Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91A560A/20958618A9DF11EEA356A43EC4F9AE02/BD3F9B2CB9F511EEA9136568C4F9AE02.roa
File:                     BD3F9B2CB9F511EEA9136568C4F9AE02.roa (raw, json)
Hash identifier:          mUZIsEo65vM0P1gBXrOd6bzyn96KmCeb7et9x/sldGQ=
Subject key identifier:   F0:61:7D:07:FE:0B:B9:E3:AF:E1:64:83:7F:7C:A8:0F:01:DA:8C:E6
Certificate issuer:       /CN=A91A560A/serialNumber=8AC721298F92E10A2EE3051AFBC9114284F80E12
Certificate serial:       016B
Authority key identifier: 8A:C7:21:29:8F:92:E1:0A:2E:E3:05:1A:FB:C9:11:42:84:F8:0E:12
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ischKY-S4Qou4wUa-8kRQoT4DhI.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91A560A/20958618A9DF11EEA356A43EC4F9AE02/BD3F9B2CB9F511EEA9136568C4F9AE02.roa
Signing time:             Fri 21 Jun 2024 01:22:31 +0000
ROA not before:           Fri 21 Jun 2024 01:22:31 +0000
ROA not after:            Thu 31 Oct 2024 00:00:00 +0000
asID:                     140815
IP address blocks:        157.10.170.0/23 maxlen: 24
                          157.10.196.0/23 maxlen: 24
                          157.10.202.0/23 maxlen: 24
                          157.20.224.0/23 maxlen: 24
                          157.66.162.0/23 maxlen: 24
                          157.66.194.0/23 maxlen: 24
                          157.66.196.0/23 maxlen: 24
                          160.22.158.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91A560A/20958618A9DF11EEA356A43EC4F9AE02/ischKY-S4Qou4wUa-8kRQoT4DhI.crl
                          rsync://rpki.apnic.net/member_repository/A91A560A/20958618A9DF11EEA356A43EC4F9AE02/ischKY-S4Qou4wUa-8kRQoT4DhI.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ischKY-S4Qou4wUa-8kRQoT4DhI.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 02 Jul 2024 10:30:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 363 (0x16b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91A560A/serialNumber=8AC721298F92E10A2EE3051AFBC9114284F80E12
        Validity
            Not Before: Jun 21 01:22:31 2024 GMT
            Not After : Oct 31 00:00:00 2024 GMT
        Subject: CN=6674d5d7-a751
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:99:f7:34:3b:ec:e2:d3:c4:55:60:9e:06:ba:ac:
                    fc:76:b8:ca:01:29:76:e0:14:b7:77:82:d0:20:d2:
                    c7:d5:54:8c:12:18:43:2e:de:15:2f:e7:84:fa:fc:
                    d5:44:fc:8f:02:88:a1:04:6c:90:bd:6d:da:c9:17:
                    ff:35:f0:74:45:0f:d4:54:a5:e5:10:b6:72:15:fb:
                    fe:66:23:f8:16:2f:87:22:9c:cb:a0:00:3e:cc:7d:
                    3f:33:49:f2:df:35:5b:fd:b7:28:eb:02:fc:81:dc:
                    db:3a:59:e7:34:98:27:ef:44:5a:6b:21:19:e6:23:
                    5b:6b:5b:d3:5b:1d:d5:f4:98:7a:96:b1:d4:83:61:
                    29:28:1b:68:1e:d0:8f:74:b2:a9:83:1a:25:3e:79:
                    83:18:21:a4:98:72:33:40:5c:6d:21:18:fc:95:59:
                    c6:8d:01:2e:3e:8f:4c:d3:9b:a5:7a:b7:b1:2c:04:
                    34:8f:af:8d:4e:62:2a:4e:35:d0:a7:6a:be:ef:cc:
                    df:54:35:e6:37:99:ae:7a:0e:b9:37:f4:03:49:2f:
                    3e:27:9d:60:3b:9c:8a:ec:1f:de:ca:30:9b:24:0f:
                    69:3a:a9:c0:23:79:c0:a3:b7:ad:91:0c:db:66:15:
                    ab:bf:7f:81:0b:03:90:eb:ee:93:77:c5:83:98:af:
                    82:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F0:61:7D:07:FE:0B:B9:E3:AF:E1:64:83:7F:7C:A8:0F:01:DA:8C:E6
            X509v3 Authority Key Identifier:
                keyid:8A:C7:21:29:8F:92:E1:0A:2E:E3:05:1A:FB:C9:11:42:84:F8:0E:12

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91A560A/20958618A9DF11EEA356A43EC4F9AE02/ischKY-S4Qou4wUa-8kRQoT4DhI.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ischKY-S4Qou4wUa-8kRQoT4DhI.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A560A/20958618A9DF11EEA356A43EC4F9AE02/BD3F9B2CB9F511EEA9136568C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.10.170.0/23
                  157.10.196.0/23
                  157.10.202.0/23
                  157.20.224.0/23
                  157.66.162.0/23
                  157.66.194.0-157.66.197.255
                  160.22.158.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ad:ec:92:b2:7b:d2:8f:f3:ca:10:99:7a:b4:38:61:c3:9e:fd:
         cc:18:1b:02:b8:86:4d:83:bb:56:60:38:2f:20:1a:cf:dd:6e:
         9c:3d:e8:52:ce:77:dd:1b:a4:a9:45:59:c8:47:05:45:78:2f:
         11:3c:02:a5:b2:80:91:d9:32:8a:bc:08:35:99:f5:25:68:26:
         14:40:48:c4:67:02:b2:72:ed:39:a1:64:e1:a2:7f:e6:70:42:
         22:07:48:d7:4c:2f:e4:59:28:95:73:a2:84:8e:22:5f:8f:5a:
         1f:48:c6:d9:9a:7c:d0:82:2b:73:5c:8a:e5:76:80:1a:da:33:
         ae:41:15:b5:ed:25:ae:e2:8e:98:f7:dc:2c:b1:12:21:44:35:
         6c:08:2b:59:e3:35:1b:78:11:00:f4:0d:87:8e:0d:4a:59:78:
         22:7e:ec:9f:4c:78:69:c0:a9:a2:33:9a:ca:b3:b9:9d:2f:5a:
         69:57:d6:8d:c4:14:8c:c4:e4:69:0e:aa:1e:c0:72:01:1e:81:
         ec:cd:22:f2:55:d0:84:90:31:ad:f6:34:72:c1:85:fe:0d:ca:
         b1:ab:3d:8b:7d:f7:ce:bb:30:10:85:ca:fe:fc:62:71:7a:97:
         f8:31:07:af:f0:39:45:77:df:76:a4:c6:8c:06:2d:69:1e:99:
         6c:2a:fc:e2
-----BEGIN CERTIFICATE-----
MIIFnTCCBIWgAwIBAgICAWswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTU2MEExMTAvBgNVBAUTKDhBQzcyMTI5OEY5MkUxMEEyRUUzMDUxQUZCQzkxMTQy
ODRGODBFMTIwHhcNMjQwNjIxMDEyMjMxWhcNMjQxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02Njc0ZDVkNy1hNzUxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAmfc0O+zi08RVYJ4Guqz8drjKASl24BS3d4LQINLH1VSMEhhDLt4VL+eE+vzV
RPyPAoihBGyQvW3ayRf/NfB0RQ/UVKXlELZyFfv+ZiP4Fi+HIpzLoAA+zH0/M0ny
3zVb/bco6wL8gdzbOlnnNJgn70RaayEZ5iNba1vTWx3V9Jh6lrHUg2EpKBtoHtCP
dLKpgxolPnmDGCGkmHIzQFxtIRj8lVnGjQEuPo9M05ulerexLAQ0j6+NTmIqTjXQ
p2q+78zfVDXmN5mueg65N/QDSS8+J51gO5yK7B/eyjCbJA9pOqnAI3nAo7etkQzb
ZhWrv3+BCwOQ6+6Td8WDmK+CawIDAQABo4ICwTCCAr0wHQYDVR0OBBYEFPBhfQf+
C7njr+Fkg398qA8B2ozmMB8GA1UdIwQYMBaAFIrHISmPkuEKLuMFGvvJEUKE+A4S
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBNTYwQS8yMDk1ODYxOEE5
REYxMUVFQTM1NkE0M0VDNEY5QUUwMi9pc2NoS1ktUzRRb3U0d1VhLThrUlFvVDRE
aEkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL2lzY2hLWS1TNFFvdTR3VWEtOGtSUW9UNERoSS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTU2MEEvMjA5NTg2MThBOURGMTFFRUEzNTZBNDNFQzRGOUFFMDIvQkQzRjlCMkNC
OUY1MTFFRUE5MTM2NTY4QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwSwYIKwYBBQUHAQcBAf8E
PDA6MDgEAgABMDIDBAGdCqoDBAGdCsQDBAGdCsoDBAGdFOADBAGdQqIwDAMEAZ1C
wgMEAZ1CxAMEAaAWnjANBgkqhkiG9w0BAQsFAAOCAQEAreySsnvSj/PKEJl6tDhh
w579zBgbAriGTYO7VmA4LyAaz91unD3oUs533RukqUVZyEcFRXgvETwCpbKAkdky
irwINZn1JWgmFEBIxGcCsnLtOaFk4aJ/5nBCIgdI10wv5FkolXOihI4iX49aH0jG
2Zp80IIrc1yK5XaAGtozrkEVte0lruKOmPfcLLESIUQ1bAgrWeM1G3gRAPQNh44N
Sll4In7sn0x4acCpojOayrO5nS9aaVfWjcQUjMTkaQ6qHsByAR6B7M0i8lXQhJAx
rfY0csGF/g3Ksas9i333zrswEIXK/vxicXqX+DEHr/A5RXffdqTGjAYtaR6ZbCr8
4g==
-----END CERTIFICATE-----
Generated at Tue Jun 25 12:54:59 2024 by rpki-client on console-fra.rpki-client.org