Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9158620/0E919934884211EEA7D8C814C4F9AE02/62258D42C93A11EEA1A4CA4FC4F9AE02.roa
File:                     62258D42C93A11EEA1A4CA4FC4F9AE02.roa (raw, json)
Hash identifier:          h5rk3Xz6VW0VeUtdbytEnw8Pa8H3Io324xwpZFHPhXc=
Subject key identifier:   D5:62:F4:EA:8E:DD:D4:12:54:53:1E:ED:79:BD:CD:8C:AB:55:46:D2
Certificate issuer:       /CN=A9158620/serialNumber=A408AC94A0D336F47324905A918AF24902F0DE8B
Certificate serial:       95
Authority key identifier: A4:08:AC:94:A0:D3:36:F4:73:24:90:5A:91:8A:F2:49:02:F0:DE:8B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/pAislKDTNvRzJJBakYrySQLw3os.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9158620/0E919934884211EEA7D8C814C4F9AE02/62258D42C93A11EEA1A4CA4FC4F9AE02.roa
Signing time:             Mon 01 Jul 2024 07:07:54 +0000
ROA not before:           Mon 01 Jul 2024 07:07:54 +0000
ROA not after:            Sun 31 Aug 2025 00:00:00 +0000
asID:                     201755
IP address blocks:        43.245.43.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9158620/0E919934884211EEA7D8C814C4F9AE02/pAislKDTNvRzJJBakYrySQLw3os.crl
                          rsync://rpki.apnic.net/member_repository/A9158620/0E919934884211EEA7D8C814C4F9AE02/pAislKDTNvRzJJBakYrySQLw3os.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/pAislKDTNvRzJJBakYrySQLw3os.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 28 Nov 2024 04:04:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 149 (0x95)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9158620/serialNumber=A408AC94A0D336F47324905A918AF24902F0DE8B
        Validity
            Not Before: Jul  1 07:07:54 2024 GMT
            Not After : Aug 31 00:00:00 2025 GMT
        Subject: CN=668255ca-eb46
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:f1:21:30:b6:b0:d7:cd:6d:0a:96:83:39:8b:
                    7b:47:c5:06:2f:9e:13:d0:00:8a:cf:1f:90:13:74:
                    64:a9:78:cc:bd:4d:8f:f5:bb:8f:fc:ce:15:0d:c2:
                    ab:90:93:e0:e8:e7:af:83:5e:c8:9f:a7:e9:f7:bc:
                    e5:98:18:d7:9d:1c:84:22:7b:7a:12:da:bc:94:42:
                    21:ac:b5:58:c9:39:41:c9:a8:37:1d:c7:fe:45:87:
                    73:59:e4:8b:91:eb:12:96:23:c1:fc:1d:16:23:ae:
                    11:88:56:0b:41:30:55:67:25:87:9f:71:2c:c9:9e:
                    cd:5a:04:4c:8e:13:39:0e:c7:77:23:55:1a:c7:38:
                    91:3a:3b:30:0e:f7:d2:fd:e8:e0:3c:1d:61:0c:4c:
                    cd:8b:ba:2e:2d:f9:51:b0:7b:f3:29:71:5f:36:ad:
                    a5:4c:05:90:63:c5:39:dd:73:5f:a1:a6:18:47:c0:
                    1c:a6:da:05:b9:ff:d1:cb:64:53:3c:bc:8b:16:87:
                    4e:d0:a7:21:72:5f:d6:e9:51:41:ce:cc:76:ac:30:
                    f4:cb:1f:c1:62:57:bc:78:01:4f:9c:29:b6:15:3a:
                    5f:97:b3:5b:7e:83:7d:36:e6:1b:e1:ba:3a:6c:a1:
                    7b:c6:0d:a9:96:7a:83:8f:6a:ee:10:b2:ff:2c:4d:
                    dd:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D5:62:F4:EA:8E:DD:D4:12:54:53:1E:ED:79:BD:CD:8C:AB:55:46:D2
            X509v3 Authority Key Identifier:
                keyid:A4:08:AC:94:A0:D3:36:F4:73:24:90:5A:91:8A:F2:49:02:F0:DE:8B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9158620/0E919934884211EEA7D8C814C4F9AE02/pAislKDTNvRzJJBakYrySQLw3os.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/pAislKDTNvRzJJBakYrySQLw3os.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9158620/0E919934884211EEA7D8C814C4F9AE02/62258D42C93A11EEA1A4CA4FC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.245.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:1f:6b:ff:69:86:bf:6b:40:c9:a7:ae:f5:ae:a1:1c:2c:01:
         e0:67:a4:df:0b:f5:f8:52:fe:df:4e:02:75:51:cb:ba:2b:99:
         ec:8f:42:dd:f9:99:34:b1:f2:98:ff:2c:6d:99:62:15:84:47:
         5f:db:eb:01:b1:c7:56:2d:64:65:70:0c:61:ac:88:87:49:3c:
         03:83:df:12:19:5c:d2:99:84:f6:ae:f1:95:9e:b8:5d:ff:d6:
         18:13:0e:44:cb:9c:a3:23:83:87:32:cf:45:6b:3b:f8:58:14:
         78:d7:f8:46:6f:26:bf:d7:98:b4:bd:7a:29:a7:d0:b1:bc:4a:
         91:f9:7b:99:b4:42:eb:50:3a:95:cf:87:93:3f:a2:be:b5:8a:
         8d:38:24:78:06:94:61:ff:33:0e:b4:45:89:7a:07:35:fe:79:
         7c:ee:b9:cd:65:bf:36:08:f0:87:cf:b0:8e:e8:2b:a0:77:d4:
         87:28:9b:af:de:03:73:26:33:d3:86:b3:22:24:5d:64:8c:2b:
         b7:fe:a8:59:16:3b:51:31:05:97:17:ee:23:8a:4c:17:7e:65:
         00:76:4c:68:18:20:03:8f:db:b5:fc:66:4a:2b:4c:b7:49:e6:
         e8:d9:6c:ca:66:f6:cc:2b:56:b0:d7:4f:ec:5b:13:02:0a:79:
         6f:d2:12:84
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICAJUwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NTg2MjAxMTAvBgNVBAUTKEE0MDhBQzk0QTBEMzM2RjQ3MzI0OTA1QTkxOEFGMjQ5
MDJGMERFOEIwHhcNMjQwNzAxMDcwNzU0WhcNMjUwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjgyNTVjYS1lYjQ2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAz/EhMLaw181tCpaDOYt7R8UGL54T0ACKzx+QE3RkqXjMvU2P9buP/M4VDcKr
kJPg6Oevg17In6fp97zlmBjXnRyEInt6Etq8lEIhrLVYyTlByag3Hcf+RYdzWeSL
kesSliPB/B0WI64RiFYLQTBVZyWHn3EsyZ7NWgRMjhM5Dsd3I1UaxziROjswDvfS
/ejgPB1hDEzNi7ouLflRsHvzKXFfNq2lTAWQY8U53XNfoaYYR8AcptoFuf/Ry2RT
PLyLFodO0Kchcl/W6VFBzsx2rDD0yx/BYle8eAFPnCm2FTpfl7NbfoN9NuYb4bo6
bKF7xg2plnqDj2ruELL/LE3d1wIDAQABo4IClTCCApEwHQYDVR0OBBYEFNVi9OqO
3dQSVFMe7Xm9zYyrVUbSMB8GA1UdIwQYMBaAFKQIrJSg0zb0cySQWpGK8kkC8N6L
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1ODYyMC8wRTkxOTkzNDg4
NDIxMUVFQTdEOEM4MTRDNEY5QUUwMi9wQWlzbEtEVE52UnpKSkJha1lyeVNRTHcz
b3MuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3BBaXNsS0RUTnZSekpKQmFrWXJ5U1FMdzNvcy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NTg2MjAvMEU5MTk5MzQ4ODQyMTFFRUE3RDhDODE0QzRGOUFFMDIvNjIyNThENDJD
OTNBMTFFRUExQTRDQTRGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAAr9SswDQYJKoZIhvcNAQELBQADggEBADAfa/9phr9rQMmn
rvWuoRwsAeBnpN8L9fhS/t9OAnVRy7ormeyPQt35mTSx8pj/LG2ZYhWER1/b6wGx
x1YtZGVwDGGsiIdJPAOD3xIZXNKZhPau8ZWeuF3/1hgTDkTLnKMjg4cyz0VrO/hY
FHjX+EZvJr/XmLS9eimn0LG8SpH5e5m0QutQOpXPh5M/or61io04JHgGlGH/Mw60
RYl6BzX+eXzuuc1lvzYI8IfPsI7oK6B31Icom6/eA3MmM9OGsyIkXWSMK7f+qFkW
O1ExBZcX7iOKTBd+ZQB2TGgYIAOP27X8ZkorTLdJ5ujZbMpm9swrVrDXT+xbEwIK
eW/SEoQ=
-----END CERTIFICATE-----
Generated at Thu Nov 21 05:05:56 2024 by rpki-client on console-fra.rpki-client.org