Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91A80D2/D428D0C6DADE11EC87711450C4F9AE02/3486D47412D511EFB1EF161DC4F9AE02.roa
File:                     3486D47412D511EFB1EF161DC4F9AE02.roa (raw, json)
Hash identifier:          X92cUniuja3j0fCsHUIuSIZrgASXCC/Dqmgvow0h/1A=
Subject key identifier:   22:D3:C2:15:1D:71:71:B2:87:25:3E:52:14:59:5A:F2:4C:C9:FB:BF
Certificate issuer:       /CN=A91A80D2/serialNumber=2B1BB24ADCDB14F6E2C7BBB2D88ABADB1DDD898D
Certificate serial:       023A
Authority key identifier: 2B:1B:B2:4A:DC:DB:14:F6:E2:C7:BB:B2:D8:8A:BA:DB:1D:DD:89:8D
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KxuyStzbFPbix7uy2Iq62x3diY0.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91A80D2/D428D0C6DADE11EC87711450C4F9AE02/3486D47412D511EFB1EF161DC4F9AE02.roa
Signing time:             Wed 15 May 2024 16:07:19 +0000
ROA not before:           Wed 15 May 2024 16:07:19 +0000
ROA not after:            Thu 01 May 2025 00:00:00 +0000
asID:                     55256
IP address blocks:        45.250.161.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91A80D2/D428D0C6DADE11EC87711450C4F9AE02/KxuyStzbFPbix7uy2Iq62x3diY0.crl
                          rsync://rpki.apnic.net/member_repository/A91A80D2/D428D0C6DADE11EC87711450C4F9AE02/KxuyStzbFPbix7uy2Iq62x3diY0.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KxuyStzbFPbix7uy2Iq62x3diY0.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 27 Nov 2024 20:33:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 570 (0x23a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91A80D2/serialNumber=2B1BB24ADCDB14F6E2C7BBB2D88ABADB1DDD898D
        Validity
            Not Before: May 15 16:07:19 2024 GMT
            Not After : May  1 00:00:00 2025 GMT
        Subject: CN=6644ddb7-87be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:67:3e:ef:c8:8b:80:4a:e1:3a:df:2a:e8:c6:
                    34:c8:a6:06:25:63:64:14:13:d9:30:3e:60:05:22:
                    50:08:47:af:99:e1:a1:1b:e9:2e:61:fe:13:4e:70:
                    af:d1:e7:2c:53:0d:d5:d4:bc:d2:bc:35:dc:ef:b9:
                    5e:f0:39:9d:79:6e:cd:07:ff:5b:86:a6:18:29:fc:
                    18:27:cd:cf:95:cf:d8:6b:5e:39:cc:aa:55:a4:b6:
                    f9:06:68:14:1f:fa:61:a8:9d:a3:33:b3:f0:3a:fa:
                    cd:c9:43:71:36:db:06:72:ad:1a:ea:01:c4:29:27:
                    ee:c4:57:bc:7b:ff:f9:1c:95:bc:4b:2c:e5:e5:05:
                    aa:08:99:c2:82:a3:1a:45:6a:00:ba:9e:8a:53:f0:
                    a7:2a:a6:80:2a:91:1a:11:32:d2:3e:7b:61:be:fb:
                    47:06:83:1f:30:3b:0b:f7:c7:2d:c7:41:e6:f9:db:
                    f0:16:e4:92:26:5a:ba:4f:c4:52:72:c1:ca:fe:d9:
                    13:2d:85:5b:96:de:b3:21:50:3c:db:37:83:12:f1:
                    48:cb:21:ba:f8:b2:77:d0:c4:4c:9a:3d:54:57:d7:
                    50:86:5d:38:1f:8e:2f:e6:5e:c4:69:c4:a5:25:a2:
                    e6:0e:6e:ab:50:89:51:b4:c2:ac:d7:75:14:c5:8d:
                    bc:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:D3:C2:15:1D:71:71:B2:87:25:3E:52:14:59:5A:F2:4C:C9:FB:BF
            X509v3 Authority Key Identifier:
                keyid:2B:1B:B2:4A:DC:DB:14:F6:E2:C7:BB:B2:D8:8A:BA:DB:1D:DD:89:8D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91A80D2/D428D0C6DADE11EC87711450C4F9AE02/KxuyStzbFPbix7uy2Iq62x3diY0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KxuyStzbFPbix7uy2Iq62x3diY0.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A80D2/D428D0C6DADE11EC87711450C4F9AE02/3486D47412D511EFB1EF161DC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.250.161.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5f:5c:d2:84:50:2c:cf:8e:0d:da:76:3d:6a:9d:59:8e:6f:fa:
         3f:e5:ca:dc:8c:03:62:e1:c5:03:eb:98:24:d8:e8:6a:d8:44:
         81:82:27:ce:a9:24:e0:c4:84:58:3b:2c:d4:ef:39:26:9d:fe:
         11:e6:48:1a:47:84:fa:c9:cb:13:26:4e:61:fa:6e:7c:f4:39:
         a6:59:6e:ae:54:74:d1:f7:1f:34:61:1a:58:6e:40:04:a5:c4:
         2a:3e:08:d9:2d:46:f8:96:af:b0:36:12:42:f1:d8:30:9e:4e:
         1d:d9:89:fb:63:99:42:ff:68:5c:6e:74:24:a3:09:15:0a:97:
         59:54:03:2c:2c:ed:12:d4:9e:62:72:8e:70:64:32:ca:03:70:
         8b:3d:d2:de:10:31:c9:b1:4b:26:d4:08:61:67:a9:e9:e8:d7:
         69:14:97:24:c0:60:7d:d1:63:fa:eb:bc:92:a1:7b:b5:88:cf:
         82:ab:86:c6:ce:f6:cc:68:85:b2:bc:28:62:a2:1a:87:3b:2a:
         4e:fa:47:99:94:d4:71:26:fb:d7:18:53:23:6c:6f:2c:ab:72:
         98:08:50:2e:53:51:71:ec:44:a8:15:b1:3c:8a:5a:af:55:82:
         cc:af:75:b3:aa:31:23:cd:1d:02:1c:4a:1d:6f:1c:a0:25:c8:
         7d:a0:60:44
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICAjowDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTgwRDIxMTAvBgNVBAUTKDJCMUJCMjRBRENEQjE0RjZFMkM3QkJCMkQ4OEFCQURC
MURERDg5OEQwHhcNMjQwNTE1MTYwNzE5WhcNMjUwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjQ0ZGRiNy04N2JlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA4mc+78iLgErhOt8q6MY0yKYGJWNkFBPZMD5gBSJQCEevmeGhG+kuYf4TTnCv
0ecsUw3V1LzSvDXc77le8DmdeW7NB/9bhqYYKfwYJ83Plc/Ya145zKpVpLb5BmgU
H/phqJ2jM7PwOvrNyUNxNtsGcq0a6gHEKSfuxFe8e//5HJW8Syzl5QWqCJnCgqMa
RWoAup6KU/CnKqaAKpEaETLSPnthvvtHBoMfMDsL98ctx0Hm+dvwFuSSJlq6T8RS
csHK/tkTLYVblt6zIVA82zeDEvFIyyG6+LJ30MRMmj1UV9dQhl04H44v5l7EacSl
JaLmDm6rUIlRtMKs13UUxY28AwIDAQABo4IClTCCApEwHQYDVR0OBBYEFCLTwhUd
cXGyhyU+UhRZWvJMyfu/MB8GA1UdIwQYMBaAFCsbskrc2xT24se7stiKutsd3YmN
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBODBEMi9ENDI4RDBDNkRB
REUxMUVDODc3MTE0NTBDNEY5QUUwMi9LeHV5U3R6YkZQYml4N3V5MklxNjJ4M2Rp
WTAuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0t4dXlTdHpiRlBiaXg3dXkySXE2MngzZGlZMC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTgwRDIvRDQyOEQwQzZEQURFMTFFQzg3NzExNDUwQzRGOUFFMDIvMzQ4NkQ0NzQx
MkQ1MTFFRkIxRUYxNjFEQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAAt+qEwDQYJKoZIhvcNAQELBQADggEBAF9c0oRQLM+ODdp2
PWqdWY5v+j/lytyMA2LhxQPrmCTY6GrYRIGCJ86pJODEhFg7LNTvOSad/hHmSBpH
hPrJyxMmTmH6bnz0OaZZbq5UdNH3HzRhGlhuQASlxCo+CNktRviWr7A2EkLx2DCe
Th3ZiftjmUL/aFxudCSjCRUKl1lUAyws7RLUnmJyjnBkMsoDcIs90t4QMcmxSybU
CGFnqeno12kUlyTAYH3RY/rrvJKhe7WIz4KrhsbO9sxohbK8KGKiGoc7Kk76R5mU
1HEm+9cYUyNsbyyrcpgIUC5TUXHsRKgVsTyKWq9VgsyvdbOqMSPNHQIcSh1vHKAl
yH2gYEQ=
-----END CERTIFICATE-----
Generated at Thu Nov 21 03:12:02 2024 by rpki-client on console-fra.rpki-client.org