Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A914D5F5/9B18B43088F211EA899EBE67C4F9AE02/033AD246931B11EA974F0D67C4F9AE02.roa
File:                     033AD246931B11EA974F0D67C4F9AE02.roa (raw, json)
Hash identifier:          EffOa3tQg0K/qdZlXW/5LCM+kwyaUzdchQme/1JLWWo=
Subject key identifier:   5A:DF:97:42:08:72:9D:3B:A5:80:5E:96:8E:48:7B:10:EA:00:F0:A0
Certificate issuer:       /CN=A914D5F5/serialNumber=45D8610FCE17D9FF4E8C9E2D7A253DA5C2F87F9B
Certificate serial:       0835
Authority key identifier: 45:D8:61:0F:CE:17:D9:FF:4E:8C:9E:2D:7A:25:3D:A5:C2:F8:7F:9B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/RdhhD84X2f9OjJ4teiU9pcL4f5s.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A914D5F5/9B18B43088F211EA899EBE67C4F9AE02/033AD246931B11EA974F0D67C4F9AE02.roa
Signing time:             Wed 22 Mar 2023 22:09:06 +0000
ROA not before:           Wed 22 Mar 2023 22:09:06 +0000
ROA not after:            Thu 31 Aug 2023 00:00:00 +0000
asID:                     16509
IP address blocks:        122.252.145.0/24 maxlen: 24
                          122.252.146.0/24 maxlen: 24
                          122.252.147.0/24 maxlen: 24
                          122.252.148.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A914D5F5/9B18B43088F211EA899EBE67C4F9AE02/RdhhD84X2f9OjJ4teiU9pcL4f5s.crl
                          rsync://rpki.apnic.net/member_repository/A914D5F5/9B18B43088F211EA899EBE67C4F9AE02/RdhhD84X2f9OjJ4teiU9pcL4f5s.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/RdhhD84X2f9OjJ4teiU9pcL4f5s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 29 Mar 2023 20:07:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2101 (0x835)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A914D5F5/serialNumber=45D8610FCE17D9FF4E8C9E2D7A253DA5C2F87F9B
        Validity
            Not Before: Mar 22 22:09:06 2023 GMT
            Not After : Aug 31 00:00:00 2023 GMT
        Subject: CN=641b7c81-6808
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e8:b1:89:17:31:e3:88:98:9c:39:8f:fd:d4:28:
                    fa:a2:95:5b:3a:35:5b:fb:60:a2:f6:86:f1:96:04:
                    08:79:c6:b9:8f:4e:f4:58:0a:2f:30:17:0f:40:2e:
                    6f:96:2d:d4:05:32:24:07:ff:4d:16:68:4a:b6:c4:
                    f5:78:53:e1:d4:b5:92:7a:5e:b3:93:9c:ba:e4:84:
                    f0:0d:be:f5:11:0a:9e:b3:4e:55:b7:7d:73:ff:67:
                    80:4a:14:e4:60:43:bf:9a:99:09:6d:dc:6a:1b:ee:
                    b6:58:65:59:cd:ab:c0:6b:79:45:b6:a8:c1:87:e5:
                    d2:34:58:b5:e7:97:57:c1:a2:0a:3c:51:cf:b2:5c:
                    20:36:19:fa:34:2a:35:c7:bb:1b:9b:8f:96:23:ca:
                    0d:06:6c:2e:c3:79:cb:34:2b:90:ce:4f:8c:66:31:
                    21:b8:be:83:c9:8c:70:9b:93:7e:4f:fd:e9:5c:4b:
                    d7:ef:9c:82:d7:8f:70:19:82:c5:c9:9f:67:d6:46:
                    dd:85:f4:06:38:67:0d:f4:46:4e:03:40:94:69:af:
                    61:6e:42:6d:a3:1b:d2:7f:40:dd:50:be:0e:28:ed:
                    1b:9d:2f:4b:e5:b8:25:4d:30:eb:54:d6:50:b5:d2:
                    f2:50:df:18:8b:29:2e:4e:48:68:86:73:78:fe:0f:
                    ae:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                5A:DF:97:42:08:72:9D:3B:A5:80:5E:96:8E:48:7B:10:EA:00:F0:A0
            X509v3 Authority Key Identifier: 
                keyid:45:D8:61:0F:CE:17:D9:FF:4E:8C:9E:2D:7A:25:3D:A5:C2:F8:7F:9B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A914D5F5/9B18B43088F211EA899EBE67C4F9AE02/RdhhD84X2f9OjJ4teiU9pcL4f5s.crl

            Authority Information Access: 
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/RdhhD84X2f9OjJ4teiU9pcL4f5s.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access: 
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A914D5F5/9B18B43088F211EA899EBE67C4F9AE02/033AD246931B11EA974F0D67C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  122.252.145.0-122.252.151.255

    Signature Algorithm: sha256WithRSAEncryption
         a6:49:a4:1d:46:8a:fb:cd:58:81:af:20:76:04:b0:f1:80:02:
         98:bd:a4:37:97:d1:99:cf:a2:48:af:12:9c:f8:94:6a:8f:58:
         09:bc:b4:8a:cb:dc:f0:a2:22:ab:ad:49:a8:3d:a4:89:46:c0:
         d9:5d:02:fe:83:cc:a9:c4:17:82:24:ac:85:9b:39:09:e6:55:
         cc:95:da:de:3a:99:7a:ca:a7:98:92:99:19:66:90:d1:d5:f0:
         c5:87:e8:eb:df:42:09:ba:29:63:7d:35:fe:69:a3:d7:72:25:
         2c:58:dc:95:6d:a4:9d:6a:6b:d8:ed:e6:da:80:6f:69:24:e3:
         df:b7:56:85:bc:46:a4:b4:6b:30:b7:13:df:8f:d5:44:0c:22:
         27:87:ea:f4:af:6f:7e:4e:69:9c:6e:f1:00:78:a0:09:5b:94:
         ff:7b:60:23:68:f6:7e:28:3c:ba:db:9f:97:2e:c0:23:de:91:
         db:16:5a:fc:fe:4e:dd:dc:92:21:7e:83:91:5a:75:a5:f3:25:
         82:22:5a:83:9f:9c:58:c2:19:b2:3a:8d:80:ae:15:bb:cc:ac:
         aa:29:24:b8:79:b1:21:98:e5:9b:b8:3b:e5:99:62:77:9b:6e:
         72:5b:01:12:d4:f3:b5:0c:09:7d:74:85:b6:6d:48:91:4b:69:
         f0:4d:4c:df
-----BEGIN CERTIFICATE-----
MIIFeTCCBGGgAwIBAgICCDUwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NEQ1RjUxMTAvBgNVBAUTKDQ1RDg2MTBGQ0UxN0Q5RkY0RThDOUUyRDdBMjUzREE1
QzJGODdGOUIwHhcNMjMwMzIyMjIwOTA2WhcNMjMwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDFiN2M4MS02ODA4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA6LGJFzHjiJicOY/91Cj6opVbOjVb+2Ci9obxlgQIeca5j070WAovMBcPQC5v
li3UBTIkB/9NFmhKtsT1eFPh1LWSel6zk5y65ITwDb71EQqes05Vt31z/2eAShTk
YEO/mpkJbdxqG+62WGVZzavAa3lFtqjBh+XSNFi155dXwaIKPFHPslwgNhn6NCo1
x7sbm4+WI8oNBmwuw3nLNCuQzk+MZjEhuL6DyYxwm5N+T/3pXEvX75yC149wGYLF
yZ9n1kbdhfQGOGcN9EZOA0CUaa9hbkJtoxvSf0DdUL4OKO0bnS9L5bglTTDrVNZQ
tdLyUN8YiykuTkhohnN4/g+uXQIDAQABo4ICnTCCApkwHQYDVR0OBBYEFFrfl0II
cp07pYBelo5IexDqAPCgMB8GA1UdIwQYMBaAFEXYYQ/OF9n/ToyeLXolPaXC+H+b
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0RDVGNS85QjE4QjQzMDg4
RjIxMUVBODk5RUJFNjdDNEY5QUUwMi9SZGhoRDg0WDJmOU9qSjR0ZWlVOXBjTDRm
NXMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1JkaGhEODRYMmY5T2pKNHRlaVU5cGNMNGY1cy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NEQ1RjUvOUIxOEI0MzA4OEYyMTFFQTg5OUVCRTY3QzRGOUFFMDIvMDMzQUQyNDY5
MzFCMTFFQTk3NEYwRDY3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJwYIKwYBBQUHAQcBAf8E
GDAWMBQEAgABMA4wDAMEAHr8kQMEA3r8kDANBgkqhkiG9w0BAQsFAAOCAQEApkmk
HUaK+81Yga8gdgSw8YACmL2kN5fRmc+iSK8SnPiUao9YCby0isvc8KIiq61JqD2k
iUbA2V0C/oPMqcQXgiSshZs5CeZVzJXa3jqZesqnmJKZGWaQ0dXwxYfo699CCbop
Y301/mmj13IlLFjclW2knWpr2O3m2oBvaSTj37dWhbxGpLRrMLcT34/VRAwiJ4fq
9K9vfk5pnG7xAHigCVuU/3tgI2j2fig8utufly7AI96R2xZa/P5O3dySIX6DkVp1
pfMlgiJag5+cWMIZsjqNgK4Vu8ysqikkuHmxIZjlm7g75Zlid5tuclsBEtTztQwJ
fXSFtm1IkUtp8E1M3w==
-----END CERTIFICATE-----
Generated at Wed Mar 22 22:39:08 2023 by rpki-client on console-fra.rpki-client.org