Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9148B17/EA4B165E68ED11EEB4B5D362C4F9AE02/4495F306772E11EEB7DE544FC4F9AE02.roa
File:                     4495F306772E11EEB7DE544FC4F9AE02.roa (raw, json)
Hash identifier:          8PpMQcwgyZDensMES5SphGUs7cJ+1Igr/jYNKPqOVGs=
Subject key identifier:   38:22:71:A4:CA:B2:DE:8F:83:F3:46:BC:98:77:2E:00:05:F4:C9:C9
Certificate issuer:       /CN=A9148B17/serialNumber=8D923098CD67F6D1BF24CFBE2C3DCA0B665ABB8C
Certificate serial:       2A
Authority key identifier: 8D:92:30:98:CD:67:F6:D1:BF:24:CF:BE:2C:3D:CA:0B:66:5A:BB:8C
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/jZIwmM1n9tG_JM--LD3KC2Zau4w.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9148B17/EA4B165E68ED11EEB4B5D362C4F9AE02/4495F306772E11EEB7DE544FC4F9AE02.roa
Signing time:             Wed 29 Nov 2023 17:11:36 +0000
ROA not before:           Wed 29 Nov 2023 17:11:36 +0000
ROA not after:            Mon 30 Dec 2024 00:00:00 +0000
asID:                     151957
IP address blocks:        202.61.82.0/24 maxlen: 24
                          202.61.83.0/24 maxlen: 24
                          2401:4460::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9148B17/EA4B165E68ED11EEB4B5D362C4F9AE02/jZIwmM1n9tG_JM--LD3KC2Zau4w.crl
                          rsync://rpki.apnic.net/member_repository/A9148B17/EA4B165E68ED11EEB4B5D362C4F9AE02/jZIwmM1n9tG_JM--LD3KC2Zau4w.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/jZIwmM1n9tG_JM--LD3KC2Zau4w.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 30 Nov 2024 02:50:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 42 (0x2a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9148B17/serialNumber=8D923098CD67F6D1BF24CFBE2C3DCA0B665ABB8C
        Validity
            Not Before: Nov 29 17:11:36 2023 GMT
            Not After : Dec 30 00:00:00 2024 GMT
        Subject: CN=656770c7-8f6a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:33:17:17:90:dc:8f:8a:68:9e:ac:b5:6f:d1:
                    6d:df:6c:2d:8c:a2:a1:eb:aa:d7:4f:6f:5b:17:d4:
                    57:1e:32:fe:87:dc:59:c1:43:52:a4:0c:e1:38:f8:
                    93:0e:3d:d1:1a:1a:42:33:6d:8a:2f:f3:a4:e5:43:
                    88:0b:a5:cf:6e:ed:07:3a:3a:bf:60:46:31:01:2f:
                    17:c9:8a:d9:26:e7:17:5c:09:f9:ca:bd:c4:22:3d:
                    aa:85:63:ba:0a:00:4f:a7:9d:45:12:9b:37:ce:86:
                    c8:6b:05:a6:85:0d:49:4d:38:6b:e9:9a:d2:cf:7f:
                    84:df:fd:0f:fa:b8:c3:ce:f0:00:d7:de:ad:5b:c9:
                    b1:59:cb:77:96:6b:93:ef:f0:99:fc:aa:96:dc:e9:
                    ad:0a:9d:28:51:fd:ca:57:ee:0e:e2:27:49:7c:4a:
                    b9:c6:77:26:d5:fd:9a:4c:0b:14:b5:08:ed:a0:04:
                    7a:92:07:29:99:f0:11:37:bd:ae:ea:2a:f7:51:a7:
                    cb:7d:4c:35:38:a9:2a:7c:cf:86:4e:b2:3c:93:89:
                    4d:3f:1f:7a:8c:88:7e:b4:14:e0:6c:83:03:6b:9f:
                    48:b9:5a:82:c9:21:7b:c1:21:43:01:7c:43:de:ae:
                    ec:c2:f8:41:35:dd:4f:88:da:12:c4:d1:a1:f1:9f:
                    d3:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:22:71:A4:CA:B2:DE:8F:83:F3:46:BC:98:77:2E:00:05:F4:C9:C9
            X509v3 Authority Key Identifier:
                keyid:8D:92:30:98:CD:67:F6:D1:BF:24:CF:BE:2C:3D:CA:0B:66:5A:BB:8C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9148B17/EA4B165E68ED11EEB4B5D362C4F9AE02/jZIwmM1n9tG_JM--LD3KC2Zau4w.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/jZIwmM1n9tG_JM--LD3KC2Zau4w.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9148B17/EA4B165E68ED11EEB4B5D362C4F9AE02/4495F306772E11EEB7DE544FC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.61.82.0/23
                IPv6:
                  2401:4460::/32

    Signature Algorithm: sha256WithRSAEncryption
         a2:fa:26:05:3e:df:28:97:12:3a:b5:59:5c:2a:c1:bf:47:4e:
         a3:4e:0d:25:87:12:76:d4:6f:f1:03:ac:1e:b0:bc:ac:7c:21:
         2a:8d:fb:c5:8c:69:ae:5c:8d:12:15:a7:33:57:0e:af:19:4f:
         61:01:b2:b3:67:de:46:55:a4:28:58:7d:aa:ca:71:2e:6d:7e:
         ae:f9:1d:e6:37:0b:c1:c6:29:00:89:0e:1a:9c:c9:71:c7:96:
         90:a2:e2:db:d5:53:f3:f2:ef:82:be:3e:c3:84:44:c7:2d:5e:
         a9:19:7e:36:b8:6f:93:94:18:c6:a2:82:ea:82:80:96:2e:1d:
         4e:e8:c8:2e:ec:09:86:c6:20:6f:bb:2a:59:8c:95:b0:d9:77:
         f6:0d:3f:91:62:0e:75:72:9e:c2:f7:5b:a4:3e:fe:38:81:8e:
         9e:98:f0:ab:09:8a:80:27:1a:9f:1b:65:13:22:94:01:fb:6b:
         97:d5:a9:fb:3d:66:a3:d6:35:dd:04:33:de:f6:61:b1:e9:78:
         92:41:39:28:58:da:c6:de:c4:25:0a:0b:f2:45:a6:50:d1:07:
         10:3f:58:09:f3:53:68:ac:9d:b8:86:bc:7d:d5:f4:d3:84:e9:
         bc:87:61:e7:7c:00:b3:ff:14:c1:83:8d:54:4a:d7:01:d2:a1:
         4c:92:50:80
-----BEGIN CERTIFICATE-----
MIIFfzCCBGegAwIBAgIBKjANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTE0
OEIxNzExMC8GA1UEBRMoOEQ5MjMwOThDRDY3RjZEMUJGMjRDRkJFMkMzRENBMEI2
NjVBQkI4QzAeFw0yMzExMjkxNzExMzZaFw0yNDEyMzAwMDAwMDBaMBgxFjAUBgNV
BAMTDTY1Njc3MGM3LThmNmEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQC4MxcXkNyPimierLVv0W3fbC2MoqHrqtdPb1sX1FceMv6H3FnBQ1KkDOE4+JMO
PdEaGkIzbYov86TlQ4gLpc9u7Qc6Or9gRjEBLxfJitkm5xdcCfnKvcQiPaqFY7oK
AE+nnUUSmzfOhshrBaaFDUlNOGvpmtLPf4Tf/Q/6uMPO8ADX3q1bybFZy3eWa5Pv
8Jn8qpbc6a0KnShR/cpX7g7iJ0l8SrnGdybV/ZpMCxS1CO2gBHqSBymZ8BE3va7q
KvdRp8t9TDU4qSp8z4ZOsjyTiU0/H3qMiH60FOBsgwNrn0i5WoLJIXvBIUMBfEPe
ruzC+EE13U+I2hLE0aHxn9OPAgMBAAGjggKkMIICoDAdBgNVHQ4EFgQUOCJxpMqy
3o+D80a8mHcuAAX0yckwHwYDVR0jBBgwFoAUjZIwmM1n9tG/JM++LD3KC2Zau4ww
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTQ4QjE3L0VBNEIxNjVFNjhF
RDExRUVCNEI1RDM2MkM0RjlBRTAyL2paSXdtTTFuOXRHX0pNLS1MRDNLQzJaYXU0
dy5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvalpJd21NMW45dEdfSk0tLUxEM0tDMlphdTR3LmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0
OEIxNy9FQTRCMTY1RTY4RUQxMUVFQjRCNUQzNjJDNEY5QUUwMi80NDk1RjMwNjc3
MkUxMUVFQjdERTU0NEZDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAuBggrBgEFBQcBBwEB/wQf
MB0wDAQCAAEwBgMEAco9UjANBAIAAjAHAwUAJAFEYDANBgkqhkiG9w0BAQsFAAOC
AQEAovomBT7fKJcSOrVZXCrBv0dOo04NJYcSdtRv8QOsHrC8rHwhKo37xYxprlyN
EhWnM1cOrxlPYQGys2feRlWkKFh9qspxLm1+rvkd5jcLwcYpAIkOGpzJcceWkKLi
29VT8/Lvgr4+w4RExy1eqRl+Nrhvk5QYxqKC6oKAli4dTujILuwJhsYgb7sqWYyV
sNl39g0/kWIOdXKewvdbpD7+OIGOnpjwqwmKgCcanxtlEyKUAftrl9Wp+z1mo9Y1
3QQz3vZhsel4kkE5KFjaxt7EJQoL8kWmUNEHED9YCfNTaKyduIa8fdX004TpvIdh
53wAs/8UwYONVErXAdKhTJJQgA==
-----END CERTIFICATE-----
Generated at Sat Nov 23 06:13:06 2024 by rpki-client on console-ams.rpki-client.org