Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9186E8A/3148DC9E2DFF11EB868A9135C4F9AE02/B95187FC2FB811EBBF9A864BC4F9AE02.roa
File:                     B95187FC2FB811EBBF9A864BC4F9AE02.roa (raw, json)
Hash identifier:          AEB/eGLuEDH1wobZvsfPYBDVLzlyWrnm9nyt9smLsXg=
Subject key identifier:   CE:02:ED:32:18:95:FB:7B:38:15:0B:3C:7D:4C:19:38:F5:DC:2C:47
Certificate issuer:       /CN=A9186E8A/serialNumber=BDD5E9A76F1AC4C8E51797ECE99E3DCEECEE7493
Certificate serial:       05E6
Authority key identifier: BD:D5:E9:A7:6F:1A:C4:C8:E5:17:97:EC:E9:9E:3D:CE:EC:EE:74:93
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/vdXpp28axMjlF5fs6Z49zuzudJM.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9186E8A/3148DC9E2DFF11EB868A9135C4F9AE02/B95187FC2FB811EBBF9A864BC4F9AE02.roa
Signing time:             Wed 01 Mar 2023 00:50:32 +0000
ROA not before:           Wed 01 Mar 2023 00:50:32 +0000
ROA not after:            Wed 29 May 2024 00:00:00 +0000
asID:                     21859
IP address blocks:        152.32.230.0/24 maxlen: 24
                          152.32.232.0/24 maxlen: 24
                          165.154.125.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9186E8A/3148DC9E2DFF11EB868A9135C4F9AE02/vdXpp28axMjlF5fs6Z49zuzudJM.crl
                          rsync://rpki.apnic.net/member_repository/A9186E8A/3148DC9E2DFF11EB868A9135C4F9AE02/vdXpp28axMjlF5fs6Z49zuzudJM.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/vdXpp28axMjlF5fs6Z49zuzudJM.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 02 Apr 2024 22:58:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1510 (0x5e6)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9186E8A/serialNumber=BDD5E9A76F1AC4C8E51797ECE99E3DCEECEE7493
        Validity
            Not Before: Mar  1 00:50:32 2023 GMT
            Not After : May 29 00:00:00 2024 GMT
        Subject: CN=63fea158-24bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:b3:f8:11:8e:f1:4e:b1:dc:c6:45:ef:f3:b2:
                    26:a3:01:db:e1:b1:85:bc:6e:9c:c6:57:32:94:cb:
                    af:b9:f7:53:bb:69:31:41:18:66:ad:8b:51:e7:c3:
                    96:a8:f7:73:7a:e3:3e:66:64:4b:40:00:06:a8:4f:
                    95:28:7f:3f:5a:d5:5e:a4:08:da:d6:a0:63:27:60:
                    8a:6c:3b:c8:d4:73:02:62:c8:40:d1:ca:e6:ff:ff:
                    f3:20:62:e4:e6:24:68:87:ba:ca:e3:70:41:9e:6b:
                    cb:9c:34:98:b6:73:f2:50:a8:81:f8:06:5a:d4:93:
                    c5:13:69:1e:00:b8:bd:58:32:96:81:d9:a4:44:b1:
                    5e:bd:f0:db:e9:64:c3:ab:28:94:dc:46:36:dc:c8:
                    ef:bd:8a:30:5e:e6:25:0a:18:8f:c0:f8:8a:9e:56:
                    01:78:cc:32:37:5f:26:b4:6d:79:41:42:70:f3:6d:
                    98:62:77:f1:3e:9e:c7:31:ac:b0:4f:19:e2:c9:62:
                    5b:12:49:75:3e:30:1e:3d:01:51:50:ca:8d:98:f7:
                    c7:62:8d:b7:ce:f4:b8:03:60:71:02:f5:c4:2e:58:
                    3e:25:82:ae:a7:49:70:94:8f:13:ea:1c:c0:e2:e6:
                    20:17:c7:08:e2:a0:c8:9e:b7:07:a0:51:8f:12:93:
                    39:21
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:02:ED:32:18:95:FB:7B:38:15:0B:3C:7D:4C:19:38:F5:DC:2C:47
            X509v3 Authority Key Identifier:
                keyid:BD:D5:E9:A7:6F:1A:C4:C8:E5:17:97:EC:E9:9E:3D:CE:EC:EE:74:93

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9186E8A/3148DC9E2DFF11EB868A9135C4F9AE02/vdXpp28axMjlF5fs6Z49zuzudJM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/vdXpp28axMjlF5fs6Z49zuzudJM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9186E8A/3148DC9E2DFF11EB868A9135C4F9AE02/B95187FC2FB811EBBF9A864BC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  152.32.230.0/24
                  152.32.232.0/24
                  165.154.125.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7c:30:ba:c6:b2:ee:6f:17:57:5f:e6:f8:15:d2:f7:fd:3d:88:
         e2:df:aa:18:78:0d:06:69:9a:b9:e2:c5:28:e0:7e:6a:6d:79:
         98:08:f6:5d:15:b4:f0:bb:82:35:c4:88:f8:85:8c:75:d5:d0:
         da:0e:6f:e4:b9:06:45:d7:17:4b:01:fa:d7:95:aa:0e:27:11:
         d4:0f:24:36:8d:79:1e:83:c2:9e:ef:f1:71:5b:1b:38:19:7b:
         c3:6f:d9:d1:0a:72:4c:1b:de:d1:6b:bf:9f:98:01:d6:43:57:
         ea:d5:9f:48:e6:d3:ac:f7:39:60:d7:38:4d:9a:c1:78:37:a2:
         30:d1:2c:31:b7:4b:89:c9:ac:be:f5:a9:82:0d:9b:21:86:4b:
         dd:00:d8:78:23:a3:47:20:b1:db:f5:e1:a3:56:c2:bf:2d:13:
         38:b8:b8:1e:e1:ce:61:72:95:6c:41:43:ae:52:bd:c3:01:97:
         30:d0:ab:a7:e0:38:8d:86:9c:26:cc:22:5e:23:3a:5c:4f:ac:
         54:0a:78:87:cd:41:9e:b8:73:2e:5c:49:2e:fd:a3:b7:d9:09:
         7b:d7:50:75:08:3d:d0:16:11:0d:0e:ed:ce:95:15:10:be:2b:
         8b:09:32:c7:bc:3e:87:92:b1:ed:68:42:d8:3e:d3:44:2e:03:
         a7:60:9d:26
-----BEGIN CERTIFICATE-----
MIIFfTCCBGWgAwIBAgICBeYwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
ODZFOEExMTAvBgNVBAUTKEJERDVFOUE3NkYxQUM0QzhFNTE3OTdFQ0U5OUUzRENF
RUNFRTc0OTMwHhcNMjMwMzAxMDA1MDMyWhcNMjQwNTI5MDAwMDAwWjAYMRYwFAYD
VQQDEw02M2ZlYTE1OC0yNGJmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAz7P4EY7xTrHcxkXv87ImowHb4bGFvG6cxlcylMuvufdTu2kxQRhmrYtR58OW
qPdzeuM+ZmRLQAAGqE+VKH8/WtVepAja1qBjJ2CKbDvI1HMCYshA0crm///zIGLk
5iRoh7rK43BBnmvLnDSYtnPyUKiB+AZa1JPFE2keALi9WDKWgdmkRLFevfDb6WTD
qyiU3EY23MjvvYowXuYlChiPwPiKnlYBeMwyN18mtG15QUJw822YYnfxPp7HMayw
TxniyWJbEkl1PjAePQFRUMqNmPfHYo23zvS4A2BxAvXELlg+JYKup0lwlI8T6hzA
4uYgF8cI4qDInrcHoFGPEpM5IQIDAQABo4ICoTCCAp0wHQYDVR0OBBYEFM4C7TIY
lft7OBULPH1MGTj13CxHMB8GA1UdIwQYMBaAFL3V6advGsTI5ReX7OmePc7s7nST
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4NkU4QS8zMTQ4REM5RTJE
RkYxMUVCODY4QTkxMzVDNEY5QUUwMi92ZFhwcDI4YXhNamxGNWZzNlo0OXp1enVk
Sk0uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL3ZkWHBwMjhheE1qbEY1ZnM2WjQ5enV6dWRKTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
ODZFOEEvMzE0OERDOUUyREZGMTFFQjg2OEE5MTM1QzRGOUFFMDIvQjk1MTg3RkMy
RkI4MTFFQkJGOUE4NjRCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwKwYIKwYBBQUHAQcBAf8E
HDAaMBgEAgABMBIDBACYIOYDBACYIOgDBAClmn0wDQYJKoZIhvcNAQELBQADggEB
AHwwusay7m8XV1/m+BXS9/09iOLfqhh4DQZpmrnixSjgfmpteZgI9l0VtPC7gjXE
iPiFjHXV0NoOb+S5BkXXF0sB+teVqg4nEdQPJDaNeR6Dwp7v8XFbGzgZe8Nv2dEK
ckwb3tFrv5+YAdZDV+rVn0jm06z3OWDXOE2awXg3ojDRLDG3S4nJrL71qYINmyGG
S90A2Hgjo0cgsdv14aNWwr8tEzi4uB7hzmFylWxBQ65SvcMBlzDQq6fgOI2GnCbM
Il4jOlxPrFQKeIfNQZ64cy5cSS79o7fZCXvXUHUIPdAWEQ0O7c6VFRC+K4sJMse8
PoeSse1oQtg+00QuA6dgnSY=
-----END CERTIFICATE-----
Generated at Tue Mar 26 23:50:15 2024 by rpki-client on console-fra.rpki-client.org