Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A913664F/1E0854AEDD7D11ED91A0464DC4F9AE02/B1E75D08DD7F11ED815F9B4DC4F9AE02.roa
File:                     B1E75D08DD7F11ED815F9B4DC4F9AE02.roa (raw, json)
Hash identifier:          Yu3UrIGm35Zj+3lv+2Sj6dxw3q39HxDRuqEhEHLo2EE=
Subject key identifier:   C0:59:18:53:C9:E2:4E:C8:35:8A:2D:4F:F2:03:BC:F9:19:69:8B:A2
Certificate issuer:       /CN=A913664F/serialNumber=D9902C4E9472C7AD5082812FA7D077146AB7CB9C
Certificate serial:       16
Authority key identifier: D9:90:2C:4E:94:72:C7:AD:50:82:81:2F:A7:D0:77:14:6A:B7:CB:9C
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/2ZAsTpRyx61QgoEvp9B3FGq3y5w.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A913664F/1E0854AEDD7D11ED91A0464DC4F9AE02/B1E75D08DD7F11ED815F9B4DC4F9AE02.roa
Signing time:             Fri 05 May 2023 08:27:12 +0000
ROA not before:           Fri 05 May 2023 08:27:12 +0000
ROA not after:            Tue 30 Jul 2024 00:00:00 +0000
asID:                     2914
IP address blocks:        116.197.144.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A913664F/1E0854AEDD7D11ED91A0464DC4F9AE02/2ZAsTpRyx61QgoEvp9B3FGq3y5w.crl
                          rsync://rpki.apnic.net/member_repository/A913664F/1E0854AEDD7D11ED91A0464DC4F9AE02/2ZAsTpRyx61QgoEvp9B3FGq3y5w.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/2ZAsTpRyx61QgoEvp9B3FGq3y5w.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 03 Apr 2024 05:48:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 22 (0x16)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A913664F/serialNumber=D9902C4E9472C7AD5082812FA7D077146AB7CB9C
        Validity
            Not Before: May  5 08:27:12 2023 GMT
            Not After : Jul 30 00:00:00 2024 GMT
        Subject: CN=6454bde0-2501
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:02:5f:95:3b:f1:ed:cc:99:a2:c5:75:0f:95:
                    94:49:65:42:0b:b0:ea:b4:7c:40:93:c4:a1:a2:c8:
                    61:f5:1b:41:91:ff:34:bf:7c:a3:2a:21:6a:36:57:
                    d4:ec:30:99:1d:09:c3:06:dc:e4:39:d6:f5:1e:d7:
                    02:a8:6e:94:3a:9d:dc:b7:f7:71:74:5c:a9:98:61:
                    58:fe:7f:09:39:92:03:cc:41:aa:cb:32:fe:2e:1f:
                    4c:7e:ab:64:fb:cd:2d:44:d1:3a:cc:73:4b:9d:9d:
                    14:f0:0c:28:ee:d9:8b:00:4c:76:e5:51:e9:d7:9b:
                    33:db:b8:7f:c7:15:87:14:c3:6b:c9:49:bf:f6:74:
                    81:7d:78:6f:5a:50:41:62:e0:c4:5f:13:05:a8:cd:
                    8d:13:ef:35:4b:4f:f2:6c:ab:f2:b6:1c:a7:53:f6:
                    32:f8:05:53:7b:a9:03:de:99:48:63:ca:72:5c:bf:
                    e3:25:22:88:f8:72:ba:14:49:6a:ad:d6:d3:0d:89:
                    50:9f:7a:07:f0:9d:1a:14:bc:5c:ba:ad:c7:7a:4c:
                    1a:9d:d9:64:0d:69:c9:9d:56:f6:89:c2:c7:a3:c9:
                    f2:b0:cf:d4:31:bc:7e:9e:70:34:cb:b7:01:62:7b:
                    2a:39:18:d3:be:78:a8:72:41:e4:53:1f:ae:dd:36:
                    68:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C0:59:18:53:C9:E2:4E:C8:35:8A:2D:4F:F2:03:BC:F9:19:69:8B:A2
            X509v3 Authority Key Identifier:
                keyid:D9:90:2C:4E:94:72:C7:AD:50:82:81:2F:A7:D0:77:14:6A:B7:CB:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A913664F/1E0854AEDD7D11ED91A0464DC4F9AE02/2ZAsTpRyx61QgoEvp9B3FGq3y5w.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/2ZAsTpRyx61QgoEvp9B3FGq3y5w.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A913664F/1E0854AEDD7D11ED91A0464DC4F9AE02/B1E75D08DD7F11ED815F9B4DC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  116.197.144.0/22

    Signature Algorithm: sha256WithRSAEncryption
         61:9e:5d:7f:05:77:10:9d:9c:03:04:76:2b:51:37:d8:98:ca:
         57:98:6a:58:7e:bf:87:43:61:f2:6e:f1:fb:07:b8:4f:b7:7e:
         04:de:29:df:1c:e3:c1:d6:4e:83:e6:95:6d:ff:03:c8:48:78:
         08:fc:0d:6b:2e:52:9b:52:96:3a:ff:32:4b:13:e4:bf:75:ce:
         b5:a4:da:68:82:61:bb:65:6a:a3:7d:6b:ae:14:c2:80:ac:70:
         f5:48:4f:c7:27:8b:97:38:e8:98:3e:ed:c7:77:93:01:47:64:
         0a:f8:e6:c2:4a:3c:be:e2:6e:4a:db:e0:5e:f0:0a:c6:82:ed:
         ca:0c:c8:eb:30:25:df:fe:c4:e0:ca:06:9c:2d:39:2a:80:ef:
         bf:77:a9:f5:31:93:42:c7:73:f4:13:1d:f8:35:28:1d:e0:48:
         d1:2c:58:a5:dd:a2:5e:20:1c:85:6d:59:a2:ae:b8:36:38:2b:
         cb:11:a5:ec:7d:92:3d:78:9a:8d:13:57:9a:a5:8c:c3:17:3d:
         cf:59:a5:c2:c3:a7:d8:b9:22:4d:6d:f4:23:53:8b:3b:f7:1e:
         85:f9:ee:8c:f6:e1:c7:90:f7:ee:85:9a:dc:84:14:98:00:12:
         0c:dc:a3:17:49:c2:23:46:b7:6e:c1:70:ea:3f:65:dd:9a:3a:
         3f:43:1e:91
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgIBFjANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTEz
NjY0RjExMC8GA1UEBRMoRDk5MDJDNEU5NDcyQzdBRDUwODI4MTJGQTdEMDc3MTQ2
QUI3Q0I5QzAeFw0yMzA1MDUwODI3MTJaFw0yNDA3MzAwMDAwMDBaMBgxFjAUBgNV
BAMTDTY0NTRiZGUwLTI1MDEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDEAl+VO/HtzJmixXUPlZRJZUILsOq0fECTxKGiyGH1G0GR/zS/fKMqIWo2V9Ts
MJkdCcMG3OQ51vUe1wKobpQ6ndy393F0XKmYYVj+fwk5kgPMQarLMv4uH0x+q2T7
zS1E0TrMc0udnRTwDCju2YsATHblUenXmzPbuH/HFYcUw2vJSb/2dIF9eG9aUEFi
4MRfEwWozY0T7zVLT/Jsq/K2HKdT9jL4BVN7qQPemUhjynJcv+MlIoj4croUSWqt
1tMNiVCfegfwnRoUvFy6rcd6TBqd2WQNacmdVvaJwsejyfKwz9QxvH6ecDTLtwFi
eyo5GNO+eKhyQeRTH67dNmiDAgMBAAGjggKVMIICkTAdBgNVHQ4EFgQUwFkYU8ni
Tsg1ii1P8gO8+Rlpi6IwHwYDVR0jBBgwFoAU2ZAsTpRyx61QgoEvp9B3FGq3y5ww
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTM2NjRGLzFFMDg1NEFFREQ3
RDExRUQ5MUEwNDY0REM0RjlBRTAyLzJaQXNUcFJ5eDYxUWdvRXZwOUIzRkdxM3k1
dy5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvMlpBc1RwUnl4NjFRZ29FdnA5QjNGR3EzeTV3LmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEz
NjY0Ri8xRTA4NTRBRUREN0QxMUVEOTFBMDQ2NERDNEY5QUUwMi9CMUU3NUQwOERE
N0YxMUVEODE1RjlCNERDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEAnTFkDANBgkqhkiG9w0BAQsFAAOCAQEAYZ5dfwV3EJ2cAwR2
K1E32JjKV5hqWH6/h0Nh8m7x+we4T7d+BN4p3xzjwdZOg+aVbf8DyEh4CPwNay5S
m1KWOv8ySxPkv3XOtaTaaIJhu2Vqo31rrhTCgKxw9UhPxyeLlzjomD7tx3eTAUdk
Cvjmwko8vuJuStvgXvAKxoLtygzI6zAl3/7E4MoGnC05KoDvv3ep9TGTQsdz9BMd
+DUoHeBI0SxYpd2iXiAchW1Zoq64NjgryxGl7H2SPXiajRNXmqWMwxc9z1mlwsOn
2LkiTW30I1OLO/cehfnujPbhx5D37oWa3IQUmAASDNyjF0nCI0a3bsFw6j9l3Zo6
P0MekQ==
-----END CERTIFICATE-----
Generated at Wed Mar 27 08:01:24 2024 by rpki-client on console-fra.rpki-client.org