Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9134172/597612649E4D11EA9C23AF1FC4F9AE02/427B2B004D9011EC868F7186C4F9AE02.roa
File:                     427B2B004D9011EC868F7186C4F9AE02.roa (raw, json)
Hash identifier:          W8YD4NILN4jZ4zT3Ts5ZoeGXLqY7F//K8ltaA9jHjjY=
Subject key identifier:   E2:77:85:B6:A1:E8:74:8E:8C:00:7F:02:60:AE:BA:00:A7:7D:23:2D
Certificate issuer:       /CN=A9134172/serialNumber=F45C0F4F467CE1576E5EE9E41E5576F0348C46A7
Certificate serial:       084B
Authority key identifier: F4:5C:0F:4F:46:7C:E1:57:6E:5E:E9:E4:1E:55:76:F0:34:8C:46:A7
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/9FwPT0Z84VduXunkHlV28DSMRqc.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9134172/597612649E4D11EA9C23AF1FC4F9AE02/427B2B004D9011EC868F7186C4F9AE02.roa
Signing time:             Sun 02 Apr 2023 22:29:01 +0000
ROA not before:           Sun 02 Apr 2023 22:29:01 +0000
ROA not after:            Wed 29 May 2024 00:00:00 +0000
asID:                     140570
IP address blocks:        203.168.224.0/23 maxlen: 24
                          203.168.226.0/23 maxlen: 24
                          203.168.228.0/22 maxlen: 24
                          203.168.232.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9134172/597612649E4D11EA9C23AF1FC4F9AE02/9FwPT0Z84VduXunkHlV28DSMRqc.crl
                          rsync://rpki.apnic.net/member_repository/A9134172/597612649E4D11EA9C23AF1FC4F9AE02/9FwPT0Z84VduXunkHlV28DSMRqc.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/9FwPT0Z84VduXunkHlV28DSMRqc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 04 Apr 2024 21:35:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2123 (0x84b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9134172/serialNumber=F45C0F4F467CE1576E5EE9E41E5576F0348C46A7
        Validity
            Not Before: Apr  2 22:29:01 2023 GMT
            Not After : May 29 00:00:00 2024 GMT
        Subject: CN=642a01ac-fc5b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:b6:0b:e5:21:37:35:b9:0e:b1:79:80:37:6e:
                    39:32:8a:5a:25:3f:18:a7:c4:ad:ec:b3:c6:f5:75:
                    60:92:41:6d:82:22:92:12:33:6f:51:09:1f:56:0f:
                    16:76:4e:c3:f4:4b:da:f4:5e:3d:a4:0d:3e:e4:84:
                    f9:d1:da:08:15:13:8a:7b:1a:20:1b:70:22:c6:2b:
                    92:a1:e9:42:7b:df:de:37:c8:e9:8c:56:60:5b:b2:
                    34:2b:16:2d:35:7f:c7:b8:88:fb:a1:ec:e3:51:ac:
                    6f:99:6f:0b:0a:36:32:2f:ac:79:6a:ff:5d:90:52:
                    af:fe:2d:4f:bd:c8:ef:ad:3f:d4:28:83:b9:b8:54:
                    78:cc:5c:09:c4:8e:0a:11:11:0b:a7:11:89:5e:fd:
                    bf:b6:ea:26:d7:79:bf:67:b7:61:2f:c9:93:32:53:
                    c6:8f:af:cc:10:76:20:e4:b3:3b:2b:39:a1:91:fa:
                    f4:51:62:eb:37:95:ef:09:78:a3:fd:55:12:1b:9d:
                    9d:c4:da:02:fc:2c:d0:e7:a4:61:0d:1b:24:3e:b1:
                    61:d7:84:46:5e:2b:50:6d:f5:35:99:77:26:30:94:
                    a1:b8:c0:39:a0:87:4e:1d:87:d5:97:66:8f:af:76:
                    83:ad:87:51:64:60:5e:43:af:68:45:b1:da:35:3f:
                    5d:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:77:85:B6:A1:E8:74:8E:8C:00:7F:02:60:AE:BA:00:A7:7D:23:2D
            X509v3 Authority Key Identifier:
                keyid:F4:5C:0F:4F:46:7C:E1:57:6E:5E:E9:E4:1E:55:76:F0:34:8C:46:A7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9134172/597612649E4D11EA9C23AF1FC4F9AE02/9FwPT0Z84VduXunkHlV28DSMRqc.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/9FwPT0Z84VduXunkHlV28DSMRqc.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9134172/597612649E4D11EA9C23AF1FC4F9AE02/427B2B004D9011EC868F7186C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.168.224.0-203.168.233.255

    Signature Algorithm: sha256WithRSAEncryption
         86:02:94:84:00:9e:65:76:83:bc:61:0f:1d:34:a4:15:02:2c:
         d6:92:d3:83:fb:82:8f:d6:8b:0f:ca:bf:5a:c6:3e:b0:5c:8a:
         8e:72:b1:7e:97:a1:61:57:ff:bf:77:a8:13:7f:ab:f3:ee:04:
         90:89:6e:5d:ed:9a:5b:fb:eb:85:99:91:09:8c:be:d8:14:c0:
         80:0c:ce:5a:14:2f:49:94:6d:e6:b6:0e:ad:23:d5:e7:03:0a:
         97:ea:0d:5a:e1:9a:11:5d:9b:3e:22:a5:38:69:53:83:be:25:
         3b:44:29:c5:be:ba:a9:b6:54:43:88:aa:e5:c8:20:ad:b5:e3:
         5e:69:14:fc:b3:4a:88:22:13:dd:3e:1e:75:95:b3:8e:2e:1f:
         46:61:9f:d4:7d:2a:a0:66:26:70:d9:35:88:f7:b8:f1:3d:35:
         8d:c6:6a:d3:69:38:89:50:f0:1f:8e:e8:7e:38:2e:61:9a:d3:
         6e:14:cb:3f:2c:02:06:ec:df:47:2a:45:a8:72:8c:25:8c:c7:
         54:c5:88:81:26:33:75:06:97:42:7b:72:75:18:88:17:b1:24:
         81:da:10:6b:ff:e4:42:47:3f:05:4c:81:79:11:39:e1:b5:6e:
         0c:1d:ae:a6:12:e4:c1:99:8b:3b:63:84:ff:8c:ad:31:ac:63:
         b3:3b:d3:2d
-----BEGIN CERTIFICATE-----
MIIFeTCCBGGgAwIBAgICCEswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MzQxNzIxMTAvBgNVBAUTKEY0NUMwRjRGNDY3Q0UxNTc2RTVFRTlFNDFFNTU3NkYw
MzQ4QzQ2QTcwHhcNMjMwNDAyMjIyOTAxWhcNMjQwNTI5MDAwMDAwWjAYMRYwFAYD
VQQDEw02NDJhMDFhYy1mYzViMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAubYL5SE3NbkOsXmAN245MopaJT8Yp8St7LPG9XVgkkFtgiKSEjNvUQkfVg8W
dk7D9Eva9F49pA0+5IT50doIFROKexogG3AixiuSoelCe9/eN8jpjFZgW7I0KxYt
NX/HuIj7oezjUaxvmW8LCjYyL6x5av9dkFKv/i1PvcjvrT/UKIO5uFR4zFwJxI4K
ERELpxGJXv2/tuom13m/Z7dhL8mTMlPGj6/MEHYg5LM7Kzmhkfr0UWLrN5XvCXij
/VUSG52dxNoC/CzQ56RhDRskPrFh14RGXitQbfU1mXcmMJShuMA5oIdOHYfVl2aP
r3aDrYdRZGBeQ69oRbHaNT9d1wIDAQABo4ICnTCCApkwHQYDVR0OBBYEFOJ3hbah
6HSOjAB/AmCuugCnfSMtMB8GA1UdIwQYMBaAFPRcD09GfOFXbl7p5B5VdvA0jEan
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEzNDE3Mi81OTc2MTI2NDlF
NEQxMUVBOUMyM0FGMUZDNEY5QUUwMi85RndQVDBaODRWZHVYdW5rSGxWMjhEU01S
cWMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzlGd1BUMFo4NFZkdVh1bmtIbFYyOERTTVJxYy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MzQxNzIvNTk3NjEyNjQ5RTREMTFFQTlDMjNBRjFGQzRGOUFFMDIvNDI3QjJCMDA0
RDkwMTFFQzg2OEY3MTg2QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJwYIKwYBBQUHAQcBAf8E
GDAWMBQEAgABMA4wDAMEBcuo4AMEAcuo6DANBgkqhkiG9w0BAQsFAAOCAQEAhgKU
hACeZXaDvGEPHTSkFQIs1pLTg/uCj9aLD8q/WsY+sFyKjnKxfpehYVf/v3eoE3+r
8+4EkIluXe2aW/vrhZmRCYy+2BTAgAzOWhQvSZRt5rYOrSPV5wMKl+oNWuGaEV2b
PiKlOGlTg74lO0Qpxb66qbZUQ4iq5cggrbXjXmkU/LNKiCIT3T4edZWzji4fRmGf
1H0qoGYmcNk1iPe48T01jcZq02k4iVDwH47ofjguYZrTbhTLPywCBuzfRypFqHKM
JYzHVMWIgSYzdQaXQntydRiIF7EkgdoQa//kQkc/BUyBeRE54bVuDB2uphLkwZmL
O2OE/4ytMaxjszvTLQ==
-----END CERTIFICATE-----
Generated at Thu Mar 28 22:55:53 2024 by rpki-client on console-ams.rpki-client.org