Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9125475/C13116F228D311ED8FBD6D6CC4F9AE02/C3923CE6EFD811EEB93EE009C4F9AE02.roa
File:                     C3923CE6EFD811EEB93EE009C4F9AE02.roa (raw, json)
Hash identifier:          Bqc7ZTL73WBvGmxpj7L2rpeWhhrrDXKNZCQCeLvDELQ=
Subject key identifier:   E8:41:45:67:4B:DB:B3:EA:D3:79:89:48:28:9C:AE:EE:B1:41:14:85
Certificate issuer:       /CN=A9125475/serialNumber=52FE2B6B7F497F94F1D492D1917B486478BF59D6
Certificate serial:       0167
Authority key identifier: 52:FE:2B:6B:7F:49:7F:94:F1:D4:92:D1:91:7B:48:64:78:BF:59:D6
Authority info access:    rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/Uv4ra39Jf5Tx1JLRkXtIZHi_WdY.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9125475/C13116F228D311ED8FBD6D6CC4F9AE02/C3923CE6EFD811EEB93EE009C4F9AE02.roa
Signing time:             Mon 01 Apr 2024 03:34:37 +0000
ROA not before:           Mon 01 Apr 2024 03:34:37 +0000
ROA not after:            Fri 31 Jan 2025 00:00:00 +0000
asID:                     4651
IP address blocks:        193.36.112.0/22 maxlen: 22
                          193.36.112.0/24 maxlen: 24
                          193.36.113.0/24 maxlen: 24
                          193.36.114.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9125475/C13116F228D311ED8FBD6D6CC4F9AE02/Uv4ra39Jf5Tx1JLRkXtIZHi_WdY.crl
                          rsync://rpki.apnic.net/member_repository/A9125475/C13116F228D311ED8FBD6D6CC4F9AE02/Uv4ra39Jf5Tx1JLRkXtIZHi_WdY.mft
                          rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/Uv4ra39Jf5Tx1JLRkXtIZHi_WdY.cer
                          rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/DPzneFf88B852ZpitKpi5hWedvg.crl
                          rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/DPzneFf88B852ZpitKpi5hWedvg.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DPzneFf88B852ZpitKpi5hWedvg.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 23 Jun 2024 14:21:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 359 (0x167)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9125475/serialNumber=52FE2B6B7F497F94F1D492D1917B486478BF59D6
        Validity
            Not Before: Apr  1 03:34:37 2024 GMT
            Not After : Jan 31 00:00:00 2025 GMT
        Subject: CN=660a2b4d-6e48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:fc:9e:20:73:a4:ba:d7:8b:a9:28:96:f8:79:
                    67:82:1c:e3:d6:f9:3f:fe:1a:fd:87:ec:d9:fa:02:
                    8f:02:a8:00:b0:cd:dd:75:1f:c3:94:07:0b:09:09:
                    a4:0e:09:cb:60:6e:ac:e4:d8:73:99:ad:de:07:fd:
                    05:96:35:6a:9b:f9:84:d3:d0:98:44:1f:79:c5:16:
                    29:35:26:a1:e4:86:ed:90:63:c1:58:83:82:4b:1c:
                    c5:6c:e2:14:ac:75:75:6d:b8:09:06:70:de:25:42:
                    76:ff:b1:6c:84:22:d4:8e:0a:9a:ca:3c:06:a5:8b:
                    17:60:51:e0:45:26:22:da:21:09:26:d0:0c:54:03:
                    99:00:06:bf:7c:a2:25:a2:a1:4a:45:71:03:ac:73:
                    66:41:56:6e:43:d2:25:e0:65:a6:92:88:87:66:8b:
                    a8:13:2e:f1:a9:fc:04:23:eb:07:82:c3:60:e6:ac:
                    f6:c3:6d:74:6a:f8:0e:71:df:50:c8:30:45:5e:f4:
                    d6:a2:95:e7:e3:5d:78:35:09:b8:49:ca:c6:89:c4:
                    36:c6:16:d9:18:be:c5:9f:d5:67:38:d1:8b:9b:ea:
                    f6:4d:ff:d0:f8:f4:43:28:51:06:cc:4f:10:26:c5:
                    e2:37:11:55:8a:2b:35:81:14:4c:b6:c8:df:b0:76:
                    c5:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:41:45:67:4B:DB:B3:EA:D3:79:89:48:28:9C:AE:EE:B1:41:14:85
            X509v3 Authority Key Identifier:
                keyid:52:FE:2B:6B:7F:49:7F:94:F1:D4:92:D1:91:7B:48:64:78:BF:59:D6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9125475/C13116F228D311ED8FBD6D6CC4F9AE02/Uv4ra39Jf5Tx1JLRkXtIZHi_WdY.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/Uv4ra39Jf5Tx1JLRkXtIZHi_WdY.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9125475/C13116F228D311ED8FBD6D6CC4F9AE02/C3923CE6EFD811EEB93EE009C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.36.112.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a8:45:4a:73:9a:a8:06:85:50:b8:cf:a7:aa:eb:b4:29:81:36:
         55:7f:52:73:8c:e0:3d:bf:08:6c:54:7b:99:bf:67:a0:14:0f:
         af:cb:06:12:47:be:d6:f6:f9:44:57:e6:7f:e5:ee:9a:89:9b:
         92:d5:eb:c3:57:c8:ca:41:e0:5f:bd:58:1a:5f:58:3f:47:35:
         a8:93:29:18:5d:17:0c:56:ab:cb:2f:12:66:a0:85:6a:5d:0b:
         37:a2:71:53:a4:28:17:9f:23:4e:39:f1:4a:c2:3a:f9:23:ab:
         3e:70:70:1e:f8:9c:61:7d:9b:19:6e:98:7a:36:d0:0a:71:36:
         34:45:0f:dc:fb:48:40:a0:9e:80:82:71:0c:5f:3f:f6:60:e2:
         27:1b:d4:04:7b:bb:93:ae:9c:df:8d:cd:7a:f3:77:60:29:e8:
         61:6c:83:7d:28:b2:cf:f0:3a:13:6e:e1:dd:1c:e5:6b:5f:d5:
         14:c8:7a:6e:15:18:28:5f:3e:fa:84:f9:d9:fe:a8:08:7a:b1:
         48:09:dd:74:b2:cd:3d:3b:8a:f4:82:0c:c1:d4:1b:4a:b9:f1:
         94:e2:b6:51:72:aa:4e:29:04:a8:71:9d:33:3c:38:4c:03:55:
         cd:41:85:f4:eb:6f:d9:0b:00:65:21:41:1d:34:02:02:a7:d1:
         61:4f:90:5d
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICAWcwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MjU0NzUxMTAvBgNVBAUTKDUyRkUyQjZCN0Y0OTdGOTRGMUQ0OTJEMTkxN0I0ODY0
NzhCRjU5RDYwHhcNMjQwNDAxMDMzNDM3WhcNMjUwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjBhMmI0ZC02ZTQ4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAy/yeIHOkuteLqSiW+Hlnghzj1vk//hr9h+zZ+gKPAqgAsM3ddR/DlAcLCQmk
DgnLYG6s5Nhzma3eB/0FljVqm/mE09CYRB95xRYpNSah5IbtkGPBWIOCSxzFbOIU
rHV1bbgJBnDeJUJ2/7FshCLUjgqayjwGpYsXYFHgRSYi2iEJJtAMVAOZAAa/fKIl
oqFKRXEDrHNmQVZuQ9Il4GWmkoiHZouoEy7xqfwEI+sHgsNg5qz2w210avgOcd9Q
yDBFXvTWopXn4114NQm4ScrGicQ2xhbZGL7Fn9VnONGLm+r2Tf/Q+PRDKFEGzE8Q
JsXiNxFViis1gRRMtsjfsHbFOQIDAQABo4IClTCCApEwHQYDVR0OBBYEFOhBRWdL
27Pq03mJSCicru6xQRSFMB8GA1UdIwQYMBaAFFL+K2t/SX+U8dSS0ZF7SGR4v1nW
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEyNTQ3NS9DMTMxMTZGMjI4
RDMxMUVEOEZCRDZENkNDNEY5QUUwMi9VdjRyYTM5SmY1VHgxSkxSa1h0SVpIaV9X
ZFkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzMjJBNUY0MUQ2NjExRTJBM0YyN0Y3Qzcy
RkQxRkYyL1V2NHJhMzlKZjVUeDFKTFJrWHRJWkhpX1dkWS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MjU0NzUvQzEzMTE2RjIyOEQzMTFFRDhGQkQ2RDZDQzRGOUFFMDIvQzM5MjNDRTZF
RkQ4MTFFRUI5M0VFMDA5QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBALBJHAwDQYJKoZIhvcNAQELBQADggEBAKhFSnOaqAaFULjP
p6rrtCmBNlV/UnOM4D2/CGxUe5m/Z6AUD6/LBhJHvtb2+URX5n/l7pqJm5LV68NX
yMpB4F+9WBpfWD9HNaiTKRhdFwxWq8svEmaghWpdCzeicVOkKBefI0458UrCOvkj
qz5wcB74nGF9mxlumHo20ApxNjRFD9z7SECgnoCCcQxfP/Zg4icb1AR7u5OunN+N
zXrzd2Ap6GFsg30oss/wOhNu4d0c5Wtf1RTIem4VGChfPvqE+dn+qAh6sUgJ3XSy
zT07ivSCDMHUG0q58ZTitlFyqk4pBKhxnTM8OEwDVc1BhfTrb9kLAGUhQR00AgKn
0WFPkF0=
-----END CERTIFICATE-----
Generated at Sun Jun 16 15:20:21 2024 by rpki-client on console-fra.rpki-client.org