Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9171172/81583ABE18BE11EBAC10DE46C4F9AE02/0A94FC36198711EB80EAEF4CC4F9AE02.roa
File:                     0A94FC36198711EB80EAEF4CC4F9AE02.roa (raw, json)
Hash identifier:          Fdde2vciDLHgUHE6iyQyE9NfpYpLxOtM35vTOMcRPVs=
Subject key identifier:   30:07:79:66:C0:8B:DF:77:8C:19:0F:C2:24:26:2F:AF:27:96:49:CA
Certificate issuer:       /CN=A9171172/serialNumber=76DEAC060460F6F8A5BD58299C53ABCAF9B1D358
Certificate serial:       0677
Authority key identifier: 76:DE:AC:06:04:60:F6:F8:A5:BD:58:29:9C:53:AB:CA:F9:B1:D3:58
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dt6sBgRg9vilvVgpnFOryvmx01g.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9171172/81583ABE18BE11EBAC10DE46C4F9AE02/0A94FC36198711EB80EAEF4CC4F9AE02.roa
Signing time:             Wed 10 Jan 2024 23:01:31 +0000
ROA not before:           Wed 10 Jan 2024 23:01:31 +0000
ROA not after:            Sun 02 Mar 2025 00:00:00 +0000
asID:                     7486
IP address blocks:        165.69.0.0/17 maxlen: 18
                          165.69.32.0/24 maxlen: 24
                          165.69.36.0/24 maxlen: 24
                          165.69.40.0/24 maxlen: 24
                          165.69.128.0/17 maxlen: 18

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9171172/81583ABE18BE11EBAC10DE46C4F9AE02/dt6sBgRg9vilvVgpnFOryvmx01g.crl
                          rsync://rpki.apnic.net/member_repository/A9171172/81583ABE18BE11EBAC10DE46C4F9AE02/dt6sBgRg9vilvVgpnFOryvmx01g.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dt6sBgRg9vilvVgpnFOryvmx01g.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 27 Nov 2024 19:45:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1655 (0x677)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9171172/serialNumber=76DEAC060460F6F8A5BD58299C53ABCAF9B1D358
        Validity
            Not Before: Jan 10 23:01:31 2024 GMT
            Not After : Mar  2 00:00:00 2025 GMT
        Subject: CN=659f21cb-3517
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:38:89:25:50:eb:b3:3e:d9:7d:cd:73:e8:77:
                    e8:5b:52:dc:c0:a6:7d:1d:a5:0e:df:96:eb:fe:b2:
                    0a:8c:d8:bf:29:97:2c:66:04:7e:83:3b:00:55:49:
                    bf:c6:43:e5:24:7f:c5:a4:66:87:e6:b9:07:36:f0:
                    f7:69:f7:6c:8e:4e:8f:04:be:eb:97:1a:d2:49:6f:
                    43:4b:c6:0e:82:e1:28:fd:ce:2f:f8:24:99:45:00:
                    7c:e8:ed:10:49:a5:7b:95:19:db:14:e6:a5:2c:39:
                    bf:cf:3e:04:54:88:c6:89:c9:2f:83:21:c5:f4:85:
                    4b:a3:82:b2:34:9b:4e:4f:ed:a0:4b:f9:a5:dc:6f:
                    75:80:dd:08:5f:75:c6:9b:52:d2:b3:9f:98:24:94:
                    11:d7:03:21:75:98:75:86:63:22:dd:32:b2:a1:a3:
                    bf:88:0e:ec:1f:0b:53:5c:5c:4c:34:98:d7:c5:b6:
                    ae:46:58:8f:45:c4:7b:39:9c:c3:b3:f4:ab:33:7a:
                    2e:34:78:4d:e5:1c:fe:b0:71:da:85:13:23:ee:0b:
                    5a:b6:d1:26:76:b1:84:56:78:08:da:e0:67:82:0a:
                    d4:6d:9b:a9:8b:7d:0b:29:2d:d6:ad:e8:0f:a1:dc:
                    f4:0d:13:f8:f7:46:27:a0:62:8f:da:65:79:4c:ba:
                    e8:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:07:79:66:C0:8B:DF:77:8C:19:0F:C2:24:26:2F:AF:27:96:49:CA
            X509v3 Authority Key Identifier:
                keyid:76:DE:AC:06:04:60:F6:F8:A5:BD:58:29:9C:53:AB:CA:F9:B1:D3:58

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9171172/81583ABE18BE11EBAC10DE46C4F9AE02/dt6sBgRg9vilvVgpnFOryvmx01g.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dt6sBgRg9vilvVgpnFOryvmx01g.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9171172/81583ABE18BE11EBAC10DE46C4F9AE02/0A94FC36198711EB80EAEF4CC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  165.69.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         b9:cd:c6:ef:2a:59:60:c7:5f:a5:ac:c1:ef:99:9b:85:93:b6:
         70:8d:ba:4d:2f:51:4d:46:da:b6:c4:72:9e:45:9e:b7:32:62:
         fc:1b:09:1a:f7:73:c9:69:33:91:fb:dc:3a:f3:d9:be:70:88:
         56:5b:58:e2:84:c3:d8:9b:a8:d6:21:a6:60:ee:8a:fe:11:8c:
         6f:6d:dc:ca:80:0c:bf:cd:8c:dc:f7:6f:e0:5f:81:ef:41:49:
         7d:ff:39:e3:22:af:94:2c:cd:2f:04:88:c2:f3:cb:e8:a6:ca:
         d7:91:09:0e:6f:b8:13:ac:1d:64:fa:6f:9e:e7:a9:f7:d9:84:
         4b:0e:79:0b:59:9d:c0:e5:13:66:82:1a:ca:70:8e:9a:f6:74:
         49:33:35:99:35:40:df:eb:82:b7:3f:f5:ec:f2:00:17:84:26:
         3d:ef:93:b2:9e:ba:cd:02:36:74:0c:d3:cd:bb:f8:3a:24:b9:
         be:65:e1:fd:75:a9:36:69:cf:d5:cf:92:95:54:78:04:5f:71:
         a5:02:5f:b0:3a:46:4a:c9:cb:76:66:a8:bd:c0:26:aa:e8:7c:
         2f:dd:c8:aa:5e:a8:9a:30:29:77:07:3b:d8:67:9a:b1:39:e5:
         28:9a:84:47:d8:2d:21:e1:6a:0d:75:9b:b5:dd:da:cc:13:da:
         4b:5b:0b:f0
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgICBncwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NzExNzIxMTAvBgNVBAUTKDc2REVBQzA2MDQ2MEY2RjhBNUJENTgyOTlDNTNBQkNB
RjlCMUQzNTgwHhcNMjQwMTEwMjMwMTMxWhcNMjUwMzAyMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTlmMjFjYi0zNTE3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA2ziJJVDrsz7Zfc1z6HfoW1LcwKZ9HaUO35br/rIKjNi/KZcsZgR+gzsAVUm/
xkPlJH/FpGaH5rkHNvD3afdsjk6PBL7rlxrSSW9DS8YOguEo/c4v+CSZRQB86O0Q
SaV7lRnbFOalLDm/zz4EVIjGickvgyHF9IVLo4KyNJtOT+2gS/ml3G91gN0IX3XG
m1LSs5+YJJQR1wMhdZh1hmMi3TKyoaO/iA7sHwtTXFxMNJjXxbauRliPRcR7OZzD
s/SrM3ouNHhN5Rz+sHHahRMj7gtattEmdrGEVngI2uBnggrUbZupi30LKS3WregP
odz0DRP490YnoGKP2mV5TLrozQIDAQABo4IClDCCApAwHQYDVR0OBBYEFDAHeWbA
i993jBkPwiQmL68nlknKMB8GA1UdIwQYMBaAFHberAYEYPb4pb1YKZxTq8r5sdNY
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3MTE3Mi84MTU4M0FCRTE4
QkUxMUVCQUMxMERFNDZDNEY5QUUwMi9kdDZzQmdSZzl2aWx2VmdwbkZPcnl2bXgw
MWcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL2R0NnNCZ1JnOXZpbHZWZ3BuRk9yeXZteDAxZy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NzExNzIvODE1ODNBQkUxOEJFMTFFQkFDMTBERTQ2QzRGOUFFMDIvMEE5NEZDMzYx
OTg3MTFFQjgwRUFFRjRDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHgYIKwYBBQUHAQcBAf8E
DzANMAsEAgABMAUDAwClRTANBgkqhkiG9w0BAQsFAAOCAQEAuc3G7ypZYMdfpazB
75mbhZO2cI26TS9RTUbatsRynkWetzJi/BsJGvdzyWkzkfvcOvPZvnCIVltY4oTD
2Juo1iGmYO6K/hGMb23cyoAMv82M3Pdv4F+B70FJff854yKvlCzNLwSIwvPL6KbK
15EJDm+4E6wdZPpvnuep99mESw55C1mdwOUTZoIaynCOmvZ0STM1mTVA3+uCtz/1
7PIAF4QmPe+Tsp66zQI2dAzTzbv4OiS5vmXh/XWpNmnP1c+SlVR4BF9xpQJfsDpG
SsnLdmaovcAmquh8L93Iql6omjApdwc72GeasTnlKJqER9gtIeFqDXWbtd3azBPa
S1sL8A==
-----END CERTIFICATE-----
Generated at Wed Nov 20 23:55:43 2024 by rpki-client on console-ams.rpki-client.org