Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A914C002/C01D0C0CA92511EEAC4BDB57C4F9AE02/2F7E2A8EB52B11EEA348EB68C4F9AE02.roa
File:                     2F7E2A8EB52B11EEA348EB68C4F9AE02.roa (raw, json)
Hash identifier:          ihaSoYaPFhS3Sy5AHLHtoSRx16uB3PQ9B5P2ZbTCdy0=
Subject key identifier:   1E:6E:BA:C8:7E:EF:11:B0:BD:74:56:A9:10:00:AC:4D:EB:D7:5A:1D
Certificate issuer:       /CN=A914C002/serialNumber=924A2017564ADAFB2236A20FBF73ADA1B96BFF33
Certificate serial:       0D
Authority key identifier: 92:4A:20:17:56:4A:DA:FB:22:36:A2:0F:BF:73:AD:A1:B9:6B:FF:33
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/kkogF1ZK2vsiNqIPv3Otoblr_zM.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A914C002/C01D0C0CA92511EEAC4BDB57C4F9AE02/2F7E2A8EB52B11EEA348EB68C4F9AE02.roa
Signing time:             Wed 17 Jan 2024 11:25:58 +0000
ROA not before:           Wed 17 Jan 2024 11:25:58 +0000
ROA not after:            Mon 31 Mar 2025 00:00:00 +0000
asID:                     147059
IP address blocks:        157.10.28.0/24 maxlen: 24
                          157.10.29.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A914C002/C01D0C0CA92511EEAC4BDB57C4F9AE02/kkogF1ZK2vsiNqIPv3Otoblr_zM.crl
                          rsync://rpki.apnic.net/member_repository/A914C002/C01D0C0CA92511EEAC4BDB57C4F9AE02/kkogF1ZK2vsiNqIPv3Otoblr_zM.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/kkogF1ZK2vsiNqIPv3Otoblr_zM.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 22 Jun 2024 02:50:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 13 (0xd)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A914C002/serialNumber=924A2017564ADAFB2236A20FBF73ADA1B96BFF33
        Validity
            Not Before: Jan 17 11:25:58 2024 GMT
            Not After : Mar 31 00:00:00 2025 GMT
        Subject: CN=65a7b946-c41c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ee:ab:6d:53:0a:17:c1:7c:df:41:d7:5d:d6:b6:
                    f0:9d:fa:d1:d3:02:5c:35:89:66:e4:81:07:20:42:
                    41:b2:49:82:30:a9:d5:8b:20:ce:e1:e1:b3:8d:c8:
                    0b:50:6a:fa:ca:4e:f2:09:28:15:aa:26:21:7b:2a:
                    22:68:b0:2c:9d:4e:8c:93:3e:3d:f0:ae:62:c7:ee:
                    df:67:99:5b:4a:4b:4d:5e:8d:ed:df:31:e7:42:84:
                    34:01:fa:16:de:0f:46:f5:1b:00:ec:01:f1:d8:5a:
                    32:87:b3:6a:71:ed:8e:17:c3:cf:52:81:0a:e5:1b:
                    da:ad:cf:03:3e:b1:d6:76:35:9a:ae:dc:0e:f2:85:
                    4f:e3:05:8a:d5:5c:ce:44:ef:39:2c:3d:70:9f:22:
                    a7:0b:47:83:1f:41:4a:7a:57:5e:cd:a8:cb:57:0a:
                    0f:b1:12:8d:d0:86:65:96:19:48:48:c8:d3:24:bb:
                    8e:82:eb:be:72:ee:dc:a7:cb:7d:31:1b:9c:79:46:
                    dd:6f:88:23:bc:1d:02:71:41:ad:a8:77:34:15:bf:
                    49:13:20:ce:d8:75:4e:a7:8c:4f:47:09:a4:59:61:
                    d5:12:c0:cc:c1:80:20:eb:9f:ec:05:37:c5:2d:4e:
                    d3:9c:c6:91:f9:02:cf:81:5d:2b:53:06:8c:11:f0:
                    f2:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:6E:BA:C8:7E:EF:11:B0:BD:74:56:A9:10:00:AC:4D:EB:D7:5A:1D
            X509v3 Authority Key Identifier:
                keyid:92:4A:20:17:56:4A:DA:FB:22:36:A2:0F:BF:73:AD:A1:B9:6B:FF:33

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A914C002/C01D0C0CA92511EEAC4BDB57C4F9AE02/kkogF1ZK2vsiNqIPv3Otoblr_zM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/kkogF1ZK2vsiNqIPv3Otoblr_zM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A914C002/C01D0C0CA92511EEAC4BDB57C4F9AE02/2F7E2A8EB52B11EEA348EB68C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.10.28.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3a:b1:83:15:d5:63:13:bf:3a:bf:a6:83:88:55:17:d0:bf:84:
         35:49:e6:57:ae:2b:46:1e:65:35:d3:30:41:83:26:04:38:85:
         93:be:da:01:a3:de:77:74:73:ef:d2:97:d5:eb:71:40:7c:06:
         59:14:23:ab:2b:d3:8f:09:ab:c1:0c:8c:6d:45:4b:b6:d3:71:
         81:ef:31:70:0f:fc:25:ae:92:2b:a2:d7:fb:38:4a:cf:6c:aa:
         7d:1c:c3:02:17:4b:8c:15:9f:c6:15:99:0e:df:09:4e:d9:00:
         65:8e:b5:b8:87:b2:14:f0:f0:26:67:aa:13:af:e4:39:53:ba:
         46:62:69:52:27:1b:8d:aa:df:50:5e:0f:be:8a:0a:3d:94:c7:
         5a:47:31:0d:4c:a4:d7:8b:ce:e2:aa:93:40:e7:0c:3b:e2:91:
         7b:b0:ba:3b:8f:ad:36:30:57:96:a5:56:e5:67:66:d4:40:f0:
         ac:e9:4f:86:7a:c4:74:38:21:7f:9e:9c:28:1f:b4:6b:11:16:
         4d:c0:78:6e:7e:2a:23:6f:a3:5e:41:4e:44:96:1c:b5:99:d5:
         3d:ac:e1:91:45:d3:6e:84:55:60:da:b8:bc:e5:c5:36:a5:e7:
         61:24:47:16:5a:38:dc:4d:5c:38:9e:58:a9:13:43:ed:96:c3:
         c1:6d:48:d2
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgIBDTANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTE0
QzAwMjExMC8GA1UEBRMoOTI0QTIwMTc1NjRBREFGQjIyMzZBMjBGQkY3M0FEQTFC
OTZCRkYzMzAeFw0yNDAxMTcxMTI1NThaFw0yNTAzMzEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY1YTdiOTQ2LWM0MWMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDuq21TChfBfN9B113WtvCd+tHTAlw1iWbkgQcgQkGySYIwqdWLIM7h4bONyAtQ
avrKTvIJKBWqJiF7KiJosCydToyTPj3wrmLH7t9nmVtKS01eje3fMedChDQB+hbe
D0b1GwDsAfHYWjKHs2px7Y4Xw89SgQrlG9qtzwM+sdZ2NZqu3A7yhU/jBYrVXM5E
7zksPXCfIqcLR4MfQUp6V17NqMtXCg+xEo3QhmWWGUhIyNMku46C675y7tyny30x
G5x5Rt1viCO8HQJxQa2odzQVv0kTIM7YdU6njE9HCaRZYdUSwMzBgCDrn+wFN8Ut
TtOcxpH5As+BXStTBowR8PIPAgMBAAGjggKVMIICkTAdBgNVHQ4EFgQUHm66yH7v
EbC9dFapEACsTevXWh0wHwYDVR0jBBgwFoAUkkogF1ZK2vsiNqIPv3Otoblr/zMw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTRDMDAyL0MwMUQwQzBDQTky
NTExRUVBQzRCREI1N0M0RjlBRTAyL2trb2dGMVpLMnZzaU5xSVB2M090b2Jscl96
TS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRGMjAxRDY2MTFFMjhBQzg4MzdDNzJG
RDFGRjIva2tvZ0YxWksydnNpTnFJUHYzT3RvYmxyX3pNLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0
QzAwMi9DMDFEMEMwQ0E5MjUxMUVFQUM0QkRCNTdDNEY5QUUwMi8yRjdFMkE4RUI1
MkIxMUVFQTM0OEVCNjhDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEAZ0KHDANBgkqhkiG9w0BAQsFAAOCAQEAOrGDFdVjE786v6aD
iFUX0L+ENUnmV64rRh5lNdMwQYMmBDiFk77aAaPed3Rz79KX1etxQHwGWRQjqyvT
jwmrwQyMbUVLttNxge8xcA/8Ja6SK6LX+zhKz2yqfRzDAhdLjBWfxhWZDt8JTtkA
ZY61uIeyFPDwJmeqE6/kOVO6RmJpUicbjarfUF4PvooKPZTHWkcxDUyk14vO4qqT
QOcMO+KRe7C6O4+tNjBXlqVW5Wdm1EDwrOlPhnrEdDghf56cKB+0axEWTcB4bn4q
I2+jXkFORJYctZnVPazhkUXTboRVYNq4vOXFNqXnYSRHFlo43E1cOJ5YqRND7ZbD
wW1I0g==
-----END CERTIFICATE-----
Generated at Sat Jun 15 10:27:16 2024 by rpki-client on console-ams.rpki-client.org