Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A916CCFF/9A5EC16C46FE11EC94E3D24AC4F9AE02/41E32C9852E411EC9E19AA2FC4F9AE02.roa
File:                     41E32C9852E411EC9E19AA2FC4F9AE02.roa (raw, json)
Hash identifier:          HnwTuFkXpFWqMrGNkFj6SlcuzCyijCrShgbDgGmHvBc=
Subject key identifier:   E5:5D:F4:94:31:4D:C1:EA:06:BB:CE:A2:A2:7E:53:D9:59:54:1A:83
Certificate issuer:       /CN=A916CCFF/serialNumber=0803662C571325728F24FAAD8CB1A5F1900715ED
Certificate serial:       0230
Authority key identifier: 08:03:66:2C:57:13:25:72:8F:24:FA:AD:8C:B1:A5:F1:90:07:15:ED
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/CANmLFcTJXKPJPqtjLGl8ZAHFe0.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A916CCFF/9A5EC16C46FE11EC94E3D24AC4F9AE02/41E32C9852E411EC9E19AA2FC4F9AE02.roa
Signing time:             Thu 18 Aug 2022 03:42:25 +0000
ROA not before:           Thu 18 Aug 2022 03:42:25 +0000
ROA not after:            Sat 30 Sep 2023 00:00:00 +0000
asID:                     16509
IP address blocks:        202.92.192.0/24 maxlen: 24
                          202.92.193.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A916CCFF/9A5EC16C46FE11EC94E3D24AC4F9AE02/CANmLFcTJXKPJPqtjLGl8ZAHFe0.crl
                          rsync://rpki.apnic.net/member_repository/A916CCFF/9A5EC16C46FE11EC94E3D24AC4F9AE02/CANmLFcTJXKPJPqtjLGl8ZAHFe0.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/CANmLFcTJXKPJPqtjLGl8ZAHFe0.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 22 Mar 2023 03:43:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 560 (0x230)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A916CCFF/serialNumber=0803662C571325728F24FAAD8CB1A5F1900715ED
        Validity
            Not Before: Aug 18 03:42:25 2022 GMT
            Not After : Sep 30 00:00:00 2023 GMT
        Subject: CN=62fdb521-dcf5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:d1:4a:91:cb:34:67:96:cd:ea:c8:b1:73:80:
                    47:3f:26:6b:58:b1:84:8e:e1:1c:33:65:65:f5:e0:
                    4d:f5:a8:ac:81:e0:a1:ae:40:dc:f3:4b:66:37:87:
                    30:ba:0b:e9:91:92:6a:4a:9e:d9:29:52:ad:dc:02:
                    b5:58:4b:98:a7:39:30:99:bf:b3:b5:51:28:72:ba:
                    43:19:27:15:81:0f:d9:8a:bb:f9:bb:ca:2c:b7:dc:
                    28:43:1e:8c:4b:29:9f:63:ff:9d:4c:f7:d8:65:2f:
                    4e:66:82:77:b8:29:68:e2:94:d1:d4:ca:8a:99:c1:
                    73:36:87:96:51:5f:d7:fe:a5:f8:7b:da:f3:df:7f:
                    b8:d5:b6:de:f1:27:9e:f6:bd:29:dc:90:47:a2:71:
                    f3:de:0d:2a:d4:b9:96:a6:53:5c:f0:6d:e7:4e:32:
                    9b:19:37:fc:fb:6b:e6:79:d5:d8:c8:15:b4:8b:d0:
                    e6:f4:48:f2:2c:e8:30:fe:bd:d5:4f:a5:96:93:9c:
                    ee:18:17:bd:0f:ad:8c:8e:00:ec:1c:5a:8c:3d:f0:
                    24:62:a8:9e:a5:f4:a0:bb:b7:fb:8d:08:ad:95:85:
                    16:bc:41:bb:4b:bc:af:4c:3e:82:1e:05:14:70:8c:
                    2e:51:f1:dd:9b:2a:5c:07:bd:87:38:4e:6f:0c:fc:
                    27:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                E5:5D:F4:94:31:4D:C1:EA:06:BB:CE:A2:A2:7E:53:D9:59:54:1A:83
            X509v3 Authority Key Identifier: 
                keyid:08:03:66:2C:57:13:25:72:8F:24:FA:AD:8C:B1:A5:F1:90:07:15:ED

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A916CCFF/9A5EC16C46FE11EC94E3D24AC4F9AE02/CANmLFcTJXKPJPqtjLGl8ZAHFe0.crl

            Authority Information Access: 
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/CANmLFcTJXKPJPqtjLGl8ZAHFe0.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access: 
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A916CCFF/9A5EC16C46FE11EC94E3D24AC4F9AE02/41E32C9852E411EC9E19AA2FC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.92.192.0/23

    Signature Algorithm: sha256WithRSAEncryption
         88:f4:23:03:b9:20:cc:a7:4f:37:5b:6d:2a:8d:73:65:da:28:
         65:bb:81:0a:b5:52:6f:59:25:19:78:d2:9d:56:30:59:ce:87:
         27:08:59:22:d2:da:90:8a:0e:cc:9b:cf:3a:52:fb:12:69:60:
         cd:f6:b2:52:6e:23:cd:18:ef:c3:9e:1e:cd:8a:13:b2:d0:ac:
         99:e7:7b:67:31:ee:71:88:8c:65:98:25:32:8e:ee:7e:d2:c5:
         ea:ed:ed:e0:2b:e0:ef:19:da:62:c7:b3:0f:7e:c9:ce:33:cb:
         4e:4e:8a:cc:8f:90:29:2c:b1:12:5a:e6:13:c8:a7:f1:e9:64:
         dc:d5:5d:55:b5:84:8f:47:ad:c9:b2:c9:86:99:70:b6:01:8c:
         72:49:30:93:8e:72:51:78:6b:29:6e:1d:6f:31:a0:b8:5a:62:
         ca:97:bd:3c:59:77:f0:8e:87:ac:1c:a2:43:5c:7e:0c:0f:2a:
         f7:93:be:2f:6e:c7:c9:07:02:0d:0b:13:a2:c2:ce:cd:c0:ba:
         93:0d:21:63:63:4b:17:86:06:6d:21:42:d2:3d:2c:4f:e5:48:
         88:9c:2f:da:87:bc:4f:11:9f:50:a7:3d:9d:ee:ba:78:ed:4a:
         82:5a:c4:28:09:d2:f9:56:11:36:44:51:09:89:42:a2:4c:f1:
         66:20:3b:27
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICAjAwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NkNDRkYxMTAvBgNVBAUTKDA4MDM2NjJDNTcxMzI1NzI4RjI0RkFBRDhDQjFBNUYx
OTAwNzE1RUQwHhcNMjIwODE4MDM0MjI1WhcNMjMwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02MmZkYjUyMS1kY2Y1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA8NFKkcs0Z5bN6sixc4BHPyZrWLGEjuEcM2Vl9eBN9aisgeChrkDc80tmN4cw
ugvpkZJqSp7ZKVKt3AK1WEuYpzkwmb+ztVEocrpDGScVgQ/Zirv5u8ost9woQx6M
SymfY/+dTPfYZS9OZoJ3uClo4pTR1MqKmcFzNoeWUV/X/qX4e9rz33+41bbe8See
9r0p3JBHonHz3g0q1LmWplNc8G3nTjKbGTf8+2vmedXYyBW0i9Dm9EjyLOgw/r3V
T6WWk5zuGBe9D62MjgDsHFqMPfAkYqiepfSgu7f7jQitlYUWvEG7S7yvTD6CHgUU
cIwuUfHdmypcB72HOE5vDPwnRQIDAQABo4IClTCCApEwHQYDVR0OBBYEFOVd9JQx
TcHqBrvOoqJ+U9lZVBqDMB8GA1UdIwQYMBaAFAgDZixXEyVyjyT6rYyxpfGQBxXt
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE2Q0NGRi85QTVFQzE2QzQ2
RkUxMUVDOTRFM0QyNEFDNEY5QUUwMi9DQU5tTEZjVEpYS1BKUHF0akxHbDhaQUhG
ZTAuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0NBTm1MRmNUSlhLUEpQcXRqTEdsOFpBSEZlMC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NkNDRkYvOUE1RUMxNkM0NkZFMTFFQzk0RTNEMjRBQzRGOUFFMDIvNDFFMzJDOTg1
MkU0MTFFQzlFMTlBQTJGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAHKXMAwDQYJKoZIhvcNAQELBQADggEBAIj0IwO5IMynTzdb
bSqNc2XaKGW7gQq1Um9ZJRl40p1WMFnOhycIWSLS2pCKDsybzzpS+xJpYM32slJu
I80Y78OeHs2KE7LQrJnne2cx7nGIjGWYJTKO7n7Sxert7eAr4O8Z2mLHsw9+yc4z
y05OisyPkCkssRJa5hPIp/HpZNzVXVW1hI9HrcmyyYaZcLYBjHJJMJOOclF4aylu
HW8xoLhaYsqXvTxZd/COh6wcokNcfgwPKveTvi9ux8kHAg0LE6LCzs3AupMNIWNj
SxeGBm0hQtI9LE/lSIicL9qHvE8Rn1CnPZ3uunjtSoJaxCgJ0vlWETZEUQmJQqJM
8WYgOyc=
-----END CERTIFICATE-----
Generated at Wed Mar 15 11:44:29 2023 by rpki-client on console-ams.rpki-client.org