Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91C2B93/3AC874EE014311EF825A6465C4F9AE02/B0BE3042014A11EFA8F03B5BC4F9AE02.roa
File:                     B0BE3042014A11EFA8F03B5BC4F9AE02.roa (raw, json)
Hash identifier:          KPY2wegfaa3tnC/Njnc64HaModZkMYm0j/OEMDfIXmk=
Subject key identifier:   FD:57:47:C0:78:F5:7B:D4:68:3A:75:37:99:4F:3A:13:83:C4:2C:97
Certificate issuer:       /CN=A91C2B93/serialNumber=D9D65F7F36090C401BCF20D4BC80C43F0DC5933D
Certificate serial:       04
Authority key identifier: D9:D6:5F:7F:36:09:0C:40:1B:CF:20:D4:BC:80:C4:3F:0D:C5:93:3D
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/2dZffzYJDEAbzyDUvIDEPw3Fkz0.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91C2B93/3AC874EE014311EF825A6465C4F9AE02/B0BE3042014A11EFA8F03B5BC4F9AE02.roa
Signing time:             Tue 23 Apr 2024 08:22:58 +0000
ROA not before:           Tue 23 Apr 2024 08:22:58 +0000
ROA not after:            Wed 28 May 2025 00:00:00 +0000
asID:                     4768
IP address blocks:        202.27.128.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91C2B93/3AC874EE014311EF825A6465C4F9AE02/2dZffzYJDEAbzyDUvIDEPw3Fkz0.crl
                          rsync://rpki.apnic.net/member_repository/A91C2B93/3AC874EE014311EF825A6465C4F9AE02/2dZffzYJDEAbzyDUvIDEPw3Fkz0.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/2dZffzYJDEAbzyDUvIDEPw3Fkz0.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 28 Nov 2024 04:58:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4 (0x4)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91C2B93/serialNumber=D9D65F7F36090C401BCF20D4BC80C43F0DC5933D
        Validity
            Not Before: Apr 23 08:22:58 2024 GMT
            Not After : May 28 00:00:00 2025 GMT
        Subject: CN=66276fe1-4404
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ba:6b:b6:9e:12:b2:2d:02:ac:42:1b:1c:3a:55:
                    46:00:80:e5:76:78:34:22:e3:3a:47:27:82:78:97:
                    79:67:84:75:2c:08:86:49:f7:53:7f:dc:20:b9:63:
                    a9:0e:7d:4b:d1:e1:8f:06:20:dd:b4:65:83:8e:e6:
                    73:47:5c:a3:47:07:db:33:61:11:72:c4:ee:ef:a1:
                    3e:c3:44:8b:fe:0c:20:70:1c:14:36:3b:ce:6a:66:
                    12:25:95:23:06:63:01:de:b6:aa:aa:4a:5f:b9:8f:
                    7b:09:54:db:28:62:ca:49:f8:46:d4:a4:ff:8d:8a:
                    cb:fe:70:fb:20:58:62:20:6d:47:ed:ef:3e:f1:48:
                    70:7a:13:be:9c:f7:4e:eb:0f:59:b8:11:b5:b3:4d:
                    5e:14:c2:80:e5:14:8f:b4:93:14:37:28:58:dd:37:
                    1b:08:f8:f0:f8:38:25:65:84:be:40:1b:ab:91:cb:
                    80:3e:3d:15:92:66:73:0c:b5:5e:d2:9e:a4:bc:04:
                    95:11:5b:3a:a8:97:06:98:4b:d0:57:c5:6e:05:e8:
                    b6:ac:6b:c0:d0:50:db:f4:84:f0:9b:dc:08:24:53:
                    3e:d5:47:18:ba:a8:52:66:d8:e7:4a:83:9c:a5:69:
                    a4:80:fb:d4:de:1f:8d:8d:e4:49:75:27:19:10:e8:
                    ff:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FD:57:47:C0:78:F5:7B:D4:68:3A:75:37:99:4F:3A:13:83:C4:2C:97
            X509v3 Authority Key Identifier:
                keyid:D9:D6:5F:7F:36:09:0C:40:1B:CF:20:D4:BC:80:C4:3F:0D:C5:93:3D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91C2B93/3AC874EE014311EF825A6465C4F9AE02/2dZffzYJDEAbzyDUvIDEPw3Fkz0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/2dZffzYJDEAbzyDUvIDEPw3Fkz0.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91C2B93/3AC874EE014311EF825A6465C4F9AE02/B0BE3042014A11EFA8F03B5BC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.27.128.0/23

    Signature Algorithm: sha256WithRSAEncryption
         41:e1:d8:9e:82:9c:a4:d7:e3:9f:33:7a:8d:8e:20:10:2c:f9:
         49:8f:64:73:fd:c6:bc:cf:30:fa:16:15:f8:19:61:dd:70:6b:
         a5:3b:13:35:50:a2:be:5a:62:3b:0e:84:7b:22:4a:08:8e:43:
         b6:52:3e:db:89:2b:2b:72:c2:e9:69:26:d5:4c:2f:87:51:e0:
         28:e9:a6:32:c0:a2:98:88:b2:5d:5c:13:c0:b4:27:e2:ff:d6:
         15:ee:c1:be:8e:a8:39:c2:2f:18:9f:57:76:80:96:67:34:38:
         68:46:d9:5f:0c:89:0c:9f:3d:9e:b4:93:77:5a:15:3b:43:89:
         22:15:60:2c:57:f5:93:c1:4b:12:eb:90:8a:0d:ec:9f:da:50:
         20:e2:9e:2d:51:05:a1:c5:7f:0f:74:06:59:f5:68:cc:87:77:
         0e:83:32:32:4a:1f:f4:c1:50:8b:89:1b:74:88:85:8e:85:32:
         a6:fa:67:8f:67:99:19:81:10:6c:68:8b:ee:51:8d:d1:7a:52:
         79:bc:2b:8b:9b:68:fd:3b:9f:6d:04:15:8e:7a:05:20:19:cb:
         c7:99:c6:f0:fb:8d:73:a0:b0:48:a5:17:9c:d3:42:36:15:84:
         97:78:11:19:99:51:d9:b0:14:1c:41:de:c4:6c:48:cf:43:96:
         6d:1f:b8:d5
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgIBBDANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFD
MkI5MzExMC8GA1UEBRMoRDlENjVGN0YzNjA5MEM0MDFCQ0YyMEQ0QkM4MEM0M0Yw
REM1OTMzRDAeFw0yNDA0MjMwODIyNThaFw0yNTA1MjgwMDAwMDBaMBgxFjAUBgNV
BAMTDTY2Mjc2ZmUxLTQ0MDQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQC6a7aeErItAqxCGxw6VUYAgOV2eDQi4zpHJ4J4l3lnhHUsCIZJ91N/3CC5Y6kO
fUvR4Y8GIN20ZYOO5nNHXKNHB9szYRFyxO7voT7DRIv+DCBwHBQ2O85qZhIllSMG
YwHetqqqSl+5j3sJVNsoYspJ+EbUpP+Nisv+cPsgWGIgbUft7z7xSHB6E76c907r
D1m4EbWzTV4UwoDlFI+0kxQ3KFjdNxsI+PD4OCVlhL5AG6uRy4A+PRWSZnMMtV7S
nqS8BJURWzqolwaYS9BXxW4F6Lasa8DQUNv0hPCb3AgkUz7VRxi6qFJm2OdKg5yl
aaSA+9TeH42N5El1JxkQ6P9dAgMBAAGjggKVMIICkTAdBgNVHQ4EFgQU/VdHwHj1
e9RoOnU3mU86E4PELJcwHwYDVR0jBBgwFoAU2dZffzYJDEAbzyDUvIDEPw3Fkz0w
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUMyQjkzLzNBQzg3NEVFMDE0
MzExRUY4MjVBNjQ2NUM0RjlBRTAyLzJkWmZmellKREVBYnp5RFV2SURFUHczRmt6
MC5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvMmRaZmZ6WUpERUFienlEVXZJREVQdzNGa3owLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFD
MkI5My8zQUM4NzRFRTAxNDMxMUVGODI1QTY0NjVDNEY5QUUwMi9CMEJFMzA0MjAx
NEExMUVGQThGMDNCNUJDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEAcobgDANBgkqhkiG9w0BAQsFAAOCAQEAQeHYnoKcpNfjnzN6
jY4gECz5SY9kc/3GvM8w+hYV+Blh3XBrpTsTNVCivlpiOw6EeyJKCI5DtlI+24kr
K3LC6Wkm1Uwvh1HgKOmmMsCimIiyXVwTwLQn4v/WFe7Bvo6oOcIvGJ9XdoCWZzQ4
aEbZXwyJDJ89nrSTd1oVO0OJIhVgLFf1k8FLEuuQig3sn9pQIOKeLVEFocV/D3QG
WfVozId3DoMyMkof9MFQi4kbdIiFjoUypvpnj2eZGYEQbGiL7lGN0XpSebwri5to
/TufbQQVjnoFIBnLx5nG8PuNc6CwSKUXnNNCNhWEl3gRGZlR2bAUHEHexGxIz0OW
bR+41Q==
-----END CERTIFICATE-----
Generated at Thu Nov 21 07:40:38 2024 by rpki-client on console-ams.rpki-client.org