Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9188EB6/9C0EF83A74EC11EC93F81A33C4F9AE02/09B2D8EC704C11ED97935E7DC4F9AE02.roa
File:                     09B2D8EC704C11ED97935E7DC4F9AE02.roa (raw, json)
Hash identifier:          20RJb8XxEbpVV3YaUsYGPL/u9/U+YzjgEdTcF40ivzI=
Subject key identifier:   33:AE:7B:68:51:3C:6D:75:F7:D1:66:B2:C1:59:3F:7E:09:67:2E:3D
Certificate issuer:       /CN=A9188EB6/serialNumber=AD447A67F07E81CD09C322ECD10AD9416BC44B2B
Certificate serial:       030A
Authority key identifier: AD:44:7A:67:F0:7E:81:CD:09:C3:22:EC:D1:0A:D9:41:6B:C4:4B:2B
Authority info access:    rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/rUR6Z_B-gc0JwyLs0QrZQWvESys.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9188EB6/9C0EF83A74EC11EC93F81A33C4F9AE02/09B2D8EC704C11ED97935E7DC4F9AE02.roa
Signing time:             Sat 03 Feb 2024 02:14:42 +0000
ROA not before:           Sat 03 Feb 2024 02:14:42 +0000
ROA not after:            Mon 31 Mar 2025 00:00:00 +0000
asID:                     132077
IP address blocks:        193.149.153.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9188EB6/9C0EF83A74EC11EC93F81A33C4F9AE02/rUR6Z_B-gc0JwyLs0QrZQWvESys.crl
                          rsync://rpki.apnic.net/member_repository/A9188EB6/9C0EF83A74EC11EC93F81A33C4F9AE02/rUR6Z_B-gc0JwyLs0QrZQWvESys.mft
                          rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/rUR6Z_B-gc0JwyLs0QrZQWvESys.cer
                          rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/DPzneFf88B852ZpitKpi5hWedvg.crl
                          rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/DPzneFf88B852ZpitKpi5hWedvg.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DPzneFf88B852ZpitKpi5hWedvg.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 24 Jun 2024 02:38:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 778 (0x30a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9188EB6/serialNumber=AD447A67F07E81CD09C322ECD10AD9416BC44B2B
        Validity
            Not Before: Feb  3 02:14:42 2024 GMT
            Not After : Mar 31 00:00:00 2025 GMT
        Subject: CN=65bda191-f3f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:70:9d:8e:a4:7c:e4:cb:73:0b:77:df:03:44:
                    84:c5:4c:39:07:83:8d:d0:4a:31:f9:70:2c:99:9f:
                    89:6c:3c:20:f4:2e:81:69:a5:62:1c:80:0e:9a:2d:
                    17:f4:36:b1:91:f3:75:92:0c:77:f9:77:3c:14:26:
                    a0:c9:d3:da:8a:c6:47:b8:d5:aa:9f:bd:27:48:cd:
                    52:e9:97:f3:3b:44:3c:cb:fc:0d:61:47:61:7b:c3:
                    01:88:45:4e:e5:6d:30:7d:db:a4:93:56:fc:16:22:
                    aa:52:65:68:1f:30:d8:ea:1e:7c:b5:86:1c:3e:e4:
                    e5:63:be:ff:34:9e:e0:43:36:e8:16:b5:8b:2d:12:
                    90:65:00:52:9d:f0:d4:00:49:fa:a3:51:1a:60:1f:
                    be:73:a3:90:40:7d:2d:3b:fe:ca:50:ea:aa:03:af:
                    39:92:3d:97:02:2e:2b:35:06:d3:e0:86:40:9f:69:
                    32:9a:fb:a0:9e:35:eb:5e:7e:a3:62:58:5a:4d:a3:
                    f0:6e:8e:a9:1c:30:c2:26:1b:dc:e4:41:4f:63:0d:
                    05:55:d2:0d:e1:e7:f9:23:95:a9:b7:40:02:d2:0b:
                    f9:44:d2:87:c0:59:45:3b:2f:f9:2f:9b:b1:2b:25:
                    0a:03:28:e4:85:c5:aa:52:c6:73:ea:4f:f5:ae:91:
                    65:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                33:AE:7B:68:51:3C:6D:75:F7:D1:66:B2:C1:59:3F:7E:09:67:2E:3D
            X509v3 Authority Key Identifier:
                keyid:AD:44:7A:67:F0:7E:81:CD:09:C3:22:EC:D1:0A:D9:41:6B:C4:4B:2B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9188EB6/9C0EF83A74EC11EC93F81A33C4F9AE02/rUR6Z_B-gc0JwyLs0QrZQWvESys.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/rUR6Z_B-gc0JwyLs0QrZQWvESys.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9188EB6/9C0EF83A74EC11EC93F81A33C4F9AE02/09B2D8EC704C11ED97935E7DC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  193.149.153.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b8:c1:f9:8e:f2:d9:76:ed:59:36:8a:d4:dd:ea:72:dc:90:83:
         47:e3:e0:78:cf:d5:23:9e:c1:ac:b8:20:7c:a2:b8:4b:7b:9d:
         3d:95:23:1e:5f:fd:a1:22:c7:e5:cf:0a:8f:fc:92:46:6f:96:
         04:37:81:b2:be:af:d3:b8:f2:cb:b9:fd:d9:c2:18:02:04:25:
         5f:a1:bb:bf:3f:bf:77:ad:c5:12:91:37:76:cf:67:57:f7:5f:
         e6:4d:4b:72:1c:68:ca:aa:dc:d9:0c:40:24:b0:6b:89:b1:46:
         64:43:64:56:c1:5f:07:8c:11:36:d0:1e:04:39:ad:ee:ea:1b:
         8a:2d:34:34:33:b7:de:f6:c3:82:72:25:20:86:c5:7d:1e:0a:
         03:0c:4c:21:24:54:a4:3b:2a:56:b7:e0:51:05:fd:e5:f5:4a:
         c0:6c:17:cb:93:45:da:24:63:33:26:c0:f3:fa:79:16:87:d2:
         33:66:55:d7:e6:3d:b1:f5:20:bd:98:06:3a:53:a1:c8:30:7f:
         2c:6e:27:f3:b3:bf:64:fd:db:07:d1:d4:2b:b7:eb:f9:93:de:
         b5:26:00:69:71:cd:cc:ba:cd:d4:32:e2:ad:47:cd:81:74:71:
         75:df:f0:f4:d7:17:3c:e3:52:66:ae:23:69:fe:3e:d4:e0:67:
         c8:a5:88:4f
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICAwowDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
ODhFQjYxMTAvBgNVBAUTKEFENDQ3QTY3RjA3RTgxQ0QwOUMzMjJFQ0QxMEFEOTQx
NkJDNDRCMkIwHhcNMjQwMjAzMDIxNDQyWhcNMjUwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWJkYTE5MS1mM2Y1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA1nCdjqR85MtzC3ffA0SExUw5B4ON0Eox+XAsmZ+JbDwg9C6BaaViHIAOmi0X
9DaxkfN1kgx3+Xc8FCagydPaisZHuNWqn70nSM1S6ZfzO0Q8y/wNYUdhe8MBiEVO
5W0wfdukk1b8FiKqUmVoHzDY6h58tYYcPuTlY77/NJ7gQzboFrWLLRKQZQBSnfDU
AEn6o1EaYB++c6OQQH0tO/7KUOqqA685kj2XAi4rNQbT4IZAn2kymvugnjXrXn6j
YlhaTaPwbo6pHDDCJhvc5EFPYw0FVdIN4ef5I5Wpt0AC0gv5RNKHwFlFOy/5L5ux
KyUKAyjkhcWqUsZz6k/1rpFlywIDAQABo4IClTCCApEwHQYDVR0OBBYEFDOue2hR
PG1199FmssFZP34JZy49MB8GA1UdIwQYMBaAFK1EemfwfoHNCcMi7NEK2UFrxEsr
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4OEVCNi85QzBFRjgzQTc0
RUMxMUVDOTNGODFBMzNDNEY5QUUwMi9yVVI2Wl9CLWdjMEp3eUxzMFFyWlFXdkVT
eXMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzMjJBNUY0MUQ2NjExRTJBM0YyN0Y3Qzcy
RkQxRkYyL3JVUjZaX0ItZ2MwSnd5THMwUXJaUVd2RVN5cy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
ODhFQjYvOUMwRUY4M0E3NEVDMTFFQzkzRjgxQTMzQzRGOUFFMDIvMDlCMkQ4RUM3
MDRDMTFFRDk3OTM1RTdEQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADBlZkwDQYJKoZIhvcNAQELBQADggEBALjB+Y7y2XbtWTaK
1N3qctyQg0fj4HjP1SOeway4IHyiuEt7nT2VIx5f/aEix+XPCo/8kkZvlgQ3gbK+
r9O48su5/dnCGAIEJV+hu78/v3etxRKRN3bPZ1f3X+ZNS3IcaMqq3NkMQCSwa4mx
RmRDZFbBXweMETbQHgQ5re7qG4otNDQzt972w4JyJSCGxX0eCgMMTCEkVKQ7Kla3
4FEF/eX1SsBsF8uTRdokYzMmwPP6eRaH0jNmVdfmPbH1IL2YBjpTocgwfyxuJ/Oz
v2T92wfR1Cu36/mT3rUmAGlxzcy6zdQy4q1HzYF0cXXf8PTXFzzjUmauI2n+PtTg
Z8iliE8=
-----END CERTIFICATE-----
Generated at Mon Jun 17 03:47:51 2024 by rpki-client on console-ams.rpki-client.org