Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91C0D37/0E8BCB38535B11EE9BF20A6BC4F9AE02/00FEEFF0536911EE8594503BC4F9AE02.roa
File:                     00FEEFF0536911EE8594503BC4F9AE02.roa (raw, json)
Hash identifier:          2s5gkngOK59DiysB1YmvMz8Te2seOcIHGEh5IB+1ylY=
Subject key identifier:   48:D7:B7:93:5A:9F:3D:5A:24:FF:B3:6F:E0:85:68:1E:F7:3C:D7:86
Certificate issuer:       /CN=A91C0D37/serialNumber=CF41CDAF41C5700129064CEF284003BEF0B9BFC2
Certificate serial:       38
Authority key identifier: CF:41:CD:AF:41:C5:70:01:29:06:4C:EF:28:40:03:BE:F0:B9:BF:C2
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/z0HNr0HFcAEpBkzvKEADvvC5v8I.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91C0D37/0E8BCB38535B11EE9BF20A6BC4F9AE02/00FEEFF0536911EE8594503BC4F9AE02.roa
Signing time:             Wed 27 Dec 2023 06:37:25 +0000
ROA not before:           Wed 27 Dec 2023 06:37:25 +0000
ROA not after:            Sun 02 Mar 2025 00:00:00 +0000
asID:                     4768
IP address blocks:        202.36.44.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91C0D37/0E8BCB38535B11EE9BF20A6BC4F9AE02/z0HNr0HFcAEpBkzvKEADvvC5v8I.crl
                          rsync://rpki.apnic.net/member_repository/A91C0D37/0E8BCB38535B11EE9BF20A6BC4F9AE02/z0HNr0HFcAEpBkzvKEADvvC5v8I.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/z0HNr0HFcAEpBkzvKEADvvC5v8I.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 28 Nov 2024 03:39:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 56 (0x38)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91C0D37/serialNumber=CF41CDAF41C5700129064CEF284003BEF0B9BFC2
        Validity
            Not Before: Dec 27 06:37:25 2023 GMT
            Not After : Mar  2 00:00:00 2025 GMT
        Subject: CN=658bc625-70be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:a9:49:f7:c3:52:06:9e:58:7f:a0:d3:f7:ce:
                    83:af:63:0c:10:48:d2:04:a3:e7:46:50:b9:4b:42:
                    15:c1:f1:a6:a7:be:4b:82:5e:50:a1:74:a2:94:3d:
                    33:be:9a:7b:9e:25:86:fe:c7:6d:9b:df:01:03:df:
                    ee:ee:43:f1:4b:20:33:62:e6:14:51:0a:bd:83:a2:
                    2a:e3:73:33:1a:23:1d:b1:f2:22:94:4f:a0:40:67:
                    bf:37:5c:09:43:d9:2e:82:27:d2:f5:35:44:6b:17:
                    f9:eb:ab:77:6e:e0:2a:88:af:89:7e:42:c1:5e:a7:
                    83:b6:ff:50:8b:4c:4d:eb:9d:08:d0:dd:43:3d:2c:
                    95:4d:67:cd:e6:f1:c6:7a:44:25:c6:5c:41:02:e5:
                    00:f7:6e:c2:10:26:f6:a2:f6:08:35:d5:8b:9a:c7:
                    10:e3:b6:85:1b:56:0e:bb:5b:e4:de:9d:b6:4c:c8:
                    9e:54:3e:2b:1e:3c:2b:0d:c2:bb:05:e7:4c:f0:7f:
                    11:a0:9b:f4:7d:a6:6e:5e:fa:64:8a:23:ba:b8:64:
                    d8:93:aa:7b:de:b3:12:0a:10:c5:82:1a:c9:4a:91:
                    62:b5:ae:26:1b:97:b9:ec:2e:c1:88:43:dd:69:83:
                    63:15:e3:5b:9f:69:94:95:27:a3:34:e8:0f:c5:39:
                    73:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:D7:B7:93:5A:9F:3D:5A:24:FF:B3:6F:E0:85:68:1E:F7:3C:D7:86
            X509v3 Authority Key Identifier:
                keyid:CF:41:CD:AF:41:C5:70:01:29:06:4C:EF:28:40:03:BE:F0:B9:BF:C2

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91C0D37/0E8BCB38535B11EE9BF20A6BC4F9AE02/z0HNr0HFcAEpBkzvKEADvvC5v8I.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/z0HNr0HFcAEpBkzvKEADvvC5v8I.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91C0D37/0E8BCB38535B11EE9BF20A6BC4F9AE02/00FEEFF0536911EE8594503BC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.36.44.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bb:82:e5:0d:30:90:f3:eb:86:aa:61:97:63:b6:3f:bb:58:cd:
         8b:20:44:ac:24:1b:3e:d7:4a:72:39:ac:6b:ec:62:99:e0:88:
         5c:76:48:d6:9a:68:cf:f7:9c:ec:52:0f:4c:9c:89:4e:d8:40:
         49:9c:dd:b9:05:aa:79:93:32:a7:0c:d3:e5:5d:ba:cb:d7:ce:
         80:2b:46:bf:30:3f:d8:5a:c6:7a:81:a7:3a:53:88:ec:81:bf:
         95:69:65:45:f9:6d:cf:b7:28:2d:5a:c8:b9:83:c7:81:e6:8d:
         57:27:b3:77:e4:9a:35:cc:02:19:36:e3:0e:ab:e3:c0:47:c4:
         89:e9:a7:3d:0d:a5:7b:fd:09:9a:b7:26:cd:6e:01:a5:2e:fe:
         5b:09:6a:cc:7a:dd:ce:e0:d8:eb:b9:30:76:c1:6e:f3:25:2e:
         7f:0c:95:27:52:e9:09:c0:12:6b:b9:c1:e5:95:55:ef:3a:3b:
         d9:61:87:e9:8c:02:d4:75:4a:b4:ae:0b:0f:26:4c:72:58:36:
         f6:e9:00:1b:6a:de:9a:92:46:72:7c:ab:9b:f4:0a:61:16:99:
         81:ec:d7:72:13:19:9e:02:4b:58:2d:25:4e:8f:d6:9c:7f:09:
         72:65:0a:b1:ad:ba:da:01:85:87:3a:54:5e:7a:21:97:46:41:
         d9:f0:fa:e7
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgIBODANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFD
MEQzNzExMC8GA1UEBRMoQ0Y0MUNEQUY0MUM1NzAwMTI5MDY0Q0VGMjg0MDAzQkVG
MEI5QkZDMjAeFw0yMzEyMjcwNjM3MjVaFw0yNTAzMDIwMDAwMDBaMBgxFjAUBgNV
BAMTDTY1OGJjNjI1LTcwYmUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDAqUn3w1IGnlh/oNP3zoOvYwwQSNIEo+dGULlLQhXB8aanvkuCXlChdKKUPTO+
mnueJYb+x22b3wED3+7uQ/FLIDNi5hRRCr2DoirjczMaIx2x8iKUT6BAZ783XAlD
2S6CJ9L1NURrF/nrq3du4CqIr4l+QsFep4O2/1CLTE3rnQjQ3UM9LJVNZ83m8cZ6
RCXGXEEC5QD3bsIQJvai9gg11YuaxxDjtoUbVg67W+TenbZMyJ5UPisePCsNwrsF
50zwfxGgm/R9pm5e+mSKI7q4ZNiTqnvesxIKEMWCGslKkWK1riYbl7nsLsGIQ91p
g2MV41ufaZSVJ6M06A/FOXPrAgMBAAGjggKVMIICkTAdBgNVHQ4EFgQUSNe3k1qf
PVok/7Nv4IVoHvc814YwHwYDVR0jBBgwFoAUz0HNr0HFcAEpBkzvKEADvvC5v8Iw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUMwRDM3LzBFOEJDQjM4NTM1
QjExRUU5QkYyMEE2QkM0RjlBRTAyL3owSE5yMEhGY0FFcEJrenZLRUFEdnZDNXY4
SS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvejBITnIwSEZjQUVwQmt6dktFQUR2dkM1djhJLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFD
MEQzNy8wRThCQ0IzODUzNUIxMUVFOUJGMjBBNkJDNEY5QUUwMi8wMEZFRUZGMDUz
NjkxMUVFODU5NDUwM0JDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEAMokLDANBgkqhkiG9w0BAQsFAAOCAQEAu4LlDTCQ8+uGqmGX
Y7Y/u1jNiyBErCQbPtdKcjmsa+ximeCIXHZI1ppoz/ec7FIPTJyJTthASZzduQWq
eZMypwzT5V26y9fOgCtGvzA/2FrGeoGnOlOI7IG/lWllRfltz7coLVrIuYPHgeaN
Vyezd+SaNcwCGTbjDqvjwEfEiemnPQ2le/0JmrcmzW4BpS7+WwlqzHrdzuDY67kw
dsFu8yUufwyVJ1LpCcASa7nB5ZVV7zo72WGH6YwC1HVKtK4LDyZMclg29ukAG2re
mpJGcnyrm/QKYRaZgezXchMZngJLWC0lTo/WnH8JcmUKsa262gGFhzpUXnohl0ZB
2fD65w==
-----END CERTIFICATE-----
Generated at Thu Nov 21 05:06:04 2024 by rpki-client on console-fra.rpki-client.org