Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91919EA/6D463CFE04FD11EA82CCCA18C4F9AE02/4B5E14FC96AD11EBA4AC9F7FC4F9AE02.roa
File:                     4B5E14FC96AD11EBA4AC9F7FC4F9AE02.roa (raw, json)
Hash identifier:          Lp0ykW8HMm5jIMIBMEywg/EkIRhvoLD6TR/kXi750rc=
Subject key identifier:   79:52:6D:25:F8:4B:F0:FE:59:0D:8D:7F:C9:08:63:9D:2E:86:13:6D
Certificate issuer:       /CN=A91919EA/serialNumber=7B01CACC170FE6A61B20304185E868946DF7285A
Certificate serial:       0EB1
Authority key identifier: 7B:01:CA:CC:17:0F:E6:A6:1B:20:30:41:85:E8:68:94:6D:F7:28:5A
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ewHKzBcP5qYbIDBBheholG33KFo.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91919EA/6D463CFE04FD11EA82CCCA18C4F9AE02/4B5E14FC96AD11EBA4AC9F7FC4F9AE02.roa
Signing time:             Thu 29 Feb 2024 19:38:26 +0000
ROA not before:           Thu 29 Feb 2024 19:38:26 +0000
ROA not after:            Thu 01 May 2025 00:00:00 +0000
asID:                     399151
IP address blocks:        203.17.72.0/24 maxlen: 24
                          2001:dcd:dd05::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91919EA/6D463CFE04FD11EA82CCCA18C4F9AE02/ewHKzBcP5qYbIDBBheholG33KFo.crl
                          rsync://rpki.apnic.net/member_repository/A91919EA/6D463CFE04FD11EA82CCCA18C4F9AE02/ewHKzBcP5qYbIDBBheholG33KFo.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ewHKzBcP5qYbIDBBheholG33KFo.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 01 Dec 2024 17:11:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3761 (0xeb1)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91919EA/serialNumber=7B01CACC170FE6A61B20304185E868946DF7285A
        Validity
            Not Before: Feb 29 19:38:26 2024 GMT
            Not After : May  1 00:00:00 2025 GMT
        Subject: CN=65e0dd32-2d43
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:0a:53:53:d2:f2:ed:17:30:17:c8:f5:be:4e:
                    d0:d8:56:ee:e1:d5:eb:c6:9d:1f:cb:a0:14:31:78:
                    b6:4c:70:88:c6:93:d6:cc:b7:44:89:23:31:e5:53:
                    0c:65:fc:94:7f:33:ba:05:8c:e0:c0:0d:ad:3f:ba:
                    fb:a8:43:d7:a5:5b:2f:f9:d3:4c:fb:aa:2b:40:f9:
                    1f:30:2a:b1:89:f1:0e:46:56:f3:ac:c9:1a:8c:ff:
                    cd:88:bc:a0:19:60:5b:7f:4c:72:8d:71:e1:96:8c:
                    45:b5:6c:f7:5d:c7:1a:ff:1b:93:f7:d7:11:09:11:
                    18:39:38:9e:34:af:fb:d1:64:7b:d7:49:b1:82:42:
                    51:c1:1b:90:36:f6:ac:34:dc:45:0c:bf:32:05:00:
                    ce:88:ff:35:6f:32:6c:57:d2:30:c7:21:f3:b7:62:
                    a1:b6:ec:46:62:74:4a:e0:77:4f:79:f3:6b:0e:5f:
                    20:d4:a4:28:f2:ca:22:a5:b9:d3:5c:84:6f:c6:e2:
                    49:88:ca:ce:29:5c:bc:7c:f9:e6:81:c6:5b:11:75:
                    f3:9a:24:77:8d:2a:c8:f3:77:44:1b:29:83:17:8c:
                    f6:6c:90:04:5b:a6:6b:c8:d7:de:dc:f8:71:5c:36:
                    74:b1:c5:03:0b:9d:2d:f8:70:47:47:f3:ab:7f:06:
                    5e:55
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                79:52:6D:25:F8:4B:F0:FE:59:0D:8D:7F:C9:08:63:9D:2E:86:13:6D
            X509v3 Authority Key Identifier:
                keyid:7B:01:CA:CC:17:0F:E6:A6:1B:20:30:41:85:E8:68:94:6D:F7:28:5A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91919EA/6D463CFE04FD11EA82CCCA18C4F9AE02/ewHKzBcP5qYbIDBBheholG33KFo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ewHKzBcP5qYbIDBBheholG33KFo.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91919EA/6D463CFE04FD11EA82CCCA18C4F9AE02/4B5E14FC96AD11EBA4AC9F7FC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.17.72.0/24
                IPv6:
                  2001:dcd:dd05::/48

    Signature Algorithm: sha256WithRSAEncryption
         2b:db:bf:75:74:b9:f6:9e:ec:fc:15:3a:40:20:d9:a7:02:be:
         bc:2d:53:a7:05:3a:93:95:b4:d6:ba:90:1a:14:71:5a:af:7e:
         71:98:9a:cc:20:55:34:78:da:aa:a0:5e:b2:e2:b2:54:b3:a8:
         f6:f6:8d:f2:5b:99:38:d7:59:81:2b:88:fa:87:37:c2:31:d1:
         cb:29:5f:12:43:25:e9:f5:4b:a3:d1:77:9a:da:83:73:76:dd:
         b6:57:49:72:33:2a:46:10:dc:42:8e:f0:20:26:13:54:30:3c:
         a7:42:6f:50:71:74:41:6c:16:b6:18:a6:33:29:71:2a:0d:81:
         3e:b5:86:51:5f:85:2d:4a:d3:76:d1:d6:fe:5c:c0:5e:5f:6d:
         7f:0e:5e:ef:72:c5:a4:48:d4:b8:c2:b3:08:0c:be:99:4f:77:
         9a:1c:c4:d4:39:4f:96:0c:e3:ad:e8:97:92:43:c6:4e:cd:ee:
         31:ca:12:86:fc:1e:b3:2e:da:f4:6b:ac:c1:95:e4:b1:69:fe:
         17:3b:9a:a3:ad:31:af:71:46:96:03:7d:5f:5f:60:a3:38:55:
         54:db:79:6d:57:55:ba:ab:98:b4:2b:04:23:bd:e4:7d:6d:33:
         be:3b:52:0e:1e:04:25:dc:4a:ab:bc:de:c3:43:19:e6:d0:29:
         28:34:9a:12
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICDrEwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OTE5RUExMTAvBgNVBAUTKDdCMDFDQUNDMTcwRkU2QTYxQjIwMzA0MTg1RTg2ODk0
NkRGNzI4NUEwHhcNMjQwMjI5MTkzODI2WhcNMjUwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWUwZGQzMi0yZDQzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA5gpTU9Ly7RcwF8j1vk7Q2Fbu4dXrxp0fy6AUMXi2THCIxpPWzLdEiSMx5VMM
ZfyUfzO6BYzgwA2tP7r7qEPXpVsv+dNM+6orQPkfMCqxifEORlbzrMkajP/NiLyg
GWBbf0xyjXHhloxFtWz3Xcca/xuT99cRCREYOTieNK/70WR710mxgkJRwRuQNvas
NNxFDL8yBQDOiP81bzJsV9IwxyHzt2KhtuxGYnRK4HdPefNrDl8g1KQo8soipbnT
XIRvxuJJiMrOKVy8fPnmgcZbEXXzmiR3jSrI83dEGymDF4z2bJAEW6ZryNfe3Phx
XDZ0scUDC50t+HBHR/OrfwZeVQIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFHlSbSX4
S/D+WQ2Nf8kIY50uhhNtMB8GA1UdIwQYMBaAFHsByswXD+amGyAwQYXoaJRt9yha
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5MTlFQS82RDQ2M0NGRTA0
RkQxMUVBODJDQ0NBMThDNEY5QUUwMi9ld0hLekJjUDVxWWJJREJCaGVob2xHMzNL
Rm8uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2V3SEt6QmNQNXFZYklEQkJoZWhvbEczM0tGby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OTE5RUEvNkQ0NjNDRkUwNEZEMTFFQTgyQ0NDQTE4QzRGOUFFMDIvNEI1RTE0RkM5
NkFEMTFFQkE0QUM5RjdGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBADLEUgwDwQCAAIwCQMHACABDc3dBTANBgkqhkiG9w0BAQsF
AAOCAQEAK9u/dXS59p7s/BU6QCDZpwK+vC1TpwU6k5W01rqQGhRxWq9+cZiazCBV
NHjaqqBesuKyVLOo9vaN8luZONdZgSuI+oc3wjHRyylfEkMl6fVLo9F3mtqDc3bd
tldJcjMqRhDcQo7wICYTVDA8p0JvUHF0QWwWthimMylxKg2BPrWGUV+FLUrTdtHW
/lzAXl9tfw5e73LFpEjUuMKzCAy+mU93mhzE1DlPlgzjreiXkkPGTs3uMcoShvwe
sy7a9GuswZXksWn+Fzuao60xr3FGlgN9X19gozhVVNt5bVdVuquYtCsEI73kfW0z
vjtSDh4EJdxKq7zew0MZ5tApKDSaEg==
-----END CERTIFICATE-----
Generated at Sun Nov 24 20:09:52 2024 by rpki-client on console-ams.rpki-client.org