Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/1C57CEAC70E911E2B36D4B6B2979BB20/497464A4FD5F11EEBF4BFE32C4F9AE02.roa
File:                     497464A4FD5F11EEBF4BFE32C4F9AE02.roa (raw, json)
Hash identifier:          zzFIJOC0CkTZI5CTxdzTer+62Kgj3TobEu+Tzyr0EaQ=
Subject key identifier:   BD:8C:D1:5E:D9:E8:9A:45:EB:FB:DB:B3:7C:70:42:F3:DA:70:1E:7E
Certificate issuer:       /CN=A918EDB2/serialNumber=A7AE474416B0E8AD3A89E86774A640FEBE6973F9
Certificate serial:       1A30
Authority key identifier: A7:AE:47:44:16:B0:E8:AD:3A:89:E8:67:74:A6:40:FE:BE:69:73:F9
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/p65HRBaw6K06iehndKZA_r5pc_k.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A918EDB2/1C57CEAC70E911E2B36D4B6B2979BB20/497464A4FD5F11EEBF4BFE32C4F9AE02.roa
Signing time:             Thu 30 May 2024 15:53:36 +0000
ROA not before:           Thu 30 May 2024 15:53:36 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     55410
IP address blocks:        157.15.158.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A918EDB2/1C57CEAC70E911E2B36D4B6B2979BB20/p65HRBaw6K06iehndKZA_r5pc_k.crl
                          rsync://rpki.apnic.net/member_repository/A918EDB2/1C57CEAC70E911E2B36D4B6B2979BB20/p65HRBaw6K06iehndKZA_r5pc_k.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/p65HRBaw6K06iehndKZA_r5pc_k.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 29 Nov 2024 05:23:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 6704 (0x1a30)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A918EDB2/serialNumber=A7AE474416B0E8AD3A89E86774A640FEBE6973F9
        Validity
            Not Before: May 30 15:53:36 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6658a100-26b6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:4f:ee:f3:c6:dc:a3:ed:f2:c9:e3:88:4c:37:
                    52:cf:5e:0e:9b:b8:68:58:20:6b:19:0f:b1:4f:24:
                    0e:73:75:0d:fe:94:5b:ab:b8:6a:46:b5:12:6d:81:
                    8b:eb:b1:97:d8:f2:e4:f3:f3:f1:bc:9c:60:09:2e:
                    3f:eb:e2:06:ca:84:a7:6e:4a:d5:dc:78:25:5e:3f:
                    91:55:80:6a:bd:6a:10:68:92:d2:14:72:5e:34:1b:
                    c2:ea:1c:94:b9:97:d6:f1:db:c4:d9:71:92:4a:2f:
                    6b:5b:c0:6f:0e:5a:9e:02:c3:b2:3e:4b:33:e5:ed:
                    6a:9e:d5:3d:6a:aa:41:73:98:ca:66:19:c2:8a:0f:
                    da:46:84:48:ba:1a:20:50:1c:c5:75:6a:72:8b:a9:
                    e6:9f:7f:97:27:5d:d5:2b:b7:31:f2:ce:a8:45:39:
                    c9:a5:b3:15:17:83:c3:ae:48:2b:a2:80:83:30:c1:
                    fa:3b:49:39:14:67:d4:71:6c:48:c9:71:37:3f:bb:
                    d9:f6:89:20:27:b2:01:9f:6a:6a:5a:f1:eb:e2:ad:
                    a5:75:b6:46:11:f1:74:b3:41:bb:29:7b:9e:96:c4:
                    c0:b4:f5:1a:de:c9:71:e6:b4:0a:fb:a9:4f:38:f2:
                    d1:47:18:b2:a1:13:f6:3a:77:a8:b7:4d:6c:b3:f6:
                    fb:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:8C:D1:5E:D9:E8:9A:45:EB:FB:DB:B3:7C:70:42:F3:DA:70:1E:7E
            X509v3 Authority Key Identifier:
                keyid:A7:AE:47:44:16:B0:E8:AD:3A:89:E8:67:74:A6:40:FE:BE:69:73:F9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A918EDB2/1C57CEAC70E911E2B36D4B6B2979BB20/p65HRBaw6K06iehndKZA_r5pc_k.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/p65HRBaw6K06iehndKZA_r5pc_k.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/1C57CEAC70E911E2B36D4B6B2979BB20/497464A4FD5F11EEBF4BFE32C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.15.158.0/24

    Signature Algorithm: sha256WithRSAEncryption
         8d:11:1d:40:50:45:b9:b8:95:51:0d:fc:f5:7f:2a:eb:25:15:
         8a:d9:8f:52:d3:87:ad:e8:e1:13:c8:9d:76:33:1e:6c:f6:2f:
         33:3c:73:94:03:96:ea:7d:97:8a:ce:8f:d4:72:e7:8e:f5:ec:
         eb:e7:a3:21:5c:39:ce:6c:44:d8:8a:06:6f:ff:57:2d:98:2f:
         d2:59:81:82:cc:c1:9e:f6:de:e6:85:4d:da:76:74:32:c9:71:
         f9:cd:03:1e:93:7e:5b:81:34:7d:96:fc:a7:52:97:4d:e3:fa:
         bf:fa:aa:7d:1e:53:6d:ab:68:7e:4c:d9:64:8e:e8:6e:27:24:
         53:ad:b8:c3:b5:45:34:d5:34:5a:f0:41:ff:19:84:07:c4:f2:
         d1:0d:2c:63:69:8f:87:c6:8a:95:9e:8d:9f:34:4a:d7:ae:4f:
         aa:e3:6b:44:b4:3a:c8:1a:4d:1c:b5:a4:2a:b8:98:e6:46:1f:
         92:83:57:54:b9:a2:65:e0:04:cd:38:9e:33:8b:97:57:df:89:
         14:28:eb:51:7d:61:25:5f:49:7a:a2:48:9b:b1:1f:8d:3c:7c:
         f6:28:a2:f6:4c:78:f4:87:b0:3b:0a:39:5c:1c:1c:8c:80:b2:
         37:55:5f:94:d2:c6:17:06:a7:27:fc:87:62:16:00:69:bf:5a:
         b0:1f:6c:a3
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICGjAwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OEVEQjIxMTAvBgNVBAUTKEE3QUU0NzQ0MTZCMEU4QUQzQTg5RTg2Nzc0QTY0MEZF
QkU2OTczRjkwHhcNMjQwNTMwMTU1MzM2WhcNMjUwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjU4YTEwMC0yNmI2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAnk/u88bco+3yyeOITDdSz14Om7hoWCBrGQ+xTyQOc3UN/pRbq7hqRrUSbYGL
67GX2PLk8/PxvJxgCS4/6+IGyoSnbkrV3HglXj+RVYBqvWoQaJLSFHJeNBvC6hyU
uZfW8dvE2XGSSi9rW8BvDlqeAsOyPksz5e1qntU9aqpBc5jKZhnCig/aRoRIuhog
UBzFdWpyi6nmn3+XJ13VK7cx8s6oRTnJpbMVF4PDrkgrooCDMMH6O0k5FGfUcWxI
yXE3P7vZ9okgJ7IBn2pqWvHr4q2ldbZGEfF0s0G7KXuelsTAtPUa3slx5rQK+6lP
OPLRRxiyoRP2Oneot01ss/b7vQIDAQABo4IClTCCApEwHQYDVR0OBBYEFL2M0V7Z
6JpF6/vbs3xwQvPacB5+MB8GA1UdIwQYMBaAFKeuR0QWsOitOonoZ3SmQP6+aXP5
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4RURCMi8xQzU3Q0VBQzcw
RTkxMUUyQjM2RDRCNkIyOTc5QkIyMC9wNjVIUkJhdzZLMDZpZWhuZEtaQV9yNXBj
X2suY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL3A2NUhSQmF3NkswNmllaG5kS1pBX3I1cGNfay5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OEVEQjIvMUM1N0NFQUM3MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvNDk3NDY0QTRG
RDVGMTFFRUJGNEJGRTMyQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBACdD54wDQYJKoZIhvcNAQELBQADggEBAI0RHUBQRbm4lVEN
/PV/KuslFYrZj1LTh63o4RPInXYzHmz2LzM8c5QDlup9l4rOj9Ry54717OvnoyFc
Oc5sRNiKBm//Vy2YL9JZgYLMwZ723uaFTdp2dDLJcfnNAx6TfluBNH2W/KdSl03j
+r/6qn0eU22raH5M2WSO6G4nJFOtuMO1RTTVNFrwQf8ZhAfE8tENLGNpj4fGipWe
jZ80SteuT6rja0S0OsgaTRy1pCq4mOZGH5KDV1S5omXgBM04njOLl1ffiRQo61F9
YSVfSXqiSJuxH408fPYoovZMePSHsDsKOVwcHIyAsjdVX5TSxhcGpyf8h2IWAGm/
WrAfbKM=
-----END CERTIFICATE-----
Generated at Fri Nov 22 06:57:52 2024 by rpki-client on console-fra.rpki-client.org