Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91274A4/DDBE420A30F011EA9859AE53C4F9AE02/140D52F2854B11EAACB2FE39C4F9AE02.roa
File:                     140D52F2854B11EAACB2FE39C4F9AE02.roa (raw, json)
Hash identifier:          m42HDFD2tjvJKt1qbdInXHf/CperCHyXJXL1siITHsM=
Subject key identifier:   21:79:74:DF:5C:6D:8A:6B:96:BD:EA:CE:07:30:44:EC:89:B2:26:23
Certificate issuer:       /CN=A91274A4/serialNumber=595665FF85E4E477371F7541F7209DC244E60CA5
Certificate serial:       0AB0
Authority key identifier: 59:56:65:FF:85:E4:E4:77:37:1F:75:41:F7:20:9D:C2:44:E6:0C:A5
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/WVZl_4Xk5Hc3H3VB9yCdwkTmDKU.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91274A4/DDBE420A30F011EA9859AE53C4F9AE02/140D52F2854B11EAACB2FE39C4F9AE02.roa
Signing time:             Tue 12 Dec 2023 20:07:51 +0000
ROA not before:           Tue 12 Dec 2023 20:07:51 +0000
ROA not after:            Fri 31 Jan 2025 00:00:00 +0000
asID:                     139883
IP address blocks:        61.16.51.0/24 maxlen: 24
                          61.16.52.0/24 maxlen: 24
                          61.16.55.0/24 maxlen: 24
                          61.16.101.0/24 maxlen: 24
                          61.16.105.0/24 maxlen: 24
                          61.16.110.0/24 maxlen: 24
                          61.16.119.0/24 maxlen: 24
                          2407:9880:8101::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91274A4/DDBE420A30F011EA9859AE53C4F9AE02/WVZl_4Xk5Hc3H3VB9yCdwkTmDKU.crl
                          rsync://rpki.apnic.net/member_repository/A91274A4/DDBE420A30F011EA9859AE53C4F9AE02/WVZl_4Xk5Hc3H3VB9yCdwkTmDKU.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/WVZl_4Xk5Hc3H3VB9yCdwkTmDKU.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 19 Jun 2024 20:20:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2736 (0xab0)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91274A4/serialNumber=595665FF85E4E477371F7541F7209DC244E60CA5
        Validity
            Not Before: Dec 12 20:07:51 2023 GMT
            Not After : Jan 31 00:00:00 2025 GMT
        Subject: CN=6578bd97-0d3d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:0d:2f:c0:1c:8b:d9:33:4b:e9:f1:9b:83:9b:
                    40:66:7c:91:ae:15:de:6d:f2:ff:63:f6:c2:42:2f:
                    4d:dd:9c:78:66:86:3b:5e:bb:f1:19:f8:8c:5e:75:
                    32:0d:54:51:f6:67:3b:60:3d:b5:64:db:78:fd:5f:
                    16:6a:83:11:48:dc:2a:75:2d:c4:5f:a7:ce:eb:82:
                    cf:d3:93:12:08:85:80:5f:3c:2b:9f:ab:01:cc:50:
                    62:e6:d8:a1:18:1c:a7:9b:ba:50:82:8d:97:92:34:
                    a7:3e:cc:81:ad:1c:8b:d5:90:6c:1b:a1:e7:5b:91:
                    d5:ce:71:7b:34:59:8d:94:4f:65:fb:27:85:5e:43:
                    6c:73:ca:1e:c4:a2:b3:c5:ef:ea:56:d1:83:cc:ff:
                    a3:51:8d:46:cd:a5:c8:e1:fb:ca:6f:26:18:49:e1:
                    e7:61:c1:10:5e:f7:1b:c4:6b:64:08:79:a7:64:33:
                    de:c7:47:72:96:ec:2c:1e:9b:cd:06:7f:06:75:67:
                    c9:22:47:31:a9:0e:a0:80:ea:c0:2f:aa:05:e7:df:
                    ef:c3:1c:7d:ac:69:18:d7:25:e7:e4:23:75:4d:77:
                    9b:da:17:3e:3c:d1:2b:af:38:f4:4e:ce:1a:3d:28:
                    1d:47:47:22:15:4b:5b:e0:20:3c:59:fa:cc:e4:2d:
                    46:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:79:74:DF:5C:6D:8A:6B:96:BD:EA:CE:07:30:44:EC:89:B2:26:23
            X509v3 Authority Key Identifier:
                keyid:59:56:65:FF:85:E4:E4:77:37:1F:75:41:F7:20:9D:C2:44:E6:0C:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91274A4/DDBE420A30F011EA9859AE53C4F9AE02/WVZl_4Xk5Hc3H3VB9yCdwkTmDKU.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/WVZl_4Xk5Hc3H3VB9yCdwkTmDKU.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91274A4/DDBE420A30F011EA9859AE53C4F9AE02/140D52F2854B11EAACB2FE39C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  61.16.51.0-61.16.52.255
                  61.16.55.0/24
                  61.16.101.0/24
                  61.16.105.0/24
                  61.16.110.0/24
                  61.16.119.0/24
                IPv6:
                  2407:9880:8101::/48

    Signature Algorithm: sha256WithRSAEncryption
         b0:b5:d5:60:1d:35:ba:0d:9b:e6:b2:09:04:9a:48:36:02:5f:
         74:55:be:0d:da:90:18:88:d4:09:6f:8e:51:c6:41:c4:fd:b6:
         60:01:f5:77:dc:4f:e2:00:c7:80:9c:87:8c:29:33:b3:85:38:
         ec:14:9f:76:cf:3d:24:37:23:58:39:81:79:2e:be:23:1a:60:
         17:54:bc:a4:aa:ce:a1:60:5b:08:2b:b6:a9:df:36:58:4a:61:
         44:90:46:c3:a2:83:e3:1f:c6:1f:0e:80:fc:11:d7:8f:6a:99:
         7e:04:0f:55:54:05:b2:61:15:9e:f7:ce:21:63:59:43:13:b8:
         8c:35:33:74:79:d5:1a:ea:70:f7:8f:50:d3:85:93:de:df:87:
         d5:5b:34:42:7c:68:0b:8a:99:fe:43:37:71:b4:78:36:50:83:
         df:39:e3:e6:eb:d8:e9:67:37:64:6a:4f:67:53:7c:04:33:a7:
         26:d4:17:70:84:77:df:20:bd:f6:ab:69:de:31:38:2b:51:97:
         a1:bb:46:cc:2a:02:44:cc:83:76:10:49:12:4b:03:d3:6a:40:
         bc:82:4f:04:f2:de:d3:5a:40:33:65:8a:d0:67:cb:36:9f:c5:
         26:a4:db:5d:32:4d:85:07:b1:77:b0:c2:06:3d:24:fb:01:d4:
         76:a5:2c:9e
-----BEGIN CERTIFICATE-----
MIIFqDCCBJCgAwIBAgICCrAwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Mjc0QTQxMTAvBgNVBAUTKDU5NTY2NUZGODVFNEU0NzczNzFGNzU0MUY3MjA5REMy
NDRFNjBDQTUwHhcNMjMxMjEyMjAwNzUxWhcNMjUwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTc4YmQ5Ny0wZDNkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA6w0vwByL2TNL6fGbg5tAZnyRrhXebfL/Y/bCQi9N3Zx4ZoY7XrvxGfiMXnUy
DVRR9mc7YD21ZNt4/V8WaoMRSNwqdS3EX6fO64LP05MSCIWAXzwrn6sBzFBi5tih
GBynm7pQgo2XkjSnPsyBrRyL1ZBsG6HnW5HVznF7NFmNlE9l+yeFXkNsc8oexKKz
xe/qVtGDzP+jUY1GzaXI4fvKbyYYSeHnYcEQXvcbxGtkCHmnZDPex0dyluwsHpvN
Bn8GdWfJIkcxqQ6ggOrAL6oF59/vwxx9rGkY1yXn5CN1TXeb2hc+PNErrzj0Ts4a
PSgdR0ciFUtb4CA8WfrM5C1GywIDAQABo4ICzDCCAsgwHQYDVR0OBBYEFCF5dN9c
bYprlr3qzgcwROyJsiYjMB8GA1UdIwQYMBaAFFlWZf+F5OR3Nx91QfcgncJE5gyl
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEyNzRBNC9EREJFNDIwQTMw
RjAxMUVBOTg1OUFFNTNDNEY5QUUwMi9XVlpsXzRYazVIYzNIM1ZCOXlDZHdrVG1E
S1UuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1dWWmxfNFhrNUhjM0gzVkI5eUNkd2tUbURLVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Mjc0QTQvRERCRTQyMEEzMEYwMTFFQTk4NTlBRTUzQzRGOUFFMDIvMTQwRDUyRjI4
NTRCMTFFQUFDQjJGRTM5QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwVgYIKwYBBQUHAQcBAf8E
RzBFMDIEAgABMCwwDAMEAD0QMwMEAD0QNAMEAD0QNwMEAD0QZQMEAD0QaQMEAD0Q
bgMEAD0QdzAPBAIAAjAJAwcAJAeYgIEBMA0GCSqGSIb3DQEBCwUAA4IBAQCwtdVg
HTW6DZvmsgkEmkg2Al90Vb4N2pAYiNQJb45RxkHE/bZgAfV33E/iAMeAnIeMKTOz
hTjsFJ92zz0kNyNYOYF5Lr4jGmAXVLykqs6hYFsIK7ap3zZYSmFEkEbDooPjH8Yf
DoD8EdePapl+BA9VVAWyYRWe984hY1lDE7iMNTN0edUa6nD3j1DThZPe34fVWzRC
fGgLipn+QzdxtHg2UIPfOePm69jpZzdkak9nU3wEM6cm1BdwhHffIL32q2neMTgr
UZehu0bMKgJEzIN2EEkSSwPTakC8gk8E8t7TWkAzZYrQZ8s2n8UmpNtdMk2FB7F3
sMIGPST7AdR2pSye
-----END CERTIFICATE-----
Generated at Wed Jun 12 22:38:22 2024 by rpki-client on console-fra.rpki-client.org