Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9134172/597612649E4D11EA9C23AF1FC4F9AE02/432BA1EC4D9011EC868F7186C4F9AE02.roa
File:                     432BA1EC4D9011EC868F7186C4F9AE02.roa (raw, json)
Hash identifier:          njiA97BWiRk9sCmTbQIlp3Ri+tWF0C8maPKeLAkzd1A=
Subject key identifier:   CE:8A:73:E2:0A:A7:EE:58:B2:A4:5C:C4:D2:34:68:94:A1:2F:3D:4A
Certificate issuer:       /CN=A9134172/serialNumber=F45C0F4F467CE1576E5EE9E41E5576F0348C46A7
Certificate serial:       0918
Authority key identifier: F4:5C:0F:4F:46:7C:E1:57:6E:5E:E9:E4:1E:55:76:F0:34:8C:46:A7
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/9FwPT0Z84VduXunkHlV28DSMRqc.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9134172/597612649E4D11EA9C23AF1FC4F9AE02/432BA1EC4D9011EC868F7186C4F9AE02.roa
Signing time:             Thu 04 Apr 2024 22:00:33 +0000
ROA not before:           Thu 04 Apr 2024 22:00:33 +0000
ROA not after:            Wed 28 May 2025 00:00:00 +0000
asID:                     142267
IP address blocks:        203.168.224.0/23 maxlen: 24
                          203.168.226.0/23 maxlen: 24
                          203.168.228.0/22 maxlen: 24
                          203.168.232.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9134172/597612649E4D11EA9C23AF1FC4F9AE02/9FwPT0Z84VduXunkHlV28DSMRqc.crl
                          rsync://rpki.apnic.net/member_repository/A9134172/597612649E4D11EA9C23AF1FC4F9AE02/9FwPT0Z84VduXunkHlV28DSMRqc.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/9FwPT0Z84VduXunkHlV28DSMRqc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 27 Nov 2024 19:45:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2328 (0x918)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9134172/serialNumber=F45C0F4F467CE1576E5EE9E41E5576F0348C46A7
        Validity
            Not Before: Apr  4 22:00:33 2024 GMT
            Not After : May 28 00:00:00 2025 GMT
        Subject: CN=660f2301-dfd8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:cf:ad:f8:d5:8c:60:37:97:96:e5:4f:f7:31:
                    0d:58:5c:78:ac:ab:d0:6e:ef:b9:4d:9c:b1:00:4c:
                    61:99:ee:de:7a:14:de:f2:0b:4b:e7:3f:64:5a:1c:
                    a5:0c:9a:cf:48:59:2d:c6:3e:5d:14:d2:43:c9:06:
                    4c:33:db:b1:f1:d9:d5:82:3b:bd:e1:17:e6:fd:e6:
                    52:ee:68:42:41:6d:75:75:2a:12:50:78:48:7a:df:
                    75:b0:cf:ca:8e:27:67:0b:d1:a5:64:43:51:68:5f:
                    a8:de:33:3d:54:47:57:06:f6:8b:6b:3d:7b:f1:59:
                    e5:ba:a8:4e:b9:d6:81:5e:2d:3b:af:c2:59:08:5a:
                    92:46:0a:c4:76:d8:83:2e:77:f7:61:db:db:86:a8:
                    95:fd:fd:75:04:0c:0d:34:ec:12:5a:5b:f6:9e:47:
                    5e:95:94:9e:25:52:b3:1e:3f:27:bd:99:1e:b3:6c:
                    25:44:d3:90:e9:71:b5:77:a0:60:12:bf:91:2a:a3:
                    83:cd:74:93:69:95:b1:91:8d:8a:39:f2:41:1d:9f:
                    f2:5b:67:33:0e:e7:70:12:0d:51:65:6c:71:ba:04:
                    14:bb:f2:84:10:4e:0c:ed:4d:1b:19:3a:97:eb:6d:
                    c9:54:61:a0:8f:50:3b:3f:42:52:c5:a6:32:35:ad:
                    24:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:8A:73:E2:0A:A7:EE:58:B2:A4:5C:C4:D2:34:68:94:A1:2F:3D:4A
            X509v3 Authority Key Identifier:
                keyid:F4:5C:0F:4F:46:7C:E1:57:6E:5E:E9:E4:1E:55:76:F0:34:8C:46:A7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9134172/597612649E4D11EA9C23AF1FC4F9AE02/9FwPT0Z84VduXunkHlV28DSMRqc.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/9FwPT0Z84VduXunkHlV28DSMRqc.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9134172/597612649E4D11EA9C23AF1FC4F9AE02/432BA1EC4D9011EC868F7186C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.168.224.0-203.168.233.255

    Signature Algorithm: sha256WithRSAEncryption
         a9:80:5e:aa:68:2c:82:cd:1d:f0:08:80:80:12:05:f1:87:ec:
         6a:97:00:4a:a3:1b:04:96:51:e8:73:36:63:c8:58:f2:08:04:
         d8:4b:2f:69:40:a9:8e:1b:a3:d9:7a:b3:61:64:9d:ec:72:40:
         5c:c5:42:02:c0:d9:0f:1e:9d:54:7a:b2:ec:c8:11:29:70:e9:
         b9:77:c4:60:88:ff:01:30:ab:06:e8:3f:0f:49:09:bb:de:40:
         ab:76:43:3a:cf:1a:b1:e5:56:45:14:25:33:81:bd:05:d2:9c:
         04:e4:6b:e7:c1:77:f2:40:d0:73:a1:7e:66:44:7a:20:13:e4:
         39:c7:c9:22:fd:32:e8:96:0c:de:fc:68:bf:a2:21:ff:e9:1e:
         47:57:6d:e5:78:35:6b:91:37:14:d1:86:4f:fd:98:13:f7:71:
         08:6b:a0:fe:d3:6e:2c:57:4b:9c:92:9f:32:35:4e:98:af:bc:
         50:17:01:87:49:97:09:a8:3a:ea:0b:47:c8:b8:88:a2:80:92:
         a2:4e:48:05:a8:c9:fd:ee:b9:99:c7:f0:4f:12:f9:bd:ba:21:
         92:d8:04:e9:2b:b6:3c:93:48:81:b8:36:02:bd:af:bc:27:21:
         88:35:e4:3d:7e:ae:a6:b0:8c:e2:ea:09:63:21:78:cb:ae:13:
         56:c1:8a:78
-----BEGIN CERTIFICATE-----
MIIFeTCCBGGgAwIBAgICCRgwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MzQxNzIxMTAvBgNVBAUTKEY0NUMwRjRGNDY3Q0UxNTc2RTVFRTlFNDFFNTU3NkYw
MzQ4QzQ2QTcwHhcNMjQwNDA0MjIwMDMzWhcNMjUwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02NjBmMjMwMS1kZmQ4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA3M+t+NWMYDeXluVP9zENWFx4rKvQbu+5TZyxAExhme7eehTe8gtL5z9kWhyl
DJrPSFktxj5dFNJDyQZMM9ux8dnVgju94Rfm/eZS7mhCQW11dSoSUHhIet91sM/K
jidnC9GlZENRaF+o3jM9VEdXBvaLaz178VnluqhOudaBXi07r8JZCFqSRgrEdtiD
Lnf3YdvbhqiV/f11BAwNNOwSWlv2nkdelZSeJVKzHj8nvZkes2wlRNOQ6XG1d6Bg
Er+RKqODzXSTaZWxkY2KOfJBHZ/yW2czDudwEg1RZWxxugQUu/KEEE4M7U0bGTqX
623JVGGgj1A7P0JSxaYyNa0kTQIDAQABo4ICnTCCApkwHQYDVR0OBBYEFM6Kc+IK
p+5YsqRcxNI0aJShLz1KMB8GA1UdIwQYMBaAFPRcD09GfOFXbl7p5B5VdvA0jEan
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEzNDE3Mi81OTc2MTI2NDlF
NEQxMUVBOUMyM0FGMUZDNEY5QUUwMi85RndQVDBaODRWZHVYdW5rSGxWMjhEU01S
cWMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzlGd1BUMFo4NFZkdVh1bmtIbFYyOERTTVJxYy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MzQxNzIvNTk3NjEyNjQ5RTREMTFFQTlDMjNBRjFGQzRGOUFFMDIvNDMyQkExRUM0
RDkwMTFFQzg2OEY3MTg2QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJwYIKwYBBQUHAQcBAf8E
GDAWMBQEAgABMA4wDAMEBcuo4AMEAcuo6DANBgkqhkiG9w0BAQsFAAOCAQEAqYBe
qmgsgs0d8AiAgBIF8YfsapcASqMbBJZR6HM2Y8hY8ggE2EsvaUCpjhuj2XqzYWSd
7HJAXMVCAsDZDx6dVHqy7MgRKXDpuXfEYIj/ATCrBug/D0kJu95Aq3ZDOs8aseVW
RRQlM4G9BdKcBORr58F38kDQc6F+ZkR6IBPkOcfJIv0y6JYM3vxov6Ih/+keR1dt
5Xg1a5E3FNGGT/2YE/dxCGug/tNuLFdLnJKfMjVOmK+8UBcBh0mXCag66gtHyLiI
ooCSok5IBajJ/e65mcfwTxL5vbohktgE6Su2PJNIgbg2Ar2vvCchiDXkPX6uprCM
4uoJYyF4y64TVsGKeA==
-----END CERTIFICATE-----
Generated at Wed Nov 20 21:34:46 2024 by rpki-client on console-ams.rpki-client.org