Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9125475/AB4479721D7811E2ADB6F2C408B02CD2/3420BD0E902C11EA898EFD7FC4F9AE02.roa
File:                     3420BD0E902C11EA898EFD7FC4F9AE02.roa (raw, json)
Hash identifier:          egfuYyMOERHpkG5Mv64t8Z9vudDLr2yjq+bP6aa/pUQ=
Subject key identifier:   47:82:E6:A3:F9:C1:80:0E:8F:D8:5F:07:95:E4:FA:59:D1:77:51:24
Certificate issuer:       /CN=A9125475/serialNumber=4440F6C422E9500C7D46A62D7DEB70D33A88750E
Certificate serial:       3524
Authority key identifier: 44:40:F6:C4:22:E9:50:0C:7D:46:A6:2D:7D:EB:70:D3:3A:88:75:0E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/RED2xCLpUAx9RqYtfetw0zqIdQ4.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9125475/AB4479721D7811E2ADB6F2C408B02CD2/3420BD0E902C11EA898EFD7FC4F9AE02.roa
Signing time:             Sat 02 Dec 2023 14:40:17 +0000
ROA not before:           Sat 02 Dec 2023 14:40:17 +0000
ROA not after:            Fri 31 Jan 2025 00:00:00 +0000
asID:                     133761
IP address blocks:        122.154.20.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9125475/AB4479721D7811E2ADB6F2C408B02CD2/RED2xCLpUAx9RqYtfetw0zqIdQ4.crl
                          rsync://rpki.apnic.net/member_repository/A9125475/AB4479721D7811E2ADB6F2C408B02CD2/RED2xCLpUAx9RqYtfetw0zqIdQ4.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/RED2xCLpUAx9RqYtfetw0zqIdQ4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 01 Dec 2024 14:20:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 13604 (0x3524)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9125475/serialNumber=4440F6C422E9500C7D46A62D7DEB70D33A88750E
        Validity
            Not Before: Dec  2 14:40:17 2023 GMT
            Not After : Jan 31 00:00:00 2025 GMT
        Subject: CN=656b41d1-b450
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:67:ad:70:bd:7b:d4:c8:61:95:d6:8a:e5:b4:
                    5c:1c:5d:63:0c:1a:aa:27:91:8d:45:41:25:cb:13:
                    a6:75:75:bf:d8:98:ff:ef:58:7b:bc:73:85:12:cb:
                    1e:e4:86:2a:64:89:80:d1:33:31:a6:16:c1:76:79:
                    a7:c9:45:f4:51:0c:65:f9:48:3a:ae:e2:3e:1e:61:
                    fe:9f:33:6c:7c:2b:85:87:9d:27:81:45:f7:62:06:
                    c8:ba:a0:ab:46:9b:ea:00:77:14:36:5a:fe:50:f6:
                    61:6f:75:82:ad:94:71:9d:7d:d1:d1:f8:04:4c:11:
                    ef:49:cb:36:d4:3e:8c:69:7f:c5:0d:f6:f9:7c:a5:
                    a9:4e:3c:50:cb:68:e2:9c:14:10:9f:7f:fb:0c:11:
                    c0:05:e8:98:6a:df:74:c6:dc:ae:65:85:e2:9c:45:
                    9d:25:46:11:26:22:b9:5a:cf:f1:eb:70:a1:15:4f:
                    a9:43:cf:f9:79:58:18:73:04:c9:90:ed:ed:5d:37:
                    1a:3e:7e:f3:b5:21:b7:71:77:03:27:a0:1a:f3:0a:
                    00:69:fe:aa:ea:81:2c:4a:fe:92:fa:f1:28:ca:10:
                    bd:eb:d8:7d:d3:ad:cf:f6:af:96:1d:f1:b7:39:06:
                    54:b2:8d:d0:02:a0:54:8f:e6:cb:f3:11:c1:da:23:
                    5e:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:82:E6:A3:F9:C1:80:0E:8F:D8:5F:07:95:E4:FA:59:D1:77:51:24
            X509v3 Authority Key Identifier:
                keyid:44:40:F6:C4:22:E9:50:0C:7D:46:A6:2D:7D:EB:70:D3:3A:88:75:0E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9125475/AB4479721D7811E2ADB6F2C408B02CD2/RED2xCLpUAx9RqYtfetw0zqIdQ4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/RED2xCLpUAx9RqYtfetw0zqIdQ4.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9125475/AB4479721D7811E2ADB6F2C408B02CD2/3420BD0E902C11EA898EFD7FC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  122.154.20.0/24

    Signature Algorithm: sha256WithRSAEncryption
         c9:3a:36:e0:38:fc:fb:f9:b5:1b:94:c9:20:b6:cd:00:f1:56:
         81:3e:db:0b:4b:3e:5c:1c:ee:c2:77:92:1c:d6:3c:70:3e:65:
         ea:70:cb:5b:14:d5:5f:ec:7e:4f:74:36:07:8c:b3:0e:ac:89:
         99:8f:22:87:14:4b:b0:43:b2:2e:10:aa:b8:47:da:35:5a:ea:
         65:17:eb:be:c8:98:ed:4d:83:e6:9e:c9:be:fc:1a:b4:0e:9b:
         e1:6e:7e:b6:45:4d:bb:6a:e8:15:dc:65:e9:54:e7:e0:56:9e:
         4a:9a:4a:16:c6:2d:f4:1f:5e:c1:ee:24:87:2a:a6:1f:67:56:
         9c:63:a5:25:88:dc:6c:f5:77:95:fb:80:f2:95:0f:da:2a:c2:
         e7:85:3c:48:32:ed:4e:8f:a4:0f:8d:e6:a6:90:52:46:0e:b8:
         bb:3d:3e:d3:18:aa:28:af:4c:55:f0:53:7d:b2:03:7a:6f:f2:
         dd:1a:d4:df:a4:52:6b:19:d2:e0:18:ce:17:8c:b4:3f:00:8e:
         69:1b:2f:0a:87:49:75:c3:71:c9:aa:67:0b:21:2e:5c:ae:57:
         3d:c3:2e:b5:92:e0:8e:43:56:cf:4b:48:b7:49:b6:42:ee:d6:
         c5:ed:c8:4d:c4:25:8a:8c:46:57:51:47:d7:e1:14:c4:29:d5:
         38:65:71:b3
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICNSQwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MjU0NzUxMTAvBgNVBAUTKDQ0NDBGNkM0MjJFOTUwMEM3RDQ2QTYyRDdERUI3MEQz
M0E4ODc1MEUwHhcNMjMxMjAyMTQ0MDE3WhcNMjUwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTZiNDFkMS1iNDUwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAqWetcL171MhhldaK5bRcHF1jDBqqJ5GNRUElyxOmdXW/2Jj/71h7vHOFEsse
5IYqZImA0TMxphbBdnmnyUX0UQxl+Ug6ruI+HmH+nzNsfCuFh50ngUX3YgbIuqCr
RpvqAHcUNlr+UPZhb3WCrZRxnX3R0fgETBHvScs21D6MaX/FDfb5fKWpTjxQy2ji
nBQQn3/7DBHABeiYat90xtyuZYXinEWdJUYRJiK5Ws/x63ChFU+pQ8/5eVgYcwTJ
kO3tXTcaPn7ztSG3cXcDJ6Aa8woAaf6q6oEsSv6S+vEoyhC969h9063P9q+WHfG3
OQZUso3QAqBUj+bL8xHB2iNevQIDAQABo4IClTCCApEwHQYDVR0OBBYEFEeC5qP5
wYAOj9hfB5Xk+lnRd1EkMB8GA1UdIwQYMBaAFERA9sQi6VAMfUamLX3rcNM6iHUO
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEyNTQ3NS9BQjQ0Nzk3MjFE
NzgxMUUyQURCNkYyQzQwOEIwMkNEMi9SRUQyeENMcFVBeDlScVl0ZmV0dzB6cUlk
UTQuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1JFRDJ4Q0xwVUF4OVJxWXRmZXR3MHpxSWRRNC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MjU0NzUvQUI0NDc5NzIxRDc4MTFFMkFEQjZGMkM0MDhCMDJDRDIvMzQyMEJEMEU5
MDJDMTFFQTg5OEVGRDdGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAB6mhQwDQYJKoZIhvcNAQELBQADggEBAMk6NuA4/Pv5tRuU
ySC2zQDxVoE+2wtLPlwc7sJ3khzWPHA+Zepwy1sU1V/sfk90NgeMsw6siZmPIocU
S7BDsi4QqrhH2jVa6mUX677ImO1Ng+aeyb78GrQOm+FufrZFTbtq6BXcZelU5+BW
nkqaShbGLfQfXsHuJIcqph9nVpxjpSWI3Gz1d5X7gPKVD9oqwueFPEgy7U6PpA+N
5qaQUkYOuLs9PtMYqiivTFXwU32yA3pv8t0a1N+kUmsZ0uAYzheMtD8AjmkbLwqH
SXXDccmqZwshLlyuVz3DLrWS4I5DVs9LSLdJtkLu1sXtyE3EJYqMRldRR9fhFMQp
1ThlcbM=
-----END CERTIFICATE-----
Generated at Sun Nov 24 17:19:58 2024 by rpki-client on console-fra.rpki-client.org