Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9132933/F912F69A3EC811EBACF4721FC4F9AE02/F2A90B8C3ECD11EBADC7D32AC4F9AE02.roa
File:                     F2A90B8C3ECD11EBADC7D32AC4F9AE02.roa (raw, json)
Hash identifier:          6ikPRivM9dyX+oWH7lTRKsL9Xko5L5LgnDcsklfd0Jc=
Subject key identifier:   A7:5F:30:29:C9:4E:A4:8A:81:56:CE:91:CE:A9:9C:03:41:EC:38:D8
Certificate issuer:       /CN=A9132933/serialNumber=A7FE128656822F2621A4A0FF956342780798C4F0
Certificate serial:       060D
Authority key identifier: A7:FE:12:86:56:82:2F:26:21:A4:A0:FF:95:63:42:78:07:98:C4:F0
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/p_4ShlaCLyYhpKD_lWNCeAeYxPA.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9132933/F912F69A3EC811EBACF4721FC4F9AE02/F2A90B8C3ECD11EBADC7D32AC4F9AE02.roa
Signing time:             Wed 10 Jan 2024 23:21:33 +0000
ROA not before:           Wed 10 Jan 2024 23:21:33 +0000
ROA not after:            Sun 02 Mar 2025 00:00:00 +0000
asID:                     137060
IP address blocks:        203.17.154.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9132933/F912F69A3EC811EBACF4721FC4F9AE02/p_4ShlaCLyYhpKD_lWNCeAeYxPA.crl
                          rsync://rpki.apnic.net/member_repository/A9132933/F912F69A3EC811EBACF4721FC4F9AE02/p_4ShlaCLyYhpKD_lWNCeAeYxPA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/p_4ShlaCLyYhpKD_lWNCeAeYxPA.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 29 Nov 2024 20:43:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1549 (0x60d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9132933/serialNumber=A7FE128656822F2621A4A0FF956342780798C4F0
        Validity
            Not Before: Jan 10 23:21:33 2024 GMT
            Not After : Mar  2 00:00:00 2025 GMT
        Subject: CN=659f267c-d28e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:c2:3c:f7:fd:16:be:23:d1:63:10:ad:9d:02:
                    44:9c:cd:07:a9:d9:ea:17:6c:e8:a7:9a:a2:5d:58:
                    bb:a0:54:60:f4:71:82:3d:6b:53:e4:00:db:7e:02:
                    c2:f8:45:f0:72:8e:db:be:45:8c:a1:9a:8e:07:e9:
                    f9:be:05:d5:56:42:b3:a0:8f:de:cf:41:a5:4d:e4:
                    22:3b:73:3c:16:05:5c:ff:f2:ea:2f:01:23:9f:c9:
                    c7:40:42:5e:28:35:c5:fc:9e:a4:9c:93:3b:80:11:
                    04:6c:db:24:e3:0a:34:21:03:21:e7:0b:57:83:8f:
                    4d:a9:e3:b4:cb:f0:93:b7:18:1b:90:2c:6a:dd:f3:
                    8b:05:70:64:51:8f:72:81:c7:8a:80:32:ed:59:be:
                    07:9c:90:b4:11:80:55:7a:e0:57:e8:ee:0d:cd:4f:
                    c4:13:97:9c:6a:b4:80:1e:00:b3:5a:05:1d:92:86:
                    9a:bc:8b:0b:78:1e:23:2b:bb:f4:7a:ce:9a:a0:4e:
                    a3:36:38:92:6d:ed:28:f3:26:42:a4:56:7c:82:14:
                    cb:05:2f:a7:5e:72:d2:c9:5e:7b:9d:16:2a:8a:33:
                    5c:75:34:0c:8c:8b:35:c0:82:16:fc:98:b0:33:82:
                    82:8a:a4:16:a5:85:77:ab:51:27:8f:92:05:57:15:
                    f7:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:5F:30:29:C9:4E:A4:8A:81:56:CE:91:CE:A9:9C:03:41:EC:38:D8
            X509v3 Authority Key Identifier:
                keyid:A7:FE:12:86:56:82:2F:26:21:A4:A0:FF:95:63:42:78:07:98:C4:F0

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9132933/F912F69A3EC811EBACF4721FC4F9AE02/p_4ShlaCLyYhpKD_lWNCeAeYxPA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/p_4ShlaCLyYhpKD_lWNCeAeYxPA.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9132933/F912F69A3EC811EBACF4721FC4F9AE02/F2A90B8C3ECD11EBADC7D32AC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.17.154.0/24

    Signature Algorithm: sha256WithRSAEncryption
         01:7d:95:8d:71:d9:d7:f1:77:ed:a2:98:c1:e6:3b:42:10:d6:
         7d:a2:17:bd:16:43:16:c8:5b:0a:c5:48:fe:8e:78:9a:c9:d5:
         77:15:22:4e:85:07:a3:41:94:b8:2d:10:35:63:50:04:0d:36:
         5d:4a:10:6a:8b:d9:13:e3:3c:84:f2:e6:b7:06:b1:6e:5b:32:
         e1:05:c0:8d:5e:3a:bc:ca:cc:34:4c:23:cc:34:e0:c3:60:f9:
         f8:d7:e1:8d:33:d1:85:69:48:6d:cc:6c:2a:5b:e2:94:10:64:
         7e:b7:87:5b:81:93:7d:57:01:50:fc:8f:d6:b4:a8:c1:44:3f:
         db:6e:85:db:29:a8:bc:6b:91:3d:17:c1:c0:7d:54:22:07:ae:
         f7:3b:ed:15:4e:e6:fe:78:5e:00:56:e4:e5:77:a8:87:04:cd:
         44:80:ed:58:91:40:f6:a1:de:2a:1d:11:13:1c:b3:cd:1a:3c:
         e9:9e:c3:48:5a:2d:01:cb:05:5b:90:38:1f:9a:c7:29:ce:4b:
         60:5c:0c:06:b6:ad:6e:4a:9a:2f:9c:25:f2:17:df:b0:25:81:
         f8:0e:70:ff:18:e1:87:7b:1b:34:ac:ef:ee:82:73:26:10:58:
         0f:78:d3:aa:f5:6d:f4:cf:71:67:61:83:e5:86:6c:5b:30:4d:
         7c:84:4d:05
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICBg0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MzI5MzMxMTAvBgNVBAUTKEE3RkUxMjg2NTY4MjJGMjYyMUE0QTBGRjk1NjM0Mjc4
MDc5OEM0RjAwHhcNMjQwMTEwMjMyMTMzWhcNMjUwMzAyMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTlmMjY3Yy1kMjhlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA2sI89/0WviPRYxCtnQJEnM0HqdnqF2zop5qiXVi7oFRg9HGCPWtT5ADbfgLC
+EXwco7bvkWMoZqOB+n5vgXVVkKzoI/ez0GlTeQiO3M8FgVc//LqLwEjn8nHQEJe
KDXF/J6knJM7gBEEbNsk4wo0IQMh5wtXg49NqeO0y/CTtxgbkCxq3fOLBXBkUY9y
gceKgDLtWb4HnJC0EYBVeuBX6O4NzU/EE5ecarSAHgCzWgUdkoaavIsLeB4jK7v0
es6aoE6jNjiSbe0o8yZCpFZ8ghTLBS+nXnLSyV57nRYqijNcdTQMjIs1wIIW/Jiw
M4KCiqQWpYV3q1Enj5IFVxX3UwIDAQABo4IClTCCApEwHQYDVR0OBBYEFKdfMCnJ
TqSKgVbOkc6pnANB7DjYMB8GA1UdIwQYMBaAFKf+EoZWgi8mIaSg/5VjQngHmMTw
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEzMjkzMy9GOTEyRjY5QTNF
QzgxMUVCQUNGNDcyMUZDNEY5QUUwMi9wXzRTaGxhQ0x5WWhwS0RfbFdOQ2VBZVl4
UEEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3BfNFNobGFDTHlZaHBLRF9sV05DZUFlWXhQQS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MzI5MzMvRjkxMkY2OUEzRUM4MTFFQkFDRjQ3MjFGQzRGOUFFMDIvRjJBOTBCOEMz
RUNEMTFFQkFEQzdEMzJBQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADLEZowDQYJKoZIhvcNAQELBQADggEBAAF9lY1x2dfxd+2i
mMHmO0IQ1n2iF70WQxbIWwrFSP6OeJrJ1XcVIk6FB6NBlLgtEDVjUAQNNl1KEGqL
2RPjPITy5rcGsW5bMuEFwI1eOrzKzDRMI8w04MNg+fjX4Y0z0YVpSG3MbCpb4pQQ
ZH63h1uBk31XAVD8j9a0qMFEP9tuhdspqLxrkT0XwcB9VCIHrvc77RVO5v54XgBW
5OV3qIcEzUSA7ViRQPah3iodERMcs80aPOmew0haLQHLBVuQOB+axynOS2BcDAa2
rW5Kmi+cJfIX37AlgfgOcP8Y4Yd7GzSs7+6CcyYQWA9406r1bfTPcWdhg+WGbFsw
TXyETQU=
-----END CERTIFICATE-----
Generated at Sat Nov 23 00:08:37 2024 by rpki-client on console-ams.rpki-client.org