Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A912F387/FE4D78E2B5C111EE95B58341C4F9AE02/FCA046066C8611EFBF35D221C4F9AE02.roa
File:                     FCA046066C8611EFBF35D221C4F9AE02.roa (raw, json)
Hash identifier:          XHMOruIuotrAORNoRDyzc4wQnaHhlyXVenycmcJNbBM=
Subject key identifier:   60:AA:D7:5D:57:2A:0A:7A:AF:19:E5:D9:ED:64:38:8E:13:9A:BF:DA
Certificate issuer:       /CN=A912F387/serialNumber=28188C16EEC90742717278C289CF82F504F25AA9
Certificate serial:       80
Authority key identifier: 28:18:8C:16:EE:C9:07:42:71:72:78:C2:89:CF:82:F5:04:F2:5A:A9
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/KBiMFu7JB0JxcnjCic-C9QTyWqk.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A912F387/FE4D78E2B5C111EE95B58341C4F9AE02/FCA046066C8611EFBF35D221C4F9AE02.roa
Signing time:             Fri 06 Sep 2024 19:34:09 +0000
ROA not before:           Fri 06 Sep 2024 19:34:09 +0000
ROA not after:            Sun 02 Mar 2025 00:00:00 +0000
asID:                     45691
IP address blocks:        157.10.209.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A912F387/FE4D78E2B5C111EE95B58341C4F9AE02/KBiMFu7JB0JxcnjCic-C9QTyWqk.crl
                          rsync://rpki.apnic.net/member_repository/A912F387/FE4D78E2B5C111EE95B58341C4F9AE02/KBiMFu7JB0JxcnjCic-C9QTyWqk.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/KBiMFu7JB0JxcnjCic-C9QTyWqk.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 16 Nov 2024 02:50:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 128 (0x80)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A912F387/serialNumber=28188C16EEC90742717278C289CF82F504F25AA9
        Validity
            Not Before: Sep  6 19:34:09 2024 GMT
            Not After : Mar  2 00:00:00 2025 GMT
        Subject: CN=66db5931-e98b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:de:99:0a:4b:ac:f9:0c:2b:df:61:00:2b:f1:9d:
                    98:0e:d9:47:b3:1b:e5:c8:cd:20:20:5b:f0:e1:69:
                    86:62:49:fd:a7:3a:35:bc:e0:67:3e:c2:90:d1:63:
                    45:39:c2:a6:03:f2:29:e3:3a:1b:78:c0:f8:6c:9a:
                    6b:0a:60:e5:49:03:11:51:54:cf:20:72:7d:9f:1e:
                    37:0b:53:19:f1:d9:5f:25:a2:cb:d8:08:6a:39:44:
                    b9:27:82:ed:b5:b3:9c:f8:ef:ae:f6:82:2e:03:18:
                    81:79:0d:bb:20:18:1f:fb:da:56:bb:42:1b:3a:3e:
                    3f:3e:f5:10:3c:33:0c:dd:3f:1e:90:fd:45:5c:d1:
                    92:24:03:19:61:e8:86:7e:3b:2f:e6:09:21:19:75:
                    58:5f:65:e3:fa:eb:0d:43:5d:38:d6:bd:40:d0:c8:
                    ee:0e:bf:3f:1a:57:19:11:72:1e:8f:48:85:8b:ed:
                    5e:82:f6:a6:75:ad:25:ba:83:e5:e6:dd:ba:bd:e9:
                    ab:90:1a:b5:a4:92:a4:3d:4b:72:2a:5e:66:67:ae:
                    35:5c:96:96:eb:bc:53:49:46:e4:c4:fe:58:03:7e:
                    70:57:a7:14:9a:36:a9:7d:e0:44:06:62:55:8b:2c:
                    71:38:20:16:27:74:f4:98:56:9a:f0:ee:7c:bd:60:
                    c9:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:AA:D7:5D:57:2A:0A:7A:AF:19:E5:D9:ED:64:38:8E:13:9A:BF:DA
            X509v3 Authority Key Identifier:
                keyid:28:18:8C:16:EE:C9:07:42:71:72:78:C2:89:CF:82:F5:04:F2:5A:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A912F387/FE4D78E2B5C111EE95B58341C4F9AE02/KBiMFu7JB0JxcnjCic-C9QTyWqk.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/KBiMFu7JB0JxcnjCic-C9QTyWqk.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A912F387/FE4D78E2B5C111EE95B58341C4F9AE02/FCA046066C8611EFBF35D221C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.10.209.0/24

    Signature Algorithm: sha256WithRSAEncryption
         37:93:cd:66:a0:75:15:fa:b9:43:8d:06:6c:57:aa:d8:17:ff:
         a0:10:fe:9f:76:5e:43:63:d8:64:02:81:b8:ae:22:52:75:ec:
         6a:bc:89:d7:cd:33:6c:02:88:2a:0c:8a:b7:84:16:96:bd:20:
         da:5b:04:01:7b:a5:87:fd:e3:9f:1b:aa:13:5f:47:52:16:a3:
         5a:97:e8:f3:d3:22:26:b1:60:78:f3:fd:8b:14:ad:09:7e:0c:
         05:fe:10:a1:cf:c2:7a:66:03:8d:ec:f0:b8:c7:6e:ad:d8:48:
         8b:bb:b4:ba:ed:bc:86:7e:29:99:75:1b:7f:ab:fc:a3:cc:3a:
         36:7d:4d:48:66:8a:0e:7f:b5:9f:de:95:e5:ff:4e:ae:2c:b0:
         e9:17:04:b2:15:07:8b:a5:54:19:0f:21:0b:c0:23:00:2c:41:
         29:df:d8:99:b5:7c:c3:b7:4e:cf:7a:36:d8:ef:e3:6e:ef:61:
         b4:12:25:b2:dd:72:ce:5e:06:d3:19:3b:e1:fc:54:61:f0:2a:
         9b:98:81:96:9a:35:7e:7f:d4:45:49:b5:ce:1e:76:26:d5:d2:
         1e:87:76:72:dd:61:b4:da:98:24:6c:04:2e:85:13:8a:6a:ea:
         2f:d5:70:a8:66:8d:47:16:16:23:9d:9a:d4:c2:c0:df:1c:d7:
         39:89:cd:1e
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICAIAwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MkYzODcxMTAvBgNVBAUTKDI4MTg4QzE2RUVDOTA3NDI3MTcyNzhDMjg5Q0Y4MkY1
MDRGMjVBQTkwHhcNMjQwOTA2MTkzNDA5WhcNMjUwMzAyMDAwMDAwWjAYMRYwFAYD
VQQDEw02NmRiNTkzMS1lOThiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA3pkKS6z5DCvfYQAr8Z2YDtlHsxvlyM0gIFvw4WmGYkn9pzo1vOBnPsKQ0WNF
OcKmA/Ip4zobeMD4bJprCmDlSQMRUVTPIHJ9nx43C1MZ8dlfJaLL2AhqOUS5J4Lt
tbOc+O+u9oIuAxiBeQ27IBgf+9pWu0IbOj4/PvUQPDMM3T8ekP1FXNGSJAMZYeiG
fjsv5gkhGXVYX2Xj+usNQ1041r1A0MjuDr8/GlcZEXIej0iFi+1egvamda0luoPl
5t26vemrkBq1pJKkPUtyKl5mZ641XJaW67xTSUbkxP5YA35wV6cUmjapfeBEBmJV
iyxxOCAWJ3T0mFaa8O58vWDJNQIDAQABo4IClTCCApEwHQYDVR0OBBYEFGCq111X
Kgp6rxnl2e1kOI4Tmr/aMB8GA1UdIwQYMBaAFCgYjBbuyQdCcXJ4wonPgvUE8lqp
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEyRjM4Ny9GRTRENzhFMkI1
QzExMUVFOTVCNTgzNDFDNEY5QUUwMi9LQmlNRnU3SkIwSnhjbmpDaWMtQzlRVHlX
cWsuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL0tCaU1GdTdKQjBKeGNuakNpYy1DOVFUeVdxay5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MkYzODcvRkU0RDc4RTJCNUMxMTFFRTk1QjU4MzQxQzRGOUFFMDIvRkNBMDQ2MDY2
Qzg2MTFFRkJGMzVEMjIxQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBACdCtEwDQYJKoZIhvcNAQELBQADggEBADeTzWagdRX6uUON
BmxXqtgX/6AQ/p92XkNj2GQCgbiuIlJ17Gq8idfNM2wCiCoMireEFpa9INpbBAF7
pYf9458bqhNfR1IWo1qX6PPTIiaxYHjz/YsUrQl+DAX+EKHPwnpmA43s8LjHbq3Y
SIu7tLrtvIZ+KZl1G3+r/KPMOjZ9TUhmig5/tZ/eleX/Tq4ssOkXBLIVB4ulVBkP
IQvAIwAsQSnf2Jm1fMO3Ts96Ntjv427vYbQSJbLdcs5eBtMZO+H8VGHwKpuYgZaa
NX5/1EVJtc4edibV0h6HdnLdYbTamCRsBC6FE4pq6i/VcKhmjUcWFiOdmtTCwN8c
1zmJzR4=
-----END CERTIFICATE-----
Generated at Sat Nov 9 08:09:48 2024 by rpki-client on console-ams.rpki-client.org