Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91A560A/20958618A9DF11EEA356A43EC4F9AE02/BD3F9B2CB9F511EEA9136568C4F9AE02.roa
File:                     BD3F9B2CB9F511EEA9136568C4F9AE02.roa (raw, json)
Hash identifier:          7ptbrego1ofr/q6ZqyrYdzPMd13JUQlDWAKOpkXX1W4=
Subject key identifier:   81:C5:B0:0B:E2:72:72:3F:5E:C8:FF:A0:75:9B:51:F3:6E:DF:A7:78
Certificate issuer:       /CN=A91A560A/serialNumber=8AC721298F92E10A2EE3051AFBC9114284F80E12
Certificate serial:       010F
Authority key identifier: 8A:C7:21:29:8F:92:E1:0A:2E:E3:05:1A:FB:C9:11:42:84:F8:0E:12
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ischKY-S4Qou4wUa-8kRQoT4DhI.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91A560A/20958618A9DF11EEA356A43EC4F9AE02/BD3F9B2CB9F511EEA9136568C4F9AE02.roa
Signing time:             Mon 13 May 2024 07:57:06 +0000
ROA not before:           Mon 13 May 2024 07:57:06 +0000
ROA not after:            Thu 31 Oct 2024 00:00:00 +0000
asID:                     140815
IP address blocks:        157.10.170.0/23 maxlen: 24
                          157.10.196.0/23 maxlen: 24
                          157.10.202.0/23 maxlen: 24
                          157.20.224.0/23 maxlen: 24
                          157.66.162.0/23 maxlen: 24
                          157.66.194.0/23 maxlen: 24
                          157.66.196.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91A560A/20958618A9DF11EEA356A43EC4F9AE02/ischKY-S4Qou4wUa-8kRQoT4DhI.crl
                          rsync://rpki.apnic.net/member_repository/A91A560A/20958618A9DF11EEA356A43EC4F9AE02/ischKY-S4Qou4wUa-8kRQoT4DhI.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ischKY-S4Qou4wUa-8kRQoT4DhI.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 23 Jun 2024 14:39:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 271 (0x10f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91A560A/serialNumber=8AC721298F92E10A2EE3051AFBC9114284F80E12
        Validity
            Not Before: May 13 07:57:06 2024 GMT
            Not After : Oct 31 00:00:00 2024 GMT
        Subject: CN=6641c7d2-d631
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:4c:e7:0f:b5:d2:34:d9:82:15:fe:07:dd:fe:
                    39:6e:57:98:65:10:77:eb:49:a0:c5:9e:50:9e:e5:
                    6d:3d:78:2c:18:1c:fb:3a:f2:a6:5f:1b:42:30:09:
                    c1:0c:0d:98:fd:8b:d4:83:7b:8a:13:3c:4c:69:ff:
                    d6:01:ff:d6:17:fe:94:63:5c:e8:58:1d:d6:17:4c:
                    b0:37:6b:91:09:46:29:16:06:af:c9:23:9f:ec:54:
                    c6:0a:c0:a9:f3:93:f9:0c:06:da:83:3b:c8:e3:b6:
                    62:72:77:ea:2e:79:c9:f3:ce:d0:2e:ca:bd:3e:d8:
                    e7:0c:a4:58:3f:13:90:9a:ce:39:01:c6:8f:db:97:
                    92:63:6b:ad:13:0a:06:3b:4a:d5:37:9f:32:b4:0b:
                    0f:48:9f:41:f9:2b:ba:74:52:96:0e:61:70:1a:cd:
                    e6:b9:f0:8b:09:90:43:e6:2f:c1:dc:85:15:90:59:
                    97:4d:91:eb:b8:56:7b:30:ff:65:cd:01:45:d0:88:
                    19:bc:5f:00:e8:d7:ed:ca:bd:ec:f9:10:e2:5a:c1:
                    d3:05:bc:ce:ad:97:7a:b5:71:f0:8b:37:32:9f:19:
                    0b:be:52:b1:cd:bc:66:86:54:2b:39:01:89:d8:fc:
                    26:90:68:88:35:a0:32:50:d5:9a:9d:df:97:ac:e9:
                    48:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                81:C5:B0:0B:E2:72:72:3F:5E:C8:FF:A0:75:9B:51:F3:6E:DF:A7:78
            X509v3 Authority Key Identifier:
                keyid:8A:C7:21:29:8F:92:E1:0A:2E:E3:05:1A:FB:C9:11:42:84:F8:0E:12

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91A560A/20958618A9DF11EEA356A43EC4F9AE02/ischKY-S4Qou4wUa-8kRQoT4DhI.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ischKY-S4Qou4wUa-8kRQoT4DhI.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A560A/20958618A9DF11EEA356A43EC4F9AE02/BD3F9B2CB9F511EEA9136568C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.10.170.0/23
                  157.10.196.0/23
                  157.10.202.0/23
                  157.20.224.0/23
                  157.66.162.0/23
                  157.66.194.0-157.66.197.255

    Signature Algorithm: sha256WithRSAEncryption
         7a:c5:7c:f0:e3:8e:b2:4d:f7:8d:33:43:43:83:3b:ca:11:c8:
         9b:81:8a:40:5a:3f:0b:d9:d4:2a:e4:c4:c8:03:cf:4b:a1:e7:
         f7:d0:88:f3:bc:43:c4:d8:0b:95:ad:2c:b5:bd:72:5a:e1:c8:
         58:9c:7b:cb:91:b1:19:ac:82:2f:63:b8:2a:ae:cf:5a:2e:62:
         d9:14:1b:57:51:c1:fd:57:3d:bc:eb:fb:4b:36:7b:7e:a0:08:
         d4:50:eb:41:65:d1:02:68:8c:e1:df:a0:1b:8a:72:b9:63:6f:
         e6:bf:17:9c:d8:ee:8d:84:15:1c:8e:ea:b0:4c:3b:b8:db:03:
         c7:91:e6:9e:38:b2:00:80:bf:4c:fd:3a:3f:4c:ca:b5:08:5a:
         ab:b0:e6:40:aa:94:7d:72:15:c2:2d:91:54:df:7c:42:e8:b8:
         6b:a6:a1:ae:82:8b:d1:e4:23:72:5b:12:05:ba:66:5d:03:03:
         8a:f0:fe:2d:34:77:9b:a7:77:ba:49:85:c8:80:15:b8:1e:5f:
         c2:c6:d6:01:57:7e:b8:e6:da:80:fe:de:0f:c3:cf:0d:59:49:
         7d:19:8a:bb:a1:41:8d:51:f0:96:6a:33:66:bd:03:d8:2a:0e:
         47:d7:d4:f3:26:b7:61:84:36:6d:43:3a:12:7b:6d:7e:8e:32:
         61:d6:00:40
-----BEGIN CERTIFICATE-----
MIIFlzCCBH+gAwIBAgICAQ8wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTU2MEExMTAvBgNVBAUTKDhBQzcyMTI5OEY5MkUxMEEyRUUzMDUxQUZCQzkxMTQy
ODRGODBFMTIwHhcNMjQwNTEzMDc1NzA2WhcNMjQxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjQxYzdkMi1kNjMxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA4EznD7XSNNmCFf4H3f45bleYZRB360mgxZ5QnuVtPXgsGBz7OvKmXxtCMAnB
DA2Y/YvUg3uKEzxMaf/WAf/WF/6UY1zoWB3WF0ywN2uRCUYpFgavySOf7FTGCsCp
85P5DAbagzvI47ZicnfqLnnJ887QLsq9PtjnDKRYPxOQms45AcaP25eSY2utEwoG
O0rVN58ytAsPSJ9B+Su6dFKWDmFwGs3mufCLCZBD5i/B3IUVkFmXTZHruFZ7MP9l
zQFF0IgZvF8A6Nftyr3s+RDiWsHTBbzOrZd6tXHwizcynxkLvlKxzbxmhlQrOQGJ
2PwmkGiINaAyUNWand+XrOlInwIDAQABo4ICuzCCArcwHQYDVR0OBBYEFIHFsAvi
cnI/Xsj/oHWbUfNu36d4MB8GA1UdIwQYMBaAFIrHISmPkuEKLuMFGvvJEUKE+A4S
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBNTYwQS8yMDk1ODYxOEE5
REYxMUVFQTM1NkE0M0VDNEY5QUUwMi9pc2NoS1ktUzRRb3U0d1VhLThrUlFvVDRE
aEkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL2lzY2hLWS1TNFFvdTR3VWEtOGtSUW9UNERoSS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTU2MEEvMjA5NTg2MThBOURGMTFFRUEzNTZBNDNFQzRGOUFFMDIvQkQzRjlCMkNC
OUY1MTFFRUE5MTM2NTY4QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwRQYIKwYBBQUHAQcBAf8E
NjA0MDIEAgABMCwDBAGdCqoDBAGdCsQDBAGdCsoDBAGdFOADBAGdQqIwDAMEAZ1C
wgMEAZ1CxDANBgkqhkiG9w0BAQsFAAOCAQEAesV88OOOsk33jTNDQ4M7yhHIm4GK
QFo/C9nUKuTEyAPPS6Hn99CI87xDxNgLla0stb1yWuHIWJx7y5GxGayCL2O4Kq7P
Wi5i2RQbV1HB/Vc9vOv7SzZ7fqAI1FDrQWXRAmiM4d+gG4pyuWNv5r8XnNjujYQV
HI7qsEw7uNsDx5HmnjiyAIC/TP06P0zKtQhaq7DmQKqUfXIVwi2RVN98Qui4a6ah
roKL0eQjclsSBbpmXQMDivD+LTR3m6d3ukmFyIAVuB5fwsbWAVd+uObagP7eD8PP
DVlJfRmKu6FBjVHwlmozZr0D2CoOR9fU8ya3YYQ2bUM6Enttfo4yYdYAQA==
-----END CERTIFICATE-----
Generated at Sun Jun 16 15:20:23 2024 by rpki-client on console-fra.rpki-client.org