Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91B933A/53FE1EFA2B6411E58A2F0754C4F9AE02/C61B734AB0AA11E580DBF725C4F9AE02.roa
File:                     C61B734AB0AA11E580DBF725C4F9AE02.roa (raw, json)
Hash identifier:          FOz+uDL2D22lJCuQ1AmteerbbeonZiSVvd9VihdE6tg=
Subject key identifier:   E3:7E:C0:AE:C4:FF:59:6A:C6:50:42:65:CB:FF:55:46:FF:2B:DC:EE
Certificate issuer:       /CN=A91B933A/serialNumber=6E8EA1E3240C0BB3D13B4D275C6C0326A568EC87
Certificate serial:       240A
Authority key identifier: 6E:8E:A1:E3:24:0C:0B:B3:D1:3B:4D:27:5C:6C:03:26:A5:68:EC:87
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/bo6h4yQMC7PRO00nXGwDJqVo7Ic.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91B933A/53FE1EFA2B6411E58A2F0754C4F9AE02/C61B734AB0AA11E580DBF725C4F9AE02.roa
Signing time:             Wed 06 Dec 2023 16:22:33 +0000
ROA not before:           Wed 06 Dec 2023 16:22:33 +0000
ROA not after:            Mon 30 Dec 2024 00:00:00 +0000
asID:                     17993
IP address blocks:        110.5.112.0/22 maxlen: 22
                          110.5.112.0/24 maxlen: 24
                          110.5.113.0/24 maxlen: 24
                          110.5.114.0/24 maxlen: 24
                          110.5.115.0/24 maxlen: 24
                          202.4.32.0/19 maxlen: 19
                          202.4.32.0/21 maxlen: 21
                          202.4.32.0/24 maxlen: 24
                          202.4.33.0/24 maxlen: 24
                          202.4.34.0/24 maxlen: 24
                          202.4.35.0/24 maxlen: 24
                          202.4.36.0/24 maxlen: 24
                          202.4.37.0/24 maxlen: 24
                          202.4.38.0/24 maxlen: 24
                          202.4.39.0/24 maxlen: 24
                          202.4.40.0/21 maxlen: 21
                          202.4.40.0/24 maxlen: 24
                          202.4.41.0/24 maxlen: 24
                          202.4.42.0/24 maxlen: 24
                          202.4.43.0/24 maxlen: 24
                          202.4.44.0/24 maxlen: 24
                          202.4.45.0/24 maxlen: 24
                          202.4.46.0/24 maxlen: 24
                          202.4.47.0/24 maxlen: 24
                          202.4.48.0/20 maxlen: 20
                          202.4.48.0/24 maxlen: 24
                          202.4.49.0/24 maxlen: 24
                          202.4.50.0/24 maxlen: 24
                          202.4.51.0/24 maxlen: 24
                          202.4.52.0/24 maxlen: 24
                          202.4.53.0/24 maxlen: 24
                          202.4.54.0/24 maxlen: 24
                          202.4.55.0/24 maxlen: 24
                          202.4.56.0/24 maxlen: 24
                          202.4.57.0/24 maxlen: 24
                          202.4.58.0/24 maxlen: 24
                          202.4.59.0/24 maxlen: 24
                          202.4.60.0/24 maxlen: 24
                          202.4.61.0/24 maxlen: 24
                          202.4.62.0/24 maxlen: 24
                          202.4.63.0/24 maxlen: 24
                          203.99.255.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91B933A/53FE1EFA2B6411E58A2F0754C4F9AE02/bo6h4yQMC7PRO00nXGwDJqVo7Ic.crl
                          rsync://rpki.apnic.net/member_repository/A91B933A/53FE1EFA2B6411E58A2F0754C4F9AE02/bo6h4yQMC7PRO00nXGwDJqVo7Ic.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/bo6h4yQMC7PRO00nXGwDJqVo7Ic.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 29 Nov 2024 15:22:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 9226 (0x240a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91B933A/serialNumber=6E8EA1E3240C0BB3D13B4D275C6C0326A568EC87
        Validity
            Not Before: Dec  6 16:22:33 2023 GMT
            Not After : Dec 30 00:00:00 2024 GMT
        Subject: CN=65709fc9-e500
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:4d:a5:24:da:ad:a4:f1:cf:2e:d9:60:75:06:
                    f0:52:0c:09:02:94:96:4a:b5:0a:ff:f9:6a:b2:43:
                    99:a4:bf:e7:9e:e2:1a:64:29:4a:61:f0:57:ae:cf:
                    bf:88:09:db:a5:9f:e5:c3:ff:32:1d:8d:07:25:cf:
                    d4:83:6f:96:29:7e:86:77:ff:3d:e4:cf:48:74:ee:
                    d8:48:4f:52:e4:b4:c6:ae:5c:68:e4:7c:45:b8:49:
                    f9:23:eb:dd:25:2c:0d:84:5d:aa:12:1d:8b:a1:5c:
                    ed:96:10:01:58:d7:34:54:e7:e2:a2:05:8c:34:5e:
                    0d:6e:f8:5f:2e:89:17:d9:33:74:d0:79:34:15:6c:
                    bd:eb:06:52:fb:79:59:1f:33:db:da:bf:18:be:09:
                    fb:4c:d4:0a:ff:48:ea:ef:60:b6:94:58:42:5c:94:
                    fe:66:fa:c3:6d:98:9a:2e:7d:a9:ad:16:80:43:6e:
                    e9:8a:f0:54:21:b6:75:70:bc:88:88:7b:fc:f9:55:
                    0b:cf:31:50:93:e9:c8:5e:96:bd:6b:36:54:df:5f:
                    ae:55:87:c4:3f:af:34:fc:70:0c:4e:1a:36:5f:af:
                    14:82:9a:0d:56:af:b2:54:ed:3b:98:0f:8b:a4:38:
                    bb:ff:b0:11:16:17:0c:e5:8b:36:6b:2c:c7:f5:de:
                    77:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E3:7E:C0:AE:C4:FF:59:6A:C6:50:42:65:CB:FF:55:46:FF:2B:DC:EE
            X509v3 Authority Key Identifier:
                keyid:6E:8E:A1:E3:24:0C:0B:B3:D1:3B:4D:27:5C:6C:03:26:A5:68:EC:87

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91B933A/53FE1EFA2B6411E58A2F0754C4F9AE02/bo6h4yQMC7PRO00nXGwDJqVo7Ic.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/bo6h4yQMC7PRO00nXGwDJqVo7Ic.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B933A/53FE1EFA2B6411E58A2F0754C4F9AE02/C61B734AB0AA11E580DBF725C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  110.5.112.0/22
                  202.4.32.0/19
                  203.99.255.0/24

    Signature Algorithm: sha256WithRSAEncryption
         ae:f8:1a:cf:0f:0b:d4:09:03:12:2b:1e:6f:45:a4:ed:53:4f:
         a6:4d:b3:f6:25:e1:a1:67:2b:a8:7e:9c:3f:ee:33:5c:a6:5c:
         31:db:87:fa:15:28:73:88:56:18:2f:d1:e9:47:aa:a1:65:5c:
         75:2a:07:98:8b:27:ac:ab:69:53:c3:e0:dd:51:3d:46:24:d3:
         70:68:4b:74:8a:61:36:38:ff:5c:ed:b8:bf:b7:f8:28:59:8f:
         12:77:05:b0:4f:a7:c0:0c:36:de:6e:2e:6d:1a:47:28:e4:85:
         44:68:35:8c:70:8e:77:a2:dd:d8:ae:8e:07:58:23:78:1b:79:
         49:31:a5:4a:50:7b:56:c3:7f:52:33:cf:54:89:b5:0d:28:57:
         6b:69:82:ce:86:58:e9:77:30:eb:25:4b:e8:bb:87:4c:b4:c4:
         b8:c5:cd:95:aa:99:e9:47:70:49:dc:c5:ac:53:12:bd:b3:88:
         46:90:1d:fa:8c:0a:c0:c6:b1:11:0c:38:08:3d:eb:22:ca:a2:
         46:27:3f:d5:22:a6:a1:57:10:fd:c4:8c:04:69:76:8c:14:24:
         c7:4b:fe:96:f6:8f:27:45:95:34:99:53:5b:2c:cb:79:68:4a:
         98:2b:2f:5c:b5:d4:69:58:16:ef:c6:e3:0b:ea:3a:01:a3:b8:
         b7:a0:75:2d
-----BEGIN CERTIFICATE-----
MIIFfTCCBGWgAwIBAgICJAowDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QjkzM0ExMTAvBgNVBAUTKDZFOEVBMUUzMjQwQzBCQjNEMTNCNEQyNzVDNkMwMzI2
QTU2OEVDODcwHhcNMjMxMjA2MTYyMjMzWhcNMjQxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTcwOWZjOS1lNTAwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA402lJNqtpPHPLtlgdQbwUgwJApSWSrUK//lqskOZpL/nnuIaZClKYfBXrs+/
iAnbpZ/lw/8yHY0HJc/Ug2+WKX6Gd/895M9IdO7YSE9S5LTGrlxo5HxFuEn5I+vd
JSwNhF2qEh2LoVztlhABWNc0VOfiogWMNF4NbvhfLokX2TN00Hk0FWy96wZS+3lZ
HzPb2r8Yvgn7TNQK/0jq72C2lFhCXJT+ZvrDbZiaLn2prRaAQ27pivBUIbZ1cLyI
iHv8+VULzzFQk+nIXpa9azZU31+uVYfEP680/HAMTho2X68UgpoNVq+yVO07mA+L
pDi7/7ARFhcM5Ys2ayzH9d53BwIDAQABo4ICoTCCAp0wHQYDVR0OBBYEFON+wK7E
/1lqxlBCZcv/VUb/K9zuMB8GA1UdIwQYMBaAFG6OoeMkDAuz0TtNJ1xsAyalaOyH
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCOTMzQS81M0ZFMUVGQTJC
NjQxMUU1OEEyRjA3NTRDNEY5QUUwMi9ibzZoNHlRTUM3UFJPMDBuWEd3REpxVm83
SWMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2JvNmg0eVFNQzdQUk8wMG5YR3dESnFWbzdJYy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QjkzM0EvNTNGRTFFRkEyQjY0MTFFNThBMkYwNzU0QzRGOUFFMDIvQzYxQjczNEFC
MEFBMTFFNTgwREJGNzI1QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwKwYIKwYBBQUHAQcBAf8E
HDAaMBgEAgABMBIDBAJuBXADBAXKBCADBADLY/8wDQYJKoZIhvcNAQELBQADggEB
AK74Gs8PC9QJAxIrHm9FpO1TT6ZNs/Yl4aFnK6h+nD/uM1ymXDHbh/oVKHOIVhgv
0elHqqFlXHUqB5iLJ6yraVPD4N1RPUYk03BoS3SKYTY4/1ztuL+3+ChZjxJ3BbBP
p8AMNt5uLm0aRyjkhURoNYxwjnei3diujgdYI3gbeUkxpUpQe1bDf1Izz1SJtQ0o
V2tpgs6GWOl3MOslS+i7h0y0xLjFzZWqmelHcEncxaxTEr2ziEaQHfqMCsDGsREM
OAg96yLKokYnP9UipqFXEP3EjARpdowUJMdL/pb2jydFlTSZU1ssy3loSpgrL1y1
1GlYFu/G4wvqOgGjuLegdS0=
-----END CERTIFICATE-----
Generated at Fri Nov 22 16:50:03 2024 by rpki-client on console-ams.rpki-client.org