Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9186E8A/3B476E7C2DFF11EB868A9135C4F9AE02/66C1BA862FBB11EB9B861059C4F9AE02.roa
File:                     66C1BA862FBB11EB9B861059C4F9AE02.roa (raw, json)
Hash identifier:          oXS/JRd6zl0LmoQfiL+g1baxJiCVW64dXkNETB2cZAY=
Subject key identifier:   8B:FC:10:6F:DA:58:C8:88:A7:91:D1:02:86:28:00:07:E8:60:6B:1C
Certificate issuer:       /CN=A9186E8A/serialNumber=A9BCCA6D34D3D5F1EFF8BBE783D49773813E5EF8
Certificate serial:       05EB
Authority key identifier: A9:BC:CA:6D:34:D3:D5:F1:EF:F8:BB:E7:83:D4:97:73:81:3E:5E:F8
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/qbzKbTTT1fHv-Lvng9SXc4E-Xvg.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9186E8A/3B476E7C2DFF11EB868A9135C4F9AE02/66C1BA862FBB11EB9B861059C4F9AE02.roa
Signing time:             Wed 01 Mar 2023 00:50:33 +0000
ROA not before:           Wed 01 Mar 2023 00:50:33 +0000
ROA not after:            Wed 29 May 2024 00:00:00 +0000
asID:                     135026
IP address blocks:        118.193.79.0/24 maxlen: 24
                          123.58.202.0/24 maxlen: 24
                          123.58.222.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9186E8A/3B476E7C2DFF11EB868A9135C4F9AE02/qbzKbTTT1fHv-Lvng9SXc4E-Xvg.crl
                          rsync://rpki.apnic.net/member_repository/A9186E8A/3B476E7C2DFF11EB868A9135C4F9AE02/qbzKbTTT1fHv-Lvng9SXc4E-Xvg.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/qbzKbTTT1fHv-Lvng9SXc4E-Xvg.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 02 Apr 2024 23:18:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1515 (0x5eb)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9186E8A/serialNumber=A9BCCA6D34D3D5F1EFF8BBE783D49773813E5EF8
        Validity
            Not Before: Mar  1 00:50:33 2023 GMT
            Not After : May 29 00:00:00 2024 GMT
        Subject: CN=63fea159-0108
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:81:b2:c9:bf:95:c2:86:e7:76:b5:e7:8b:8b:
                    47:ff:ed:88:9f:7f:da:14:74:95:36:e1:26:9a:3a:
                    85:bb:13:e7:7f:57:5d:61:2b:c5:c8:3a:34:88:cd:
                    8d:4d:9d:b7:ff:22:54:b0:3b:a7:84:13:63:3a:9e:
                    63:54:b3:ef:d1:ac:a2:13:ed:c1:a9:4b:1d:95:fe:
                    4c:3a:94:a4:b2:94:2f:e2:af:64:c4:b6:c6:e0:8b:
                    31:ea:d0:14:21:27:1d:b0:4c:f4:8b:d2:94:df:f1:
                    0b:5a:43:ec:bd:99:f5:0b:09:66:74:ff:10:55:89:
                    d7:6f:fa:7b:ff:05:59:38:81:83:be:76:f9:6d:e1:
                    56:1e:b8:e4:34:41:e1:be:d2:66:c4:5b:e2:b0:37:
                    c7:a5:b1:db:63:d4:22:ad:6f:c4:64:40:4c:e0:5a:
                    13:a8:94:b0:24:55:cf:fa:03:c5:b5:05:64:33:2a:
                    8b:ea:d2:d8:dd:3d:5d:28:98:57:c0:24:12:f1:ca:
                    5c:c4:41:48:93:3c:f2:fc:26:61:89:eb:d7:f6:6a:
                    69:69:00:6a:4c:f6:f1:80:27:20:01:88:6d:2c:b3:
                    97:a3:b7:65:74:c5:44:19:4c:60:45:c4:11:20:0f:
                    44:b9:c3:be:95:da:b3:a3:79:d6:22:ad:14:bf:d7:
                    34:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:FC:10:6F:DA:58:C8:88:A7:91:D1:02:86:28:00:07:E8:60:6B:1C
            X509v3 Authority Key Identifier:
                keyid:A9:BC:CA:6D:34:D3:D5:F1:EF:F8:BB:E7:83:D4:97:73:81:3E:5E:F8

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9186E8A/3B476E7C2DFF11EB868A9135C4F9AE02/qbzKbTTT1fHv-Lvng9SXc4E-Xvg.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/qbzKbTTT1fHv-Lvng9SXc4E-Xvg.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9186E8A/3B476E7C2DFF11EB868A9135C4F9AE02/66C1BA862FBB11EB9B861059C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  118.193.79.0/24
                  123.58.202.0/24
                  123.58.222.0/24

    Signature Algorithm: sha256WithRSAEncryption
         87:06:cd:44:8e:d3:b7:49:fe:4f:cc:24:d7:c6:8b:b2:b2:c4:
         4b:70:00:9f:c1:b4:f4:f4:f0:fe:00:4d:62:2f:6d:40:d0:4c:
         dd:87:7e:65:69:45:df:ce:9c:f4:73:28:46:bc:b0:76:ba:87:
         d5:c9:b5:44:6c:fc:be:15:76:f3:a8:39:64:da:9e:0b:5d:9c:
         7f:b0:76:6b:fb:6b:1d:e0:5c:ab:37:e2:54:7f:a4:13:58:c8:
         e9:be:07:50:28:a7:82:c1:94:81:75:1a:f4:62:f8:4e:c0:5e:
         a9:44:8e:08:64:79:05:d6:f0:ce:42:1c:c7:2e:d3:5c:cd:7e:
         0b:4c:44:a9:9a:33:c6:f9:68:33:8c:b7:98:5e:ba:26:b1:e5:
         c5:9f:d7:d9:99:2d:bb:f6:db:30:f5:91:51:f6:d5:11:34:81:
         7c:06:db:8b:a6:2c:0e:91:2f:ff:b3:b1:9e:bb:cc:0e:04:01:
         25:c2:76:7d:a7:64:c2:c2:9f:8e:de:97:5b:33:e2:2b:3e:26:
         62:43:62:23:39:06:4a:b5:8b:03:55:27:cf:f9:f2:80:85:f4:
         da:73:59:4d:ad:57:d7:1e:a7:ca:2d:01:b2:6f:68:5e:8d:b6:
         91:6c:7b:63:9c:72:0f:0c:26:55:54:8b:ea:da:bb:32:0d:f9:
         32:66:7c:0d
-----BEGIN CERTIFICATE-----
MIIFfTCCBGWgAwIBAgICBeswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
ODZFOEExMTAvBgNVBAUTKEE5QkNDQTZEMzREM0Q1RjFFRkY4QkJFNzgzRDQ5Nzcz
ODEzRTVFRjgwHhcNMjMwMzAxMDA1MDMzWhcNMjQwNTI5MDAwMDAwWjAYMRYwFAYD
VQQDEw02M2ZlYTE1OS0wMTA4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAz4Gyyb+VwobndrXni4tH/+2In3/aFHSVNuEmmjqFuxPnf1ddYSvFyDo0iM2N
TZ23/yJUsDunhBNjOp5jVLPv0ayiE+3BqUsdlf5MOpSkspQv4q9kxLbG4Isx6tAU
IScdsEz0i9KU3/ELWkPsvZn1CwlmdP8QVYnXb/p7/wVZOIGDvnb5beFWHrjkNEHh
vtJmxFvisDfHpbHbY9QirW/EZEBM4FoTqJSwJFXP+gPFtQVkMyqL6tLY3T1dKJhX
wCQS8cpcxEFIkzzy/CZhievX9mppaQBqTPbxgCcgAYhtLLOXo7dldMVEGUxgRcQR
IA9EucO+ldqzo3nWIq0Uv9c0pwIDAQABo4ICoTCCAp0wHQYDVR0OBBYEFIv8EG/a
WMiIp5HRAoYoAAfoYGscMB8GA1UdIwQYMBaAFKm8ym0009Xx7/i754PUl3OBPl74
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4NkU4QS8zQjQ3NkU3QzJE
RkYxMUVCODY4QTkxMzVDNEY5QUUwMi9xYnpLYlRUVDFmSHYtTHZuZzlTWGM0RS1Y
dmcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3FiektiVFRUMWZIdi1Mdm5nOVNYYzRFLVh2Zy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
ODZFOEEvM0I0NzZFN0MyREZGMTFFQjg2OEE5MTM1QzRGOUFFMDIvNjZDMUJBODYy
RkJCMTFFQjlCODYxMDU5QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwKwYIKwYBBQUHAQcBAf8E
HDAaMBgEAgABMBIDBAB2wU8DBAB7OsoDBAB7Ot4wDQYJKoZIhvcNAQELBQADggEB
AIcGzUSO07dJ/k/MJNfGi7KyxEtwAJ/BtPT08P4ATWIvbUDQTN2HfmVpRd/OnPRz
KEa8sHa6h9XJtURs/L4VdvOoOWTangtdnH+wdmv7ax3gXKs34lR/pBNYyOm+B1Ao
p4LBlIF1GvRi+E7AXqlEjghkeQXW8M5CHMcu01zNfgtMRKmaM8b5aDOMt5heuiax
5cWf19mZLbv22zD1kVH21RE0gXwG24umLA6RL/+zsZ67zA4EASXCdn2nZMLCn47e
l1sz4is+JmJDYiM5Bkq1iwNVJ8/58oCF9NpzWU2tV9cep8otAbJvaF6NtpFse2Oc
cg8MJlVUi+rauzIN+TJmfA0=
-----END CERTIFICATE-----
Generated at Wed Mar 27 01:57:07 2024 by rpki-client on console-ams.rpki-client.org