Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91919EA/6D463CFE04FD11EA82CCCA18C4F9AE02/D2CA53BCAF8E11EAA40B786BC4F9AE02.roa
File:                     D2CA53BCAF8E11EAA40B786BC4F9AE02.roa (raw, json)
Hash identifier:          wB0s66v9M93cgErxsfMtFMJx2dUMKCkCUSxfojTViS4=
Subject key identifier:   56:6D:A2:62:B5:C0:F6:D0:3B:96:D3:86:1E:54:4C:24:27:D0:2C:A9
Certificate issuer:       /CN=A91919EA/serialNumber=7B01CACC170FE6A61B20304185E868946DF7285A
Certificate serial:       0E90
Authority key identifier: 7B:01:CA:CC:17:0F:E6:A6:1B:20:30:41:85:E8:68:94:6D:F7:28:5A
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ewHKzBcP5qYbIDBBheholG33KFo.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91919EA/6D463CFE04FD11EA82CCCA18C4F9AE02/D2CA53BCAF8E11EAA40B786BC4F9AE02.roa
Signing time:             Thu 29 Feb 2024 19:37:54 +0000
ROA not before:           Thu 29 Feb 2024 19:37:54 +0000
ROA not after:            Thu 01 May 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        119.161.49.0/24 maxlen: 24
                          2001:dcd:22::/48 maxlen: 48
                          2001:dcd:23::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91919EA/6D463CFE04FD11EA82CCCA18C4F9AE02/ewHKzBcP5qYbIDBBheholG33KFo.crl
                          rsync://rpki.apnic.net/member_repository/A91919EA/6D463CFE04FD11EA82CCCA18C4F9AE02/ewHKzBcP5qYbIDBBheholG33KFo.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ewHKzBcP5qYbIDBBheholG33KFo.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 02 Apr 2024 19:18:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3728 (0xe90)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91919EA/serialNumber=7B01CACC170FE6A61B20304185E868946DF7285A
        Validity
            Not Before: Feb 29 19:37:54 2024 GMT
            Not After : May  1 00:00:00 2025 GMT
        Subject: CN=65e0dd12-5940
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:fb:cc:57:93:bd:86:fc:71:ab:0d:f2:13:91:
                    74:b4:16:a5:c1:08:0c:dd:20:49:8d:89:e4:2c:e4:
                    8c:94:22:5e:33:10:a1:25:5e:2a:06:5b:87:28:78:
                    28:3b:5e:66:56:bc:2f:a2:b6:d9:1d:41:d7:d6:da:
                    1d:a0:c5:c2:2b:89:55:6c:07:27:ae:1b:78:cb:ca:
                    d4:69:02:20:70:83:97:1f:5b:cb:89:f2:6c:9d:60:
                    7b:a0:6f:0e:7e:50:57:55:4b:00:66:44:3a:5f:07:
                    3a:e5:27:04:64:3a:f1:0a:1c:af:89:c7:8b:c9:75:
                    05:50:a6:33:d8:bf:55:7e:30:ae:6c:44:ba:41:62:
                    28:ec:88:9e:ef:fc:0b:ce:b1:6f:c9:a3:2b:d1:fc:
                    db:9a:c6:8f:17:2f:22:dc:39:25:45:43:d1:40:aa:
                    48:5a:05:a7:e7:3c:af:08:cb:00:88:e8:c8:40:1a:
                    1d:a8:67:c2:25:98:88:8e:7f:f6:6a:e4:25:96:2b:
                    19:38:b4:21:28:ea:b2:73:49:37:f3:29:36:87:c7:
                    b7:d5:62:57:ae:90:3a:fc:0b:ad:e6:f7:df:37:04:
                    90:6e:d3:3b:02:93:d8:d6:c9:b8:ae:c8:83:ce:65:
                    9c:cd:00:60:67:ce:2d:4f:39:8d:a6:6c:2b:30:5d:
                    98:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:6D:A2:62:B5:C0:F6:D0:3B:96:D3:86:1E:54:4C:24:27:D0:2C:A9
            X509v3 Authority Key Identifier:
                keyid:7B:01:CA:CC:17:0F:E6:A6:1B:20:30:41:85:E8:68:94:6D:F7:28:5A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91919EA/6D463CFE04FD11EA82CCCA18C4F9AE02/ewHKzBcP5qYbIDBBheholG33KFo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ewHKzBcP5qYbIDBBheholG33KFo.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91919EA/6D463CFE04FD11EA82CCCA18C4F9AE02/D2CA53BCAF8E11EAA40B786BC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  119.161.49.0/24
                IPv6:
                  2001:dcd:22::/47

    Signature Algorithm: sha256WithRSAEncryption
         72:f0:cd:ee:5a:9c:b0:b6:61:1a:37:41:df:55:a3:08:5b:fc:
         ee:65:d2:d6:59:73:9f:3f:56:53:6d:95:fd:f0:dc:4e:b0:a2:
         82:46:29:36:bc:27:64:2c:bd:01:d3:39:7b:7d:9d:ae:bd:82:
         40:4f:aa:49:d1:17:29:50:6f:2c:39:6e:e3:c2:07:1b:fe:eb:
         25:1f:30:dc:ea:5e:a5:f9:31:34:71:67:53:56:14:0e:0b:97:
         80:33:b8:0d:c8:55:a4:40:a2:3f:56:52:07:79:c8:ab:f1:b4:
         af:a8:88:6f:7b:6c:7b:b1:a6:9a:94:23:47:28:37:e2:8e:a6:
         19:4d:2e:32:08:0f:d9:de:44:b9:64:43:bd:b2:47:97:7e:4c:
         48:9e:f4:ca:01:cb:b2:4d:aa:ac:07:03:38:b8:95:d6:85:67:
         42:2f:c3:2e:ad:57:00:47:92:14:88:81:b4:ff:bd:14:71:67:
         d0:66:4e:d6:77:b5:33:ec:2d:00:77:36:83:1b:32:2d:39:07:
         8f:38:e0:73:41:ca:94:6b:84:7c:7f:58:6f:d3:12:34:90:9f:
         29:f8:56:81:d1:2b:e1:50:3b:0a:c8:0c:7f:d7:f1:f8:df:19:
         59:f5:c7:6f:f5:e6:0c:02:f9:89:0e:9c:70:87:92:68:fc:23:
         ef:4a:1a:eb
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICDpAwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OTE5RUExMTAvBgNVBAUTKDdCMDFDQUNDMTcwRkU2QTYxQjIwMzA0MTg1RTg2ODk0
NkRGNzI4NUEwHhcNMjQwMjI5MTkzNzU0WhcNMjUwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWUwZGQxMi01OTQwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAufvMV5O9hvxxqw3yE5F0tBalwQgM3SBJjYnkLOSMlCJeMxChJV4qBluHKHgo
O15mVrwvorbZHUHX1todoMXCK4lVbAcnrht4y8rUaQIgcIOXH1vLifJsnWB7oG8O
flBXVUsAZkQ6Xwc65ScEZDrxChyviceLyXUFUKYz2L9VfjCubES6QWIo7Iie7/wL
zrFvyaMr0fzbmsaPFy8i3DklRUPRQKpIWgWn5zyvCMsAiOjIQBodqGfCJZiIjn/2
auQllisZOLQhKOqyc0k38yk2h8e31WJXrpA6/Aut5vffNwSQbtM7ApPY1sm4rsiD
zmWczQBgZ84tTzmNpmwrMF2YsQIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFFZtomK1
wPbQO5bThh5UTCQn0CypMB8GA1UdIwQYMBaAFHsByswXD+amGyAwQYXoaJRt9yha
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5MTlFQS82RDQ2M0NGRTA0
RkQxMUVBODJDQ0NBMThDNEY5QUUwMi9ld0hLekJjUDVxWWJJREJCaGVob2xHMzNL
Rm8uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2V3SEt6QmNQNXFZYklEQkJoZWhvbEczM0tGby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OTE5RUEvNkQ0NjNDRkUwNEZEMTFFQTgyQ0NDQTE4QzRGOUFFMDIvRDJDQTUzQkNB
RjhFMTFFQUE0MEI3ODZCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBAB3oTEwDwQCAAIwCQMHASABDc0AIjANBgkqhkiG9w0BAQsF
AAOCAQEAcvDN7lqcsLZhGjdB31WjCFv87mXS1llznz9WU22V/fDcTrCigkYpNrwn
ZCy9AdM5e32drr2CQE+qSdEXKVBvLDlu48IHG/7rJR8w3OpepfkxNHFnU1YUDguX
gDO4DchVpECiP1ZSB3nIq/G0r6iIb3tse7GmmpQjRyg34o6mGU0uMggP2d5EuWRD
vbJHl35MSJ70ygHLsk2qrAcDOLiV1oVnQi/DLq1XAEeSFIiBtP+9FHFn0GZO1ne1
M+wtAHc2gxsyLTkHjzjgc0HKlGuEfH9Yb9MSNJCfKfhWgdEr4VA7CsgMf9fx+N8Z
WfXHb/XmDAL5iQ6ccIeSaPwj70oa6w==
-----END CERTIFICATE-----
Generated at Tue Mar 26 21:07:00 2024 by rpki-client on console-fra.rpki-client.org