Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9157A68/4B36B9B8DBDA11EA9A8D2840C4F9AE02/294CEBA68FDD11EDBC45E84DC4F9AE02.roa
File:                     294CEBA68FDD11EDBC45E84DC4F9AE02.roa (raw, json)
Hash identifier:          OOAGuEy3dNxhof0DuDCrqOBB7Z16rn3wikl56pkPDKs=
Subject key identifier:   94:DE:F7:19:E4:A8:E1:30:8A:ED:2A:41:A0:A6:17:E9:CF:60:F9:13
Certificate issuer:       /CN=A9157A68/serialNumber=65B7AD9675B3809ECE04AF301C2EB7037FF02BBB
Certificate serial:       0763
Authority key identifier: 65:B7:AD:96:75:B3:80:9E:CE:04:AF:30:1C:2E:B7:03:7F:F0:2B:BB
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ZbetlnWzgJ7OBK8wHC63A3_wK7s.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9157A68/4B36B9B8DBDA11EA9A8D2840C4F9AE02/294CEBA68FDD11EDBC45E84DC4F9AE02.roa
Signing time:             Wed 12 Jun 2024 23:00:16 +0000
ROA not before:           Wed 12 Jun 2024 23:00:16 +0000
ROA not after:            Sun 31 Aug 2025 00:00:00 +0000
asID:                     141366
IP address blocks:        45.249.99.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9157A68/4B36B9B8DBDA11EA9A8D2840C4F9AE02/ZbetlnWzgJ7OBK8wHC63A3_wK7s.crl
                          rsync://rpki.apnic.net/member_repository/A9157A68/4B36B9B8DBDA11EA9A8D2840C4F9AE02/ZbetlnWzgJ7OBK8wHC63A3_wK7s.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ZbetlnWzgJ7OBK8wHC63A3_wK7s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 29 Nov 2024 20:43:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1891 (0x763)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9157A68/serialNumber=65B7AD9675B3809ECE04AF301C2EB7037FF02BBB
        Validity
            Not Before: Jun 12 23:00:16 2024 GMT
            Not After : Aug 31 00:00:00 2025 GMT
        Subject: CN=666a2880-27dd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:12:61:2a:e7:bd:48:2a:38:0d:ab:0e:c1:dd:
                    44:e4:37:51:9a:27:94:ad:30:f9:0a:4c:50:7d:a9:
                    be:15:b7:da:f4:4d:bd:75:70:14:6e:77:f1:73:34:
                    67:59:48:b8:d4:f6:ba:13:fe:4d:49:96:30:d2:40:
                    b3:66:62:61:fc:07:bd:a1:d0:3e:e0:a4:d2:59:1d:
                    77:50:e4:32:03:62:4d:b1:67:c5:ef:b9:59:23:50:
                    0f:a9:4b:d2:15:63:9b:09:af:45:25:00:5d:fc:fd:
                    57:21:a6:e2:09:bb:98:91:91:ac:40:c8:af:23:d4:
                    73:16:b9:fe:41:95:58:9c:65:d0:2e:4f:d6:0c:2f:
                    26:5f:41:2e:27:c3:07:ed:bc:c8:70:6c:ea:be:88:
                    e2:88:51:aa:63:00:2a:7f:6a:5e:07:ed:04:84:52:
                    2a:f8:45:1d:0d:8b:93:64:cb:e7:87:32:77:62:ae:
                    51:5e:3f:5d:af:43:e3:ef:fe:40:b2:10:31:d3:35:
                    bd:bb:9f:f9:94:c0:32:06:95:6d:1c:7c:14:76:73:
                    a3:f7:a9:7e:03:7c:46:68:c3:eb:fa:2f:4c:e6:0d:
                    c3:aa:4b:43:9c:89:fb:0d:8f:10:09:d8:3b:f8:26:
                    f4:3a:52:16:6f:a3:43:9e:18:6d:22:db:40:b3:7d:
                    3a:0b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                94:DE:F7:19:E4:A8:E1:30:8A:ED:2A:41:A0:A6:17:E9:CF:60:F9:13
            X509v3 Authority Key Identifier:
                keyid:65:B7:AD:96:75:B3:80:9E:CE:04:AF:30:1C:2E:B7:03:7F:F0:2B:BB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9157A68/4B36B9B8DBDA11EA9A8D2840C4F9AE02/ZbetlnWzgJ7OBK8wHC63A3_wK7s.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ZbetlnWzgJ7OBK8wHC63A3_wK7s.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9157A68/4B36B9B8DBDA11EA9A8D2840C4F9AE02/294CEBA68FDD11EDBC45E84DC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.249.99.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0a:f4:1c:39:c0:fe:6b:8e:6f:85:3c:03:59:ac:c3:d5:fe:ce:
         a3:c2:c2:3b:40:72:34:6c:fa:13:65:61:02:60:7a:05:f6:a6:
         4b:29:4c:4d:22:e8:22:d8:a3:cf:06:70:63:3f:e1:e3:58:9a:
         8a:53:95:ed:66:f6:13:6a:54:4b:6a:f2:1a:f7:52:96:b9:95:
         73:d4:b1:26:6e:1b:d3:a6:06:8d:0d:48:95:4f:7a:4f:ee:50:
         89:e2:79:7e:c8:82:30:f7:99:58:6e:2a:9c:2a:31:21:4c:a3:
         7c:98:f4:51:4b:d6:58:81:ba:d2:a5:e8:7e:d7:81:30:b2:79:
         57:98:ae:26:59:a7:e3:29:68:48:85:0b:39:77:66:56:72:af:
         c3:15:a0:e8:f5:2b:95:9d:37:ab:d4:a7:c4:b8:03:0f:3f:d3:
         15:91:c6:1b:ae:d2:99:51:74:85:14:79:23:46:fd:84:31:c4:
         3e:a8:38:17:f6:15:17:bd:e3:09:79:6d:45:a6:23:fd:cc:b2:
         80:be:93:73:9c:46:d1:50:cc:d3:fa:65:4b:f6:1c:6a:1e:bc:
         58:05:fe:51:d5:6d:4d:7d:e1:6b:3f:23:e2:10:5a:ee:2e:c9:
         d7:ea:70:42:78:85:03:f2:10:6d:72:e9:bb:d0:69:c8:5d:1c:
         e3:db:f1:0c
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICB2MwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NTdBNjgxMTAvBgNVBAUTKDY1QjdBRDk2NzVCMzgwOUVDRTA0QUYzMDFDMkVCNzAz
N0ZGMDJCQkIwHhcNMjQwNjEyMjMwMDE2WhcNMjUwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjZhMjg4MC0yN2RkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA4BJhKue9SCo4DasOwd1E5DdRmieUrTD5CkxQfam+Fbfa9E29dXAUbnfxczRn
WUi41Pa6E/5NSZYw0kCzZmJh/Ae9odA+4KTSWR13UOQyA2JNsWfF77lZI1APqUvS
FWObCa9FJQBd/P1XIabiCbuYkZGsQMivI9RzFrn+QZVYnGXQLk/WDC8mX0EuJ8MH
7bzIcGzqvojiiFGqYwAqf2peB+0EhFIq+EUdDYuTZMvnhzJ3Yq5RXj9dr0Pj7/5A
shAx0zW9u5/5lMAyBpVtHHwUdnOj96l+A3xGaMPr+i9M5g3DqktDnIn7DY8QCdg7
+Cb0OlIWb6NDnhhtIttAs306CwIDAQABo4IClTCCApEwHQYDVR0OBBYEFJTe9xnk
qOEwiu0qQaCmF+nPYPkTMB8GA1UdIwQYMBaAFGW3rZZ1s4CezgSvMBwutwN/8Cu7
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1N0E2OC80QjM2QjlCOERC
REExMUVBOUE4RDI4NDBDNEY5QUUwMi9aYmV0bG5XemdKN09CSzh3SEM2M0EzX3dL
N3MuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1piZXRsbld6Z0o3T0JLOHdIQzYzQTNfd0s3cy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NTdBNjgvNEIzNkI5QjhEQkRBMTFFQTlBOEQyODQwQzRGOUFFMDIvMjk0Q0VCQTY4
RkREMTFFREJDNDVFODREQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAAt+WMwDQYJKoZIhvcNAQELBQADggEBAAr0HDnA/muOb4U8
A1msw9X+zqPCwjtAcjRs+hNlYQJgegX2pkspTE0i6CLYo88GcGM/4eNYmopTle1m
9hNqVEtq8hr3Upa5lXPUsSZuG9OmBo0NSJVPek/uUInieX7IgjD3mVhuKpwqMSFM
o3yY9FFL1liButKl6H7XgTCyeVeYriZZp+MpaEiFCzl3ZlZyr8MVoOj1K5WdN6vU
p8S4Aw8/0xWRxhuu0plRdIUUeSNG/YQxxD6oOBf2FRe94wl5bUWmI/3MsoC+k3Oc
RtFQzNP6ZUv2HGoevFgF/lHVbU194Ws/I+IQWu4uydfqcEJ4hQPyEG1y6bvQachd
HOPb8Qw=
-----END CERTIFICATE-----
Generated at Fri Nov 22 22:24:08 2024 by rpki-client on console-fra.rpki-client.org