Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91919EA/6D463CFE04FD11EA82CCCA18C4F9AE02/585A89FE09B111EAB045B31EC4F9AE02.roa
File:                     585A89FE09B111EAB045B31EC4F9AE02.roa (raw, json)
Hash identifier:          M4/YIzxDgXUiNPYwebtHJ2b7xiVviMJaqWCyFFUNwB4=
Subject key identifier:   85:42:58:40:B9:81:BF:64:20:7F:3C:D2:01:F9:1A:3B:50:39:F9:AE
Certificate issuer:       /CN=A91919EA/serialNumber=7B01CACC170FE6A61B20304185E868946DF7285A
Certificate serial:       0EAD
Authority key identifier: 7B:01:CA:CC:17:0F:E6:A6:1B:20:30:41:85:E8:68:94:6D:F7:28:5A
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ewHKzBcP5qYbIDBBheholG33KFo.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91919EA/6D463CFE04FD11EA82CCCA18C4F9AE02/585A89FE09B111EAB045B31EC4F9AE02.roa
Signing time:             Thu 29 Feb 2024 19:38:23 +0000
ROA not before:           Thu 29 Feb 2024 19:38:23 +0000
ROA not after:            Thu 01 May 2025 00:00:00 +0000
asID:                     397240
IP address blocks:        120.29.252.0/24 maxlen: 24
                          120.29.253.0/24 maxlen: 24
                          120.29.254.0/24 maxlen: 24
                          203.17.72.0/24 maxlen: 24
                          2001:dcd:1::/48 maxlen: 48
                          2001:dcd:2::/48 maxlen: 48
                          2001:dcd:3::/48 maxlen: 48
                          2001:dcd:4::/48 maxlen: 48
                          2001:dcd:5::/48 maxlen: 48
                          2001:dcd:6::/48 maxlen: 48
                          2001:dcd:7::/48 maxlen: 48
                          2001:dcd:dd05::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91919EA/6D463CFE04FD11EA82CCCA18C4F9AE02/ewHKzBcP5qYbIDBBheholG33KFo.crl
                          rsync://rpki.apnic.net/member_repository/A91919EA/6D463CFE04FD11EA82CCCA18C4F9AE02/ewHKzBcP5qYbIDBBheholG33KFo.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ewHKzBcP5qYbIDBBheholG33KFo.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 04 Apr 2024 19:20:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3757 (0xead)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91919EA/serialNumber=7B01CACC170FE6A61B20304185E868946DF7285A
        Validity
            Not Before: Feb 29 19:38:23 2024 GMT
            Not After : May  1 00:00:00 2025 GMT
        Subject: CN=65e0dd2e-ad8a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:df:a4:7a:0f:5e:a5:ab:6b:79:70:b7:db:3c:
                    84:6b:df:5b:ec:9a:b7:9c:ab:e4:44:89:2c:6d:a6:
                    bb:0e:8b:9d:4e:b3:28:98:d2:ca:a7:97:66:85:22:
                    0b:3d:e4:16:55:28:c5:a2:5a:c2:39:11:b2:9a:28:
                    e8:38:ac:99:89:c3:98:71:14:e4:ff:82:78:91:92:
                    39:93:98:13:89:39:9a:f4:69:3a:d7:3a:2c:0f:ae:
                    94:92:58:bf:ea:9b:98:e8:70:07:51:de:99:17:72:
                    2f:61:23:f3:4e:e3:14:0b:3f:f8:e6:b6:c3:de:99:
                    99:84:8f:34:96:44:85:6d:c8:74:9a:26:71:54:9b:
                    96:5c:56:e7:05:83:06:97:71:8f:55:80:99:38:d5:
                    17:94:dd:f4:a5:d0:22:ee:f4:a9:c1:0f:45:30:13:
                    b2:dc:33:50:d2:7a:4c:90:4e:d7:7d:b4:30:a3:16:
                    56:53:38:61:d3:14:9a:1d:8b:2a:b7:2c:d2:a1:48:
                    36:1b:e2:1e:08:34:dc:8f:e7:2c:ad:66:38:33:76:
                    33:cd:05:b2:aa:f5:e2:b8:a5:22:52:32:c9:54:ce:
                    c6:30:29:df:c2:ed:bd:76:b7:24:d9:f1:09:e1:4d:
                    38:e5:84:fe:cf:5b:6a:69:97:72:6a:9d:3d:30:03:
                    4d:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:42:58:40:B9:81:BF:64:20:7F:3C:D2:01:F9:1A:3B:50:39:F9:AE
            X509v3 Authority Key Identifier:
                keyid:7B:01:CA:CC:17:0F:E6:A6:1B:20:30:41:85:E8:68:94:6D:F7:28:5A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91919EA/6D463CFE04FD11EA82CCCA18C4F9AE02/ewHKzBcP5qYbIDBBheholG33KFo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ewHKzBcP5qYbIDBBheholG33KFo.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91919EA/6D463CFE04FD11EA82CCCA18C4F9AE02/585A89FE09B111EAB045B31EC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  120.29.252.0-120.29.254.255
                  203.17.72.0/24
                IPv6:
                  2001:dcd:1::-2001:dcd:7:ffff:ffff:ffff:ffff:ffff
                  2001:dcd:dd05::/48

    Signature Algorithm: sha256WithRSAEncryption
         59:b9:09:ae:de:63:d7:07:00:5a:ec:7e:bd:d0:78:51:3e:62:
         1e:ef:94:62:a2:d4:f9:36:f2:43:fb:5a:a0:19:6c:33:c9:6a:
         fd:47:21:0b:60:1d:5a:36:08:e8:6b:b8:a7:0e:f8:cd:d4:d9:
         43:da:c3:83:bb:e6:b0:4b:2e:a4:90:03:67:ee:34:2a:bf:c2:
         6d:ea:1c:e3:cd:2f:67:18:83:00:24:95:a6:31:3e:d5:00:67:
         77:15:0d:49:61:77:63:f2:bf:a3:35:c9:df:64:8c:c2:c1:22:
         ee:d8:03:49:e0:6b:e5:1e:16:24:d9:2c:8c:bc:55:00:f5:47:
         e9:1f:35:cb:90:a5:f4:a0:80:c6:d0:82:42:20:76:e7:83:84:
         ae:e2:17:fc:70:0d:2f:2d:b4:48:57:37:8b:41:86:b8:2b:e6:
         74:be:a3:d2:7c:ac:ab:cb:92:63:06:12:80:81:ef:73:0d:a5:
         8a:4f:7e:ff:3b:31:71:93:f1:8d:f3:3d:af:af:96:31:1b:e2:
         3a:8b:c4:c7:44:d8:c2:82:ee:65:96:b9:e4:9d:c6:26:26:d5:
         3f:63:62:f7:b1:b5:69:3e:30:7f:94:17:45:57:a5:ad:78:03:
         32:9e:76:ad:f4:61:d2:95:bd:5e:6f:5c:c1:03:9f:c2:39:51:
         f7:00:b3:ba
-----BEGIN CERTIFICATE-----
MIIFpDCCBIygAwIBAgICDq0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OTE5RUExMTAvBgNVBAUTKDdCMDFDQUNDMTcwRkU2QTYxQjIwMzA0MTg1RTg2ODk0
NkRGNzI4NUEwHhcNMjQwMjI5MTkzODIzWhcNMjUwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWUwZGQyZS1hZDhhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA0t+keg9epatreXC32zyEa99b7Jq3nKvkRIksbaa7DoudTrMomNLKp5dmhSIL
PeQWVSjFolrCORGymijoOKyZicOYcRTk/4J4kZI5k5gTiTma9Gk61zosD66Ukli/
6puY6HAHUd6ZF3IvYSPzTuMUCz/45rbD3pmZhI80lkSFbch0miZxVJuWXFbnBYMG
l3GPVYCZONUXlN30pdAi7vSpwQ9FMBOy3DNQ0npMkE7XfbQwoxZWUzhh0xSaHYsq
tyzSoUg2G+IeCDTcj+csrWY4M3YzzQWyqvXiuKUiUjLJVM7GMCnfwu29drck2fEJ
4U045YT+z1tqaZdyap09MANNRQIDAQABo4ICyDCCAsQwHQYDVR0OBBYEFIVCWEC5
gb9kIH880gH5GjtQOfmuMB8GA1UdIwQYMBaAFHsByswXD+amGyAwQYXoaJRt9yha
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5MTlFQS82RDQ2M0NGRTA0
RkQxMUVBODJDQ0NBMThDNEY5QUUwMi9ld0hLekJjUDVxWWJJREJCaGVob2xHMzNL
Rm8uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2V3SEt6QmNQNXFZYklEQkJoZWhvbEczM0tGby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OTE5RUEvNkQ0NjNDRkUwNEZEMTFFQTgyQ0NDQTE4QzRGOUFFMDIvNTg1QTg5RkUw
OUIxMTFFQUIwNDVCMzFFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwUgYIKwYBBQUHAQcBAf8E
QzBBMBoEAgABMBQwDAMEAngd/AMEAHgd/gMEAMsRSDAjBAIAAjAdMBIDBwAgAQ3N
AAEDBwMgAQ3NAAADBwAgAQ3N3QUwDQYJKoZIhvcNAQELBQADggEBAFm5Ca7eY9cH
AFrsfr3QeFE+Yh7vlGKi1Pk28kP7WqAZbDPJav1HIQtgHVo2COhruKcO+M3U2UPa
w4O75rBLLqSQA2fuNCq/wm3qHOPNL2cYgwAklaYxPtUAZ3cVDUlhd2Pyv6M1yd9k
jMLBIu7YA0nga+UeFiTZLIy8VQD1R+kfNcuQpfSggMbQgkIgdueDhK7iF/xwDS8t
tEhXN4tBhrgr5nS+o9J8rKvLkmMGEoCB73MNpYpPfv87MXGT8Y3zPa+vljEb4jqL
xMdE2MKC7mWWueSdxiYm1T9jYvextWk+MH+UF0VXpa14AzKedq30YdKVvV5vXMED
n8I5UfcAs7o=
-----END CERTIFICATE-----
Generated at Thu Mar 28 22:24:09 2024 by rpki-client on console-fra.rpki-client.org