Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91A0832/9DAF780E1D9411E29901F3F808B02CD2/9B4B6C82904911EABE5F0C63C4F9AE02.roa
File:                     9B4B6C82904911EABE5F0C63C4F9AE02.roa (raw, json)
Hash identifier:          /5ry63GzDrxpI6Kkb9gHRk8/jvRviawvIpgBTnsdspg=
Subject key identifier:   AC:BF:D7:AB:69:4C:78:E9:CD:7D:FC:64:8A:A2:F1:38:FA:27:62:07
Certificate issuer:       /CN=A91A0832/serialNumber=9ED9055107C70F85BB91A8DA0270B5CA760AEB54
Certificate serial:       35F0
Authority key identifier: 9E:D9:05:51:07:C7:0F:85:BB:91:A8:DA:02:70:B5:CA:76:0A:EB:54
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ntkFUQfHD4W7kajaAnC1ynYK61Q.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91A0832/9DAF780E1D9411E29901F3F808B02CD2/9B4B6C82904911EABE5F0C63C4F9AE02.roa
Signing time:             Thu 04 Apr 2024 15:21:18 +0000
ROA not before:           Thu 04 Apr 2024 15:21:18 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58895
IP address blocks:        58.181.98.0/24 maxlen: 24
                          59.103.30.0/23 maxlen: 24
                          59.103.74.0/24 maxlen: 24
                          59.103.152.0/23 maxlen: 24
                          59.103.176.0/24 maxlen: 24
                          59.103.178.0/23 maxlen: 23
                          116.71.2.0/23 maxlen: 24
                          119.152.48.0/22 maxlen: 22
                          119.152.48.0/24 maxlen: 24
                          119.152.49.0/24 maxlen: 24
                          119.152.50.0/24 maxlen: 24
                          119.152.51.0/24 maxlen: 24
                          119.152.52.0/23 maxlen: 24
                          119.152.54.0/24 maxlen: 24
                          119.152.55.0/24 maxlen: 24
                          119.152.56.0/24 maxlen: 24
                          119.152.57.0/24 maxlen: 24
                          119.152.58.0/24 maxlen: 24
                          119.152.59.0/24 maxlen: 24
                          119.152.60.0/24 maxlen: 24
                          119.152.61.0/24 maxlen: 24
                          119.152.62.0/24 maxlen: 24
                          119.152.63.0/24 maxlen: 24
                          119.152.96.0/20 maxlen: 20
                          119.152.96.0/24 maxlen: 24
                          119.152.97.0/24 maxlen: 24
                          119.152.98.0/24 maxlen: 24
                          119.152.99.0/24 maxlen: 24
                          119.152.100.0/24 maxlen: 24
                          119.152.101.0/24 maxlen: 24
                          119.152.102.0/24 maxlen: 24
                          119.152.103.0/24 maxlen: 24
                          119.152.104.0/24 maxlen: 24
                          119.152.105.0/24 maxlen: 24
                          119.152.106.0/24 maxlen: 24
                          119.152.107.0/24 maxlen: 24
                          119.152.108.0/24 maxlen: 24
                          119.152.109.0/24 maxlen: 24
                          119.152.110.0/24 maxlen: 24
                          119.152.111.0/24 maxlen: 24
                          119.152.124.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91A0832/9DAF780E1D9411E29901F3F808B02CD2/ntkFUQfHD4W7kajaAnC1ynYK61Q.crl
                          rsync://rpki.apnic.net/member_repository/A91A0832/9DAF780E1D9411E29901F3F808B02CD2/ntkFUQfHD4W7kajaAnC1ynYK61Q.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ntkFUQfHD4W7kajaAnC1ynYK61Q.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 27 Nov 2024 14:47:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 13808 (0x35f0)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91A0832/serialNumber=9ED9055107C70F85BB91A8DA0270B5CA760AEB54
        Validity
            Not Before: Apr  4 15:21:18 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=660ec56d-4ac6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:e7:82:54:bb:ea:df:ab:2a:1c:bf:83:03:64:
                    10:6e:0a:20:98:bd:83:19:41:aa:76:72:ae:27:ca:
                    fb:d3:6b:75:39:e8:45:b0:2a:c1:96:54:d0:df:23:
                    7c:36:35:9a:91:dc:a1:8e:d3:bd:be:21:d0:29:34:
                    05:68:58:26:47:4a:d6:13:18:e7:3e:f1:3e:05:22:
                    bd:14:1b:5e:e9:1f:e1:af:12:bb:48:71:90:05:8b:
                    6f:6e:a6:d3:fc:65:fb:4f:c1:e7:51:48:3a:30:1c:
                    23:46:a4:6b:97:ca:a7:c6:07:cc:e3:a8:05:6d:dd:
                    b6:93:6c:a3:7e:69:40:e0:e9:40:b5:2e:5d:43:3f:
                    4c:a9:64:37:87:65:2c:dc:c5:02:68:a5:b2:a0:37:
                    16:c9:14:c8:6f:1c:2d:32:bd:dc:e9:73:76:f3:21:
                    71:24:fc:4e:d8:58:4f:41:f6:7e:b8:54:d8:d0:54:
                    7a:e7:2d:ad:07:c7:5c:ed:97:22:fe:5a:5d:e5:39:
                    e0:6e:b9:8c:12:cd:dc:dd:c3:2b:83:6b:aa:d5:ca:
                    4e:c9:07:2f:60:5a:08:dd:55:09:c6:34:60:2d:83:
                    95:c1:87:79:f4:e3:ce:ea:0e:3e:73:4b:92:36:b5:
                    6f:fb:ed:3a:6f:37:be:e8:9b:04:51:ec:6c:b2:78:
                    5c:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:BF:D7:AB:69:4C:78:E9:CD:7D:FC:64:8A:A2:F1:38:FA:27:62:07
            X509v3 Authority Key Identifier:
                keyid:9E:D9:05:51:07:C7:0F:85:BB:91:A8:DA:02:70:B5:CA:76:0A:EB:54

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91A0832/9DAF780E1D9411E29901F3F808B02CD2/ntkFUQfHD4W7kajaAnC1ynYK61Q.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ntkFUQfHD4W7kajaAnC1ynYK61Q.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A0832/9DAF780E1D9411E29901F3F808B02CD2/9B4B6C82904911EABE5F0C63C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  58.181.98.0/24
                  59.103.30.0/23
                  59.103.74.0/24
                  59.103.152.0/23
                  59.103.176.0/24
                  59.103.178.0/23
                  116.71.2.0/23
                  119.152.48.0/20
                  119.152.96.0/20
                  119.152.124.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7a:47:d0:68:a8:dc:7d:dc:7d:12:09:62:56:80:24:0d:f7:bd:
         60:62:da:21:f1:bc:c5:36:0d:f5:47:77:2a:c6:6b:bf:d5:9e:
         34:e7:2a:0a:50:9c:8c:87:16:90:8e:49:fe:66:ca:20:97:19:
         8a:8e:93:c3:ea:0b:3f:61:99:61:3f:37:14:9f:e0:ec:48:0b:
         cc:3b:07:40:1b:1d:a7:70:29:1a:0e:27:d8:09:e2:01:2b:64:
         e9:3d:06:f7:0b:46:fb:51:38:35:0c:ef:89:7c:48:3e:2d:b0:
         b8:9f:9c:e7:ad:c0:a0:5d:e0:7f:78:9c:a6:e9:88:dd:00:25:
         28:1d:25:65:d4:f7:42:ee:c5:5c:5a:0d:f5:45:36:69:a6:39:
         52:f4:80:f9:46:4b:08:4a:d6:5c:6c:72:d5:7f:3c:7b:ff:15:
         7b:97:d1:d6:ff:d6:cc:3e:9f:da:02:5c:92:06:0a:f9:94:de:
         50:ca:3b:b8:82:96:06:13:a8:01:f4:93:60:2c:bf:37:fb:cf:
         11:f8:2c:e1:1c:ee:b0:a4:b1:10:7e:cf:50:ff:a0:f0:41:e8:
         f8:1b:e6:99:78:11:29:08:88:a0:89:49:85:9e:f8:aa:e0:40:
         93:29:b0:17:e8:8d:fb:08:9f:64:f8:95:bc:df:ef:1f:7f:bd:
         0a:01:5e:a4
-----BEGIN CERTIFICATE-----
MIIFpzCCBI+gAwIBAgICNfAwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTA4MzIxMTAvBgNVBAUTKDlFRDkwNTUxMDdDNzBGODVCQjkxQThEQTAyNzBCNUNB
NzYwQUVCNTQwHhcNMjQwNDA0MTUyMTE4WhcNMjUwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjBlYzU2ZC00YWM2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAvOeCVLvq36sqHL+DA2QQbgogmL2DGUGqdnKuJ8r702t1OehFsCrBllTQ3yN8
NjWakdyhjtO9viHQKTQFaFgmR0rWExjnPvE+BSK9FBte6R/hrxK7SHGQBYtvbqbT
/GX7T8HnUUg6MBwjRqRrl8qnxgfM46gFbd22k2yjfmlA4OlAtS5dQz9MqWQ3h2Us
3MUCaKWyoDcWyRTIbxwtMr3c6XN28yFxJPxO2FhPQfZ+uFTY0FR65y2tB8dc7Zci
/lpd5TngbrmMEs3c3cMrg2uq1cpOyQcvYFoI3VUJxjRgLYOVwYd59OPO6g4+c0uS
NrVv++06bze+6JsEUexssnhcsQIDAQABo4ICyzCCAscwHQYDVR0OBBYEFKy/16tp
THjpzX38ZIqi8Tj6J2IHMB8GA1UdIwQYMBaAFJ7ZBVEHxw+Fu5Go2gJwtcp2CutU
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBMDgzMi85REFGNzgwRTFE
OTQxMUUyOTkwMUYzRjgwOEIwMkNEMi9udGtGVVFmSEQ0VzdrYWphQW5DMXluWUs2
MVEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL250a0ZVUWZIRDRXN2thamFBbkMxeW5ZSzYxUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTA4MzIvOURBRjc4MEUxRDk0MTFFMjk5MDFGM0Y4MDhCMDJDRDIvOUI0QjZDODI5
MDQ5MTFFQUJFNUYwQzYzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwVQYIKwYBBQUHAQcBAf8E
RjBEMEIEAgABMDwDBAA6tWIDBAE7Zx4DBAA7Z0oDBAE7Z5gDBAA7Z7ADBAE7Z7ID
BAF0RwIDBAR3mDADBAR3mGADBAF3mHwwDQYJKoZIhvcNAQELBQADggEBAHpH0Gio
3H3cfRIJYlaAJA33vWBi2iHxvMU2DfVHdyrGa7/VnjTnKgpQnIyHFpCOSf5myiCX
GYqOk8PqCz9hmWE/NxSf4OxIC8w7B0AbHadwKRoOJ9gJ4gErZOk9BvcLRvtRODUM
74l8SD4tsLifnOetwKBd4H94nKbpiN0AJSgdJWXU90LuxVxaDfVFNmmmOVL0gPlG
SwhK1lxsctV/PHv/FXuX0db/1sw+n9oCXJIGCvmU3lDKO7iClgYTqAH0k2Asvzf7
zxH4LOEc7rCksRB+z1D/oPBB6Pgb5pl4ESkIiKCJSYWe+KrgQJMpsBfojfsIn2T4
lbzf7x9/vQoBXqQ=
-----END CERTIFICATE-----
Generated at Wed Nov 20 16:00:12 2024 by rpki-client on console-ams.rpki-client.org