Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91B391F/50835E68457011EF9C8B8E71C4F9AE02/C57D59A8457011EFA624C172C4F9AE02.roa
File:                     C57D59A8457011EFA624C172C4F9AE02.roa (raw, json)
Hash identifier:          ID73Pz3s55NAjs8USBhRX9L9yvmp5FUr9fdsYXFscuI=
Subject key identifier:   74:7B:F8:EC:7E:7C:57:C3:DC:5E:42:85:01:E0:B1:B3:A7:B1:28:FA
Certificate issuer:       /CN=A91B391F/serialNumber=BA85D91D24ACA9E9E0311E552DBF3759763A62BA
Certificate serial:       04
Authority key identifier: BA:85:D9:1D:24:AC:A9:E9:E0:31:1E:55:2D:BF:37:59:76:3A:62:BA
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/uoXZHSSsqengMR5VLb83WXY6Yro.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91B391F/50835E68457011EF9C8B8E71C4F9AE02/C57D59A8457011EFA624C172C4F9AE02.roa
Signing time:             Fri 19 Jul 2024 01:48:26 +0000
ROA not before:           Fri 19 Jul 2024 01:48:26 +0000
ROA not after:            Fri 31 Oct 2025 00:00:00 +0000
asID:                     153174
IP address blocks:        160.25.230.0/23 maxlen: 23
                          160.25.230.0/24 maxlen: 24
                          160.25.231.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91B391F/50835E68457011EF9C8B8E71C4F9AE02/uoXZHSSsqengMR5VLb83WXY6Yro.crl
                          rsync://rpki.apnic.net/member_repository/A91B391F/50835E68457011EF9C8B8E71C4F9AE02/uoXZHSSsqengMR5VLb83WXY6Yro.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/uoXZHSSsqengMR5VLb83WXY6Yro.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 28 Nov 2024 02:50:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4 (0x4)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91B391F/serialNumber=BA85D91D24ACA9E9E0311E552DBF3759763A62BA
        Validity
            Not Before: Jul 19 01:48:26 2024 GMT
            Not After : Oct 31 00:00:00 2025 GMT
        Subject: CN=6699c5ea-c3d6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:2c:68:c6:74:c3:b0:19:26:1a:79:0f:12:cd:
                    ac:84:51:d8:dc:f4:28:62:e3:17:01:f3:87:9d:38:
                    07:5a:b5:2a:46:53:da:b5:a1:05:3d:9e:7e:c9:b4:
                    34:bd:21:94:d2:22:07:90:e8:a4:e4:9d:cc:eb:18:
                    1b:58:e6:45:1b:99:ce:63:e0:8c:f6:c8:19:d1:b0:
                    42:42:0c:81:86:d5:c0:43:a4:cf:dc:f6:cf:e0:7b:
                    66:9d:cc:3e:f6:5f:62:a9:04:e3:53:e4:44:aa:a6:
                    78:4e:8a:3d:0a:6f:8a:19:bc:94:fc:e8:a2:cd:b5:
                    92:a7:c7:18:b5:ff:15:c3:b6:6d:f3:5a:b6:5f:e2:
                    cd:55:c6:37:92:8e:f6:1d:51:4b:8b:e1:52:7c:e7:
                    6f:87:4c:d7:40:07:02:7d:bf:b9:fc:23:4a:03:9f:
                    f8:6c:58:14:68:5f:35:23:f9:a0:ed:30:0e:0d:10:
                    a2:61:82:04:e5:4b:0f:32:35:44:80:01:c4:6d:10:
                    5f:01:21:1d:55:c7:7c:bd:65:ed:b9:81:c1:d8:85:
                    c0:c9:19:92:2a:71:28:5a:23:d8:22:18:b9:f4:bd:
                    c6:50:19:b8:ec:b2:bb:90:e1:27:32:ed:42:f4:aa:
                    f0:13:bf:61:45:f1:6a:94:07:d3:12:1b:0a:91:54:
                    1e:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                74:7B:F8:EC:7E:7C:57:C3:DC:5E:42:85:01:E0:B1:B3:A7:B1:28:FA
            X509v3 Authority Key Identifier:
                keyid:BA:85:D9:1D:24:AC:A9:E9:E0:31:1E:55:2D:BF:37:59:76:3A:62:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91B391F/50835E68457011EF9C8B8E71C4F9AE02/uoXZHSSsqengMR5VLb83WXY6Yro.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/uoXZHSSsqengMR5VLb83WXY6Yro.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B391F/50835E68457011EF9C8B8E71C4F9AE02/C57D59A8457011EFA624C172C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.25.230.0/23

    Signature Algorithm: sha256WithRSAEncryption
         72:f5:89:81:e2:b9:c7:1b:90:7f:43:66:da:93:e7:c2:26:27:
         1e:bc:ea:29:5d:33:69:01:2d:ee:81:88:0f:2c:5a:fd:90:a2:
         42:19:1d:7c:35:68:d1:3a:bc:4d:d4:19:2c:e6:e8:54:57:3f:
         49:56:d6:10:e3:33:c2:a9:7c:d3:79:83:16:d8:e7:bb:2c:1b:
         5e:02:3d:9e:55:28:41:2a:c2:16:85:8a:a7:c7:4d:59:e7:3f:
         3c:7d:e2:cc:cc:46:27:06:cf:a7:e2:2d:b9:9f:e5:d4:de:6b:
         d7:22:1b:66:2c:83:5a:26:76:cf:e3:e6:14:b1:86:a3:77:c5:
         87:5c:ae:df:87:ee:5e:3b:e4:90:04:f3:b9:da:8e:2a:53:e6:
         ab:66:80:49:ac:80:4d:73:ca:f0:71:9d:d9:9d:50:88:47:4b:
         2f:47:ef:ef:38:a5:e9:34:bf:0a:c8:7d:bd:b7:26:85:5e:54:
         fc:3f:f1:03:64:ff:3d:dd:a3:5d:87:4f:82:18:66:dd:d3:08:
         1e:37:ed:5e:64:59:cd:8f:bf:c1:6b:25:3a:5a:cc:e1:fa:90:
         e2:46:5f:eb:6a:8e:be:1c:9a:9d:48:08:96:c8:64:9d:4a:b4:
         f8:2a:10:ea:8f:7e:02:57:03:40:81:1a:06:4f:2b:63:c6:75:
         73:da:37:bc
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgIBBDANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFC
MzkxRjExMC8GA1UEBRMoQkE4NUQ5MUQyNEFDQTlFOUUwMzExRTU1MkRCRjM3NTk3
NjNBNjJCQTAeFw0yNDA3MTkwMTQ4MjZaFw0yNTEwMzEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY2OTljNWVhLWMzZDYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDSLGjGdMOwGSYaeQ8SzayEUdjc9Chi4xcB84edOAdatSpGU9q1oQU9nn7JtDS9
IZTSIgeQ6KTknczrGBtY5kUbmc5j4Iz2yBnRsEJCDIGG1cBDpM/c9s/ge2adzD72
X2KpBONT5ESqpnhOij0Kb4oZvJT86KLNtZKnxxi1/xXDtm3zWrZf4s1VxjeSjvYd
UUuL4VJ852+HTNdABwJ9v7n8I0oDn/hsWBRoXzUj+aDtMA4NEKJhggTlSw8yNUSA
AcRtEF8BIR1Vx3y9Ze25gcHYhcDJGZIqcShaI9giGLn0vcZQGbjssruQ4Scy7UL0
qvATv2FF8WqUB9MSGwqRVB6VAgMBAAGjggKVMIICkTAdBgNVHQ4EFgQUdHv47H58
V8PcXkKFAeCxs6exKPowHwYDVR0jBBgwFoAUuoXZHSSsqengMR5VLb83WXY6Yrow
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUIzOTFGLzUwODM1RTY4NDU3
MDExRUY5QzhCOEU3MUM0RjlBRTAyL3VvWFpIU1NzcWVuZ01SNVZMYjgzV1hZNlly
by5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRGMjAxRDY2MTFFMjhBQzg4MzdDNzJG
RDFGRjIvdW9YWkhTU3NxZW5nTVI1VkxiODNXWFk2WXJvLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFC
MzkxRi81MDgzNUU2ODQ1NzAxMUVGOUM4QjhFNzFDNEY5QUUwMi9DNTdENTlBODQ1
NzAxMUVGQTYyNEMxNzJDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEAaAZ5jANBgkqhkiG9w0BAQsFAAOCAQEAcvWJgeK5xxuQf0Nm
2pPnwiYnHrzqKV0zaQEt7oGIDyxa/ZCiQhkdfDVo0Tq8TdQZLOboVFc/SVbWEOMz
wql803mDFtjnuywbXgI9nlUoQSrCFoWKp8dNWec/PH3izMxGJwbPp+ItuZ/l1N5r
1yIbZiyDWiZ2z+PmFLGGo3fFh1yu34fuXjvkkATzudqOKlPmq2aASayATXPK8HGd
2Z1QiEdLL0fv7zil6TS/Csh9vbcmhV5U/D/xA2T/Pd2jXYdPghhm3dMIHjftXmRZ
zY+/wWslOlrM4fqQ4kZf62qOvhyanUgIlshknUq0+CoQ6o9+AlcDQIEaBk8rY8Z1
c9o3vA==
-----END CERTIFICATE-----
Generated at Thu Nov 21 06:50:48 2024 by rpki-client on console-fra.rpki-client.org