Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9123F84/F43A3F046F2F11EDA84A6933C4F9AE02/24FDC2446F3211EDA3DCF033C4F9AE02.roa
File:                     24FDC2446F3211EDA3DCF033C4F9AE02.roa (raw, json)
Hash identifier:          tlYzMHVmfNpe5HSO1denzB2Zud06gN49uTyVga08iU4=
Subject key identifier:   FC:D5:45:AB:E9:2B:D1:61:06:C7:07:DB:48:F9:30:AD:3A:23:AE:50
Certificate issuer:       /CN=A9123F84/serialNumber=91C4976DEAD3DE8778E5C0DCFF2603971AC2D4DB
Certificate serial:       03
Authority key identifier: 91:C4:97:6D:EA:D3:DE:87:78:E5:C0:DC:FF:26:03:97:1A:C2:D4:DB
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/kcSXberT3od45cDc_yYDlxrC1Ns.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9123F84/F43A3F046F2F11EDA84A6933C4F9AE02/24FDC2446F3211EDA3DCF033C4F9AE02.roa
Signing time:             Mon 28 Nov 2022 15:34:28 +0000
ROA not before:           Mon 28 Nov 2022 15:34:28 +0000
ROA not after:            Thu 31 Aug 2023 00:00:00 +0000
asID:                     16509
IP address blocks:        203.55.215.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9123F84/F43A3F046F2F11EDA84A6933C4F9AE02/kcSXberT3od45cDc_yYDlxrC1Ns.crl
                          rsync://rpki.apnic.net/member_repository/A9123F84/F43A3F046F2F11EDA84A6933C4F9AE02/kcSXberT3od45cDc_yYDlxrC1Ns.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/kcSXberT3od45cDc_yYDlxrC1Ns.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 22 Mar 2023 06:50:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3 (0x3)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9123F84/serialNumber=91C4976DEAD3DE8778E5C0DCFF2603971AC2D4DB
        Validity
            Not Before: Nov 28 15:34:28 2022 GMT
            Not After : Aug 31 00:00:00 2023 GMT
        Subject: CN=6384d504-6749
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:3c:50:f8:8d:a0:87:5c:66:62:2e:3a:d4:31:
                    1a:75:14:9b:75:c6:31:34:14:65:a5:36:83:ff:0c:
                    a1:6c:fc:b2:30:32:13:83:9b:03:d3:7b:16:e6:2c:
                    f8:90:fb:ce:b1:d6:76:36:78:f3:85:e7:e7:73:05:
                    02:e3:9e:05:9c:d3:4f:e6:bf:ee:21:af:d8:c6:f6:
                    ef:5d:b2:f2:91:ef:5a:63:06:c6:8a:f9:65:85:7e:
                    29:74:2a:04:dc:80:66:b4:2e:a6:12:b2:b6:fa:fd:
                    88:74:a4:42:a2:89:13:12:b6:d7:9a:67:84:cd:d9:
                    5d:ba:b4:70:94:34:f8:22:b0:0f:c0:17:fa:dd:b0:
                    77:6c:73:08:31:07:ce:4d:cb:35:1d:f6:fc:e8:e3:
                    f8:9f:39:8e:04:33:1f:4e:a3:58:4f:97:e6:3f:31:
                    6e:94:e9:a8:b7:28:63:01:60:a1:2f:da:47:38:51:
                    ee:ba:80:0d:57:e7:7a:3c:e0:ac:07:30:61:52:c9:
                    e6:b6:a3:7e:e9:ab:04:a6:63:af:91:70:17:dc:eb:
                    a3:f5:0a:44:c6:e6:8d:dd:d4:99:cb:07:b8:0e:33:
                    02:66:1b:c4:78:aa:2b:dd:31:e8:23:20:d7:c4:8c:
                    c3:7b:88:d4:9b:c9:e8:96:64:b3:f7:df:bf:9b:e6:
                    d9:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                FC:D5:45:AB:E9:2B:D1:61:06:C7:07:DB:48:F9:30:AD:3A:23:AE:50
            X509v3 Authority Key Identifier: 
                keyid:91:C4:97:6D:EA:D3:DE:87:78:E5:C0:DC:FF:26:03:97:1A:C2:D4:DB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9123F84/F43A3F046F2F11EDA84A6933C4F9AE02/kcSXberT3od45cDc_yYDlxrC1Ns.crl

            Authority Information Access: 
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/kcSXberT3od45cDc_yYDlxrC1Ns.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access: 
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9123F84/F43A3F046F2F11EDA84A6933C4F9AE02/24FDC2446F3211EDA3DCF033C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.55.215.0/24

    Signature Algorithm: sha256WithRSAEncryption
         21:7d:7f:3a:2e:67:d3:48:c0:14:fa:e8:34:3b:11:60:45:54:
         e6:9e:33:fb:b7:dd:73:9c:33:60:11:12:fc:7e:bb:19:20:bf:
         8d:48:89:d6:87:bd:ea:8d:ee:de:00:74:cd:b5:d2:91:37:bb:
         5d:3f:fa:91:85:7f:9a:82:aa:c2:c3:80:58:13:b9:fb:fc:83:
         ea:51:7a:ec:22:eb:cf:52:47:a1:d8:d0:ee:b3:e7:d9:27:62:
         ae:8f:1c:13:62:46:1f:2f:fb:57:e4:e6:84:08:03:36:89:3d:
         92:7c:89:61:05:85:51:2c:b6:16:ce:6b:54:16:1e:ef:54:de:
         47:ad:5c:50:59:97:80:53:ef:7c:ba:42:16:5b:85:ae:4d:44:
         b2:56:2e:79:47:a2:42:5d:1e:ad:f0:7d:3b:54:c3:1e:89:a6:
         70:f0:44:ac:48:01:88:c2:cd:03:85:d2:b0:fb:1b:92:72:44:
         3e:5c:25:a5:52:ba:8e:83:46:ca:b2:e7:49:3c:ac:c0:17:cc:
         3e:9e:40:63:32:93:ac:4f:50:30:ba:75:1b:e2:51:6a:bf:3a:
         11:15:b3:7c:e9:9d:b0:13:b4:d7:64:70:b0:2b:f8:ee:7e:26:
         5d:93:b0:ee:a9:65:4d:c7:76:48:51:55:3a:eb:f0:2c:86:d0:
         5e:67:70:dd
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgIBAzANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTEy
M0Y4NDExMC8GA1UEBRMoOTFDNDk3NkRFQUQzREU4Nzc4RTVDMERDRkYyNjAzOTcx
QUMyRDREQjAeFw0yMjExMjgxNTM0MjhaFw0yMzA4MzEwMDAwMDBaMBgxFjAUBgNV
BAMTDTYzODRkNTA0LTY3NDkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDjPFD4jaCHXGZiLjrUMRp1FJt1xjE0FGWlNoP/DKFs/LIwMhODmwPTexbmLPiQ
+86x1nY2ePOF5+dzBQLjngWc00/mv+4hr9jG9u9dsvKR71pjBsaK+WWFfil0KgTc
gGa0LqYSsrb6/Yh0pEKiiRMStteaZ4TN2V26tHCUNPgisA/AF/rdsHdscwgxB85N
yzUd9vzo4/ifOY4EMx9Oo1hPl+Y/MW6U6ai3KGMBYKEv2kc4Ue66gA1X53o84KwH
MGFSyea2o37pqwSmY6+RcBfc66P1CkTG5o3d1JnLB7gOMwJmG8R4qivdMegjINfE
jMN7iNSbyeiWZLP337+b5tmhAgMBAAGjggKVMIICkTAdBgNVHQ4EFgQU/NVFq+kr
0WEGxwfbSPkwrTojrlAwHwYDVR0jBBgwFoAUkcSXberT3od45cDc/yYDlxrC1Nsw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTIzRjg0L0Y0M0EzRjA0NkYy
RjExRURBODRBNjkzM0M0RjlBRTAyL2tjU1hiZXJUM29kNDVjRGNfeVlEbHhyQzFO
cy5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIva2NTWGJlclQzb2Q0NWNEY195WURseHJDMU5zLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEy
M0Y4NC9GNDNBM0YwNDZGMkYxMUVEQTg0QTY5MzNDNEY5QUUwMi8yNEZEQzI0NDZG
MzIxMUVEQTNEQ0YwMzNDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEAMs31zANBgkqhkiG9w0BAQsFAAOCAQEAIX1/Oi5n00jAFPro
NDsRYEVU5p4z+7fdc5wzYBES/H67GSC/jUiJ1oe96o3u3gB0zbXSkTe7XT/6kYV/
moKqwsOAWBO5+/yD6lF67CLrz1JHodjQ7rPn2Sdiro8cE2JGHy/7V+TmhAgDNok9
knyJYQWFUSy2Fs5rVBYe71TeR61cUFmXgFPvfLpCFluFrk1EslYueUeiQl0erfB9
O1TDHommcPBErEgBiMLNA4XSsPsbknJEPlwlpVK6joNGyrLnSTyswBfMPp5AYzKT
rE9QMLp1G+JRar86ERWzfOmdsBO012RwsCv47n4mXZOw7qllTcd2SFFVOuvwLIbQ
Xmdw3Q==
-----END CERTIFICATE-----
Generated at Wed Mar 15 11:53:13 2023 by rpki-client on console-fra.rpki-client.org