Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A919536C/75B98BF0366011EE88E0F530C4F9AE02/A14DCC1A366311EEB376DC3AC4F9AE02.roa
File:                     A14DCC1A366311EEB376DC3AC4F9AE02.roa (raw, json)
Hash identifier:          uXWLPj49wt34ZFOdgRvzFts1coN6e2ycjWdiQjNmKsk=
Subject key identifier:   2D:59:C4:47:15:96:D1:B2:61:BA:DA:2E:51:BB:6D:46:41:F9:6F:27
Certificate issuer:       /CN=A919536C/serialNumber=A090E520BF9D51F2FDCEED413AF27AC758F6AE1D
Certificate serial:       CC
Authority key identifier: A0:90:E5:20:BF:9D:51:F2:FD:CE:ED:41:3A:F2:7A:C7:58:F6:AE:1D
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/oJDlIL-dUfL9zu1BOvJ6x1j2rh0.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A919536C/75B98BF0366011EE88E0F530C4F9AE02/A14DCC1A366311EEB376DC3AC4F9AE02.roa
Signing time:             Tue 25 Jun 2024 06:22:01 +0000
ROA not before:           Tue 25 Jun 2024 06:22:01 +0000
ROA not after:            Sun 31 Aug 2025 00:00:00 +0000
asID:                     140326
IP address blocks:        161.82.178.0/24 maxlen: 24
                          161.82.179.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A919536C/75B98BF0366011EE88E0F530C4F9AE02/oJDlIL-dUfL9zu1BOvJ6x1j2rh0.crl
                          rsync://rpki.apnic.net/member_repository/A919536C/75B98BF0366011EE88E0F530C4F9AE02/oJDlIL-dUfL9zu1BOvJ6x1j2rh0.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/oJDlIL-dUfL9zu1BOvJ6x1j2rh0.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 02 Jul 2024 06:21:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 204 (0xcc)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A919536C/serialNumber=A090E520BF9D51F2FDCEED413AF27AC758F6AE1D
        Validity
            Not Before: Jun 25 06:22:01 2024 GMT
            Not After : Aug 31 00:00:00 2025 GMT
        Subject: CN=667a6209-bacb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:21:b4:6f:9b:06:a4:ec:0d:5a:58:2c:dc:2b:
                    4d:2b:ce:cc:15:5b:e2:f2:45:3f:f6:57:72:12:9b:
                    97:bb:a5:e5:a8:35:1d:de:25:7e:3f:7b:b8:10:f2:
                    d1:06:51:f1:91:8b:8f:5d:7f:60:17:f8:e7:f9:16:
                    ce:d1:c8:fd:26:af:11:ec:7a:eb:bb:4d:c3:34:b8:
                    f8:7a:7b:5e:40:af:74:e9:b7:24:8c:a6:29:a6:72:
                    ad:83:40:a6:08:af:b5:11:d6:0e:45:f6:d5:00:5c:
                    10:e3:34:c6:3f:65:8a:f0:d1:61:f3:f6:5b:93:e3:
                    eb:2c:77:10:a0:14:59:82:54:aa:f6:c4:69:39:4e:
                    fc:a1:10:ac:80:ce:c8:c7:1c:fe:22:e2:06:2d:cf:
                    63:16:37:7a:f9:a6:5a:52:00:4d:77:ac:e4:9f:f5:
                    4e:b7:04:61:5e:8a:11:56:e6:fb:93:68:fd:33:25:
                    ab:94:87:59:64:15:67:e5:d2:49:5c:b9:de:e6:f8:
                    23:97:38:60:b5:c5:18:6c:51:8f:81:7f:9f:8c:dc:
                    a9:38:c5:66:67:d1:8b:47:41:1b:4c:b1:ee:1d:32:
                    c6:88:5f:f7:81:73:ef:53:8a:cd:31:ee:1f:19:1d:
                    fd:64:41:44:da:b9:a4:be:81:2d:e8:60:55:44:2e:
                    1f:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:59:C4:47:15:96:D1:B2:61:BA:DA:2E:51:BB:6D:46:41:F9:6F:27
            X509v3 Authority Key Identifier:
                keyid:A0:90:E5:20:BF:9D:51:F2:FD:CE:ED:41:3A:F2:7A:C7:58:F6:AE:1D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A919536C/75B98BF0366011EE88E0F530C4F9AE02/oJDlIL-dUfL9zu1BOvJ6x1j2rh0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/oJDlIL-dUfL9zu1BOvJ6x1j2rh0.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A919536C/75B98BF0366011EE88E0F530C4F9AE02/A14DCC1A366311EEB376DC3AC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  161.82.178.0/23

    Signature Algorithm: sha256WithRSAEncryption
         29:95:b6:3c:2a:cb:68:3e:02:72:93:14:8a:22:d6:6f:8c:4d:
         39:64:cf:de:35:22:56:0b:1c:e8:9e:af:af:73:ca:ac:bb:ba:
         c0:f9:75:e5:88:1f:bf:e0:22:be:61:25:b4:00:42:f9:92:01:
         43:bd:d4:e8:69:fc:fd:97:cf:fc:52:d9:13:e6:84:54:e6:14:
         e5:8f:9d:70:cb:bb:e5:10:37:a2:22:3e:17:39:a6:50:e1:e9:
         c1:06:5c:11:11:4a:fb:7a:d1:59:4b:79:23:56:83:a5:1d:6a:
         fb:b9:70:21:cf:25:1f:98:15:07:ea:8e:aa:2b:18:4c:9e:52:
         81:e9:bc:21:c4:db:f9:d8:5f:d0:d8:88:d6:b3:14:2b:98:96:
         7f:59:57:3f:99:80:a2:21:eb:ca:19:3b:e6:e6:c5:85:23:0c:
         5e:9c:19:50:03:35:67:9e:bc:6f:b1:41:7a:e0:3c:03:2e:eb:
         66:20:b4:57:39:82:35:ac:fb:0f:8c:48:a4:81:3f:f3:7f:f5:
         5a:5c:39:4c:74:d7:41:65:fc:47:72:be:43:cf:01:aa:20:24:
         21:6f:f0:55:91:c5:d5:ce:aa:de:83:e4:63:b0:1e:00:3b:f1:
         bd:45:f8:81:3a:6a:7f:77:b7:61:24:74:eb:38:b9:52:ac:e5:
         fe:c4:5b:fb
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICAMwwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OTUzNkMxMTAvBgNVBAUTKEEwOTBFNTIwQkY5RDUxRjJGRENFRUQ0MTNBRjI3QUM3
NThGNkFFMUQwHhcNMjQwNjI1MDYyMjAxWhcNMjUwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjdhNjIwOS1iYWNiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA4yG0b5sGpOwNWlgs3CtNK87MFVvi8kU/9ldyEpuXu6XlqDUd3iV+P3u4EPLR
BlHxkYuPXX9gF/jn+RbO0cj9Jq8R7Hrru03DNLj4enteQK906bckjKYppnKtg0Cm
CK+1EdYORfbVAFwQ4zTGP2WK8NFh8/Zbk+PrLHcQoBRZglSq9sRpOU78oRCsgM7I
xxz+IuIGLc9jFjd6+aZaUgBNd6zkn/VOtwRhXooRVub7k2j9MyWrlIdZZBVn5dJJ
XLne5vgjlzhgtcUYbFGPgX+fjNypOMVmZ9GLR0EbTLHuHTLGiF/3gXPvU4rNMe4f
GR39ZEFE2rmkvoEt6GBVRC4fTQIDAQABo4IClTCCApEwHQYDVR0OBBYEFC1ZxEcV
ltGyYbraLlG7bUZB+W8nMB8GA1UdIwQYMBaAFKCQ5SC/nVHy/c7tQTryesdY9q4d
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5NTM2Qy83NUI5OEJGMDM2
NjAxMUVFODhFMEY1MzBDNEY5QUUwMi9vSkRsSUwtZFVmTDl6dTFCT3ZKNngxajJy
aDAuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL29KRGxJTC1kVWZMOXp1MUJPdko2eDFqMnJoMC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OTUzNkMvNzVCOThCRjAzNjYwMTFFRTg4RTBGNTMwQzRGOUFFMDIvQTE0RENDMUEz
NjYzMTFFRUIzNzZEQzNBQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAGhUrIwDQYJKoZIhvcNAQELBQADggEBACmVtjwqy2g+AnKT
FIoi1m+MTTlkz941IlYLHOier69zyqy7usD5deWIH7/gIr5hJbQAQvmSAUO91Ohp
/P2Xz/xS2RPmhFTmFOWPnXDLu+UQN6IiPhc5plDh6cEGXBERSvt60VlLeSNWg6Ud
avu5cCHPJR+YFQfqjqorGEyeUoHpvCHE2/nYX9DYiNazFCuYln9ZVz+ZgKIh68oZ
O+bmxYUjDF6cGVADNWeevG+xQXrgPAMu62YgtFc5gjWs+w+MSKSBP/N/9VpcOUx0
10Fl/EdyvkPPAaogJCFv8FWRxdXOqt6D5GOwHgA78b1F+IE6an93t2EkdOs4uVKs
5f7EW/s=
-----END CERTIFICATE-----
Generated at Tue Jun 25 07:06:32 2024 by rpki-client on console-fra.rpki-client.org