Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9171D16/656D17A8AE9C11EE911AFB63C4F9AE02/81B9E0A6AF8911EEB9587446C4F9AE02.roa
File:                     81B9E0A6AF8911EEB9587446C4F9AE02.roa (raw, json)
Hash identifier:          JHxaipZ1wIvGYG+Zt3XlJ2Zy3zT8C9h1/hC61qxRDrA=
Subject key identifier:   26:0C:0C:F5:2C:AF:F9:A3:AB:39:7B:16:BF:BF:71:E2:10:0B:D5:F5
Certificate issuer:       /CN=A9171D16/serialNumber=708F1E07133855C8074EED5F8C83B4466A607AC2
Certificate serial:       03
Authority key identifier: 70:8F:1E:07:13:38:55:C8:07:4E:ED:5F:8C:83:B4:46:6A:60:7A:C2
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/cI8eBxM4VcgHTu1fjIO0RmpgesI.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9171D16/656D17A8AE9C11EE911AFB63C4F9AE02/81B9E0A6AF8911EEB9587446C4F9AE02.roa
Signing time:             Wed 10 Jan 2024 07:26:02 +0000
ROA not before:           Wed 10 Jan 2024 07:26:02 +0000
ROA not after:            Mon 31 Mar 2025 00:00:00 +0000
asID:                     9484
IP address blocks:        157.10.38.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9171D16/656D17A8AE9C11EE911AFB63C4F9AE02/cI8eBxM4VcgHTu1fjIO0RmpgesI.crl
                          rsync://rpki.apnic.net/member_repository/A9171D16/656D17A8AE9C11EE911AFB63C4F9AE02/cI8eBxM4VcgHTu1fjIO0RmpgesI.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/cI8eBxM4VcgHTu1fjIO0RmpgesI.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 22 Jun 2024 02:50:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3 (0x3)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9171D16/serialNumber=708F1E07133855C8074EED5F8C83B4466A607AC2
        Validity
            Not Before: Jan 10 07:26:02 2024 GMT
            Not After : Mar 31 00:00:00 2025 GMT
        Subject: CN=659e4689-a0ab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:36:74:cf:ba:a6:1d:04:8b:e0:d5:2a:5c:d9:
                    c4:aa:10:2e:4e:58:c8:4c:68:89:28:72:a5:4c:08:
                    3f:b2:e8:e7:1f:bc:28:8d:6a:b4:a7:c1:90:8d:f6:
                    da:40:2c:99:6a:07:b3:aa:93:40:29:31:a9:c4:bf:
                    2a:98:29:79:3e:88:12:c8:2c:05:af:f5:2a:8b:2b:
                    10:1c:80:87:44:9c:f0:ba:96:af:63:7a:79:16:67:
                    4e:ba:3f:b1:f9:eb:4f:d6:63:89:d8:bb:40:a4:f8:
                    e3:76:66:ef:e2:97:cf:7e:d0:68:71:f6:23:8c:2a:
                    e6:03:7c:c7:ba:43:4d:41:d6:5e:39:96:a9:52:86:
                    82:08:92:a1:21:ef:0b:ff:50:09:5f:97:79:70:2b:
                    09:21:b8:05:9c:0a:f9:a8:80:b3:0c:96:f8:90:2d:
                    b3:a6:51:cc:57:ea:75:fb:14:9a:0c:f2:85:71:b7:
                    77:11:62:0a:aa:f7:f4:c8:5b:db:3f:b4:31:f6:dc:
                    e4:e7:51:5f:9d:6f:50:40:96:37:ca:e9:56:92:7e:
                    de:17:a9:06:20:e6:f3:84:2d:17:62:5a:3f:e1:8f:
                    18:a1:12:dd:63:e8:2f:6c:27:8f:b7:cd:53:f0:a6:
                    b6:05:94:99:0d:8e:ff:f4:b3:81:84:75:8b:3c:6b:
                    a9:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                26:0C:0C:F5:2C:AF:F9:A3:AB:39:7B:16:BF:BF:71:E2:10:0B:D5:F5
            X509v3 Authority Key Identifier:
                keyid:70:8F:1E:07:13:38:55:C8:07:4E:ED:5F:8C:83:B4:46:6A:60:7A:C2

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9171D16/656D17A8AE9C11EE911AFB63C4F9AE02/cI8eBxM4VcgHTu1fjIO0RmpgesI.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/cI8eBxM4VcgHTu1fjIO0RmpgesI.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9171D16/656D17A8AE9C11EE911AFB63C4F9AE02/81B9E0A6AF8911EEB9587446C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.10.38.0/23

    Signature Algorithm: sha256WithRSAEncryption
         c7:25:2f:d8:29:25:70:16:a0:e1:78:42:50:ac:f5:d6:49:52:
         9d:cb:90:a8:e2:e1:b0:c0:16:9e:ac:bf:79:2e:62:36:8d:f5:
         8d:55:a5:e5:28:a5:47:69:f9:43:b6:0a:b2:c8:a9:7d:1c:77:
         87:5c:2d:eb:9c:e9:b4:9c:33:1e:6e:fc:fa:2d:45:84:17:61:
         46:37:79:49:c4:c7:60:c3:04:1c:43:22:e5:1c:e4:bf:73:f1:
         fb:2e:56:d7:5a:b3:a2:7e:d1:72:6b:84:80:ce:a0:74:70:a3:
         13:a6:b2:4e:3e:f1:95:c0:cd:7b:fa:ee:52:5d:7f:ec:0f:b2:
         4e:be:f5:1b:e6:55:08:f7:8b:43:87:81:72:29:c1:d3:64:39:
         c2:14:ec:27:9c:34:78:d6:21:d0:8a:ed:c5:84:34:ee:68:a5:
         55:93:4a:e7:fb:ea:86:4e:c4:75:20:85:43:27:ca:9e:fb:24:
         1f:da:3a:1e:42:b4:b2:55:c9:f1:5e:f2:28:24:5e:ed:e9:60:
         f4:df:c1:5f:7d:ba:3f:7d:73:96:d0:3d:b6:8f:81:8a:3e:97:
         b6:c7:54:cb:87:d9:f1:51:c6:b2:b9:ca:6f:27:e7:8b:da:5c:
         b7:f1:9a:50:ca:8c:e9:7f:bb:62:75:7f:0b:4f:93:f9:67:0c:
         85:71:4a:91
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgIBAzANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTE3
MUQxNjExMC8GA1UEBRMoNzA4RjFFMDcxMzM4NTVDODA3NEVFRDVGOEM4M0I0NDY2
QTYwN0FDMjAeFw0yNDAxMTAwNzI2MDJaFw0yNTAzMzEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY1OWU0Njg5LWEwYWIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDBNnTPuqYdBIvg1Spc2cSqEC5OWMhMaIkocqVMCD+y6OcfvCiNarSnwZCN9tpA
LJlqB7Oqk0ApManEvyqYKXk+iBLILAWv9SqLKxAcgIdEnPC6lq9jenkWZ066P7H5
60/WY4nYu0Ck+ON2Zu/il89+0Ghx9iOMKuYDfMe6Q01B1l45lqlShoIIkqEh7wv/
UAlfl3lwKwkhuAWcCvmogLMMlviQLbOmUcxX6nX7FJoM8oVxt3cRYgqq9/TIW9s/
tDH23OTnUV+db1BAljfK6VaSft4XqQYg5vOELRdiWj/hjxihEt1j6C9sJ4+3zVPw
prYFlJkNjv/0s4GEdYs8a6mrAgMBAAGjggKVMIICkTAdBgNVHQ4EFgQUJgwM9Syv
+aOrOXsWv79x4hAL1fUwHwYDVR0jBBgwFoAUcI8eBxM4VcgHTu1fjIO0RmpgesIw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTcxRDE2LzY1NkQxN0E4QUU5
QzExRUU5MTFBRkI2M0M0RjlBRTAyL2NJOGVCeE00VmNnSFR1MWZqSU8wUm1wZ2Vz
SS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRGMjAxRDY2MTFFMjhBQzg4MzdDNzJG
RDFGRjIvY0k4ZUJ4TTRWY2dIVHUxZmpJTzBSbXBnZXNJLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3
MUQxNi82NTZEMTdBOEFFOUMxMUVFOTExQUZCNjNDNEY5QUUwMi84MUI5RTBBNkFG
ODkxMUVFQjk1ODc0NDZDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEAZ0KJjANBgkqhkiG9w0BAQsFAAOCAQEAxyUv2CklcBag4XhC
UKz11klSncuQqOLhsMAWnqy/eS5iNo31jVWl5SilR2n5Q7YKssipfRx3h1wt65zp
tJwzHm78+i1FhBdhRjd5ScTHYMMEHEMi5Rzkv3Px+y5W11qzon7RcmuEgM6gdHCj
E6ayTj7xlcDNe/ruUl1/7A+yTr71G+ZVCPeLQ4eBcinB02Q5whTsJ5w0eNYh0Irt
xYQ07milVZNK5/vqhk7EdSCFQyfKnvskH9o6HkK0slXJ8V7yKCRe7elg9N/BX326
P31zltA9to+Bij6XtsdUy4fZ8VHGsrnKbyfni9pct/GaUMqM6X+7YnV/C0+T+WcM
hXFKkQ==
-----END CERTIFICATE-----
Generated at Sat Jun 15 10:17:32 2024 by rpki-client on console-fra.rpki-client.org