrC26FCtO8jcnaAQqCLvHBVgFoGhsSv3AO2z1JXz
lcGpW3Q=
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:06:24 2024 by rpki-client on console-ams.rpki-client.org