Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A913D30A/B85424F8D49811E9B9474738C4F9AE02/B48F5974897C11EB9D7AE318C4F9AE02.roa
File:                     B48F5974897C11EB9D7AE318C4F9AE02.roa (raw, json)
Hash identifier:          P80+uWRXwvIn4L5xncnAVkiDcuvOM72wP1XIN0RCgfo=
Subject key identifier:   6F:74:42:17:05:E0:F4:D3:82:03:11:26:88:EA:AA:DF:35:A9:D3:71
Certificate issuer:       /CN=A913D30A/serialNumber=EB811B1488B20F12664E648A82624A3050689F25
Certificate serial:       0C65
Authority key identifier: EB:81:1B:14:88:B2:0F:12:66:4E:64:8A:82:62:4A:30:50:68:9F:25
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/64EbFIiyDxJmTmSKgmJKMFBonyU.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A913D30A/B85424F8D49811E9B9474738C4F9AE02/B48F5974897C11EB9D7AE318C4F9AE02.roa
Signing time:             Sat 06 Jan 2024 18:56:44 +0000
ROA not before:           Sat 06 Jan 2024 18:56:44 +0000
ROA not after:            Mon 31 Mar 2025 00:00:00 +0000
asID:                     63996
IP address blocks:        202.125.108.0/24 maxlen: 24
                          203.17.65.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A913D30A/B85424F8D49811E9B9474738C4F9AE02/64EbFIiyDxJmTmSKgmJKMFBonyU.crl
                          rsync://rpki.apnic.net/member_repository/A913D30A/B85424F8D49811E9B9474738C4F9AE02/64EbFIiyDxJmTmSKgmJKMFBonyU.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/64EbFIiyDxJmTmSKgmJKMFBonyU.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 29 Nov 2024 18:01:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3173 (0xc65)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A913D30A/serialNumber=EB811B1488B20F12664E648A82624A3050689F25
        Validity
            Not Before: Jan  6 18:56:44 2024 GMT
            Not After : Mar 31 00:00:00 2025 GMT
        Subject: CN=6599a26c-45b2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:b8:69:08:ef:d9:63:6d:9a:0e:cb:64:07:88:
                    bc:e5:00:1b:06:fa:58:4c:9d:ac:ba:cf:c7:76:bc:
                    15:8f:a6:9b:4c:e0:3b:8b:68:5c:0c:8c:32:a7:17:
                    6e:8f:96:1b:1c:d2:03:d1:87:92:83:18:32:be:db:
                    59:37:b9:39:36:92:87:df:c0:00:f6:17:6b:d1:5b:
                    7d:4e:60:f4:d2:14:57:45:71:23:fc:c8:6e:ca:96:
                    73:2d:8b:ed:bb:86:c0:4d:1c:81:1e:f7:be:4f:d3:
                    7b:9f:53:49:ce:63:cb:75:e9:57:8e:37:3e:81:0b:
                    2e:0a:96:a6:12:60:94:af:ac:40:61:d0:e8:ab:62:
                    59:ee:69:31:26:cd:c8:a2:70:8a:09:29:5c:1a:29:
                    0a:02:32:57:10:ed:94:46:ea:91:0c:df:a9:88:1a:
                    7c:46:62:99:7e:75:bd:b2:b1:30:40:51:00:59:28:
                    cd:fc:e1:c4:de:57:a0:d7:a1:5d:e9:31:90:9a:cb:
                    1f:bc:fc:fc:21:ac:85:76:90:bb:85:ef:f1:ab:a4:
                    8d:21:1a:bb:ab:af:4f:58:c2:db:09:14:9e:d6:15:
                    fd:94:58:ff:d6:f7:a7:e5:30:b0:b6:55:ec:30:38:
                    ee:88:df:70:6e:a2:30:17:c6:d2:30:c0:d1:84:52:
                    ff:6d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:74:42:17:05:E0:F4:D3:82:03:11:26:88:EA:AA:DF:35:A9:D3:71
            X509v3 Authority Key Identifier:
                keyid:EB:81:1B:14:88:B2:0F:12:66:4E:64:8A:82:62:4A:30:50:68:9F:25

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A913D30A/B85424F8D49811E9B9474738C4F9AE02/64EbFIiyDxJmTmSKgmJKMFBonyU.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/64EbFIiyDxJmTmSKgmJKMFBonyU.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A913D30A/B85424F8D49811E9B9474738C4F9AE02/B48F5974897C11EB9D7AE318C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.125.108.0/24
                  203.17.65.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:e1:aa:b8:8e:89:7a:42:19:78:6c:1e:11:91:3c:1c:c3:8e:
         fc:7f:f7:7a:37:93:1b:ca:18:5d:ce:c5:00:de:85:3c:b7:be:
         8e:34:76:8a:e2:f0:77:87:b3:c7:19:dc:81:c6:1f:1d:92:b6:
         e1:30:b3:52:94:96:6a:ba:77:de:0b:23:06:4b:2d:87:36:0a:
         0e:83:41:e8:b4:97:75:e0:48:c0:01:f4:3e:77:a3:f9:c4:d2:
         f5:52:ff:d6:59:2d:f6:06:ed:51:1c:4f:65:4d:53:7c:c0:be:
         1d:c2:50:ca:36:60:9d:b5:82:1b:2a:ae:70:6e:ab:2b:b6:2f:
         79:bd:14:0e:78:f3:40:d2:6f:b5:33:ca:5c:a1:51:c7:0d:ad:
         92:5a:b2:c2:4d:a1:c0:26:48:94:00:17:68:4c:7a:38:f2:dc:
         24:95:50:6b:e3:49:03:21:56:ef:45:55:61:ce:bd:f4:7d:bf:
         55:a3:42:84:19:d9:8f:03:5d:b7:54:dd:98:3d:58:40:cc:99:
         5b:11:47:71:3b:d4:f6:6d:68:8e:41:fb:a0:df:6d:19:aa:53:
         81:a8:ee:a0:b5:b9:d5:76:b0:42:5a:9a:f1:85:69:50:50:0c:
         d5:47:a4:e8:08:83:43:2b:60:92:bd:3f:1a:be:62:4f:a0:ff:
         1a:55:89:4f
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICDGUwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
M0QzMEExMTAvBgNVBAUTKEVCODExQjE0ODhCMjBGMTI2NjRFNjQ4QTgyNjI0QTMw
NTA2ODlGMjUwHhcNMjQwMTA2MTg1NjQ0WhcNMjUwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTk5YTI2Yy00NWIyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAvbhpCO/ZY22aDstkB4i85QAbBvpYTJ2sus/HdrwVj6abTOA7i2hcDIwypxdu
j5YbHNID0YeSgxgyvttZN7k5NpKH38AA9hdr0Vt9TmD00hRXRXEj/MhuypZzLYvt
u4bATRyBHve+T9N7n1NJzmPLdelXjjc+gQsuCpamEmCUr6xAYdDoq2JZ7mkxJs3I
onCKCSlcGikKAjJXEO2URuqRDN+piBp8RmKZfnW9srEwQFEAWSjN/OHE3leg16Fd
6TGQmssfvPz8IayFdpC7he/xq6SNIRq7q69PWMLbCRSe1hX9lFj/1ven5TCwtlXs
MDjuiN9wbqIwF8bSMMDRhFL/bQIDAQABo4ICmzCCApcwHQYDVR0OBBYEFG90QhcF
4PTTggMRJojqqt81qdNxMB8GA1UdIwQYMBaAFOuBGxSIsg8SZk5kioJiSjBQaJ8l
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEzRDMwQS9CODU0MjRGOEQ0
OTgxMUU5Qjk0NzQ3MzhDNEY5QUUwMi82NEViRklpeUR4Sm1UbVNLZ21KS01GQm9u
eVUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzY0RWJGSWl5RHhKbVRtU0tnbUpLTUZCb255VS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
M0QzMEEvQjg1NDI0RjhENDk4MTFFOUI5NDc0NzM4QzRGOUFFMDIvQjQ4RjU5NzQ4
OTdDMTFFQjlEN0FFMzE4QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBADKfWwDBADLEUEwDQYJKoZIhvcNAQELBQADggEBAFThqriO
iXpCGXhsHhGRPBzDjvx/93o3kxvKGF3OxQDehTy3vo40dori8HeHs8cZ3IHGHx2S
tuEws1KUlmq6d94LIwZLLYc2Cg6DQei0l3XgSMAB9D53o/nE0vVS/9ZZLfYG7VEc
T2VNU3zAvh3CUMo2YJ21ghsqrnBuqyu2L3m9FA5480DSb7UzylyhUccNrZJassJN
ocAmSJQAF2hMejjy3CSVUGvjSQMhVu9FVWHOvfR9v1WjQoQZ2Y8DXbdU3Zg9WEDM
mVsRR3E71PZtaI5B+6DfbRmqU4Go7qC1udV2sEJamvGFaVBQDNVHpOgIg0MrYJK9
Pxq+Yk+g/xpViU8=
-----END CERTIFICATE-----
Generated at Fri Nov 22 19:49:59 2024 by rpki-client on console-ams.rpki-client.org