Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A917E0A8/A059AF8A640D11EAB6395571C4F9AE02/495324CA39CB11EBB2F08020C4F9AE02.roa
File:                     495324CA39CB11EBB2F08020C4F9AE02.roa (raw, json)
Hash identifier:          RDvttRWIGJq3eSPKiTVToXTvZoTBk6GF8VjRnlKQfLk=
Subject key identifier:   D3:82:0D:5E:1E:D6:37:BF:AE:E9:78:99:4A:FE:3D:04:03:04:47:F3
Certificate issuer:       /CN=A917E0A8/serialNumber=7ACE6DA35FB6A4A9F6F9970C18BCAF5B2748119F
Certificate serial:       0904
Authority key identifier: 7A:CE:6D:A3:5F:B6:A4:A9:F6:F9:97:0C:18:BC:AF:5B:27:48:11:9F
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/es5to1-2pKn2-ZcMGLyvWydIEZ8.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A917E0A8/A059AF8A640D11EAB6395571C4F9AE02/495324CA39CB11EBB2F08020C4F9AE02.roa
Signing time:             Mon 24 Apr 2023 21:58:20 +0000
ROA not before:           Mon 24 Apr 2023 21:58:20 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     55720
IP address blocks:        203.25.119.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A917E0A8/A059AF8A640D11EAB6395571C4F9AE02/es5to1-2pKn2-ZcMGLyvWydIEZ8.crl
                          rsync://rpki.apnic.net/member_repository/A917E0A8/A059AF8A640D11EAB6395571C4F9AE02/es5to1-2pKn2-ZcMGLyvWydIEZ8.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/es5to1-2pKn2-ZcMGLyvWydIEZ8.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 04 Apr 2024 20:52:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2308 (0x904)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A917E0A8/serialNumber=7ACE6DA35FB6A4A9F6F9970C18BCAF5B2748119F
        Validity
            Not Before: Apr 24 21:58:20 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=6446fb7c-e672
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:68:fb:8a:ca:bb:41:42:bc:5c:70:da:3d:1d:
                    a2:4a:bc:da:26:eb:f0:8a:df:7c:fa:70:a3:0c:88:
                    15:89:2b:4a:60:d7:f7:27:a7:48:85:e5:6f:c2:8e:
                    97:ad:cd:7a:69:5d:c3:65:75:28:e2:9a:70:57:ce:
                    17:1d:81:aa:8e:8d:02:2b:37:e5:85:1e:1b:97:6d:
                    a2:c1:a8:f9:a7:16:c1:46:f7:f9:0c:7a:73:b2:54:
                    96:d6:b6:30:0d:a0:7d:42:a9:5f:45:11:0f:93:9d:
                    83:09:5f:82:e6:94:b8:77:92:d6:42:81:e1:fd:d6:
                    a9:56:67:44:65:dd:94:40:9a:0d:b4:76:0a:e2:a5:
                    fe:a4:9e:28:21:a8:66:8b:fc:ff:c5:a9:6a:5e:00:
                    9f:41:90:1f:5f:3f:e3:44:12:34:20:e2:1e:72:67:
                    8f:f0:1e:27:6e:96:47:dc:cf:9e:cf:9e:f7:6b:e9:
                    a2:b1:c6:e2:27:72:2b:0e:a8:49:33:ad:db:a5:86:
                    7f:a4:fc:54:96:87:77:60:3b:23:ce:67:9c:1c:4f:
                    ea:1e:9a:cb:23:42:81:26:d5:14:de:a6:66:75:de:
                    94:11:50:0a:a9:fc:3d:6d:f4:f1:96:0b:67:7c:46:
                    9f:c3:61:16:6e:60:ca:07:4b:33:18:b6:4f:e0:9d:
                    84:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:82:0D:5E:1E:D6:37:BF:AE:E9:78:99:4A:FE:3D:04:03:04:47:F3
            X509v3 Authority Key Identifier:
                keyid:7A:CE:6D:A3:5F:B6:A4:A9:F6:F9:97:0C:18:BC:AF:5B:27:48:11:9F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A917E0A8/A059AF8A640D11EAB6395571C4F9AE02/es5to1-2pKn2-ZcMGLyvWydIEZ8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/es5to1-2pKn2-ZcMGLyvWydIEZ8.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A917E0A8/A059AF8A640D11EAB6395571C4F9AE02/495324CA39CB11EBB2F08020C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.25.119.0/24

    Signature Algorithm: sha256WithRSAEncryption
         13:0e:18:b9:86:ee:e4:a1:88:bd:01:40:a3:0d:92:bf:b7:cf:
         27:4a:3e:14:c5:d7:04:31:57:af:ff:67:b1:b3:f1:c7:c2:f2:
         81:d4:78:d5:53:f4:20:09:51:92:42:66:8a:bc:70:5e:45:42:
         1b:02:05:be:93:68:ba:d1:7a:82:7d:db:7a:eb:d0:1e:bc:ca:
         5c:56:68:98:45:8f:1d:bb:b6:4a:69:d7:2e:cd:73:40:da:01:
         65:19:c8:88:86:72:dd:0a:d5:db:7a:8f:c0:8f:3c:c2:da:35:
         35:68:33:5c:57:29:b7:88:46:e5:a2:7b:7e:25:84:70:0b:68:
         b4:9d:d8:08:82:30:8d:22:43:0f:87:1c:df:ad:71:14:97:3a:
         3a:83:1a:d2:a3:ad:3b:78:ce:97:ef:07:27:4e:00:54:b2:40:
         e4:78:84:20:00:7e:79:be:aa:d5:5a:9c:b8:0b:37:ba:e9:a6:
         9e:32:4a:25:ab:37:7b:47:32:d7:92:ae:8b:39:aa:75:07:e5:
         d6:30:3c:db:f2:a0:86:f1:1e:2c:6a:1e:34:ea:ad:aa:92:fa:
         99:51:92:93:f4:50:45:39:8c:5b:1f:87:7c:7f:f2:9c:11:ae:
         1f:65:75:ce:d2:84:8f:39:0d:b7:67:55:be:cf:a0:1c:6e:2f:
         06:f4:77:ba
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICCQQwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
N0UwQTgxMTAvBgNVBAUTKDdBQ0U2REEzNUZCNkE0QTlGNkY5OTcwQzE4QkNBRjVC
Mjc0ODExOUYwHhcNMjMwNDI0MjE1ODIwWhcNMjQwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDQ2ZmI3Yy1lNjcyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAzmj7isq7QUK8XHDaPR2iSrzaJuvwit98+nCjDIgViStKYNf3J6dIheVvwo6X
rc16aV3DZXUo4ppwV84XHYGqjo0CKzflhR4bl22iwaj5pxbBRvf5DHpzslSW1rYw
DaB9QqlfRREPk52DCV+C5pS4d5LWQoHh/dapVmdEZd2UQJoNtHYK4qX+pJ4oIahm
i/z/xalqXgCfQZAfXz/jRBI0IOIecmeP8B4nbpZH3M+ez573a+miscbiJ3IrDqhJ
M63bpYZ/pPxUlod3YDsjzmecHE/qHprLI0KBJtUU3qZmdd6UEVAKqfw9bfTxlgtn
fEafw2EWbmDKB0szGLZP4J2E/QIDAQABo4IClTCCApEwHQYDVR0OBBYEFNOCDV4e
1je/rul4mUr+PQQDBEfzMB8GA1UdIwQYMBaAFHrObaNftqSp9vmXDBi8r1snSBGf
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3RTBBOC9BMDU5QUY4QTY0
MEQxMUVBQjYzOTU1NzFDNEY5QUUwMi9lczV0bzEtMnBLbjItWmNNR0x5dld5ZElF
WjguY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2VzNXRvMS0ycEtuMi1aY01HTHl2V3lkSUVaOC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
N0UwQTgvQTA1OUFGOEE2NDBEMTFFQUI2Mzk1NTcxQzRGOUFFMDIvNDk1MzI0Q0Ez
OUNCMTFFQkIyRjA4MDIwQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADLGXcwDQYJKoZIhvcNAQELBQADggEBABMOGLmG7uShiL0B
QKMNkr+3zydKPhTF1wQxV6//Z7Gz8cfC8oHUeNVT9CAJUZJCZoq8cF5FQhsCBb6T
aLrReoJ923rr0B68ylxWaJhFjx27tkpp1y7Nc0DaAWUZyIiGct0K1dt6j8CPPMLa
NTVoM1xXKbeIRuWie34lhHALaLSd2AiCMI0iQw+HHN+tcRSXOjqDGtKjrTt4zpfv
BydOAFSyQOR4hCAAfnm+qtVanLgLN7rppp4ySiWrN3tHMteSros5qnUH5dYwPNvy
oIbxHixqHjTqraqS+plRkpP0UEU5jFsfh3x/8pwRrh9ldc7ShI85DbdnVb7PoBxu
Lwb0d7o=
-----END CERTIFICATE-----
Generated at Thu Mar 28 22:24:06 2024 by rpki-client on console-fra.rpki-client.org