Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9174306/2B5AEC70A2EE11EEA6354F5EC4F9AE02/511C5136A2F011EEBBE10D80C4F9AE02.roa
File:                     511C5136A2F011EEBBE10D80C4F9AE02.roa (raw, json)
Hash identifier:          6ft6dsVj7UbQ7Mjkn5/fW3MnMF0FwPcl1hK+5TV+RKw=
Subject key identifier:   C6:1E:8F:94:D6:3C:1E:A6:57:E2:7E:43:46:5B:6D:83:3F:A2:F1:D0
Certificate issuer:       /CN=A9174306/serialNumber=D0B47928BFDB9DB351E1D4256AD02B6728F95CF5
Certificate serial:       02
Authority key identifier: D0:B4:79:28:BF:DB:9D:B3:51:E1:D4:25:6A:D0:2B:67:28:F9:5C:F5
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/0LR5KL_bnbNR4dQlatArZyj5XPU.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9174306/2B5AEC70A2EE11EEA6354F5EC4F9AE02/511C5136A2F011EEBBE10D80C4F9AE02.roa
Signing time:             Mon 25 Dec 2023 06:39:13 +0000
ROA not before:           Mon 25 Dec 2023 06:39:13 +0000
ROA not after:            Fri 31 Jan 2025 00:00:00 +0000
asID:                     152092
IP address blocks:        43.250.180.0/23 maxlen: 23
                          43.250.180.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9174306/2B5AEC70A2EE11EEA6354F5EC4F9AE02/0LR5KL_bnbNR4dQlatArZyj5XPU.crl
                          rsync://rpki.apnic.net/member_repository/A9174306/2B5AEC70A2EE11EEA6354F5EC4F9AE02/0LR5KL_bnbNR4dQlatArZyj5XPU.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/0LR5KL_bnbNR4dQlatArZyj5XPU.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 22 Jun 2024 02:50:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9174306/serialNumber=D0B47928BFDB9DB351E1D4256AD02B6728F95CF5
        Validity
            Not Before: Dec 25 06:39:13 2023 GMT
            Not After : Jan 31 00:00:00 2025 GMT
        Subject: CN=65892391-e569
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:9d:d5:ed:a4:23:e2:f1:b3:18:1a:c0:80:c8:
                    11:b3:81:4c:70:d4:54:00:6f:13:37:b2:5d:84:70:
                    a0:b7:82:2b:99:3b:68:8d:1e:fc:03:3e:2b:bb:8e:
                    cf:73:63:b5:18:84:52:0d:06:ad:09:cf:f1:33:fe:
                    3a:33:53:d9:93:3f:d6:8e:84:19:d5:f0:33:d4:d6:
                    28:ba:e2:f7:86:11:68:62:99:b6:0d:58:3b:a4:f6:
                    a3:66:c5:96:4a:4d:76:14:00:31:60:a1:77:75:06:
                    cc:da:3f:32:ab:b4:a6:96:2e:34:69:d9:6e:93:40:
                    6b:f3:88:71:45:c2:7b:5d:1f:91:bb:0b:72:3f:04:
                    9d:6a:ad:75:d6:ac:d6:0d:68:65:15:d6:d7:48:50:
                    d8:38:1e:0d:c6:a6:9d:40:de:a8:3d:8b:f5:09:cb:
                    c3:11:7b:67:0e:dd:b2:41:bb:4c:7d:2b:ef:1f:60:
                    c3:f7:4f:b8:93:77:ef:14:18:db:a9:38:b2:c2:d8:
                    f8:80:90:c8:43:cb:a7:de:1a:8f:ce:e2:ec:ad:e4:
                    4f:2f:0c:14:63:36:a9:2a:45:08:99:32:e1:57:02:
                    ab:57:82:8d:9a:8f:58:16:fb:cd:8f:0c:3d:70:05:
                    c6:55:f0:2d:cb:c6:c3:2f:2d:e1:8f:87:65:4d:c8:
                    5f:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C6:1E:8F:94:D6:3C:1E:A6:57:E2:7E:43:46:5B:6D:83:3F:A2:F1:D0
            X509v3 Authority Key Identifier:
                keyid:D0:B4:79:28:BF:DB:9D:B3:51:E1:D4:25:6A:D0:2B:67:28:F9:5C:F5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9174306/2B5AEC70A2EE11EEA6354F5EC4F9AE02/0LR5KL_bnbNR4dQlatArZyj5XPU.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/0LR5KL_bnbNR4dQlatArZyj5XPU.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9174306/2B5AEC70A2EE11EEA6354F5EC4F9AE02/511C5136A2F011EEBBE10D80C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.250.180.0/23

    Signature Algorithm: sha256WithRSAEncryption
         16:14:c0:24:f9:db:d9:6d:d1:47:e5:33:19:8f:ec:2e:d7:07:
         0f:82:9d:b0:08:09:a5:28:cb:75:5d:af:a1:33:e1:9f:d6:4d:
         c7:d5:a5:5e:45:31:4b:de:63:ac:ce:8c:d4:28:0c:c8:eb:3e:
         28:5a:98:5e:f1:c3:4c:96:99:a0:26:97:02:be:75:b8:d4:3a:
         aa:41:43:b3:e6:64:75:2a:df:67:7f:3a:bc:eb:66:b1:aa:2b:
         fd:6d:5c:94:90:56:05:80:c8:5b:23:c3:06:ea:2f:07:ba:17:
         73:e9:19:bf:3d:88:d1:4d:25:a5:99:67:fa:0f:c3:e2:e1:7a:
         0e:cf:83:26:a4:6d:e5:19:5a:73:22:58:e2:1e:b6:66:c3:be:
         4f:a4:f0:2f:ac:ba:d1:21:07:ce:c2:ba:bf:fc:31:7d:fd:f8:
         f5:9b:8f:e3:63:4d:e2:fd:2b:95:33:66:93:04:f7:d4:24:d6:
         6f:fc:54:32:c8:ac:f9:34:b1:c2:6c:cd:f5:a1:61:d5:4e:cc:
         e6:49:e2:e3:a0:7c:21:ca:ca:d5:30:47:69:ee:89:e7:a1:5d:
         92:6f:15:7d:f8:3d:16:db:af:03:09:9d:ea:4f:ff:e4:fb:11:
         0d:05:87:00:6f:e6:40:56:67:06:b1:b8:1e:7f:10:71:f3:05:
         15:5a:95:d8
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgIBAjANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTE3
NDMwNjExMC8GA1UEBRMoRDBCNDc5MjhCRkRCOURCMzUxRTFENDI1NkFEMDJCNjcy
OEY5NUNGNTAeFw0yMzEyMjUwNjM5MTNaFw0yNTAxMzEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY1ODkyMzkxLWU1NjkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDnndXtpCPi8bMYGsCAyBGzgUxw1FQAbxM3sl2EcKC3giuZO2iNHvwDPiu7js9z
Y7UYhFINBq0Jz/Ez/jozU9mTP9aOhBnV8DPU1ii64veGEWhimbYNWDuk9qNmxZZK
TXYUADFgoXd1BszaPzKrtKaWLjRp2W6TQGvziHFFwntdH5G7C3I/BJ1qrXXWrNYN
aGUV1tdIUNg4Hg3Gpp1A3qg9i/UJy8MRe2cO3bJBu0x9K+8fYMP3T7iTd+8UGNup
OLLC2PiAkMhDy6feGo/O4uyt5E8vDBRjNqkqRQiZMuFXAqtXgo2aj1gW+82PDD1w
BcZV8C3LxsMvLeGPh2VNyF+tAgMBAAGjggKVMIICkTAdBgNVHQ4EFgQUxh6PlNY8
HqZX4n5DRlttgz+i8dAwHwYDVR0jBBgwFoAU0LR5KL/bnbNR4dQlatArZyj5XPUw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTc0MzA2LzJCNUFFQzcwQTJF
RTExRUVBNjM1NEY1RUM0RjlBRTAyLzBMUjVLTF9ibmJOUjRkUWxhdEFyWnlqNVhQ
VS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvMExSNUtMX2JuYk5SNGRRbGF0QXJaeWo1WFBVLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3
NDMwNi8yQjVBRUM3MEEyRUUxMUVFQTYzNTRGNUVDNEY5QUUwMi81MTFDNTEzNkEy
RjAxMUVFQkJFMTBEODBDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEASv6tDANBgkqhkiG9w0BAQsFAAOCAQEAFhTAJPnb2W3RR+Uz
GY/sLtcHD4KdsAgJpSjLdV2voTPhn9ZNx9WlXkUxS95jrM6M1CgMyOs+KFqYXvHD
TJaZoCaXAr51uNQ6qkFDs+ZkdSrfZ386vOtmsaor/W1clJBWBYDIWyPDBuovB7oX
c+kZvz2I0U0lpZln+g/D4uF6Ds+DJqRt5RlacyJY4h62ZsO+T6TwL6y60SEHzsK6
v/wxff349ZuP42NN4v0rlTNmkwT31CTWb/xUMsis+TSxwmzN9aFh1U7M5kni46B8
IcrK1TBHae6J56Fdkm8Vffg9FtuvAwmd6k//5PsRDQWHAG/mQFZnBrG4Hn8QcfMF
FVqV2A==
-----END CERTIFICATE-----
Generated at Sat Jun 15 10:27:20 2024 by rpki-client on console-ams.rpki-client.org