Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A914A8CB/C8B0F4F221C111E7954E8717C4F9AE02/90C8D27021C211E786829418C4F9AE02.roa
File:                     90C8D27021C211E786829418C4F9AE02.roa (raw, json)
Hash identifier:          LAyDzMwa+0p5sRd95KyHExi3C3Z0niccQY6hw3OgiYs=
Subject key identifier:   93:BA:D3:F2:5B:48:62:03:02:59:91:FF:9D:44:5C:2E:55:AD:24:76
Certificate issuer:       /CN=A914A8CB/serialNumber=FF3278A3AD58B18A546E3FEDCD537840527767A8
Certificate serial:       1A63
Authority key identifier: FF:32:78:A3:AD:58:B1:8A:54:6E:3F:ED:CD:53:78:40:52:77:67:A8
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_zJ4o61YsYpUbj_tzVN4QFJ3Z6g.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A914A8CB/C8B0F4F221C111E7954E8717C4F9AE02/90C8D27021C211E786829418C4F9AE02.roa
Signing time:             Wed 22 May 2024 16:54:30 +0000
ROA not before:           Wed 22 May 2024 16:54:30 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     45766
IP address blocks:        45.127.48.0/22 maxlen: 22
                          45.127.48.0/22 maxlen: 24
                          45.127.48.0/23 maxlen: 23
                          45.127.48.0/24 maxlen: 24
                          45.127.49.0/24 maxlen: 24
                          45.127.50.0/23 maxlen: 23
                          45.127.50.0/24 maxlen: 24
                          45.127.51.0/24 maxlen: 24
                          103.40.226.0/23 maxlen: 23
                          103.40.226.0/23 maxlen: 24
                          103.40.226.0/24 maxlen: 24
                          103.40.227.0/24 maxlen: 24
                          103.51.2.0/23 maxlen: 23
                          103.51.2.0/23 maxlen: 24
                          103.51.2.0/24 maxlen: 24
                          103.51.3.0/24 maxlen: 24
                          113.21.228.0/22 maxlen: 22
                          113.21.228.0/22 maxlen: 24
                          113.21.228.0/23 maxlen: 23
                          113.21.228.0/24 maxlen: 24
                          113.21.229.0/24 maxlen: 24
                          113.21.230.0/23 maxlen: 23
                          113.21.230.0/24 maxlen: 24
                          113.21.231.0/24 maxlen: 24
                          2400:f940::/32 maxlen: 32
                          2400:f940::/32 maxlen: 34
                          2400:f940::/33 maxlen: 33
                          2400:f940::/34 maxlen: 34
                          2400:f940::/48 maxlen: 48
                          2400:f940:10::/48 maxlen: 48
                          2400:f940:11::/48 maxlen: 48
                          2400:f940:12::/48 maxlen: 48
                          2400:f940:4000::/34 maxlen: 34
                          2400:f940:8000::/33 maxlen: 33
                          2400:f940:8000::/34 maxlen: 34
                          2400:f940:c000::/34 maxlen: 34

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A914A8CB/C8B0F4F221C111E7954E8717C4F9AE02/_zJ4o61YsYpUbj_tzVN4QFJ3Z6g.crl
                          rsync://rpki.apnic.net/member_repository/A914A8CB/C8B0F4F221C111E7954E8717C4F9AE02/_zJ4o61YsYpUbj_tzVN4QFJ3Z6g.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_zJ4o61YsYpUbj_tzVN4QFJ3Z6g.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 01 Dec 2024 16:13:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 6755 (0x1a63)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A914A8CB/serialNumber=FF3278A3AD58B18A546E3FEDCD537840527767A8
        Validity
            Not Before: May 22 16:54:30 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=664e2346-4b76
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:e8:d0:34:8b:5d:e9:74:b0:40:40:7d:ca:5e:
                    f3:04:2d:a6:29:29:c5:a8:e5:2a:8a:5d:bb:95:15:
                    94:56:0f:dc:ae:9d:bd:33:58:c6:69:66:ed:f6:7f:
                    d9:41:8e:9a:b2:ff:1b:af:3e:09:38:be:42:96:8f:
                    9c:35:ae:25:50:c5:40:f4:dd:5a:96:b9:12:bc:98:
                    76:4b:f2:bf:b8:0d:21:dc:ba:c1:95:35:01:11:59:
                    bd:f8:1a:e9:09:aa:b2:16:d0:47:c8:72:4c:a4:86:
                    68:63:eb:83:78:fd:36:ab:32:9b:02:a2:59:f4:4e:
                    ae:15:0b:9a:f3:98:15:9e:b5:8d:dc:22:ed:b5:de:
                    0b:78:e3:f9:ea:ff:d7:d2:84:fa:bd:3f:95:e4:2b:
                    3c:9d:8c:31:2b:2b:9b:ca:4d:9b:83:4a:41:5e:5e:
                    8c:88:ad:b0:1f:ae:ea:d8:7b:d4:40:a6:fb:d1:dd:
                    5e:83:1d:28:79:d2:c6:cb:6d:65:0c:75:1e:ff:96:
                    2c:e4:de:ca:b8:ed:5f:5e:f2:11:f4:0d:71:0e:68:
                    a1:ae:21:6a:d1:62:7b:b0:35:14:7e:29:28:e9:9b:
                    1a:28:2f:31:7d:97:6e:a2:1e:d7:f2:4d:80:04:68:
                    56:b6:00:cb:76:6d:f5:b3:94:c6:7e:3d:83:2f:e1:
                    78:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:BA:D3:F2:5B:48:62:03:02:59:91:FF:9D:44:5C:2E:55:AD:24:76
            X509v3 Authority Key Identifier:
                keyid:FF:32:78:A3:AD:58:B1:8A:54:6E:3F:ED:CD:53:78:40:52:77:67:A8

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A914A8CB/C8B0F4F221C111E7954E8717C4F9AE02/_zJ4o61YsYpUbj_tzVN4QFJ3Z6g.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_zJ4o61YsYpUbj_tzVN4QFJ3Z6g.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A914A8CB/C8B0F4F221C111E7954E8717C4F9AE02/90C8D27021C211E786829418C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.127.48.0/22
                  103.40.226.0/23
                  103.51.2.0/23
                  113.21.228.0/22
                IPv6:
                  2400:f940::/32

    Signature Algorithm: sha256WithRSAEncryption
         97:80:98:0c:12:73:80:80:f8:25:7d:7d:f1:a7:8a:9f:2f:72:
         f2:94:14:1c:e9:9f:d8:91:6b:dd:4c:68:5f:41:20:13:75:c5:
         ec:20:5b:03:85:70:89:a6:90:ae:c3:d7:a6:02:0f:ec:00:1e:
         fe:38:73:b3:38:a3:1c:eb:67:9e:92:e1:0c:1c:8a:24:6d:99:
         f5:ae:8a:df:99:6e:6a:f6:08:ac:69:a6:38:93:6b:5d:a6:b7:
         3e:14:db:41:d6:c5:20:8b:3c:06:76:e8:04:6d:e0:e3:df:2c:
         0c:ee:f3:53:a7:0f:e6:e5:e0:67:90:b9:9b:09:71:97:44:a7:
         bf:29:05:f2:dd:76:93:9a:55:3a:2d:64:09:85:c6:70:79:bd:
         eb:2c:b1:d7:61:5c:dc:32:1c:e3:f3:2a:a8:4c:da:f0:46:8c:
         ba:26:db:9b:b2:bc:3c:cc:fb:8b:03:95:4b:ad:dc:23:39:f6:
         53:67:16:6e:cf:9e:45:6a:75:56:b8:a9:f3:21:8a:da:4b:52:
         c7:7f:4d:44:9f:50:8a:19:2a:47:19:2c:07:59:ac:07:b6:5d:
         2d:57:11:ac:a1:a6:65:20:8b:e9:4d:73:3e:de:04:2f:ea:74:
         5e:61:c3:42:46:e6:14:b4:6a:b8:78:20:5a:0b:b8:57:09:15:
         c2:af:d3:90
-----BEGIN CERTIFICATE-----
MIIFkjCCBHqgAwIBAgICGmMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NEE4Q0IxMTAvBgNVBAUTKEZGMzI3OEEzQUQ1OEIxOEE1NDZFM0ZFRENENTM3ODQw
NTI3NzY3QTgwHhcNMjQwNTIyMTY1NDMwWhcNMjUwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjRlMjM0Ni00Yjc2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAu+jQNItd6XSwQEB9yl7zBC2mKSnFqOUqil27lRWUVg/crp29M1jGaWbt9n/Z
QY6asv8brz4JOL5Clo+cNa4lUMVA9N1alrkSvJh2S/K/uA0h3LrBlTUBEVm9+Brp
CaqyFtBHyHJMpIZoY+uDeP02qzKbAqJZ9E6uFQua85gVnrWN3CLttd4LeOP56v/X
0oT6vT+V5Cs8nYwxKyubyk2bg0pBXl6MiK2wH67q2HvUQKb70d1egx0oedLGy21l
DHUe/5Ys5N7KuO1fXvIR9A1xDmihriFq0WJ7sDUUfiko6ZsaKC8xfZduoh7X8k2A
BGhWtgDLdm31s5TGfj2DL+F4RQIDAQABo4ICtjCCArIwHQYDVR0OBBYEFJO60/Jb
SGIDAlmR/51EXC5VrSR2MB8GA1UdIwQYMBaAFP8yeKOtWLGKVG4/7c1TeEBSd2eo
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0QThDQi9DOEIwRjRGMjIx
QzExMUU3OTU0RTg3MTdDNEY5QUUwMi9feko0bzYxWXNZcFVial90elZONFFGSjNa
NmcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL196SjRvNjFZc1lwVWJqX3R6Vk40UUZKM1o2Zy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NEE4Q0IvQzhCMEY0RjIyMUMxMTFFNzk1NEU4NzE3QzRGOUFFMDIvOTBDOEQyNzAy
MUMyMTFFNzg2ODI5NDE4QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwQAYIKwYBBQUHAQcBAf8E
MTAvMB4EAgABMBgDBAItfzADBAFnKOIDBAFnMwIDBAJxFeQwDQQCAAIwBwMFACQA
+UAwDQYJKoZIhvcNAQELBQADggEBAJeAmAwSc4CA+CV9ffGnip8vcvKUFBzpn9iR
a91MaF9BIBN1xewgWwOFcImmkK7D16YCD+wAHv44c7M4oxzrZ56S4QwciiRtmfWu
it+Zbmr2CKxppjiTa12mtz4U20HWxSCLPAZ26ARt4OPfLAzu81OnD+bl4GeQuZsJ
cZdEp78pBfLddpOaVTotZAmFxnB5vesssddhXNwyHOPzKqhM2vBGjLom25uyvDzM
+4sDlUut3CM59lNnFm7PnkVqdVa4qfMhitpLUsd/TUSfUIoZKkcZLAdZrAe2XS1X
EayhpmUgi+lNcz7eBC/qdF5hw0JG5hS0arh4IFoLuFcJFcKv05A=
-----END CERTIFICATE-----
Generated at Sun Nov 24 18:24:10 2024 by rpki-client on console-ams.rpki-client.org