Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91C5105/DD720B8630F111EBA201424DC4F9AE02/C2219930AED411EB92E7A470C4F9AE02.roa
File:                     C2219930AED411EB92E7A470C4F9AE02.roa (raw, json)
Hash identifier:          SUB0P53ZSs8ZUoK/FIaZw2okM+t4W9T7zr35G/5jRPc=
Subject key identifier:   EA:D6:7B:2E:E4:BC:62:F9:11:07:9E:06:83:4B:31:A5:4E:74:A4:C7
Certificate issuer:       /CN=A91C5105/serialNumber=08E08BA022A39DB4AB3F3BD8D05EE97194B17682
Certificate serial:       059A
Authority key identifier: 08:E0:8B:A0:22:A3:9D:B4:AB:3F:3B:D8:D0:5E:E9:71:94:B1:76:82
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/COCLoCKjnbSrPzvY0F7pcZSxdoI.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91C5105/DD720B8630F111EBA201424DC4F9AE02/C2219930AED411EB92E7A470C4F9AE02.roa
Signing time:             Wed 15 Mar 2023 00:30:56 +0000
ROA not before:           Wed 15 Mar 2023 00:30:56 +0000
ROA not after:            Wed 29 May 2024 00:00:00 +0000
asID:                     396073
IP address blocks:        36.255.77.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91C5105/DD720B8630F111EBA201424DC4F9AE02/COCLoCKjnbSrPzvY0F7pcZSxdoI.crl
                          rsync://rpki.apnic.net/member_repository/A91C5105/DD720B8630F111EBA201424DC4F9AE02/COCLoCKjnbSrPzvY0F7pcZSxdoI.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/COCLoCKjnbSrPzvY0F7pcZSxdoI.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 02 Apr 2024 23:22:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1434 (0x59a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91C5105/serialNumber=08E08BA022A39DB4AB3F3BD8D05EE97194B17682
        Validity
            Not Before: Mar 15 00:30:56 2023 GMT
            Not After : May 29 00:00:00 2024 GMT
        Subject: CN=641111c0-b07e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:5d:61:38:f0:7e:fa:2a:cc:c0:08:6f:ef:a7:
                    6b:3d:8e:b9:7a:09:13:2c:8f:5c:d6:48:a2:ac:43:
                    fb:55:25:02:1c:ef:af:0c:e5:38:0a:83:bf:ad:ec:
                    16:fd:23:a5:2e:15:08:3e:74:9d:92:0b:3a:e2:2a:
                    e1:5a:9b:33:7b:c9:53:27:5c:52:6e:5a:42:92:fd:
                    71:5b:a7:51:6b:3d:f4:b8:6e:08:02:8a:f7:fd:7d:
                    7a:6f:b5:8a:8f:39:dc:76:e9:a6:e7:4e:33:fb:cf:
                    7f:df:f8:af:80:52:96:f4:27:2d:ae:d1:6b:b6:33:
                    c1:8f:36:c5:ee:b6:e2:ca:f7:a1:ff:33:13:e4:cd:
                    b6:50:3e:ca:30:d8:12:e8:41:55:04:a4:11:79:4b:
                    68:17:50:b3:65:af:7e:ec:6b:eb:7f:d0:28:63:41:
                    62:cb:82:53:29:28:d7:1a:7f:a2:47:09:8e:ee:0e:
                    9c:e9:c4:3a:6e:c8:e6:d7:9d:e5:bd:17:34:10:e0:
                    8d:df:2e:66:d2:5b:d1:cd:7d:05:6b:d6:9e:35:25:
                    15:4f:45:40:5c:ba:5a:df:15:ec:f8:c9:c5:2e:0c:
                    da:fc:e5:89:27:10:3d:22:22:9d:31:fd:1b:2f:a7:
                    11:12:7d:a0:d9:42:06:0a:70:82:a0:b1:0b:e7:7d:
                    13:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EA:D6:7B:2E:E4:BC:62:F9:11:07:9E:06:83:4B:31:A5:4E:74:A4:C7
            X509v3 Authority Key Identifier:
                keyid:08:E0:8B:A0:22:A3:9D:B4:AB:3F:3B:D8:D0:5E:E9:71:94:B1:76:82

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91C5105/DD720B8630F111EBA201424DC4F9AE02/COCLoCKjnbSrPzvY0F7pcZSxdoI.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/COCLoCKjnbSrPzvY0F7pcZSxdoI.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91C5105/DD720B8630F111EBA201424DC4F9AE02/C2219930AED411EB92E7A470C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  36.255.77.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a8:23:b7:a0:ae:82:0e:65:74:a7:2a:8a:3f:6d:09:f7:ad:06:
         58:5d:75:e7:6f:64:74:13:6b:8e:af:cb:d5:0a:5f:c6:08:53:
         d5:35:10:ef:91:ec:11:c8:28:67:20:67:6d:d6:04:45:e7:3e:
         49:39:dc:d3:1b:c1:83:85:55:c6:d8:fb:48:71:be:98:4d:df:
         55:42:3a:1f:52:0d:24:82:ae:dd:9d:8c:dc:10:f1:e7:55:97:
         bc:39:cf:d9:d6:66:e4:40:56:f9:7a:ff:b1:c5:a6:e5:28:6c:
         c4:f4:b1:63:a1:c6:06:51:cc:1f:80:2b:f7:53:c7:bf:5d:03:
         05:b6:1c:26:3a:ff:8f:97:06:82:0a:4b:c5:78:17:e7:5f:cb:
         81:57:a5:ff:28:26:4f:02:40:6f:4d:7f:6b:93:03:d7:48:31:
         8e:89:2c:0a:b3:5d:8a:3a:09:9a:3c:32:3b:a7:87:b6:72:57:
         50:d5:78:8b:0b:e0:7b:4e:dc:e4:86:cf:9b:67:f1:96:50:33:
         0b:81:a3:11:f3:4a:9b:95:c5:8c:85:0f:99:3a:f8:dc:c2:8d:
         77:89:ad:50:43:f7:87:ab:1a:c1:d1:9c:2f:d9:41:43:45:e8:
         f6:db:09:1b:ce:4b:ca:59:b3:84:e9:c8:7a:b4:1a:dc:5a:9e:
         c5:d0:e4:21
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICBZowDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QzUxMDUxMTAvBgNVBAUTKDA4RTA4QkEwMjJBMzlEQjRBQjNGM0JEOEQwNUVFOTcx
OTRCMTc2ODIwHhcNMjMwMzE1MDAzMDU2WhcNMjQwNTI5MDAwMDAwWjAYMRYwFAYD
VQQDEw02NDExMTFjMC1iMDdlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAx11hOPB++irMwAhv76drPY65egkTLI9c1kiirEP7VSUCHO+vDOU4CoO/rewW
/SOlLhUIPnSdkgs64irhWpsze8lTJ1xSblpCkv1xW6dRaz30uG4IAor3/X16b7WK
jzncdumm504z+89/3/ivgFKW9CctrtFrtjPBjzbF7rbiyveh/zMT5M22UD7KMNgS
6EFVBKQReUtoF1CzZa9+7Gvrf9AoY0Fiy4JTKSjXGn+iRwmO7g6c6cQ6bsjm153l
vRc0EOCN3y5m0lvRzX0Fa9aeNSUVT0VAXLpa3xXs+MnFLgza/OWJJxA9IiKdMf0b
L6cREn2g2UIGCnCCoLEL530TqwIDAQABo4IClTCCApEwHQYDVR0OBBYEFOrWey7k
vGL5EQeeBoNLMaVOdKTHMB8GA1UdIwQYMBaAFAjgi6Aio520qz872NBe6XGUsXaC
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDNTEwNS9ERDcyMEI4NjMw
RjExMUVCQTIwMTQyNERDNEY5QUUwMi9DT0NMb0NLam5iU3JQenZZMEY3cGNaU3hk
b0kuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0NPQ0xvQ0tqbmJTclB6dlkwRjdwY1pTeGRvSS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QzUxMDUvREQ3MjBCODYzMEYxMTFFQkEyMDE0MjREQzRGOUFFMDIvQzIyMTk5MzBB
RUQ0MTFFQjkyRTdBNDcwQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAAk/00wDQYJKoZIhvcNAQELBQADggEBAKgjt6Cugg5ldKcq
ij9tCfetBlhddedvZHQTa46vy9UKX8YIU9U1EO+R7BHIKGcgZ23WBEXnPkk53NMb
wYOFVcbY+0hxvphN31VCOh9SDSSCrt2djNwQ8edVl7w5z9nWZuRAVvl6/7HFpuUo
bMT0sWOhxgZRzB+AK/dTx79dAwW2HCY6/4+XBoIKS8V4F+dfy4FXpf8oJk8CQG9N
f2uTA9dIMY6JLAqzXYo6CZo8Mjunh7ZyV1DVeIsL4HtO3OSGz5tn8ZZQMwuBoxHz
SpuVxYyFD5k6+NzCjXeJrVBD94erGsHRnC/ZQUNF6PbbCRvOS8pZs4TpyHq0Gtxa
nsXQ5CE=
-----END CERTIFICATE-----
Generated at Wed Mar 27 01:57:11 2024 by rpki-client on console-ams.rpki-client.org