Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91919EA/6D463CFE04FD11EA82CCCA18C4F9AE02/5731ACF609B111EAB045B31EC4F9AE02.roa
File:                     5731ACF609B111EAB045B31EC4F9AE02.roa (raw, json)
Hash identifier:          kREnLf88OoWgQ34/8mPOwFXMrynWxlb31lWTQCGwgd8=
Subject key identifier:   64:73:9E:AA:D9:30:1B:CB:7E:90:2D:5C:50:F4:DE:1E:87:25:E4:7A
Certificate issuer:       /CN=A91919EA/serialNumber=7B01CACC170FE6A61B20304185E868946DF7285A
Certificate serial:       0EA7
Authority key identifier: 7B:01:CA:CC:17:0F:E6:A6:1B:20:30:41:85:E8:68:94:6D:F7:28:5A
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ewHKzBcP5qYbIDBBheholG33KFo.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91919EA/6D463CFE04FD11EA82CCCA18C4F9AE02/5731ACF609B111EAB045B31EC4F9AE02.roa
Signing time:             Thu 29 Feb 2024 19:38:17 +0000
ROA not before:           Thu 29 Feb 2024 19:38:17 +0000
ROA not after:            Thu 01 May 2025 00:00:00 +0000
asID:                     397234
IP address blocks:        120.29.252.0/24 maxlen: 24
                          120.29.253.0/24 maxlen: 24
                          120.29.254.0/24 maxlen: 24
                          203.17.72.0/24 maxlen: 24
                          2001:dcd:1::/48 maxlen: 48
                          2001:dcd:2::/48 maxlen: 48
                          2001:dcd:3::/48 maxlen: 48
                          2001:dcd:4::/48 maxlen: 48
                          2001:dcd:5::/48 maxlen: 48
                          2001:dcd:6::/48 maxlen: 48
                          2001:dcd:7::/48 maxlen: 48
                          2001:dcd:dd05::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91919EA/6D463CFE04FD11EA82CCCA18C4F9AE02/ewHKzBcP5qYbIDBBheholG33KFo.crl
                          rsync://rpki.apnic.net/member_repository/A91919EA/6D463CFE04FD11EA82CCCA18C4F9AE02/ewHKzBcP5qYbIDBBheholG33KFo.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ewHKzBcP5qYbIDBBheholG33KFo.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 02 Apr 2024 19:18:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3751 (0xea7)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91919EA/serialNumber=7B01CACC170FE6A61B20304185E868946DF7285A
        Validity
            Not Before: Feb 29 19:38:17 2024 GMT
            Not After : May  1 00:00:00 2025 GMT
        Subject: CN=65e0dd28-e02e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f3:ef:ce:8f:2b:c6:ec:62:67:53:ec:12:04:1d:
                    e2:dd:ca:1c:43:93:11:ca:75:1b:1f:5b:6a:ee:a2:
                    28:71:32:8f:49:7c:f0:b5:01:cc:3c:93:74:58:9e:
                    56:47:a4:3e:38:49:ba:1e:fa:95:38:7d:7a:fb:06:
                    c9:31:a9:ab:3c:f9:75:ae:ef:10:62:41:f8:3d:a2:
                    36:1b:04:e2:05:c5:47:3a:53:83:06:b3:57:6b:7d:
                    76:21:99:59:d8:77:51:aa:37:df:b5:41:9a:95:5c:
                    2f:1a:e7:73:93:1b:dd:29:08:e9:12:60:da:c2:40:
                    01:bb:6b:db:1e:19:08:19:fa:50:47:09:42:32:62:
                    29:c7:7e:72:22:f0:80:76:52:b9:dd:77:aa:57:ba:
                    b5:cb:b3:9e:4f:0c:9e:01:3d:ca:d8:44:d8:b4:8e:
                    c6:e6:59:0c:3f:e2:d8:32:e9:19:ad:b5:cc:8a:c0:
                    ed:73:b1:03:30:0e:af:34:b1:33:41:3d:cc:0d:83:
                    25:00:61:0c:c5:f9:3e:59:2c:5f:5d:b1:cf:b0:0a:
                    68:30:a8:e3:6b:68:35:16:42:db:42:0e:a8:86:ea:
                    23:e5:55:3e:e3:c5:c6:20:69:13:08:49:f9:07:a0:
                    ca:1b:27:b3:46:8c:97:57:98:7f:dd:6a:28:7a:14:
                    c0:1d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:73:9E:AA:D9:30:1B:CB:7E:90:2D:5C:50:F4:DE:1E:87:25:E4:7A
            X509v3 Authority Key Identifier:
                keyid:7B:01:CA:CC:17:0F:E6:A6:1B:20:30:41:85:E8:68:94:6D:F7:28:5A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91919EA/6D463CFE04FD11EA82CCCA18C4F9AE02/ewHKzBcP5qYbIDBBheholG33KFo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ewHKzBcP5qYbIDBBheholG33KFo.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91919EA/6D463CFE04FD11EA82CCCA18C4F9AE02/5731ACF609B111EAB045B31EC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  120.29.252.0-120.29.254.255
                  203.17.72.0/24
                IPv6:
                  2001:dcd:1::-2001:dcd:7:ffff:ffff:ffff:ffff:ffff
                  2001:dcd:dd05::/48

    Signature Algorithm: sha256WithRSAEncryption
         5a:ef:9b:e1:55:19:d5:1d:0e:75:a5:81:40:2e:d6:a9:75:a0:
         c7:2c:d6:e6:2a:80:ea:97:44:08:9f:db:26:96:3f:88:a2:49:
         d0:c0:c7:fa:02:15:06:34:f3:85:12:94:fb:1c:64:24:e9:64:
         8d:c9:35:4b:77:56:37:85:21:90:4c:ea:76:e5:cf:51:30:8c:
         13:23:f5:e7:0c:d8:7d:86:6d:01:2a:06:17:5a:9d:0f:82:ba:
         35:a2:6f:9f:ce:1b:2f:37:33:ab:98:7f:92:8b:98:35:54:a4:
         e6:d6:33:98:a0:39:13:63:8d:ba:36:9c:c3:d4:20:02:3f:c9:
         02:f7:99:8c:58:e8:31:36:b4:70:cb:cc:68:97:78:27:2a:8a:
         50:de:24:71:5a:83:79:ee:ac:78:dd:6e:8d:dc:7b:26:84:7a:
         01:02:34:a7:97:ef:32:06:7a:68:75:8d:05:1f:a4:40:25:e1:
         3b:08:8a:62:bb:ac:b6:3b:e8:b6:5c:a9:9c:85:42:b3:e1:ca:
         a9:eb:07:a6:ca:0d:36:d9:30:96:66:de:93:3b:c3:81:ed:f2:
         f6:dd:0a:97:6e:65:f9:5f:71:90:28:14:38:23:9e:fc:0e:ac:
         77:0d:2b:48:a1:b8:cb:9e:b2:a9:c4:13:48:94:13:1f:1d:bb:
         d1:45:f9:2e
-----BEGIN CERTIFICATE-----
MIIFpDCCBIygAwIBAgICDqcwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OTE5RUExMTAvBgNVBAUTKDdCMDFDQUNDMTcwRkU2QTYxQjIwMzA0MTg1RTg2ODk0
NkRGNzI4NUEwHhcNMjQwMjI5MTkzODE3WhcNMjUwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWUwZGQyOC1lMDJlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA8+/OjyvG7GJnU+wSBB3i3cocQ5MRynUbH1tq7qIocTKPSXzwtQHMPJN0WJ5W
R6Q+OEm6HvqVOH16+wbJMamrPPl1ru8QYkH4PaI2GwTiBcVHOlODBrNXa312IZlZ
2HdRqjfftUGalVwvGudzkxvdKQjpEmDawkABu2vbHhkIGfpQRwlCMmIpx35yIvCA
dlK53XeqV7q1y7OeTwyeAT3K2ETYtI7G5lkMP+LYMukZrbXMisDtc7EDMA6vNLEz
QT3MDYMlAGEMxfk+WSxfXbHPsApoMKjja2g1FkLbQg6ohuoj5VU+48XGIGkTCEn5
B6DKGyezRoyXV5h/3WooehTAHQIDAQABo4ICyDCCAsQwHQYDVR0OBBYEFGRznqrZ
MBvLfpAtXFD03h6HJeR6MB8GA1UdIwQYMBaAFHsByswXD+amGyAwQYXoaJRt9yha
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5MTlFQS82RDQ2M0NGRTA0
RkQxMUVBODJDQ0NBMThDNEY5QUUwMi9ld0hLekJjUDVxWWJJREJCaGVob2xHMzNL
Rm8uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2V3SEt6QmNQNXFZYklEQkJoZWhvbEczM0tGby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OTE5RUEvNkQ0NjNDRkUwNEZEMTFFQTgyQ0NDQTE4QzRGOUFFMDIvNTczMUFDRjYw
OUIxMTFFQUIwNDVCMzFFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwUgYIKwYBBQUHAQcBAf8E
QzBBMBoEAgABMBQwDAMEAngd/AMEAHgd/gMEAMsRSDAjBAIAAjAdMBIDBwAgAQ3N
AAEDBwMgAQ3NAAADBwAgAQ3N3QUwDQYJKoZIhvcNAQELBQADggEBAFrvm+FVGdUd
DnWlgUAu1ql1oMcs1uYqgOqXRAif2yaWP4iiSdDAx/oCFQY084USlPscZCTpZI3J
NUt3VjeFIZBM6nblz1EwjBMj9ecM2H2GbQEqBhdanQ+CujWib5/OGy83M6uYf5KL
mDVUpObWM5igORNjjbo2nMPUIAI/yQL3mYxY6DE2tHDLzGiXeCcqilDeJHFag3nu
rHjdbo3ceyaEegECNKeX7zIGemh1jQUfpEAl4TsIimK7rLY76LZcqZyFQrPhyqnr
B6bKDTbZMJZm3pM7w4Ht8vbdCpduZflfcZAoFDgjnvwOrHcNK0ihuMuesqnEE0iU
Ex8du9FF+S4=
-----END CERTIFICATE-----
Generated at Tue Mar 26 21:07:00 2024 by rpki-client on console-fra.rpki-client.org