Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A914AE22/B178439E1BBF11EAB6A74F71C4F9AE02/2CD5AAF8060311EBBE15EA18C4F9AE02.roa
File:                     2CD5AAF8060311EBBE15EA18C4F9AE02.roa (raw, json)
Hash identifier:          BqyKJHH4McjxtDDPvHPE+BPfxKk7brStlMSUEfddudM=
Subject key identifier:   D4:30:02:DA:57:8A:0D:95:A7:A6:57:B1:E1:97:EB:71:AA:FE:20:97
Certificate issuer:       /CN=A914AE22/serialNumber=726220D98BCC7DC66A3CCF37677EA0A3DB090DA4
Certificate serial:       0A58
Authority key identifier: 72:62:20:D9:8B:CC:7D:C6:6A:3C:CF:37:67:7E:A0:A3:DB:09:0D:A4
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/cmIg2YvMfcZqPM83Z36go9sJDaQ.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A914AE22/B178439E1BBF11EAB6A74F71C4F9AE02/2CD5AAF8060311EBBE15EA18C4F9AE02.roa
Signing time:             Thu 18 May 2023 21:01:44 +0000
ROA not before:           Thu 18 May 2023 21:01:44 +0000
ROA not after:            Tue 30 Jul 2024 00:00:00 +0000
asID:                     135386
IP address blocks:        45.248.68.0/22 maxlen: 22
                          45.248.68.0/24 maxlen: 24
                          45.248.69.0/24 maxlen: 24
                          45.248.70.0/24 maxlen: 24
                          45.248.71.0/24 maxlen: 24
                          103.9.192.0/22 maxlen: 24
                          103.73.96.0/22 maxlen: 24
                          103.216.216.0/22 maxlen: 24
                          2404:f880::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A914AE22/B178439E1BBF11EAB6A74F71C4F9AE02/cmIg2YvMfcZqPM83Z36go9sJDaQ.crl
                          rsync://rpki.apnic.net/member_repository/A914AE22/B178439E1BBF11EAB6A74F71C4F9AE02/cmIg2YvMfcZqPM83Z36go9sJDaQ.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/cmIg2YvMfcZqPM83Z36go9sJDaQ.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 02 Apr 2024 19:32:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2648 (0xa58)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A914AE22/serialNumber=726220D98BCC7DC66A3CCF37677EA0A3DB090DA4
        Validity
            Not Before: May 18 21:01:44 2023 GMT
            Not After : Jul 30 00:00:00 2024 GMT
        Subject: CN=64669238-15ef
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:ae:98:e0:4b:8f:ec:2a:4a:42:df:c8:c6:ed:
                    0b:1a:6b:2b:53:08:a7:fa:7f:45:ab:16:25:3a:68:
                    93:8c:26:80:20:56:87:c0:ef:46:20:d2:a9:d9:12:
                    cf:74:44:32:87:a5:ff:96:d4:b7:e7:87:fe:d4:dd:
                    2b:c3:3e:e1:0a:f4:2f:ab:f5:0a:a5:ce:9c:f6:78:
                    99:7c:11:31:0a:0c:65:08:93:9f:20:7e:2b:f7:d2:
                    b6:29:59:86:8d:05:3c:8e:28:e3:e5:6f:9c:2b:19:
                    4a:b8:cd:fc:43:a5:2c:f8:f2:6e:7d:2d:64:e6:93:
                    e7:ad:57:37:17:e5:7b:5c:20:59:7e:a3:94:9a:d2:
                    ca:aa:e5:31:94:89:b7:b4:39:e0:c3:c6:c3:b2:3e:
                    dd:9e:0a:31:fc:ec:61:c0:aa:78:59:68:68:6f:27:
                    63:fd:59:4b:e8:20:1b:04:97:71:28:06:29:58:73:
                    cf:ca:64:19:ef:01:78:52:cc:94:8e:ec:48:84:e8:
                    e5:16:9c:96:82:9a:b1:49:34:ef:4b:cd:c5:ac:75:
                    f4:4d:c7:e9:e8:df:ab:d6:03:5c:a5:2f:93:e2:0d:
                    1d:4a:05:79:c8:9d:0f:4e:b7:f0:82:91:6d:f7:87:
                    6f:95:6d:b9:20:d1:51:34:35:e0:30:01:81:c8:26:
                    09:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:30:02:DA:57:8A:0D:95:A7:A6:57:B1:E1:97:EB:71:AA:FE:20:97
            X509v3 Authority Key Identifier:
                keyid:72:62:20:D9:8B:CC:7D:C6:6A:3C:CF:37:67:7E:A0:A3:DB:09:0D:A4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A914AE22/B178439E1BBF11EAB6A74F71C4F9AE02/cmIg2YvMfcZqPM83Z36go9sJDaQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/cmIg2YvMfcZqPM83Z36go9sJDaQ.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A914AE22/B178439E1BBF11EAB6A74F71C4F9AE02/2CD5AAF8060311EBBE15EA18C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.248.68.0/22
                  103.9.192.0/22
                  103.73.96.0/22
                  103.216.216.0/22
                IPv6:
                  2404:f880::/32

    Signature Algorithm: sha256WithRSAEncryption
         7f:c3:f4:1c:e8:12:9a:94:23:1c:cb:be:b7:a7:de:90:76:54:
         5a:36:6c:59:61:4b:88:b6:48:e9:25:b9:73:31:44:62:a8:11:
         96:ce:89:c0:ca:cd:19:c2:38:30:46:2a:8d:96:f8:c6:6a:41:
         38:10:30:38:33:01:29:ae:cc:20:dc:da:22:80:f5:b4:38:d5:
         0d:cd:09:9d:f6:13:0a:a7:97:04:b0:99:d7:df:31:cf:fc:db:
         37:ae:f4:6a:8c:db:09:ee:fa:88:b8:d3:fc:d3:97:7c:b1:6e:
         98:ea:1d:db:d1:71:ac:a8:d7:46:c3:f6:19:68:4a:45:2b:7a:
         c5:30:83:16:0e:e5:3a:df:2f:79:06:8d:ca:6c:81:de:d2:cd:
         af:62:8f:e0:4a:d1:4a:91:ed:24:d9:ad:52:e4:64:0a:af:b6:
         de:05:a7:35:9d:30:79:de:95:1e:b2:b9:22:15:f8:8f:36:6d:
         e1:ee:b3:c9:79:0c:31:9c:e4:fb:fa:ea:64:b0:2d:f2:4c:ac:
         84:13:f2:f7:c1:26:2e:e4:da:1c:e2:0b:f4:8e:53:ed:95:b1:
         76:0d:6f:77:e4:4c:78:03:11:7e:a5:25:93:83:55:af:a9:02:
         dd:ae:96:8f:10:be:90:0f:01:75:57:1d:5f:47:2d:27:33:18:
         84:20:93:d9
-----BEGIN CERTIFICATE-----
MIIFkjCCBHqgAwIBAgICClgwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NEFFMjIxMTAvBgNVBAUTKDcyNjIyMEQ5OEJDQzdEQzY2QTNDQ0YzNzY3N0VBMEEz
REIwOTBEQTQwHhcNMjMwNTE4MjEwMTQ0WhcNMjQwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDY2OTIzOC0xNWVmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA5a6Y4EuP7CpKQt/Ixu0LGmsrUwin+n9FqxYlOmiTjCaAIFaHwO9GINKp2RLP
dEQyh6X/ltS354f+1N0rwz7hCvQvq/UKpc6c9niZfBExCgxlCJOfIH4r99K2KVmG
jQU8jijj5W+cKxlKuM38Q6Us+PJufS1k5pPnrVc3F+V7XCBZfqOUmtLKquUxlIm3
tDngw8bDsj7dngox/OxhwKp4WWhobydj/VlL6CAbBJdxKAYpWHPPymQZ7wF4UsyU
juxIhOjlFpyWgpqxSTTvS83FrHX0Tcfp6N+r1gNcpS+T4g0dSgV5yJ0PTrfwgpFt
94dvlW25INFRNDXgMAGByCYJCwIDAQABo4ICtjCCArIwHQYDVR0OBBYEFNQwAtpX
ig2Vp6ZXseGX63Gq/iCXMB8GA1UdIwQYMBaAFHJiINmLzH3GajzPN2d+oKPbCQ2k
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0QUUyMi9CMTc4NDM5RTFC
QkYxMUVBQjZBNzRGNzFDNEY5QUUwMi9jbUlnMll2TWZjWnFQTTgzWjM2Z285c0pE
YVEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2NtSWcyWXZNZmNacVBNODNaMzZnbzlzSkRhUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NEFFMjIvQjE3ODQzOUUxQkJGMTFFQUI2QTc0RjcxQzRGOUFFMDIvMkNENUFBRjgw
NjAzMTFFQkJFMTVFQTE4QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwQAYIKwYBBQUHAQcBAf8E
MTAvMB4EAgABMBgDBAIt+EQDBAJnCcADBAJnSWADBAJn2NgwDQQCAAIwBwMFACQE
+IAwDQYJKoZIhvcNAQELBQADggEBAH/D9BzoEpqUIxzLvren3pB2VFo2bFlhS4i2
SOkluXMxRGKoEZbOicDKzRnCODBGKo2W+MZqQTgQMDgzASmuzCDc2iKA9bQ41Q3N
CZ32EwqnlwSwmdffMc/82zeu9GqM2wnu+oi40/zTl3yxbpjqHdvRcayo10bD9hlo
SkUresUwgxYO5TrfL3kGjcpsgd7Sza9ij+BK0UqR7STZrVLkZAqvtt4FpzWdMHne
lR6yuSIV+I82beHus8l5DDGc5Pv66mSwLfJMrIQT8vfBJi7k2hziC/SOU+2VsXYN
b3fkTHgDEX6lJZODVa+pAt2ulo8QvpAPAXVXHV9HLSczGIQgk9k=
-----END CERTIFICATE-----
Generated at Tue Mar 26 20:43:03 2024 by rpki-client on console-ams.rpki-client.org