Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A911DFB8/85A5D90E453D11EBB55A6225C4F9AE02/B6E44C08454211EBAE62CF6BC4F9AE02.roa
File:                     B6E44C08454211EBAE62CF6BC4F9AE02.roa (raw, json)
Hash identifier:          MP0F9GfPab0fw0dsEjoEfIYN+LcUl9Vs5gZO4he/YCg=
Subject key identifier:   FD:46:27:03:2E:A4:84:B3:3D:B6:7A:A0:1B:ED:D0:06:70:A4:79:B8
Certificate issuer:       /CN=A911DFB8/serialNumber=0F80F40D3286852C9B9F6E345BE1D5BD2F954832
Certificate serial:       061B
Authority key identifier: 0F:80:F4:0D:32:86:85:2C:9B:9F:6E:34:5B:E1:D5:BD:2F:95:48:32
Authority info access:    rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/D4D0DTKGhSybn240W-HVvS-VSDI.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A911DFB8/85A5D90E453D11EBB55A6225C4F9AE02/B6E44C08454211EBAE62CF6BC4F9AE02.roa
Signing time:             Sat 02 Mar 2024 23:42:30 +0000
ROA not before:           Sat 02 Mar 2024 23:42:30 +0000
ROA not after:            Wed 28 May 2025 00:00:00 +0000
asID:                     138995
IP address blocks:        185.203.36.0/24 maxlen: 24
                          185.203.37.0/24 maxlen: 24
                          185.203.38.0/24 maxlen: 24
                          185.203.39.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A911DFB8/85A5D90E453D11EBB55A6225C4F9AE02/D4D0DTKGhSybn240W-HVvS-VSDI.crl
                          rsync://rpki.apnic.net/member_repository/A911DFB8/85A5D90E453D11EBB55A6225C4F9AE02/D4D0DTKGhSybn240W-HVvS-VSDI.mft
                          rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/D4D0DTKGhSybn240W-HVvS-VSDI.cer
                          rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/DPzneFf88B852ZpitKpi5hWedvg.crl
                          rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/DPzneFf88B852ZpitKpi5hWedvg.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DPzneFf88B852ZpitKpi5hWedvg.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 02 Apr 2024 22:58:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1563 (0x61b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A911DFB8/serialNumber=0F80F40D3286852C9B9F6E345BE1D5BD2F954832
        Validity
            Not Before: Mar  2 23:42:30 2024 GMT
            Not After : May 28 00:00:00 2025 GMT
        Subject: CN=65e3b966-dc70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:8e:48:9e:a5:19:1f:5b:e3:04:6c:1e:ee:c8:
                    cd:72:0e:c3:07:1e:f6:82:96:d5:04:5c:8f:21:75:
                    10:b7:3b:39:63:a4:9c:37:1e:82:49:aa:8c:d6:8b:
                    a2:f7:f9:72:65:85:4b:2e:38:ce:57:97:c7:02:9e:
                    e7:b7:35:09:ee:bd:9f:de:49:5c:ac:80:25:13:aa:
                    a7:ee:1b:37:09:be:9e:8f:64:f9:79:19:c4:52:47:
                    cb:c2:85:26:cf:9b:4a:8d:08:03:e5:a4:b4:67:58:
                    85:2d:b1:e6:33:86:42:9a:1b:b6:4e:63:84:0a:08:
                    a3:22:58:34:01:fd:d6:f7:e8:7d:f1:3b:58:a5:05:
                    74:d2:6d:b7:57:e0:ea:45:1a:40:74:e9:03:7d:51:
                    15:16:64:a3:34:a9:c6:18:4b:26:89:a0:fb:fd:ff:
                    77:b5:27:68:60:88:7e:2a:cf:fa:f2:65:d2:5c:0d:
                    d2:11:f2:c8:66:1a:3c:05:6d:65:76:27:9f:36:ae:
                    c6:79:23:53:8e:e3:ab:95:81:7f:c8:01:b2:ec:10:
                    95:dc:1e:f8:c5:ce:d9:e8:38:19:b0:70:0d:99:7d:
                    f2:19:36:19:4d:c3:f9:b5:05:70:80:0e:04:ca:0a:
                    b7:91:92:47:00:d9:9e:10:be:a3:b4:ef:59:36:dd:
                    17:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:46:27:03:2E:A4:84:B3:3D:B6:7A:A0:1B:ED:D0:06:70:A4:79:B8
            X509v3 Authority Key Identifier:
                keyid:0F:80:F4:0D:32:86:85:2C:9B:9F:6E:34:5B:E1:D5:BD:2F:95:48:32

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A911DFB8/85A5D90E453D11EBB55A6225C4F9AE02/D4D0DTKGhSybn240W-HVvS-VSDI.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/D4D0DTKGhSybn240W-HVvS-VSDI.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A911DFB8/85A5D90E453D11EBB55A6225C4F9AE02/B6E44C08454211EBAE62CF6BC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.203.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         8b:89:65:ea:56:4f:80:e5:b3:1b:6b:4c:d5:f8:17:58:4b:0e:
         75:06:78:31:5c:bd:1a:2c:b7:1e:17:33:19:e8:7b:d7:be:62:
         68:bb:69:ad:03:73:88:dd:19:2d:d3:07:c6:e0:7b:d8:12:68:
         39:2b:fc:aa:a8:4b:37:7d:a7:16:74:8f:99:df:13:f8:01:ed:
         3f:03:70:0f:9e:09:92:d0:2f:70:9b:7f:b0:2e:c2:79:df:8c:
         12:76:0c:88:b7:f6:b7:c7:80:43:4a:6c:2c:d6:f1:27:c4:56:
         ba:fb:fe:ac:79:1a:65:80:2e:b3:bc:f8:28:40:bc:c1:33:38:
         ab:72:4c:2e:7f:60:92:b8:0a:fe:67:26:98:a0:1a:56:fb:75:
         c9:21:27:07:48:c4:25:6d:56:67:97:d3:ba:7a:c8:3d:dd:38:
         4b:db:a0:66:f1:c9:d8:b3:0c:f6:f4:89:e3:cf:81:b5:c6:61:
         ed:b2:d2:b5:3c:8f:a9:94:dd:b8:5f:db:fa:f8:00:50:92:1c:
         7b:83:55:7f:7b:71:19:5d:5c:bc:70:b9:d3:03:a6:fb:60:9b:
         de:59:d4:11:0b:bb:03:2c:26:95:8e:25:13:86:6d:cd:f7:fd:
         3a:c6:e0:9f:fb:1f:97:5c:35:3d:39:c4:db:fe:44:c2:3f:01:
         9e:1f:c1:3f
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICBhswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MURGQjgxMTAvBgNVBAUTKDBGODBGNDBEMzI4Njg1MkM5QjlGNkUzNDVCRTFENUJE
MkY5NTQ4MzIwHhcNMjQwMzAyMjM0MjMwWhcNMjUwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02NWUzYjk2Ni1kYzcwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA5I5InqUZH1vjBGwe7sjNcg7DBx72gpbVBFyPIXUQtzs5Y6ScNx6CSaqM1oui
9/lyZYVLLjjOV5fHAp7ntzUJ7r2f3klcrIAlE6qn7hs3Cb6ej2T5eRnEUkfLwoUm
z5tKjQgD5aS0Z1iFLbHmM4ZCmhu2TmOECgijIlg0Af3W9+h98TtYpQV00m23V+Dq
RRpAdOkDfVEVFmSjNKnGGEsmiaD7/f93tSdoYIh+Ks/68mXSXA3SEfLIZho8BW1l
diefNq7GeSNTjuOrlYF/yAGy7BCV3B74xc7Z6DgZsHANmX3yGTYZTcP5tQVwgA4E
ygq3kZJHANmeEL6jtO9ZNt0XwQIDAQABo4IClTCCApEwHQYDVR0OBBYEFP1GJwMu
pISzPbZ6oBvt0AZwpHm4MB8GA1UdIwQYMBaAFA+A9A0yhoUsm59uNFvh1b0vlUgy
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTExREZCOC84NUE1RDkwRTQ1
M0QxMUVCQjU1QTYyMjVDNEY5QUUwMi9ENEQwRFRLR2hTeWJuMjQwVy1IVnZTLVZT
REkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzMjJBNUY0MUQ2NjExRTJBM0YyN0Y3Qzcy
RkQxRkYyL0Q0RDBEVEtHaFN5Ym4yNDBXLUhWdlMtVlNESS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MURGQjgvODVBNUQ5MEU0NTNEMTFFQkI1NUE2MjI1QzRGOUFFMDIvQjZFNDRDMDg0
NTQyMTFFQkFFNjJDRjZCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAK5yyQwDQYJKoZIhvcNAQELBQADggEBAIuJZepWT4Dlsxtr
TNX4F1hLDnUGeDFcvRostx4XMxnoe9e+Ymi7aa0Dc4jdGS3TB8bge9gSaDkr/Kqo
Szd9pxZ0j5nfE/gB7T8DcA+eCZLQL3Cbf7AuwnnfjBJ2DIi39rfHgENKbCzW8SfE
Vrr7/qx5GmWALrO8+ChAvMEzOKtyTC5/YJK4Cv5nJpigGlb7dckhJwdIxCVtVmeX
07p6yD3dOEvboGbxydizDPb0iePPgbXGYe2y0rU8j6mU3bhf2/r4AFCSHHuDVX97
cRldXLxwudMDpvtgm95Z1BELuwMsJpWOJROGbc33/TrG4J/7H5dcNT05xNv+RMI/
AZ4fwT8=
-----END CERTIFICATE-----
Generated at Wed Mar 27 02:33:19 2024 by rpki-client on console-fra.rpki-client.org