Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A913150F/57719854D13311EEAA20DC84C4F9AE02/BAFF9DF8D13311EEB88A8D85C4F9AE02.roa
File:                     BAFF9DF8D13311EEB88A8D85C4F9AE02.roa (raw, json)
Hash identifier:          jsPnxeM/1ccjB+l/UFdQlnJ1k8qZgj2xXeNtEyTuulI=
Subject key identifier:   51:D2:40:A4:7A:AD:DE:B0:D4:0C:72:3C:4F:A5:D6:9A:C5:FB:A3:4D
Certificate issuer:       /CN=A913150F/serialNumber=663F4D5FC8270A4420FE1E61F91ADFA837FF1EE4
Certificate serial:       02
Authority key identifier: 66:3F:4D:5F:C8:27:0A:44:20:FE:1E:61:F9:1A:DF:A8:37:FF:1E:E4
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Zj9NX8gnCkQg_h5h-RrfqDf_HuQ.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A913150F/57719854D13311EEAA20DC84C4F9AE02/BAFF9DF8D13311EEB88A8D85C4F9AE02.roa
Signing time:             Thu 22 Feb 2024 03:37:41 +0000
ROA not before:           Thu 22 Feb 2024 03:37:41 +0000
ROA not after:            Mon 31 Mar 2025 00:00:00 +0000
asID:                     131164
IP address blocks:        112.78.52.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A913150F/57719854D13311EEAA20DC84C4F9AE02/Zj9NX8gnCkQg_h5h-RrfqDf_HuQ.crl
                          rsync://rpki.apnic.net/member_repository/A913150F/57719854D13311EEAA20DC84C4F9AE02/Zj9NX8gnCkQg_h5h-RrfqDf_HuQ.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Zj9NX8gnCkQg_h5h-RrfqDf_HuQ.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 20 Jun 2024 07:03:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A913150F/serialNumber=663F4D5FC8270A4420FE1E61F91ADFA837FF1EE4
        Validity
            Not Before: Feb 22 03:37:41 2024 GMT
            Not After : Mar 31 00:00:00 2025 GMT
        Subject: CN=65d6c184-cd2b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:12:21:8c:f3:09:1a:1b:c1:6c:6f:c0:07:a5:
                    c8:80:42:aa:e8:a2:3e:5b:a6:6c:c0:08:1d:d5:ea:
                    ea:c9:ff:3f:9e:6c:72:e5:a5:7a:b4:b3:3d:e3:f6:
                    5b:a4:2d:84:a1:b1:73:8b:ae:f0:f9:35:b2:0e:e4:
                    58:d2:3b:a9:dd:d3:14:19:e3:7e:7c:2a:a1:13:a6:
                    d6:e4:ff:3c:e4:0e:5e:40:a6:5f:6b:6d:d1:93:6c:
                    63:05:08:96:c3:01:cb:e5:18:5d:8e:06:19:04:b3:
                    dd:77:a1:48:f1:8c:78:ad:bd:a5:ce:7e:90:dd:c5:
                    3a:a6:d8:8e:74:5d:6d:5a:3b:23:37:1a:f4:d3:41:
                    01:08:f9:f4:17:5d:58:a6:46:d3:10:40:02:83:fd:
                    87:7f:28:00:e7:0a:eb:d7:fc:7b:47:be:42:c0:76:
                    c7:b1:b2:99:f2:7b:e5:8c:d8:b1:3f:57:31:8c:7d:
                    ec:49:37:01:8a:91:cb:aa:8f:f6:a8:ca:a1:07:3c:
                    58:ad:e2:5b:1c:1b:07:9f:27:38:c5:81:88:ba:22:
                    b4:ff:36:d6:64:f6:84:2e:99:27:c5:9a:8f:20:63:
                    77:d2:78:87:ab:09:e5:fe:9a:e8:6e:56:6a:1f:d2:
                    34:25:ff:db:4d:b0:41:6f:38:a8:30:15:e7:ac:f2:
                    48:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:D2:40:A4:7A:AD:DE:B0:D4:0C:72:3C:4F:A5:D6:9A:C5:FB:A3:4D
            X509v3 Authority Key Identifier:
                keyid:66:3F:4D:5F:C8:27:0A:44:20:FE:1E:61:F9:1A:DF:A8:37:FF:1E:E4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A913150F/57719854D13311EEAA20DC84C4F9AE02/Zj9NX8gnCkQg_h5h-RrfqDf_HuQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Zj9NX8gnCkQg_h5h-RrfqDf_HuQ.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A913150F/57719854D13311EEAA20DC84C4F9AE02/BAFF9DF8D13311EEB88A8D85C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  112.78.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         09:ee:02:f5:8e:c8:9e:7e:69:fb:3e:f5:ab:d0:8b:b2:8e:ce:
         5d:28:60:2b:86:15:34:24:e1:c9:87:58:92:5f:54:c4:e1:f3:
         56:7f:5b:72:02:5d:dd:77:cc:88:24:fd:f6:d2:06:52:27:3a:
         92:a2:38:db:12:22:73:9b:93:f7:dd:3a:5f:38:19:ab:12:d6:
         12:99:57:3a:c1:37:e2:f1:bb:5c:99:37:7a:c3:8f:1d:f4:17:
         d2:7b:0d:6c:7e:88:ea:ff:39:60:07:33:a4:9b:25:37:e1:f5:
         1d:93:da:57:17:2f:e2:8a:2c:6a:6f:bc:a7:f9:15:d4:68:48:
         49:ab:f4:02:d0:3a:39:8e:9a:f7:07:e5:8a:c3:f5:66:8a:27:
         04:49:8d:89:73:0a:5d:18:a7:54:3b:70:56:e1:6d:bb:4e:93:
         08:46:ed:9a:00:3e:77:90:89:0e:49:d3:59:fd:63:6a:51:c7:
         77:be:f1:a2:fd:75:d8:f6:5a:2e:1b:34:57:7a:a6:fe:91:89:
         a5:c3:94:52:e8:56:e0:43:33:1c:90:01:6d:81:7a:b6:fe:5a:
         3b:a8:cb:47:81:5e:aa:fd:c6:be:14:b5:0d:c4:24:20:76:33:
         b4:1e:c8:52:e5:e9:4b:1a:1a:06:a9:51:1e:b5:b0:84:87:aa:
         62:8c:e8:80
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgIBAjANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTEz
MTUwRjExMC8GA1UEBRMoNjYzRjRENUZDODI3MEE0NDIwRkUxRTYxRjkxQURGQTgz
N0ZGMUVFNDAeFw0yNDAyMjIwMzM3NDFaFw0yNTAzMzEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY1ZDZjMTg0LWNkMmIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQClEiGM8wkaG8Fsb8AHpciAQqrooj5bpmzACB3V6urJ/z+ebHLlpXq0sz3j9luk
LYShsXOLrvD5NbIO5FjSO6nd0xQZ4358KqETptbk/zzkDl5Apl9rbdGTbGMFCJbD
AcvlGF2OBhkEs913oUjxjHitvaXOfpDdxTqm2I50XW1aOyM3GvTTQQEI+fQXXVim
RtMQQAKD/Yd/KADnCuvX/HtHvkLAdsexspnye+WM2LE/VzGMfexJNwGKkcuqj/ao
yqEHPFit4lscGwefJzjFgYi6IrT/NtZk9oQumSfFmo8gY3fSeIerCeX+muhuVmof
0jQl/9tNsEFvOKgwFees8khlAgMBAAGjggKVMIICkTAdBgNVHQ4EFgQUUdJApHqt
3rDUDHI8T6XWmsX7o00wHwYDVR0jBBgwFoAUZj9NX8gnCkQg/h5h+RrfqDf/HuQw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTMxNTBGLzU3NzE5ODU0RDEz
MzExRUVBQTIwREM4NEM0RjlBRTAyL1pqOU5YOGduQ2tRZ19oNWgtUnJmcURmX0h1
US5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvWmo5Tlg4Z25Da1FnX2g1aC1ScmZxRGZfSHVRLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEz
MTUwRi81NzcxOTg1NEQxMzMxMUVFQUEyMERDODRDNEY5QUUwMi9CQUZGOURGOEQx
MzMxMUVFQjg4QThEODVDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEAnBONDANBgkqhkiG9w0BAQsFAAOCAQEACe4C9Y7Inn5p+z71
q9CLso7OXShgK4YVNCThyYdYkl9UxOHzVn9bcgJd3XfMiCT99tIGUic6kqI42xIi
c5uT9906XzgZqxLWEplXOsE34vG7XJk3esOPHfQX0nsNbH6I6v85YAczpJslN+H1
HZPaVxcv4oosam+8p/kV1GhISav0AtA6OY6a9wflisP1ZoonBEmNiXMKXRinVDtw
VuFtu06TCEbtmgA+d5CJDknTWf1jalHHd77xov112PZaLhs0V3qm/pGJpcOUUuhW
4EMzHJABbYF6tv5aO6jLR4Feqv3GvhS1DcQkIHYztB7IUuXpSxoaBqlRHrWwhIeq
YozogA==
-----END CERTIFICATE-----
Generated at Thu Jun 13 08:42:01 2024 by rpki-client on console-fra.rpki-client.org