Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9142BCC/8A56C09E983E11E7B47DE57AC4F9AE02/46BEDD64662411EBADFEB364C4F9AE02.roa
File:                     46BEDD64662411EBADFEB364C4F9AE02.roa (raw, json)
Hash identifier:          kmduMLN9y1Cvt5toquCgYH8F9av3t7UwCnc3GEJBmPw=
Subject key identifier:   30:6E:3F:4C:99:D3:4B:9A:25:C4:E5:A9:64:E1:24:8E:4A:0B:E8:81
Certificate issuer:       /CN=A9142BCC/serialNumber=020556F97D545434D2C854121DC5DC64634A64AC
Certificate serial:       17A5
Authority key identifier: 02:05:56:F9:7D:54:54:34:D2:C8:54:12:1D:C5:DC:64:63:4A:64:AC
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/AgVW-X1UVDTSyFQSHcXcZGNKZKw.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9142BCC/8A56C09E983E11E7B47DE57AC4F9AE02/46BEDD64662411EBADFEB364C4F9AE02.roa
Signing time:             Thu 30 Nov 2023 17:24:20 +0000
ROA not before:           Thu 30 Nov 2023 17:24:20 +0000
ROA not after:            Fri 31 Jan 2025 00:00:00 +0000
asID:                     134732
IP address blocks:        59.153.100.0/22 maxlen: 24
                          103.198.136.0/22 maxlen: 24
                          2401:f40::/32 maxlen: 36
                          2401:f40:e::/48 maxlen: 48
                          2401:f40:f::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9142BCC/8A56C09E983E11E7B47DE57AC4F9AE02/AgVW-X1UVDTSyFQSHcXcZGNKZKw.crl
                          rsync://rpki.apnic.net/member_repository/A9142BCC/8A56C09E983E11E7B47DE57AC4F9AE02/AgVW-X1UVDTSyFQSHcXcZGNKZKw.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/AgVW-X1UVDTSyFQSHcXcZGNKZKw.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 29 Nov 2024 16:30:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 6053 (0x17a5)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9142BCC/serialNumber=020556F97D545434D2C854121DC5DC64634A64AC
        Validity
            Not Before: Nov 30 17:24:20 2023 GMT
            Not After : Jan 31 00:00:00 2025 GMT
        Subject: CN=6568c543-037a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:3d:09:01:c5:7c:22:f3:c2:75:77:09:f5:87:
                    5b:ad:2e:b1:51:9c:53:f3:7c:3d:f8:88:7d:d2:94:
                    82:58:89:59:36:d1:d6:39:33:4c:0f:89:0d:12:2f:
                    8a:d4:fc:c8:84:b1:e9:51:89:a8:af:c0:41:fc:15:
                    1e:94:4a:ce:4d:93:ef:79:1e:ee:92:75:16:42:00:
                    fa:a8:35:cf:73:39:98:0a:8c:df:de:0a:9a:fe:3d:
                    09:e5:51:a5:3b:10:aa:f9:39:57:b5:5b:03:25:22:
                    4d:df:8a:a2:20:d1:0a:d3:c0:b8:91:5d:d0:44:5a:
                    a8:59:6e:a7:d9:11:a9:68:69:2f:f2:b3:b1:da:8b:
                    3f:bb:cf:8d:18:7f:72:ac:8d:37:c3:82:4f:a2:11:
                    11:a7:85:ca:3d:64:d6:e7:0d:92:85:5f:80:17:0e:
                    01:a4:4b:57:ad:5a:6d:40:15:7e:89:21:a7:e3:f4:
                    e4:62:b9:72:2f:c0:ba:32:bf:ce:6c:c0:f1:c7:dd:
                    62:00:ab:ce:29:46:9d:d7:39:e5:df:bd:9c:6a:fc:
                    6a:e5:c9:92:0c:f2:24:b4:4b:9a:f1:cc:91:97:f4:
                    95:5c:bd:99:e3:c9:6d:19:cf:cd:cb:31:30:f7:cf:
                    9c:ec:0c:32:ea:c3:df:a0:1c:7a:c8:f7:73:21:b6:
                    bf:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:6E:3F:4C:99:D3:4B:9A:25:C4:E5:A9:64:E1:24:8E:4A:0B:E8:81
            X509v3 Authority Key Identifier:
                keyid:02:05:56:F9:7D:54:54:34:D2:C8:54:12:1D:C5:DC:64:63:4A:64:AC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9142BCC/8A56C09E983E11E7B47DE57AC4F9AE02/AgVW-X1UVDTSyFQSHcXcZGNKZKw.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/AgVW-X1UVDTSyFQSHcXcZGNKZKw.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9142BCC/8A56C09E983E11E7B47DE57AC4F9AE02/46BEDD64662411EBADFEB364C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  59.153.100.0/22
                  103.198.136.0/22
                IPv6:
                  2401:f40::/32

    Signature Algorithm: sha256WithRSAEncryption
         9c:75:19:84:cf:22:23:77:98:10:9b:3d:49:d6:c0:50:49:4d:
         d5:aa:ef:7c:44:d6:10:91:4a:1a:d6:9d:5f:52:ca:e6:6e:8f:
         76:f3:09:56:87:b1:b6:35:40:25:36:6a:5d:c5:22:a1:be:df:
         3b:b8:a2:69:31:ba:be:91:aa:fb:53:de:e1:c7:64:7a:87:0f:
         7c:4a:02:0f:d0:07:b4:3d:35:fa:e5:81:9d:b1:4f:e8:b3:c6:
         14:ff:a4:43:2e:11:00:cc:9e:52:34:0a:68:f3:4d:8e:3b:78:
         0e:6d:d2:2d:ea:08:26:7f:5b:0f:8d:95:cc:a8:f7:0f:7d:a7:
         9c:da:66:12:61:3d:a0:d6:8c:a7:58:60:d3:b4:5e:c1:e5:d1:
         d4:5c:87:86:e2:89:24:58:4c:1f:83:21:1d:6e:24:44:cc:f0:
         6d:2e:f5:6f:86:07:30:63:19:0a:a9:d8:64:fc:ba:4c:28:0a:
         29:cc:0e:53:4d:c3:c0:47:2f:42:7c:de:25:6e:f3:35:a7:b1:
         41:7b:b8:db:20:96:e4:25:2e:bd:3f:24:d1:3a:45:e6:63:d1:
         af:1b:d2:37:3a:ff:4b:ca:80:64:5e:4f:0d:54:87:b3:0f:08:
         2a:3b:12:44:b6:e8:a4:8f:de:08:0b:4c:d0:4f:cc:ee:87:03:
         c3:51:67:8f
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgICF6UwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDJCQ0MxMTAvBgNVBAUTKDAyMDU1NkY5N0Q1NDU0MzREMkM4NTQxMjFEQzVEQzY0
NjM0QTY0QUMwHhcNMjMxMTMwMTcyNDIwWhcNMjUwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTY4YzU0My0wMzdhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAuT0JAcV8IvPCdXcJ9YdbrS6xUZxT83w9+Ih90pSCWIlZNtHWOTNMD4kNEi+K
1PzIhLHpUYmor8BB/BUelErOTZPveR7uknUWQgD6qDXPczmYCozf3gqa/j0J5VGl
OxCq+TlXtVsDJSJN34qiINEK08C4kV3QRFqoWW6n2RGpaGkv8rOx2os/u8+NGH9y
rI03w4JPohERp4XKPWTW5w2ShV+AFw4BpEtXrVptQBV+iSGn4/TkYrlyL8C6Mr/O
bMDxx91iAKvOKUad1znl372cavxq5cmSDPIktEua8cyRl/SVXL2Z48ltGc/NyzEw
98+c7Awy6sPfoBx6yPdzIba/PwIDAQABo4ICqjCCAqYwHQYDVR0OBBYEFDBuP0yZ
00uaJcTlqWThJI5KC+iBMB8GA1UdIwQYMBaAFAIFVvl9VFQ00shUEh3F3GRjSmSs
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0MkJDQy84QTU2QzA5RTk4
M0UxMUU3QjQ3REU1N0FDNEY5QUUwMi9BZ1ZXLVgxVVZEVFN5RlFTSGNYY1pHTkta
S3cuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0FnVlctWDFVVkRUU3lGUVNIY1hjWkdOS1pLdy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDJCQ0MvOEE1NkMwOUU5ODNFMTFFN0I0N0RFNTdBQzRGOUFFMDIvNDZCRURENjQ2
NjI0MTFFQkFERkVCMzY0QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNAYIKwYBBQUHAQcBAf8E
JTAjMBIEAgABMAwDBAI7mWQDBAJnxogwDQQCAAIwBwMFACQBD0AwDQYJKoZIhvcN
AQELBQADggEBAJx1GYTPIiN3mBCbPUnWwFBJTdWq73xE1hCRShrWnV9SyuZuj3bz
CVaHsbY1QCU2al3FIqG+3zu4omkxur6RqvtT3uHHZHqHD3xKAg/QB7Q9NfrlgZ2x
T+izxhT/pEMuEQDMnlI0CmjzTY47eA5t0i3qCCZ/Ww+Nlcyo9w99p5zaZhJhPaDW
jKdYYNO0XsHl0dRch4biiSRYTB+DIR1uJETM8G0u9W+GBzBjGQqp2GT8ukwoCinM
DlNNw8BHL0J83iVu8zWnsUF7uNsgluQlLr0/JNE6ReZj0a8b0jc6/0vKgGReTw1U
h7MPCCo7EkS26KSP3ggLTNBPzO6HA8NRZ48=
-----END CERTIFICATE-----
Generated at Fri Nov 22 17:55:42 2024 by rpki-client on console-fra.rpki-client.org