Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A914F937/26B4981E5B2311EEB8773F70C4F9AE02/4BFEFFA0F62411EEAF3BFD14C4F9AE02.roa
File:                     4BFEFFA0F62411EEAF3BFD14C4F9AE02.roa (raw, json)
Hash identifier:          NwxdRlAk907NKJkhCsTkOJalcdDOfSPPue8UDy8L6vo=
Subject key identifier:   2E:DD:D7:8B:3A:17:A2:3A:2F:36:82:BF:CB:02:5A:74:65:92:46:9F
Certificate issuer:       /CN=A914F937/serialNumber=88A2CB4624801BC9C7ADA223839FC3C536C7FB26
Certificate serial:       6B
Authority key identifier: 88:A2:CB:46:24:80:1B:C9:C7:AD:A2:23:83:9F:C3:C5:36:C7:FB:26
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/iKLLRiSAG8nHraIjg5_DxTbH-yY.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A914F937/26B4981E5B2311EEB8773F70C4F9AE02/4BFEFFA0F62411EEAF3BFD14C4F9AE02.roa
Signing time:             Tue 09 Apr 2024 03:50:25 +0000
ROA not before:           Tue 09 Apr 2024 03:50:25 +0000
ROA not after:            Thu 01 May 2025 00:00:00 +0000
asID:                     4648
IP address blocks:        192.146.219.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A914F937/26B4981E5B2311EEB8773F70C4F9AE02/iKLLRiSAG8nHraIjg5_DxTbH-yY.crl
                          rsync://rpki.apnic.net/member_repository/A914F937/26B4981E5B2311EEB8773F70C4F9AE02/iKLLRiSAG8nHraIjg5_DxTbH-yY.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/iKLLRiSAG8nHraIjg5_DxTbH-yY.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 28 Nov 2024 02:50:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 107 (0x6b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A914F937/serialNumber=88A2CB4624801BC9C7ADA223839FC3C536C7FB26
        Validity
            Not Before: Apr  9 03:50:25 2024 GMT
            Not After : May  1 00:00:00 2025 GMT
        Subject: CN=6614bb01-5dcf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:5b:54:8b:06:df:43:4d:00:7f:b3:88:f8:0a:
                    f8:e2:8e:43:59:a0:39:eb:56:95:d3:35:6b:b3:51:
                    62:51:d1:03:e5:52:5d:65:fe:74:a8:e9:16:d3:5a:
                    35:b9:5b:e5:ed:c1:a2:2f:e6:29:32:6b:e1:f8:e0:
                    c8:34:81:ac:b6:69:a4:13:b8:6c:9d:47:ff:4c:20:
                    b0:54:71:bb:3f:e1:80:f0:de:53:f5:03:43:4d:db:
                    05:e3:c2:4a:53:16:02:10:e2:3f:c3:0b:41:0e:c2:
                    97:b1:dc:e3:20:cd:4f:72:e8:f8:fd:d2:4e:6a:6e:
                    a7:a6:7e:04:af:3d:48:ed:c9:0a:a9:cd:a9:b8:44:
                    52:a5:97:d9:59:dc:86:23:49:b3:f1:ad:ea:39:f8:
                    e3:2f:eb:a3:4a:1f:83:17:1f:7b:cc:67:21:58:fc:
                    ba:55:5d:fb:74:96:a7:57:6d:34:ee:98:31:e7:e4:
                    8b:bd:33:94:e5:d0:7e:bf:6d:7f:26:cf:42:b3:d8:
                    6a:2d:c9:31:c6:4f:5a:e4:78:8b:6a:6b:ef:de:57:
                    81:50:e4:9a:38:96:9e:d1:eb:6b:1e:2f:8d:b8:2c:
                    92:fd:04:e5:63:ef:e1:e1:ca:43:3d:75:83:44:ab:
                    96:16:1f:5e:17:d6:63:08:bd:99:e7:10:e6:cb:f9:
                    3e:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2E:DD:D7:8B:3A:17:A2:3A:2F:36:82:BF:CB:02:5A:74:65:92:46:9F
            X509v3 Authority Key Identifier:
                keyid:88:A2:CB:46:24:80:1B:C9:C7:AD:A2:23:83:9F:C3:C5:36:C7:FB:26

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A914F937/26B4981E5B2311EEB8773F70C4F9AE02/iKLLRiSAG8nHraIjg5_DxTbH-yY.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/iKLLRiSAG8nHraIjg5_DxTbH-yY.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A914F937/26B4981E5B2311EEB8773F70C4F9AE02/4BFEFFA0F62411EEAF3BFD14C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.146.219.0/24

    Signature Algorithm: sha256WithRSAEncryption
         02:e5:07:07:76:11:9a:d8:d9:8a:95:17:41:2f:97:8e:17:1f:
         ad:4a:50:33:8b:4a:83:5a:00:f5:ba:f3:0c:8a:68:7b:3a:98:
         b5:2a:0d:e1:6e:28:aa:63:48:fb:84:9e:61:ca:8b:93:59:99:
         e0:39:e4:b9:bf:2f:80:ac:46:bf:38:e1:db:3c:bc:c6:f4:1a:
         e1:d9:c2:f9:12:67:9f:25:fb:5a:2d:15:e2:7f:29:b1:c4:2f:
         21:ac:3b:a3:69:bb:c4:a9:17:26:b3:fb:66:3a:41:e6:a4:cf:
         5f:da:ea:a7:3d:7b:ba:9c:bc:de:d5:15:ae:39:5f:49:ab:2d:
         20:54:c6:d6:d3:51:1e:40:f0:cf:b2:28:3e:93:22:bf:ef:2e:
         b5:16:b6:ec:c9:2a:29:fa:0c:e2:ab:e4:de:8d:87:36:a4:7d:
         c9:e0:fe:66:2c:c5:ae:35:dd:53:e2:20:43:25:f7:b2:59:83:
         88:29:ac:94:17:61:61:96:ad:38:52:2a:b9:2b:33:c6:b5:79:
         04:76:3f:54:23:d2:10:8a:c7:e1:09:91:b0:da:e6:cb:38:03:
         f1:25:a7:a3:a4:f1:d9:84:7a:1a:f7:8f:d3:3f:da:04:8b:75:
         d2:ce:dd:ee:f2:35:96:b3:5d:0f:ea:9f:e0:bb:27:55:a3:87:
         e9:75:46:13
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgIBazANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTE0
RjkzNzExMC8GA1UEBRMoODhBMkNCNDYyNDgwMUJDOUM3QURBMjIzODM5RkMzQzUz
NkM3RkIyNjAeFw0yNDA0MDkwMzUwMjVaFw0yNTA1MDEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY2MTRiYjAxLTVkY2YwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDDW1SLBt9DTQB/s4j4CvjijkNZoDnrVpXTNWuzUWJR0QPlUl1l/nSo6RbTWjW5
W+XtwaIv5ikya+H44Mg0gay2aaQTuGydR/9MILBUcbs/4YDw3lP1A0NN2wXjwkpT
FgIQ4j/DC0EOwpex3OMgzU9y6Pj90k5qbqemfgSvPUjtyQqpzam4RFKll9lZ3IYj
SbPxreo5+OMv66NKH4MXH3vMZyFY/LpVXft0lqdXbTTumDHn5Iu9M5Tl0H6/bX8m
z0Kz2GotyTHGT1rkeItqa+/eV4FQ5Jo4lp7R62seL424LJL9BOVj7+HhykM9dYNE
q5YWH14X1mMIvZnnEObL+T69AgMBAAGjggKVMIICkTAdBgNVHQ4EFgQULt3XizoX
ojovNoK/ywJadGWSRp8wHwYDVR0jBBgwFoAUiKLLRiSAG8nHraIjg5/DxTbH+yYw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTRGOTM3LzI2QjQ5ODFFNUIy
MzExRUVCODc3M0Y3MEM0RjlBRTAyL2lLTExSaVNBRzhuSHJhSWpnNV9EeFRiSC15
WS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRGMjAxRDY2MTFFMjhBQzg4MzdDNzJG
RDFGRjIvaUtMTFJpU0FHOG5IcmFJamc1X0R4VGJILXlZLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0
RjkzNy8yNkI0OTgxRTVCMjMxMUVFQjg3NzNGNzBDNEY5QUUwMi80QkZFRkZBMEY2
MjQxMUVFQUYzQkZEMTRDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEAMCS2zANBgkqhkiG9w0BAQsFAAOCAQEAAuUHB3YRmtjZipUX
QS+XjhcfrUpQM4tKg1oA9brzDIpoezqYtSoN4W4oqmNI+4SeYcqLk1mZ4Dnkub8v
gKxGvzjh2zy8xvQa4dnC+RJnnyX7Wi0V4n8pscQvIaw7o2m7xKkXJrP7ZjpB5qTP
X9rqpz17upy83tUVrjlfSastIFTG1tNRHkDwz7IoPpMiv+8utRa27MkqKfoM4qvk
3o2HNqR9yeD+ZizFrjXdU+IgQyX3slmDiCmslBdhYZatOFIquSszxrV5BHY/VCPS
EIrH4QmRsNrmyzgD8SWno6Tx2YR6GveP0z/aBIt10s7d7vI1lrNdD+qf4LsnVaOH
6XVGEw==
-----END CERTIFICATE-----
Generated at Thu Nov 21 05:05:56 2024 by rpki-client on console-fra.rpki-client.org