Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A919DC74/E42CBC4C462911EDAE78B235C4F9AE02/C07FAA5C804311EE928AA523C4F9AE02.roa
File:                     C07FAA5C804311EE928AA523C4F9AE02.roa (raw, json)
Hash identifier:          +n0AtuT6Jdla2/49nbRpW9RkyQDKQaYh3sVDv0xviWc=
Subject key identifier:   2B:B6:C5:BA:73:16:0B:94:F6:DE:A7:60:3F:9D:A1:58:2D:5F:6E:61
Certificate issuer:       /CN=A919DC74/serialNumber=DECFC7534398C48578B9E474AEB80B1C94CBC5BA
Certificate serial:       F0
Authority key identifier: DE:CF:C7:53:43:98:C4:85:78:B9:E4:74:AE:B8:0B:1C:94:CB:C5:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/3s_HU0OYxIV4ueR0rrgLHJTLxbo.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A919DC74/E42CBC4C462911EDAE78B235C4F9AE02/C07FAA5C804311EE928AA523C4F9AE02.roa
Signing time:             Mon 18 Dec 2023 13:47:10 +0000
ROA not before:           Mon 18 Dec 2023 13:47:10 +0000
ROA not after:            Fri 31 Jan 2025 00:00:00 +0000
asID:                     132204
IP address blocks:        203.208.22.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A919DC74/E42CBC4C462911EDAE78B235C4F9AE02/3s_HU0OYxIV4ueR0rrgLHJTLxbo.crl
                          rsync://rpki.apnic.net/member_repository/A919DC74/E42CBC4C462911EDAE78B235C4F9AE02/3s_HU0OYxIV4ueR0rrgLHJTLxbo.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/3s_HU0OYxIV4ueR0rrgLHJTLxbo.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 01 Dec 2024 23:39:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 240 (0xf0)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A919DC74/serialNumber=DECFC7534398C48578B9E474AEB80B1C94CBC5BA
        Validity
            Not Before: Dec 18 13:47:10 2023 GMT
            Not After : Jan 31 00:00:00 2025 GMT
        Subject: CN=65804d5d-b4d1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:63:71:65:23:bc:75:49:50:6a:ce:5c:dd:90:
                    f8:ef:0c:84:90:25:b8:3c:ea:06:1e:40:ad:57:48:
                    2b:20:2b:49:6b:3b:63:75:2e:67:26:68:47:0f:d0:
                    ca:82:16:80:f0:9a:e2:0c:cb:cb:93:0c:d2:4d:80:
                    e1:56:b3:4b:54:88:3f:c7:3e:d9:81:9e:71:c5:50:
                    01:f3:c9:af:5a:35:1a:f3:52:6f:e6:54:e9:72:37:
                    29:35:4e:06:3b:17:0f:98:e0:87:9b:bb:f0:fa:32:
                    20:66:c9:c0:a0:2e:69:62:2c:5d:e8:b7:a4:62:ee:
                    58:ef:af:e3:06:58:5d:79:b5:74:0b:33:11:f9:dc:
                    61:2d:97:ab:2a:d7:19:93:94:f7:3b:ec:50:cb:c1:
                    55:1d:e9:89:97:d3:66:8e:80:30:5d:04:22:0b:72:
                    2e:ab:95:86:70:14:b4:18:01:cb:02:9b:2a:36:f3:
                    28:86:75:6b:b6:6d:75:57:92:72:e8:23:b4:9a:2d:
                    47:8c:bc:5f:95:f1:f3:32:3e:c4:3a:af:07:19:ad:
                    be:5b:6a:7e:10:a2:ba:21:fe:ed:32:0a:36:dc:0d:
                    ab:17:7e:13:5a:94:47:20:10:09:db:44:b9:be:87:
                    00:ef:1e:8d:f3:0e:de:04:e8:d7:46:1f:a6:f7:c6:
                    aa:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:B6:C5:BA:73:16:0B:94:F6:DE:A7:60:3F:9D:A1:58:2D:5F:6E:61
            X509v3 Authority Key Identifier:
                keyid:DE:CF:C7:53:43:98:C4:85:78:B9:E4:74:AE:B8:0B:1C:94:CB:C5:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A919DC74/E42CBC4C462911EDAE78B235C4F9AE02/3s_HU0OYxIV4ueR0rrgLHJTLxbo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/3s_HU0OYxIV4ueR0rrgLHJTLxbo.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A919DC74/E42CBC4C462911EDAE78B235C4F9AE02/C07FAA5C804311EE928AA523C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.208.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         d2:a1:33:01:6f:7f:62:c8:31:11:72:87:d2:ea:d0:e9:e9:51:
         99:0c:7d:b9:3c:b6:d4:6f:2d:e0:31:ed:a9:26:65:0a:44:14:
         35:b3:8b:71:cd:cd:4a:9d:bb:7b:66:94:c3:30:b2:e1:c6:07:
         2d:2f:00:ae:1b:de:e6:48:de:2d:7f:a2:9f:7b:e1:6a:09:2b:
         b0:4e:e6:f6:92:7a:18:db:0d:52:57:62:2d:d7:65:f3:0b:c1:
         7a:5e:47:5c:cd:8a:0f:28:9a:38:43:84:54:a1:af:1e:e4:44:
         c7:3b:0d:91:85:82:8b:35:83:26:a0:cb:9c:9a:72:43:c7:ed:
         ca:0f:fe:ea:55:0f:32:ef:cb:6f:2c:77:da:b4:53:3f:ca:d9:
         b7:63:2c:e2:94:ba:a4:23:01:62:f7:85:7e:0d:3c:87:08:ca:
         2f:a2:34:f4:f2:0a:23:39:f6:f0:b0:f1:2b:bb:41:24:90:cc:
         9d:a7:bd:70:13:e7:d6:f8:6a:27:4b:f6:ae:3b:e7:24:18:70:
         7e:b7:a1:07:49:80:39:8b:07:44:5e:0e:fd:d6:6d:7c:8c:60:
         20:e5:4d:e9:54:7e:e2:32:2d:9e:9f:1d:e1:6b:d5:ee:45:ee:
         01:8e:8c:44:97:ba:53:f5:73:17:76:7b:6a:e8:aa:4e:4a:a2:
         90:98:7a:72
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICAPAwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OURDNzQxMTAvBgNVBAUTKERFQ0ZDNzUzNDM5OEM0ODU3OEI5RTQ3NEFFQjgwQjFD
OTRDQkM1QkEwHhcNMjMxMjE4MTM0NzEwWhcNMjUwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTgwNGQ1ZC1iNGQxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAz2NxZSO8dUlQas5c3ZD47wyEkCW4POoGHkCtV0grICtJaztjdS5nJmhHD9DK
ghaA8JriDMvLkwzSTYDhVrNLVIg/xz7ZgZ5xxVAB88mvWjUa81Jv5lTpcjcpNU4G
OxcPmOCHm7vw+jIgZsnAoC5pYixd6LekYu5Y76/jBlhdebV0CzMR+dxhLZerKtcZ
k5T3O+xQy8FVHemJl9NmjoAwXQQiC3Iuq5WGcBS0GAHLApsqNvMohnVrtm11V5Jy
6CO0mi1HjLxflfHzMj7EOq8HGa2+W2p+EKK6If7tMgo23A2rF34TWpRHIBAJ20S5
vocA7x6N8w7eBOjXRh+m98aqPwIDAQABo4IClTCCApEwHQYDVR0OBBYEFCu2xbpz
FguU9t6nYD+doVgtX25hMB8GA1UdIwQYMBaAFN7Px1NDmMSFeLnkdK64CxyUy8W6
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5REM3NC9FNDJDQkM0QzQ2
MjkxMUVEQUU3OEIyMzVDNEY5QUUwMi8zc19IVTBPWXhJVjR1ZVIwcnJnTEhKVEx4
Ym8uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzNzX0hVME9ZeElWNHVlUjBycmdMSEpUTHhiby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OURDNzQvRTQyQ0JDNEM0NjI5MTFFREFFNzhCMjM1QzRGOUFFMDIvQzA3RkFBNUM4
MDQzMTFFRTkyOEFBNTIzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADL0BYwDQYJKoZIhvcNAQELBQADggEBANKhMwFvf2LIMRFy
h9Lq0OnpUZkMfbk8ttRvLeAx7akmZQpEFDWzi3HNzUqdu3tmlMMwsuHGBy0vAK4b
3uZI3i1/op974WoJK7BO5vaSehjbDVJXYi3XZfMLwXpeR1zNig8omjhDhFShrx7k
RMc7DZGFgos1gyagy5yackPH7coP/upVDzLvy28sd9q0Uz/K2bdjLOKUuqQjAWL3
hX4NPIcIyi+iNPTyCiM59vCw8Su7QSSQzJ2nvXAT59b4aidL9q475yQYcH63oQdJ
gDmLB0ReDv3WbXyMYCDlTelUfuIyLZ6fHeFr1e5F7gGOjESXulP1cxd2e2roqk5K
opCYenI=
-----END CERTIFICATE-----
Generated at Mon Nov 25 03:00:24 2024 by rpki-client on console-fra.rpki-client.org