Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A915A300/CD2037E21D8811E28A11A0E108B02CD2/165CEF66E60911EB950D930DC4F9AE02.roa
File:                     165CEF66E60911EB950D930DC4F9AE02.roa (raw, json)
Hash identifier:          HDsHIbGkhZ9BpqHHZu+Zi+YR3/WHMiknflwPsnGniPE=
Subject key identifier:   C9:CD:10:E1:CC:C4:BD:C0:EE:1E:9A:3C:42:45:F4:77:78:F0:E3:B4
Certificate issuer:       /CN=A915A300/serialNumber=E1564FDA5CED5CAE694153097ED1942551209223
Certificate serial:       33BE
Authority key identifier: E1:56:4F:DA:5C:ED:5C:AE:69:41:53:09:7E:D1:94:25:51:20:92:23
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/4VZP2lztXK5pQVMJftGUJVEgkiM.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A915A300/CD2037E21D8811E28A11A0E108B02CD2/165CEF66E60911EB950D930DC4F9AE02.roa
Signing time:             Tue 02 May 2023 14:50:27 +0000
ROA not before:           Tue 02 May 2023 14:50:27 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     198949
IP address blocks:        211.29.93.0/24 maxlen: 24
                          211.29.132.0/24 maxlen: 24
                          211.29.133.0/24 maxlen: 24
                          211.29.152.0/24 maxlen: 24
                          211.31.132.0/24 maxlen: 24
                          211.31.138.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A915A300/CD2037E21D8811E28A11A0E108B02CD2/4VZP2lztXK5pQVMJftGUJVEgkiM.crl
                          rsync://rpki.apnic.net/member_repository/A915A300/CD2037E21D8811E28A11A0E108B02CD2/4VZP2lztXK5pQVMJftGUJVEgkiM.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/4VZP2lztXK5pQVMJftGUJVEgkiM.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 04 Apr 2024 14:34:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 13246 (0x33be)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A915A300/serialNumber=E1564FDA5CED5CAE694153097ED1942551209223
        Validity
            Not Before: May  2 14:50:27 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=64512333-b61c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:25:5b:9d:be:70:5a:a5:b3:66:a5:4e:e9:a5:
                    dc:c8:8c:40:1a:ec:3b:91:19:ea:91:d1:b0:8f:75:
                    bb:44:2a:1e:37:65:8b:ef:06:5c:fa:71:e6:b1:59:
                    7d:63:69:7d:7c:b3:7e:34:af:a5:97:1e:b7:dc:60:
                    b4:80:fc:63:34:06:cb:04:7c:3b:6e:4a:5f:f2:2a:
                    39:f4:94:0e:87:44:cd:9b:d7:78:51:bf:30:d3:14:
                    fc:a0:76:02:8a:43:c9:ab:8b:1c:e5:19:cf:ec:ed:
                    db:3f:d6:b7:4f:cb:31:27:d7:88:4f:29:1a:23:c6:
                    fd:8a:9c:7e:b2:fd:d8:3a:0d:27:4e:de:cd:4c:3f:
                    57:71:de:ef:9a:f2:b2:58:c2:ef:4c:74:c3:0e:19:
                    56:27:5b:5f:bd:85:a4:08:41:af:60:21:5f:ee:19:
                    75:ea:99:f4:c1:f8:54:c4:16:ed:06:ee:82:e8:f1:
                    56:c4:0b:f0:47:f1:87:4b:42:e2:64:1e:9c:66:43:
                    a9:a7:98:f5:ca:ae:94:eb:aa:da:f5:e0:50:27:a8:
                    9f:30:7b:1c:02:21:05:c3:a9:cb:84:28:ea:18:86:
                    75:3c:57:68:f8:26:de:0a:45:a0:55:db:cf:7a:e6:
                    c0:ca:76:86:91:bc:f2:7b:14:c3:9b:8f:eb:ce:cd:
                    24:4f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:CD:10:E1:CC:C4:BD:C0:EE:1E:9A:3C:42:45:F4:77:78:F0:E3:B4
            X509v3 Authority Key Identifier:
                keyid:E1:56:4F:DA:5C:ED:5C:AE:69:41:53:09:7E:D1:94:25:51:20:92:23

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A915A300/CD2037E21D8811E28A11A0E108B02CD2/4VZP2lztXK5pQVMJftGUJVEgkiM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/4VZP2lztXK5pQVMJftGUJVEgkiM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A915A300/CD2037E21D8811E28A11A0E108B02CD2/165CEF66E60911EB950D930DC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  211.29.93.0/24
                  211.29.132.0/23
                  211.29.152.0/24
                  211.31.132.0/24
                  211.31.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:09:60:e5:16:23:a1:4f:57:94:93:7f:ce:e9:e7:e9:6d:90:
         13:53:5b:27:42:d8:21:d6:50:76:14:e5:1d:74:12:39:c2:c5:
         d9:b7:2e:28:ff:91:78:fc:dc:77:ed:42:af:a3:61:27:bd:eb:
         28:6f:12:71:ad:0b:95:36:ff:36:f1:7f:e9:ac:f8:9c:64:4e:
         01:d0:5b:14:c5:37:ac:5c:83:c2:8d:78:d1:be:45:f0:a4:63:
         b2:2d:9b:d3:52:88:c1:18:0e:fd:ef:cf:e8:06:ae:1f:32:f6:
         5b:da:96:e0:25:ce:22:e2:c1:b4:4c:3d:af:70:90:c2:67:24:
         91:4e:3c:e8:81:2e:9c:db:2b:31:d9:b2:b6:5f:d9:80:00:74:
         f3:37:68:7b:b3:96:a5:62:41:6f:8e:f3:2e:47:fc:c1:6d:6b:
         25:fe:1b:79:b4:4b:84:17:ac:d7:d4:d5:0a:bc:03:6c:af:4c:
         2f:4d:57:99:d4:8e:9f:05:61:68:16:f5:9d:e8:54:89:e2:1c:
         fa:16:3a:19:04:7b:41:30:cb:f8:79:95:f9:30:cd:a0:89:4e:
         4e:38:97:67:6c:a8:cb:b5:be:f5:f0:a1:71:ff:00:44:2a:37:
         e3:1d:ad:3d:65:19:b1:f6:d2:e5:8b:99:8c:44:03:86:11:4b:
         7d:e7:67:02
-----BEGIN CERTIFICATE-----
MIIFiTCCBHGgAwIBAgICM74wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NUEzMDAxMTAvBgNVBAUTKEUxNTY0RkRBNUNFRDVDQUU2OTQxNTMwOTdFRDE5NDI1
NTEyMDkyMjMwHhcNMjMwNTAyMTQ1MDI3WhcNMjQwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDUxMjMzMy1iNjFjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA9CVbnb5wWqWzZqVO6aXcyIxAGuw7kRnqkdGwj3W7RCoeN2WL7wZc+nHmsVl9
Y2l9fLN+NK+llx633GC0gPxjNAbLBHw7bkpf8io59JQOh0TNm9d4Ub8w0xT8oHYC
ikPJq4sc5RnP7O3bP9a3T8sxJ9eITykaI8b9ipx+sv3YOg0nTt7NTD9Xcd7vmvKy
WMLvTHTDDhlWJ1tfvYWkCEGvYCFf7hl16pn0wfhUxBbtBu6C6PFWxAvwR/GHS0Li
ZB6cZkOpp5j1yq6U66ra9eBQJ6ifMHscAiEFw6nLhCjqGIZ1PFdo+CbeCkWgVdvP
eubAynaGkbzyexTDm4/rzs0kTwIDAQABo4ICrTCCAqkwHQYDVR0OBBYEFMnNEOHM
xL3A7h6aPEJF9Hd48OO0MB8GA1UdIwQYMBaAFOFWT9pc7VyuaUFTCX7RlCVRIJIj
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1QTMwMC9DRDIwMzdFMjFE
ODgxMUUyOEExMUEwRTEwOEIwMkNEMi80VlpQMmx6dFhLNXBRVk1KZnRHVUpWRWdr
aU0uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzRWWlAybHp0WEs1cFFWTUpmdEdVSlZFZ2tpTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NUEzMDAvQ0QyMDM3RTIxRDg4MTFFMjhBMTFBMEUxMDhCMDJDRDIvMTY1Q0VGNjZF
NjA5MTFFQjk1MEQ5MzBEQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNwYIKwYBBQUHAQcBAf8E
KDAmMCQEAgABMB4DBADTHV0DBAHTHYQDBADTHZgDBADTH4QDBADTH4owDQYJKoZI
hvcNAQELBQADggEBACkJYOUWI6FPV5STf87p5+ltkBNTWydC2CHWUHYU5R10EjnC
xdm3Lij/kXj83HftQq+jYSe96yhvEnGtC5U2/zbxf+ms+JxkTgHQWxTFN6xcg8KN
eNG+RfCkY7Itm9NSiMEYDv3vz+gGrh8y9lvaluAlziLiwbRMPa9wkMJnJJFOPOiB
LpzbKzHZsrZf2YAAdPM3aHuzlqViQW+O8y5H/MFtayX+G3m0S4QXrNfU1Qq8A2yv
TC9NV5nUjp8FYWgW9Z3oVIniHPoWOhkEe0Ewy/h5lfkwzaCJTk44l2dsqMu1vvXw
oXH/AEQqN+MdrT1lGbH20uWLmYxEA4YRS33nZwI=
-----END CERTIFICATE-----
Generated at Thu Mar 28 16:47:21 2024 by rpki-client on console-fra.rpki-client.org