Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9174880/4E86450C1D6A11E2BB7014A808B02CD2/316EEFD4AAE511E68EBE4D52C4F9AE02.roa
File:                     316EEFD4AAE511E68EBE4D52C4F9AE02.roa (raw, json)
Hash identifier:          n8S4t4f2oxEeC4hHMiXxQldgRISCLl6Cw10IhOqQqmg=
Subject key identifier:   2A:49:4D:A9:97:DD:AB:87:FA:0A:EA:63:5F:21:38:38:CA:37:D4:41
Certificate issuer:       /CN=A9174880/serialNumber=EC2C6406CAA1F39EBCF4587531500D56B95362C0
Certificate serial:       33C5
Authority key identifier: EC:2C:64:06:CA:A1:F3:9E:BC:F4:58:75:31:50:0D:56:B9:53:62:C0
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/7CxkBsqh85689Fh1MVANVrlTYsA.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9174880/4E86450C1D6A11E2BB7014A808B02CD2/316EEFD4AAE511E68EBE4D52C4F9AE02.roa
Signing time:             Sat 20 Jan 2024 14:30:07 +0000
ROA not before:           Sat 20 Jan 2024 14:30:07 +0000
ROA not after:            Mon 31 Mar 2025 00:00:00 +0000
asID:                     132001
IP address blocks:        198.48.2.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9174880/4E86450C1D6A11E2BB7014A808B02CD2/7CxkBsqh85689Fh1MVANVrlTYsA.crl
                          rsync://rpki.apnic.net/member_repository/A9174880/4E86450C1D6A11E2BB7014A808B02CD2/7CxkBsqh85689Fh1MVANVrlTYsA.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/7CxkBsqh85689Fh1MVANVrlTYsA.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 01 Dec 2024 02:50:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 13253 (0x33c5)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9174880/serialNumber=EC2C6406CAA1F39EBCF4587531500D56B95362C0
        Validity
            Not Before: Jan 20 14:30:07 2024 GMT
            Not After : Mar 31 00:00:00 2025 GMT
        Subject: CN=65abd8ef-3aab
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:5c:cb:05:33:5f:3a:3b:3c:10:1a:99:00:73:
                    1e:b2:bd:e6:20:93:bf:08:2d:5f:67:18:c3:fe:60:
                    1d:95:ba:7c:5d:a4:a6:b5:35:99:e3:6b:4a:9d:a9:
                    fe:7f:af:2f:e7:1f:e5:02:db:13:d7:fd:fc:5d:ce:
                    94:9d:4f:a6:e0:2d:5b:ea:81:79:02:46:ea:fd:8d:
                    93:ae:72:19:3c:fd:c3:c0:11:53:26:b7:f5:d3:bd:
                    9a:01:55:dc:95:7c:28:29:4b:f2:66:d3:c6:c6:f9:
                    fd:9f:80:2c:76:56:c5:dc:aa:7d:f9:e4:a9:8d:6c:
                    2a:89:44:d2:d0:7e:96:6e:cc:ea:a4:8f:75:45:34:
                    5f:6b:cd:28:72:2d:ef:03:9e:c4:7f:c3:8d:e9:9c:
                    22:3a:d3:ae:a9:5f:f4:9e:65:a1:3c:2a:87:c5:1d:
                    49:17:36:04:77:a1:25:f1:2b:7f:e9:57:10:bf:ba:
                    b9:3b:71:76:91:54:94:21:a1:ad:23:1c:77:95:33:
                    c6:95:5c:49:6b:e4:e0:3f:c3:e5:4d:fd:d7:6c:6e:
                    8f:22:ca:5b:f2:6e:31:ee:07:92:01:99:9a:ce:de:
                    a7:9c:54:48:e2:0d:0a:97:ad:af:84:ba:b1:9d:8a:
                    ed:c7:60:8b:b7:23:83:9f:ff:be:e8:ff:a4:a9:d1:
                    1f:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2A:49:4D:A9:97:DD:AB:87:FA:0A:EA:63:5F:21:38:38:CA:37:D4:41
            X509v3 Authority Key Identifier:
                keyid:EC:2C:64:06:CA:A1:F3:9E:BC:F4:58:75:31:50:0D:56:B9:53:62:C0

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9174880/4E86450C1D6A11E2BB7014A808B02CD2/7CxkBsqh85689Fh1MVANVrlTYsA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/7CxkBsqh85689Fh1MVANVrlTYsA.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9174880/4E86450C1D6A11E2BB7014A808B02CD2/316EEFD4AAE511E68EBE4D52C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  198.48.2.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:b8:df:25:81:cb:25:0f:c4:d6:5a:6b:ff:ce:fc:eb:9e:3f:
         6c:3d:a7:70:7c:3e:93:fd:01:6a:ca:40:04:68:18:84:91:fa:
         45:94:b8:cc:b2:e3:3a:f4:e6:0c:8f:8d:87:70:88:35:49:2e:
         41:3f:2c:68:58:f9:2f:7a:31:25:f8:ab:ed:cb:25:3b:01:0b:
         bf:c8:9a:4a:3e:86:ec:b6:05:30:66:f3:38:d2:74:54:5a:98:
         86:8e:75:ae:aa:c6:2e:d6:6d:92:15:01:96:e1:94:af:a8:e2:
         b2:b3:c7:c3:3b:55:f3:7c:de:ba:d6:d8:fc:e8:23:da:40:c8:
         7e:c3:d9:cb:c0:aa:a4:58:10:24:9a:08:83:90:d9:04:c7:bc:
         9f:43:56:83:f7:62:8c:b6:c0:7f:26:a8:26:af:5c:29:8e:9b:
         a8:31:96:04:05:a8:ca:7d:2b:02:ff:30:4e:6a:5c:33:89:d3:
         b2:be:19:1e:33:6a:fe:ee:20:10:40:9c:3c:b2:3f:c9:26:43:
         4e:6e:86:a8:20:23:74:4d:d0:2b:5a:e9:39:e8:f3:90:35:61:
         d1:07:c9:ba:da:9e:69:74:e8:5b:50:6d:76:01:e4:fa:2d:b9:
         88:04:1b:0b:29:c4:43:25:19:75:36:ad:6d:89:7b:b4:62:55:
         22:c7:04:8f
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICM8UwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NzQ4ODAxMTAvBgNVBAUTKEVDMkM2NDA2Q0FBMUYzOUVCQ0Y0NTg3NTMxNTAwRDU2
Qjk1MzYyQzAwHhcNMjQwMTIwMTQzMDA3WhcNMjUwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWFiZDhlZi0zYWFiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA3FzLBTNfOjs8EBqZAHMesr3mIJO/CC1fZxjD/mAdlbp8XaSmtTWZ42tKnan+
f68v5x/lAtsT1/38Xc6UnU+m4C1b6oF5Akbq/Y2TrnIZPP3DwBFTJrf1072aAVXc
lXwoKUvyZtPGxvn9n4AsdlbF3Kp9+eSpjWwqiUTS0H6WbszqpI91RTRfa80oci3v
A57Ef8ON6ZwiOtOuqV/0nmWhPCqHxR1JFzYEd6El8St/6VcQv7q5O3F2kVSUIaGt
Ixx3lTPGlVxJa+TgP8PlTf3XbG6PIspb8m4x7geSAZmazt6nnFRI4g0Kl62vhLqx
nYrtx2CLtyODn/++6P+kqdEfqwIDAQABo4IClTCCApEwHQYDVR0OBBYEFCpJTamX
3auH+grqY18hODjKN9RBMB8GA1UdIwQYMBaAFOwsZAbKofOevPRYdTFQDVa5U2LA
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3NDg4MC80RTg2NDUwQzFE
NkExMUUyQkI3MDE0QTgwOEIwMkNEMi83Q3hrQnNxaDg1Njg5RmgxTVZBTlZybFRZ
c0EuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyLzdDeGtCc3FoODU2ODlGaDFNVkFOVnJsVFlzQS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NzQ4ODAvNEU4NjQ1MEMxRDZBMTFFMkJCNzAxNEE4MDhCMDJDRDIvMzE2RUVGRDRB
QUU1MTFFNjhFQkU0RDUyQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADGMAIwDQYJKoZIhvcNAQELBQADggEBAK643yWByyUPxNZa
a//O/OueP2w9p3B8PpP9AWrKQARoGISR+kWUuMyy4zr05gyPjYdwiDVJLkE/LGhY
+S96MSX4q+3LJTsBC7/Imko+huy2BTBm8zjSdFRamIaOda6qxi7WbZIVAZbhlK+o
4rKzx8M7VfN83rrW2PzoI9pAyH7D2cvAqqRYECSaCIOQ2QTHvJ9DVoP3Yoy2wH8m
qCavXCmOm6gxlgQFqMp9KwL/ME5qXDOJ07K+GR4zav7uIBBAnDyyP8kmQ05uhqgg
I3RN0Cta6Tno85A1YdEHybranml06FtQbXYB5PotuYgEGwspxEMlGXU2rW2Je7Ri
VSLHBI8=
-----END CERTIFICATE-----
Generated at Sun Nov 24 15:31:17 2024 by rpki-client on console-ams.rpki-client.org