Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A919536C/75B98BF0366011EE88E0F530C4F9AE02/9CF488DE366311EEB376DC3AC4F9AE02.roa
File:                     9CF488DE366311EEB376DC3AC4F9AE02.roa (raw, json)
Hash identifier:          nhZ/2R1LpgNvdgpDaU3zTVSEK/pryl7bLbuF4WXMBkA=
Subject key identifier:   9A:C5:73:41:86:69:17:20:DF:84:91:DC:D0:49:59:35:86:8F:8C:2E
Certificate issuer:       /CN=A919536C/serialNumber=A090E520BF9D51F2FDCEED413AF27AC758F6AE1D
Certificate serial:       C5
Authority key identifier: A0:90:E5:20:BF:9D:51:F2:FD:CE:ED:41:3A:F2:7A:C7:58:F6:AE:1D
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/oJDlIL-dUfL9zu1BOvJ6x1j2rh0.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A919536C/75B98BF0366011EE88E0F530C4F9AE02/9CF488DE366311EEB376DC3AC4F9AE02.roa
Signing time:             Tue 25 Jun 2024 06:21:54 +0000
ROA not before:           Tue 25 Jun 2024 06:21:54 +0000
ROA not after:            Sun 31 Aug 2025 00:00:00 +0000
asID:                     132280
IP address blocks:        96.30.74.0/23 maxlen: 24
                          96.30.76.0/23 maxlen: 24
                          96.30.80.0/22 maxlen: 22
                          96.30.83.0/24 maxlen: 24
                          96.30.88.0/23 maxlen: 24
                          96.30.90.0/23 maxlen: 24
                          96.30.92.0/22 maxlen: 22
                          96.30.93.0/24 maxlen: 24
                          96.30.94.0/23 maxlen: 23
                          96.30.96.0/22 maxlen: 23
                          96.30.97.0/24 maxlen: 24
                          96.30.104.0/23 maxlen: 24
                          96.30.106.0/24 maxlen: 24
                          96.30.110.0/24 maxlen: 24
                          96.30.113.0/24 maxlen: 24
                          96.30.114.0/23 maxlen: 24
                          96.30.116.0/22 maxlen: 23
                          96.30.116.0/24 maxlen: 24
                          96.30.120.0/23 maxlen: 23
                          96.30.120.0/24 maxlen: 24
                          96.30.123.0/24 maxlen: 24
                          96.30.124.0/24 maxlen: 24
                          96.30.125.0/24 maxlen: 24
                          96.30.126.0/23 maxlen: 24
                          146.88.32.0/20 maxlen: 20
                          146.88.32.0/22 maxlen: 22
                          146.88.32.0/24 maxlen: 24
                          146.88.33.0/24 maxlen: 24
                          146.88.40.0/24 maxlen: 24
                          146.88.48.0/22 maxlen: 23
                          146.88.56.0/23 maxlen: 24
                          146.88.58.0/24 maxlen: 24
                          146.88.59.0/24 maxlen: 24
                          146.88.60.0/24 maxlen: 24
                          146.88.61.0/24 maxlen: 24
                          146.88.62.0/24 maxlen: 24
                          146.88.63.0/24 maxlen: 24
                          161.82.128.0/17 maxlen: 19
                          161.82.128.0/21 maxlen: 22
                          161.82.135.0/24 maxlen: 24
                          161.82.136.0/21 maxlen: 22
                          161.82.138.0/24 maxlen: 24
                          161.82.142.0/24 maxlen: 24
                          161.82.144.0/21 maxlen: 22
                          161.82.152.0/21 maxlen: 22
                          161.82.156.0/24 maxlen: 24
                          161.82.157.0/24 maxlen: 24
                          161.82.160.0/21 maxlen: 22
                          161.82.164.0/24 maxlen: 24
                          161.82.168.0/21 maxlen: 22
                          161.82.173.0/24 maxlen: 24
                          161.82.176.0/21 maxlen: 22
                          161.82.180.0/24 maxlen: 24
                          161.82.182.0/24 maxlen: 24
                          161.82.184.0/21 maxlen: 22
                          161.82.192.0/21 maxlen: 22
                          161.82.197.0/24 maxlen: 24
                          161.82.200.0/21 maxlen: 22
                          161.82.204.0/24 maxlen: 24
                          161.82.208.0/21 maxlen: 22
                          161.82.208.0/24 maxlen: 24
                          161.82.210.0/24 maxlen: 24
                          161.82.211.0/24 maxlen: 24
                          161.82.212.0/24 maxlen: 24
                          161.82.214.0/24 maxlen: 24
                          161.82.216.0/21 maxlen: 22
                          161.82.216.0/24 maxlen: 24
                          161.82.220.0/24 maxlen: 24
                          161.82.221.0/24 maxlen: 24
                          161.82.222.0/24 maxlen: 24
                          161.82.223.0/24 maxlen: 24
                          161.82.224.0/19 maxlen: 22
                          161.82.226.0/24 maxlen: 24
                          161.82.233.0/24 maxlen: 24
                          161.82.237.0/24 maxlen: 24
                          161.82.248.0/24 maxlen: 24
                          161.82.249.0/24 maxlen: 24
                          161.82.250.0/24 maxlen: 24
                          161.82.255.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A919536C/75B98BF0366011EE88E0F530C4F9AE02/oJDlIL-dUfL9zu1BOvJ6x1j2rh0.crl
                          rsync://rpki.apnic.net/member_repository/A919536C/75B98BF0366011EE88E0F530C4F9AE02/oJDlIL-dUfL9zu1BOvJ6x1j2rh0.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/oJDlIL-dUfL9zu1BOvJ6x1j2rh0.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 02 Jul 2024 06:21:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 197 (0xc5)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A919536C/serialNumber=A090E520BF9D51F2FDCEED413AF27AC758F6AE1D
        Validity
            Not Before: Jun 25 06:21:54 2024 GMT
            Not After : Aug 31 00:00:00 2025 GMT
        Subject: CN=667a6202-3824
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:0d:a4:85:f8:ba:84:34:e6:d8:1f:d2:9e:d8:
                    46:d1:2e:30:a8:b0:87:af:a2:11:05:ac:14:ef:27:
                    18:36:cc:d3:d0:88:45:51:92:69:b5:4e:b2:0d:f5:
                    93:16:d7:7d:a2:52:1c:a8:b4:ac:95:49:8c:69:41:
                    58:7a:60:bd:72:d3:c6:15:91:95:06:08:f4:9e:8d:
                    04:64:c2:54:7c:05:80:d6:04:63:f5:f9:7a:b5:d7:
                    8c:ed:01:ea:5c:bf:ae:23:60:98:9b:a5:9e:64:86:
                    15:7a:a3:54:45:08:da:ef:27:e1:68:2e:dd:ae:07:
                    57:41:02:ee:b9:c6:5f:cc:70:f0:8d:ff:35:fc:97:
                    5e:8f:9b:e7:c2:47:b6:dc:3f:95:8f:53:f9:5f:11:
                    90:f2:64:c3:3c:ac:f9:85:b1:b9:da:d6:47:6b:49:
                    7a:cb:34:a4:13:72:c8:97:fc:4b:9e:6a:34:b0:a1:
                    af:3c:39:3c:11:c0:69:48:4a:54:3b:f6:11:15:96:
                    9f:4a:4c:4f:a1:44:98:a2:d8:4a:94:1a:36:91:d0:
                    d9:86:71:58:24:9b:e4:48:22:8f:cd:28:11:6d:32:
                    6a:5b:99:d9:ba:12:60:e6:22:67:fe:03:0a:f3:88:
                    41:a3:0f:41:02:bf:83:5a:fb:51:e2:71:20:f7:66:
                    a7:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:C5:73:41:86:69:17:20:DF:84:91:DC:D0:49:59:35:86:8F:8C:2E
            X509v3 Authority Key Identifier:
                keyid:A0:90:E5:20:BF:9D:51:F2:FD:CE:ED:41:3A:F2:7A:C7:58:F6:AE:1D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A919536C/75B98BF0366011EE88E0F530C4F9AE02/oJDlIL-dUfL9zu1BOvJ6x1j2rh0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/oJDlIL-dUfL9zu1BOvJ6x1j2rh0.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A919536C/75B98BF0366011EE88E0F530C4F9AE02/9CF488DE366311EEB376DC3AC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  96.30.74.0-96.30.77.255
                  96.30.80.0/22
                  96.30.88.0-96.30.99.255
                  96.30.104.0-96.30.106.255
                  96.30.110.0/24
                  96.30.113.0-96.30.121.255
                  96.30.123.0-96.30.127.255
                  146.88.32.0-146.88.51.255
                  146.88.56.0/21
                  161.82.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         01:18:ef:71:fa:3c:4d:c5:14:a5:44:2e:20:d0:b0:95:7f:cf:
         b5:e0:8e:bf:d5:e3:0d:28:bc:eb:d2:22:75:93:36:c5:d6:b5:
         a5:1a:0c:f8:4a:52:bb:2d:84:f9:d5:9b:63:6e:38:df:e6:e1:
         6a:b7:a7:87:29:40:61:bb:7a:22:96:ff:9b:a2:1d:08:3c:72:
         93:8f:94:6a:77:b5:b7:a9:4f:a0:fc:9f:0b:a4:d9:55:10:c7:
         0b:d2:27:9a:5b:ab:18:e4:c9:78:30:35:c5:72:95:2d:8f:fd:
         c1:b8:71:1e:c1:4e:0d:40:4e:69:2d:78:ab:be:9e:77:e6:f2:
         82:78:f8:e2:df:2b:63:59:df:d9:9a:02:38:8d:e1:a0:51:02:
         54:d6:3c:b9:eb:d8:89:d6:e8:4b:39:10:a5:d1:0e:26:0e:8f:
         37:5d:46:be:77:8a:bf:33:31:27:ad:b2:28:72:49:2c:08:7e:
         4b:39:b1:c0:ee:84:a1:52:ee:fe:f2:4e:63:80:6b:d4:11:a5:
         ba:74:77:7c:da:19:d4:d4:54:ca:eb:9e:1a:fe:37:17:03:f2:
         71:25:bb:b6:26:61:eb:c7:20:f6:f9:4d:b7:16:5c:2a:2e:f6:
         d2:44:55:21:53:be:d1:20:be:61:64:6c:cd:a0:d8:d7:ee:eb:
         fa:a7:40:15
-----BEGIN CERTIFICATE-----
MIIF2DCCBMCgAwIBAgICAMUwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OTUzNkMxMTAvBgNVBAUTKEEwOTBFNTIwQkY5RDUxRjJGRENFRUQ0MTNBRjI3QUM3
NThGNkFFMUQwHhcNMjQwNjI1MDYyMTU0WhcNMjUwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjdhNjIwMi0zODI0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAxQ2khfi6hDTm2B/SnthG0S4wqLCHr6IRBawU7ycYNszT0IhFUZJptU6yDfWT
Ftd9olIcqLSslUmMaUFYemC9ctPGFZGVBgj0no0EZMJUfAWA1gRj9fl6tdeM7QHq
XL+uI2CYm6WeZIYVeqNURQja7yfhaC7drgdXQQLuucZfzHDwjf81/Jdej5vnwke2
3D+Vj1P5XxGQ8mTDPKz5hbG52tZHa0l6yzSkE3LIl/xLnmo0sKGvPDk8EcBpSEpU
O/YRFZafSkxPoUSYothKlBo2kdDZhnFYJJvkSCKPzSgRbTJqW5nZuhJg5iJn/gMK
84hBow9BAr+DWvtR4nEg92anlQIDAQABo4IC/DCCAvgwHQYDVR0OBBYEFJrFc0GG
aRcg34SR3NBJWTWGj4wuMB8GA1UdIwQYMBaAFKCQ5SC/nVHy/c7tQTryesdY9q4d
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5NTM2Qy83NUI5OEJGMDM2
NjAxMUVFODhFMEY1MzBDNEY5QUUwMi9vSkRsSUwtZFVmTDl6dTFCT3ZKNngxajJy
aDAuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL29KRGxJTC1kVWZMOXp1MUJPdko2eDFqMnJoMC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OTUzNkMvNzVCOThCRjAzNjYwMTFFRTg4RTBGNTMwQzRGOUFFMDIvOUNGNDg4REUz
NjYzMTFFRUIzNzZEQzNBQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgYUGCCsGAQUFBwEHAQH/
BHYwdDByBAIAATBsMAwDBAFgHkoDBAFgHkwDBAJgHlAwDAMEA2AeWAMEAmAeYDAM
AwQDYB5oAwQAYB5qAwQAYB5uMAwDBABgHnEDBAFgHngwDAMEAGAeewMEB2AeADAM
AwQFklggAwQCklgwAwQDklg4AwQHoVKAMA0GCSqGSIb3DQEBCwUAA4IBAQABGO9x
+jxNxRSlRC4g0LCVf8+14I6/1eMNKLzr0iJ1kzbF1rWlGgz4SlK7LYT51Ztjbjjf
5uFqt6eHKUBhu3oilv+boh0IPHKTj5Rqd7W3qU+g/J8LpNlVEMcL0ieaW6sY5Ml4
MDXFcpUtj/3BuHEewU4NQE5pLXirvp535vKCePji3ytjWd/ZmgI4jeGgUQJU1jy5
69iJ1uhLORCl0Q4mDo83XUa+d4q/MzEnrbIockksCH5LObHA7oShUu7+8k5jgGvU
EaW6dHd82hnU1FTK654a/jcXA/JxJbu2JmHrxyD2+U23FlwqLvbSRFUhU77RIL5h
ZGzNoNjX7uv6p0AV
-----END CERTIFICATE-----
Generated at Tue Jun 25 07:42:30 2024 by rpki-client on console-ams.rpki-client.org