Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A919536C/75B98BF0366011EE88E0F530C4F9AE02/9CF488DE366311EEB376DC3AC4F9AE02.roa
File:                     9CF488DE366311EEB376DC3AC4F9AE02.roa (raw, json)
Hash identifier:          uTBMkO8X0+hgj07rreOkXeexnxszo8LTNsZGrQnzIOU=
Subject key identifier:   10:8A:E4:17:A2:0B:D7:97:B9:F4:3B:41:15:5E:3E:59:53:3F:1B:6D
Certificate issuer:       /CN=A919536C/serialNumber=A090E520BF9D51F2FDCEED413AF27AC758F6AE1D
Certificate serial:       A9
Authority key identifier: A0:90:E5:20:BF:9D:51:F2:FD:CE:ED:41:3A:F2:7A:C7:58:F6:AE:1D
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/oJDlIL-dUfL9zu1BOvJ6x1j2rh0.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A919536C/75B98BF0366011EE88E0F530C4F9AE02/9CF488DE366311EEB376DC3AC4F9AE02.roa
Signing time:             Tue 07 May 2024 08:59:09 +0000
ROA not before:           Tue 07 May 2024 08:59:09 +0000
ROA not after:            Sat 31 Aug 2024 00:00:00 +0000
asID:                     132280
IP address blocks:        96.30.74.0/23 maxlen: 24
                          96.30.76.0/23 maxlen: 24
                          96.30.80.0/22 maxlen: 22
                          96.30.83.0/24 maxlen: 24
                          96.30.88.0/23 maxlen: 24
                          96.30.90.0/23 maxlen: 24
                          96.30.92.0/22 maxlen: 22
                          96.30.93.0/24 maxlen: 24
                          96.30.94.0/23 maxlen: 23
                          96.30.96.0/22 maxlen: 23
                          96.30.97.0/24 maxlen: 24
                          96.30.104.0/23 maxlen: 24
                          96.30.106.0/24 maxlen: 24
                          96.30.110.0/24 maxlen: 24
                          96.30.113.0/24 maxlen: 24
                          96.30.114.0/23 maxlen: 24
                          96.30.116.0/22 maxlen: 23
                          96.30.116.0/24 maxlen: 24
                          96.30.120.0/23 maxlen: 23
                          96.30.120.0/24 maxlen: 24
                          96.30.123.0/24 maxlen: 24
                          96.30.124.0/24 maxlen: 24
                          96.30.125.0/24 maxlen: 24
                          96.30.126.0/23 maxlen: 24
                          146.88.32.0/20 maxlen: 20
                          146.88.32.0/22 maxlen: 22
                          146.88.32.0/24 maxlen: 24
                          146.88.33.0/24 maxlen: 24
                          146.88.40.0/24 maxlen: 24
                          146.88.48.0/22 maxlen: 23
                          146.88.56.0/23 maxlen: 24
                          146.88.58.0/24 maxlen: 24
                          146.88.59.0/24 maxlen: 24
                          146.88.60.0/24 maxlen: 24
                          146.88.61.0/24 maxlen: 24
                          146.88.62.0/24 maxlen: 24
                          146.88.63.0/24 maxlen: 24
                          161.82.128.0/17 maxlen: 19
                          161.82.128.0/21 maxlen: 22
                          161.82.135.0/24 maxlen: 24
                          161.82.136.0/21 maxlen: 22
                          161.82.138.0/24 maxlen: 24
                          161.82.142.0/24 maxlen: 24
                          161.82.144.0/21 maxlen: 22
                          161.82.152.0/21 maxlen: 22
                          161.82.156.0/24 maxlen: 24
                          161.82.157.0/24 maxlen: 24
                          161.82.160.0/21 maxlen: 22
                          161.82.164.0/24 maxlen: 24
                          161.82.168.0/21 maxlen: 22
                          161.82.173.0/24 maxlen: 24
                          161.82.176.0/21 maxlen: 22
                          161.82.180.0/24 maxlen: 24
                          161.82.182.0/24 maxlen: 24
                          161.82.184.0/21 maxlen: 22
                          161.82.192.0/21 maxlen: 22
                          161.82.197.0/24 maxlen: 24
                          161.82.200.0/21 maxlen: 22
                          161.82.204.0/24 maxlen: 24
                          161.82.208.0/21 maxlen: 22
                          161.82.208.0/24 maxlen: 24
                          161.82.210.0/24 maxlen: 24
                          161.82.211.0/24 maxlen: 24
                          161.82.212.0/24 maxlen: 24
                          161.82.214.0/24 maxlen: 24
                          161.82.216.0/21 maxlen: 22
                          161.82.216.0/24 maxlen: 24
                          161.82.220.0/24 maxlen: 24
                          161.82.221.0/24 maxlen: 24
                          161.82.222.0/24 maxlen: 24
                          161.82.223.0/24 maxlen: 24
                          161.82.224.0/19 maxlen: 22
                          161.82.226.0/24 maxlen: 24
                          161.82.233.0/24 maxlen: 24
                          161.82.237.0/24 maxlen: 24
                          161.82.248.0/24 maxlen: 24
                          161.82.249.0/24 maxlen: 24
                          161.82.250.0/24 maxlen: 24
                          161.82.255.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A919536C/75B98BF0366011EE88E0F530C4F9AE02/oJDlIL-dUfL9zu1BOvJ6x1j2rh0.crl
                          rsync://rpki.apnic.net/member_repository/A919536C/75B98BF0366011EE88E0F530C4F9AE02/oJDlIL-dUfL9zu1BOvJ6x1j2rh0.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/oJDlIL-dUfL9zu1BOvJ6x1j2rh0.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 22 Jun 2024 02:50:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 169 (0xa9)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A919536C/serialNumber=A090E520BF9D51F2FDCEED413AF27AC758F6AE1D
        Validity
            Not Before: May  7 08:59:09 2024 GMT
            Not After : Aug 31 00:00:00 2024 GMT
        Subject: CN=6639ed5c-cc4f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:b2:7a:73:53:3b:fd:a3:d9:35:e9:c2:a3:35:
                    b5:b2:a6:b5:d8:f5:94:a9:88:e4:86:e1:f8:7d:a6:
                    16:73:d9:68:34:4f:4f:d5:f6:e6:82:c2:c6:09:68:
                    7f:2b:f8:05:4c:3c:1c:d0:96:41:71:bc:8f:64:39:
                    fa:46:94:2e:2c:ed:f5:9b:ca:2b:b8:31:99:b4:4e:
                    fc:1c:3f:f9:0d:87:65:a3:e9:75:13:50:f0:87:34:
                    02:4c:c2:43:45:f5:18:38:a1:90:14:b6:a6:31:33:
                    42:60:fe:ea:64:ff:8b:59:59:6b:eb:e8:4e:33:0c:
                    0e:db:c9:56:6e:3e:68:59:97:48:e1:37:e6:72:a4:
                    9a:b5:64:9e:10:59:d1:91:a5:e0:10:9e:55:a4:32:
                    dc:d8:26:ae:3a:8e:5a:8e:e8:70:b3:86:18:ac:dc:
                    93:68:58:ad:56:04:c9:ef:12:00:eb:55:ce:0e:3d:
                    58:9a:bb:a0:e6:15:14:44:bf:5f:1e:a4:1b:fa:74:
                    ed:1c:15:58:3a:d7:32:5d:f0:8d:f7:a5:8e:23:b6:
                    9d:e3:5b:e8:b7:06:ab:b2:5e:bf:b7:df:84:04:40:
                    17:b3:72:28:f3:f0:86:9e:1f:fb:b8:1b:b2:20:5f:
                    ae:51:b7:59:39:c7:97:96:b4:a4:43:b3:e0:26:01:
                    17:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                10:8A:E4:17:A2:0B:D7:97:B9:F4:3B:41:15:5E:3E:59:53:3F:1B:6D
            X509v3 Authority Key Identifier:
                keyid:A0:90:E5:20:BF:9D:51:F2:FD:CE:ED:41:3A:F2:7A:C7:58:F6:AE:1D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A919536C/75B98BF0366011EE88E0F530C4F9AE02/oJDlIL-dUfL9zu1BOvJ6x1j2rh0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/oJDlIL-dUfL9zu1BOvJ6x1j2rh0.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A919536C/75B98BF0366011EE88E0F530C4F9AE02/9CF488DE366311EEB376DC3AC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  96.30.74.0-96.30.77.255
                  96.30.80.0/22
                  96.30.88.0-96.30.99.255
                  96.30.104.0-96.30.106.255
                  96.30.110.0/24
                  96.30.113.0-96.30.121.255
                  96.30.123.0-96.30.127.255
                  146.88.32.0-146.88.51.255
                  146.88.56.0/21
                  161.82.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         6c:1d:cd:5c:14:a7:d0:c2:b0:81:ec:92:f3:af:9e:0d:41:e6:
         66:9c:3b:36:f5:13:cf:17:72:91:e1:d0:93:85:f2:a6:23:d8:
         c8:1a:0e:43:c7:31:b4:04:ed:19:27:ae:92:4c:bd:49:b7:ac:
         16:86:bf:79:68:44:05:fd:4d:c2:dc:e8:74:8a:7f:ce:3f:13:
         fc:6f:9e:9a:85:ac:8d:d0:ed:42:17:50:70:06:f5:43:41:20:
         e5:90:da:ca:6a:0a:90:32:1e:7d:23:4c:ed:82:bf:a6:57:9c:
         62:92:c2:35:8b:86:12:02:71:21:79:0c:87:eb:24:d2:e0:df:
         d1:b0:67:81:63:bc:5e:b2:ee:d5:34:31:85:ec:c3:ec:e2:3e:
         24:35:84:1b:29:30:af:1c:db:7d:71:21:5e:0a:85:e3:0d:55:
         b1:81:ec:48:c0:92:59:17:64:60:b9:c7:80:80:1c:2b:f8:88:
         59:19:4c:c7:51:e0:0d:d2:42:dc:94:bd:0e:6f:72:0d:80:87:
         3a:97:62:3a:27:10:6c:d2:ff:84:e2:54:f5:3e:e2:67:cf:08:
         f3:50:00:f2:2d:d2:4f:02:31:e1:7d:da:7a:3a:7d:65:ad:cc:
         5f:ba:c2:1d:27:25:36:ed:b3:44:47:f3:6b:df:58:42:80:b1:
         86:6f:3f:14
-----BEGIN CERTIFICATE-----
MIIF2DCCBMCgAwIBAgICAKkwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OTUzNkMxMTAvBgNVBAUTKEEwOTBFNTIwQkY5RDUxRjJGRENFRUQ0MTNBRjI3QUM3
NThGNkFFMUQwHhcNMjQwNTA3MDg1OTA5WhcNMjQwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjM5ZWQ1Yy1jYzRmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA1bJ6c1M7/aPZNenCozW1sqa12PWUqYjkhuH4faYWc9loNE9P1fbmgsLGCWh/
K/gFTDwc0JZBcbyPZDn6RpQuLO31m8oruDGZtE78HD/5DYdlo+l1E1DwhzQCTMJD
RfUYOKGQFLamMTNCYP7qZP+LWVlr6+hOMwwO28lWbj5oWZdI4TfmcqSatWSeEFnR
kaXgEJ5VpDLc2CauOo5ajuhws4YYrNyTaFitVgTJ7xIA61XODj1Ymrug5hUURL9f
HqQb+nTtHBVYOtcyXfCN96WOI7ad41votwarsl6/t9+EBEAXs3Io8/CGnh/7uBuy
IF+uUbdZOceXlrSkQ7PgJgEXXwIDAQABo4IC/DCCAvgwHQYDVR0OBBYEFBCK5Bei
C9eXufQ7QRVePllTPxttMB8GA1UdIwQYMBaAFKCQ5SC/nVHy/c7tQTryesdY9q4d
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5NTM2Qy83NUI5OEJGMDM2
NjAxMUVFODhFMEY1MzBDNEY5QUUwMi9vSkRsSUwtZFVmTDl6dTFCT3ZKNngxajJy
aDAuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL29KRGxJTC1kVWZMOXp1MUJPdko2eDFqMnJoMC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OTUzNkMvNzVCOThCRjAzNjYwMTFFRTg4RTBGNTMwQzRGOUFFMDIvOUNGNDg4REUz
NjYzMTFFRUIzNzZEQzNBQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgYUGCCsGAQUFBwEHAQH/
BHYwdDByBAIAATBsMAwDBAFgHkoDBAFgHkwDBAJgHlAwDAMEA2AeWAMEAmAeYDAM
AwQDYB5oAwQAYB5qAwQAYB5uMAwDBABgHnEDBAFgHngwDAMEAGAeewMEB2AeADAM
AwQFklggAwQCklgwAwQDklg4AwQHoVKAMA0GCSqGSIb3DQEBCwUAA4IBAQBsHc1c
FKfQwrCB7JLzr54NQeZmnDs29RPPF3KR4dCThfKmI9jIGg5DxzG0BO0ZJ66STL1J
t6wWhr95aEQF/U3C3Oh0in/OPxP8b56ahayN0O1CF1BwBvVDQSDlkNrKagqQMh59
I0ztgr+mV5xiksI1i4YSAnEheQyH6yTS4N/RsGeBY7xesu7VNDGF7MPs4j4kNYQb
KTCvHNt9cSFeCoXjDVWxgexIwJJZF2RguceAgBwr+IhZGUzHUeAN0kLclL0Ob3IN
gIc6l2I6JxBs0v+E4lT1PuJnzwjzUADyLdJPAjHhfdp6On1lrcxfusIdJyU27bNE
R/Nr31hCgLGGbz8U
-----END CERTIFICATE-----
Generated at Sat Jun 15 08:17:49 2024 by rpki-client on console-fra.rpki-client.org