Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9154340/F8E7607CA67711EB8B4BB13EC4F9AE02/8BF559B2A70111EBBAA7C612C4F9AE02.roa
File:                     8BF559B2A70111EBBAA7C612C4F9AE02.roa (raw, json)
Hash identifier:          AG/I9mH1UyZkq9/E12LEwMXOooWRDNpPF8GK9+IXR2o=
Subject key identifier:   A7:A8:A4:4B:C6:B9:F8:73:9E:95:B3:13:CB:FE:2E:1B:74:16:EB:13
Certificate issuer:       /CN=A9154340/serialNumber=196CEE25F7D1B7EA708CE1887337143392CE471C
Certificate serial:       0539
Authority key identifier: 19:6C:EE:25:F7:D1:B7:EA:70:8C:E1:88:73:37:14:33:92:CE:47:1C
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/GWzuJffRt-pwjOGIczcUM5LORxw.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9154340/F8E7607CA67711EB8B4BB13EC4F9AE02/8BF559B2A70111EBBAA7C612C4F9AE02.roa
Signing time:             Fri 05 Apr 2024 01:03:54 +0000
ROA not before:           Fri 05 Apr 2024 01:03:54 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     142002
IP address blocks:        165.154.192.0/24 maxlen: 24
                          165.154.193.0/24 maxlen: 24
                          165.154.194.0/24 maxlen: 24
                          165.154.195.0/24 maxlen: 24
                          165.154.196.0/24 maxlen: 24
                          165.154.197.0/24 maxlen: 24
                          165.154.198.0/24 maxlen: 24
                          165.154.199.0/24 maxlen: 24
                          165.154.200.0/24 maxlen: 24
                          165.154.201.0/24 maxlen: 24
                          165.154.202.0/24 maxlen: 24
                          165.154.203.0/24 maxlen: 24
                          165.154.204.0/24 maxlen: 24
                          165.154.205.0/24 maxlen: 24
                          165.154.206.0/24 maxlen: 24
                          165.154.207.0/24 maxlen: 24
                          165.154.208.0/24 maxlen: 24
                          165.154.209.0/24 maxlen: 24
                          165.154.210.0/24 maxlen: 24
                          165.154.211.0/24 maxlen: 24
                          165.154.212.0/24 maxlen: 24
                          165.154.213.0/24 maxlen: 24
                          165.154.214.0/24 maxlen: 24
                          165.154.215.0/24 maxlen: 24
                          165.154.216.0/24 maxlen: 24
                          165.154.217.0/24 maxlen: 24
                          165.154.224.0/19 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9154340/F8E7607CA67711EB8B4BB13EC4F9AE02/GWzuJffRt-pwjOGIczcUM5LORxw.crl
                          rsync://rpki.apnic.net/member_repository/A9154340/F8E7607CA67711EB8B4BB13EC4F9AE02/GWzuJffRt-pwjOGIczcUM5LORxw.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/GWzuJffRt-pwjOGIczcUM5LORxw.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 27 Nov 2024 19:45:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1337 (0x539)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9154340/serialNumber=196CEE25F7D1B7EA708CE1887337143392CE471C
        Validity
            Not Before: Apr  5 01:03:54 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=660f4dfa-c52c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d8:78:c7:07:1a:79:1e:83:31:98:3a:18:39:9b:
                    5e:69:e0:03:88:8c:c3:e3:fa:71:96:33:ad:18:92:
                    fa:b1:3b:0f:8f:2f:52:51:7f:eb:33:13:12:ed:88:
                    21:cd:ef:7c:8a:52:9d:9d:40:a9:cd:b1:56:6c:b1:
                    ed:a4:33:3b:84:4c:c4:58:91:50:de:1c:77:ad:09:
                    c5:32:b6:5c:03:6f:ed:93:57:da:75:eb:a6:61:c3:
                    04:05:79:3e:9c:67:1a:d6:4f:d2:fb:a8:c6:2d:89:
                    43:dd:a9:34:d4:bd:18:77:5d:52:81:23:7e:8a:29:
                    df:93:91:d6:68:fc:f3:94:01:90:5d:36:f6:0a:e4:
                    d6:02:e6:91:4b:36:a9:e5:8b:84:bf:ac:11:0b:f5:
                    54:53:02:6d:8e:88:80:84:87:57:b3:20:13:69:96:
                    3e:41:94:60:73:a2:df:bf:d1:cd:1e:d3:6e:30:7c:
                    fc:cf:f7:06:2c:b7:7e:93:c8:dd:d8:07:a4:b7:2b:
                    db:31:d5:90:97:80:53:b8:9d:cf:ba:5f:fd:52:b9:
                    e5:29:c2:33:6b:53:ac:77:9d:69:0f:b5:d1:cf:87:
                    b9:31:c8:9a:a9:6a:86:73:74:5e:84:4e:70:ac:da:
                    c3:52:ee:5e:92:ba:4f:3f:91:55:47:eb:17:a2:8e:
                    14:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:A8:A4:4B:C6:B9:F8:73:9E:95:B3:13:CB:FE:2E:1B:74:16:EB:13
            X509v3 Authority Key Identifier:
                keyid:19:6C:EE:25:F7:D1:B7:EA:70:8C:E1:88:73:37:14:33:92:CE:47:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9154340/F8E7607CA67711EB8B4BB13EC4F9AE02/GWzuJffRt-pwjOGIczcUM5LORxw.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/GWzuJffRt-pwjOGIczcUM5LORxw.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9154340/F8E7607CA67711EB8B4BB13EC4F9AE02/8BF559B2A70111EBBAA7C612C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  165.154.192.0-165.154.217.255
                  165.154.224.0/19

    Signature Algorithm: sha256WithRSAEncryption
         82:0a:1c:91:b1:29:82:7d:96:a1:92:d0:7c:d9:a0:0b:ff:12:
         48:7e:d0:8b:e8:c2:1d:ef:44:56:85:89:8d:ac:77:08:eb:c4:
         1d:be:99:77:ca:23:70:27:79:fb:94:21:7a:3a:4b:45:c6:3a:
         96:08:7d:7b:b4:5a:e0:19:c1:33:99:48:7b:b3:34:6c:e2:4a:
         d5:1d:aa:c8:1d:34:e8:fd:93:67:5a:cb:3b:62:f4:8d:8f:50:
         d6:15:ac:66:8f:97:1e:99:62:65:e8:5a:9e:5c:47:6d:fa:15:
         ef:88:b1:fa:83:df:89:aa:f7:b2:ff:8e:17:12:f1:2b:4e:5a:
         2a:f4:46:46:98:57:a8:a9:fa:a0:1a:17:71:f0:32:56:2e:3a:
         b8:41:27:1e:43:65:52:dc:c8:13:8e:aa:e2:6f:f5:16:35:d6:
         de:51:b0:b0:5c:e2:53:aa:4a:ce:ff:2f:fd:bb:00:a9:a2:24:
         af:1e:05:d2:fc:4a:32:4c:f2:bd:3d:3c:82:ec:9a:35:a9:d2:
         96:e5:b0:dd:25:ae:c5:7d:ba:30:59:21:af:e6:9d:16:95:1e:
         54:46:a6:11:f1:c1:1f:d7:e1:ba:4b:0e:1b:52:5f:58:89:f2:
         8b:4a:86:66:df:36:3e:22:f7:02:13:60:b3:dc:ea:66:25:58:
         ce:c9:76:ea
-----BEGIN CERTIFICATE-----
MIIFfzCCBGegAwIBAgICBTkwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NTQzNDAxMTAvBgNVBAUTKDE5NkNFRTI1RjdEMUI3RUE3MDhDRTE4ODczMzcxNDMz
OTJDRTQ3MUMwHhcNMjQwNDA1MDEwMzU0WhcNMjUwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjBmNGRmYS1jNTJjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA2HjHBxp5HoMxmDoYOZteaeADiIzD4/pxljOtGJL6sTsPjy9SUX/rMxMS7Ygh
ze98ilKdnUCpzbFWbLHtpDM7hEzEWJFQ3hx3rQnFMrZcA2/tk1fadeumYcMEBXk+
nGca1k/S+6jGLYlD3ak01L0Yd11SgSN+iinfk5HWaPzzlAGQXTb2CuTWAuaRSzap
5YuEv6wRC/VUUwJtjoiAhIdXsyATaZY+QZRgc6Lfv9HNHtNuMHz8z/cGLLd+k8jd
2AektyvbMdWQl4BTuJ3Pul/9UrnlKcIza1Osd51pD7XRz4e5MciaqWqGc3RehE5w
rNrDUu5ekrpPP5FVR+sXoo4UxwIDAQABo4ICozCCAp8wHQYDVR0OBBYEFKeopEvG
ufhznpWzE8v+Lht0FusTMB8GA1UdIwQYMBaAFBls7iX30bfqcIzhiHM3FDOSzkcc
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1NDM0MC9GOEU3NjA3Q0E2
NzcxMUVCOEI0QkIxM0VDNEY5QUUwMi9HV3p1SmZmUnQtcHdqT0dJY3pjVU01TE9S
eHcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL0dXenVKZmZSdC1wd2pPR0ljemNVTTVMT1J4dy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NTQzNDAvRjhFNzYwN0NBNjc3MTFFQjhCNEJCMTNFQzRGOUFFMDIvOEJGNTU5QjJB
NzAxMTFFQkJBQTdDNjEyQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLQYIKwYBBQUHAQcBAf8E
HjAcMBoEAgABMBQwDAMEBqWawAMEAaWa2AMEBaWa4DANBgkqhkiG9w0BAQsFAAOC
AQEAggockbEpgn2WoZLQfNmgC/8SSH7Qi+jCHe9EVoWJjax3COvEHb6Zd8ojcCd5
+5QhejpLRcY6lgh9e7Ra4BnBM5lIe7M0bOJK1R2qyB006P2TZ1rLO2L0jY9Q1hWs
Zo+XHpliZehanlxHbfoV74ix+oPfiar3sv+OFxLxK05aKvRGRphXqKn6oBoXcfAy
Vi46uEEnHkNlUtzIE46q4m/1FjXW3lGwsFziU6pKzv8v/bsAqaIkrx4F0vxKMkzy
vT08guyaNanSluWw3SWuxX26MFkhr+adFpUeVEamEfHBH9fhuksOG1JfWInyi0qG
Zt82PiL3AhNgs9zqZiVYzsl26g==
-----END CERTIFICATE-----
Generated at Wed Nov 20 23:11:44 2024 by rpki-client on console-fra.rpki-client.org