Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91CB435/EC0590465BE911EB9668001EC4F9AE02/F07A52005BEA11EB9863331EC4F9AE02.roa
File:                     F07A52005BEA11EB9863331EC4F9AE02.roa (raw, json)
Hash identifier:          JfxeOd6cRi7KX9xc58yMMc6yyj7Cm4GP42UD9FpSFGI=
Subject key identifier:   BF:4E:F5:3F:94:87:B4:7F:62:F0:6E:2E:75:86:06:08:FE:D4:0B:06
Certificate issuer:       /CN=A91CB435/serialNumber=98C97E052D7D9AD5360959B9D3E076DADD76EA01
Certificate serial:       060A
Authority key identifier: 98:C9:7E:05:2D:7D:9A:D5:36:09:59:B9:D3:E0:76:DA:DD:76:EA:01
Authority info access:    rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/mMl-BS19mtU2CVm50-B22t126gE.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91CB435/EC0590465BE911EB9668001EC4F9AE02/F07A52005BEA11EB9863331EC4F9AE02.roa
Signing time:             Sat 11 May 2024 00:03:08 +0000
ROA not before:           Sat 11 May 2024 00:03:08 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     3758
IP address blocks:        194.180.111.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91CB435/EC0590465BE911EB9668001EC4F9AE02/mMl-BS19mtU2CVm50-B22t126gE.crl
                          rsync://rpki.apnic.net/member_repository/A91CB435/EC0590465BE911EB9668001EC4F9AE02/mMl-BS19mtU2CVm50-B22t126gE.mft
                          rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/mMl-BS19mtU2CVm50-B22t126gE.cer
                          rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/DPzneFf88B852ZpitKpi5hWedvg.crl
                          rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/DPzneFf88B852ZpitKpi5hWedvg.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DPzneFf88B852ZpitKpi5hWedvg.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 27 Nov 2024 19:46:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1546 (0x60a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91CB435/serialNumber=98C97E052D7D9AD5360959B9D3E076DADD76EA01
        Validity
            Not Before: May 11 00:03:08 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=663eb5bb-7981
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:6a:80:0b:38:24:b9:e6:e4:55:5d:5b:25:92:
                    70:eb:be:c3:bc:02:93:cf:97:4d:d9:03:7d:c0:2d:
                    b5:35:d1:a9:3f:51:e4:72:39:b0:c8:0d:9d:8b:4c:
                    af:21:31:fe:22:ce:d4:fa:38:95:7e:8d:6a:1f:4d:
                    59:3e:2d:e1:c5:5d:e2:c3:14:9b:ac:3c:bc:0d:1d:
                    b9:24:03:b2:c2:56:b3:50:a0:f2:3d:5e:64:48:ee:
                    e7:75:3b:29:3d:4a:74:57:a0:22:0d:16:95:d4:64:
                    95:39:0e:b3:85:8a:0e:d4:32:10:17:98:b0:c0:d8:
                    b3:f2:80:5d:2b:1c:c2:d5:20:29:75:a1:6a:1f:73:
                    bd:7c:e7:c9:8e:44:1f:b9:cc:0b:93:13:44:cc:fd:
                    75:20:c1:f6:91:4d:39:0a:d4:f9:b6:c4:66:02:45:
                    46:01:95:a5:aa:30:74:5e:42:58:59:da:4a:2d:d0:
                    53:61:cc:5f:74:bd:08:35:13:cd:cc:e8:9c:d3:f6:
                    14:35:06:bb:17:92:57:23:65:f7:2e:dd:35:24:74:
                    fe:4e:95:4a:1c:28:cc:3c:ef:98:a2:8d:f6:94:17:
                    74:a2:63:90:77:ae:4f:29:b9:f3:7b:63:d5:fb:12:
                    ac:94:2b:48:c8:7e:36:65:c6:ad:da:c1:30:ce:96:
                    57:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BF:4E:F5:3F:94:87:B4:7F:62:F0:6E:2E:75:86:06:08:FE:D4:0B:06
            X509v3 Authority Key Identifier:
                keyid:98:C9:7E:05:2D:7D:9A:D5:36:09:59:B9:D3:E0:76:DA:DD:76:EA:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91CB435/EC0590465BE911EB9668001EC4F9AE02/mMl-BS19mtU2CVm50-B22t126gE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/mMl-BS19mtU2CVm50-B22t126gE.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91CB435/EC0590465BE911EB9668001EC4F9AE02/F07A52005BEA11EB9863331EC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.180.111.0/24

    Signature Algorithm: sha256WithRSAEncryption
         76:d1:02:ba:0f:61:19:8b:65:54:3e:53:20:1f:38:69:0a:4d:
         d2:7a:88:da:f9:61:11:09:86:ae:57:b2:b7:ad:bc:55:4f:d3:
         7f:33:78:7e:9d:2b:72:6c:65:07:d7:c8:cc:ea:d8:0a:35:28:
         aa:6d:91:7f:8c:32:4b:d1:eb:32:89:d9:7c:5a:43:fa:64:fa:
         0a:ad:45:06:8d:d0:76:8e:ec:8a:79:c8:d2:96:8b:34:15:f9:
         1f:6d:bf:63:2c:81:c1:c1:23:81:07:63:07:ef:b1:f8:5d:01:
         d1:4e:41:c6:2b:f9:be:ad:77:fb:21:0f:26:d9:d7:97:5f:6c:
         34:f9:cc:2d:2f:91:31:9c:d4:45:8d:dd:aa:6b:47:6e:b4:75:
         66:99:4f:7b:79:ee:b2:8a:59:12:05:95:e2:6f:b5:8f:1b:8a:
         8e:38:f9:db:90:09:35:25:c0:57:3d:9d:1c:0e:e9:1c:9f:58:
         15:cd:c8:60:bf:23:fd:fc:f1:46:0e:55:f0:36:17:71:3a:55:
         32:36:48:6d:cc:d6:12:6d:c7:d2:c6:c4:2e:12:77:9f:fb:9c:
         e0:47:8f:2b:c9:7d:d5:21:fe:27:a7:2f:6e:8b:5e:9a:fa:e6:
         32:52:47:34:4c:af:2f:05:8e:9e:0a:1d:3c:1a:57:89:4f:fa:
         62:72:ff:de
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICBgowDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Q0I0MzUxMTAvBgNVBAUTKDk4Qzk3RTA1MkQ3RDlBRDUzNjA5NTlCOUQzRTA3NkRB
REQ3NkVBMDEwHhcNMjQwNTExMDAwMzA4WhcNMjUwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjNlYjViYi03OTgxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEApWqACzgkuebkVV1bJZJw677DvAKTz5dN2QN9wC21NdGpP1HkcjmwyA2di0yv
ITH+Is7U+jiVfo1qH01ZPi3hxV3iwxSbrDy8DR25JAOywlazUKDyPV5kSO7ndTsp
PUp0V6AiDRaV1GSVOQ6zhYoO1DIQF5iwwNiz8oBdKxzC1SApdaFqH3O9fOfJjkQf
ucwLkxNEzP11IMH2kU05CtT5tsRmAkVGAZWlqjB0XkJYWdpKLdBTYcxfdL0INRPN
zOic0/YUNQa7F5JXI2X3Lt01JHT+TpVKHCjMPO+Yoo32lBd0omOQd65PKbnze2PV
+xKslCtIyH42Zcat2sEwzpZX2QIDAQABo4IClTCCApEwHQYDVR0OBBYEFL9O9T+U
h7R/YvBuLnWGBgj+1AsGMB8GA1UdIwQYMBaAFJjJfgUtfZrVNglZudPgdtrdduoB
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDQjQzNS9FQzA1OTA0NjVC
RTkxMUVCOTY2ODAwMUVDNEY5QUUwMi9tTWwtQlMxOW10VTJDVm01MC1CMjJ0MTI2
Z0UuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzMjJBNUY0MUQ2NjExRTJBM0YyN0Y3Qzcy
RkQxRkYyL21NbC1CUzE5bXRVMkNWbTUwLUIyMnQxMjZnRS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Q0I0MzUvRUMwNTkwNDY1QkU5MTFFQjk2NjgwMDFFQzRGOUFFMDIvRjA3QTUyMDA1
QkVBMTFFQjk4NjMzMzFFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADCtG8wDQYJKoZIhvcNAQELBQADggEBAHbRAroPYRmLZVQ+
UyAfOGkKTdJ6iNr5YREJhq5XsretvFVP038zeH6dK3JsZQfXyMzq2Ao1KKptkX+M
MkvR6zKJ2XxaQ/pk+gqtRQaN0HaO7Ip5yNKWizQV+R9tv2MsgcHBI4EHYwfvsfhd
AdFOQcYr+b6td/shDybZ15dfbDT5zC0vkTGc1EWN3aprR260dWaZT3t57rKKWRIF
leJvtY8bio44+duQCTUlwFc9nRwO6RyfWBXNyGC/I/388UYOVfA2F3E6VTI2SG3M
1hJtx9LGxC4Sd5/7nOBHjyvJfdUh/ienL26LXpr65jJSRzRMry8Fjp4KHTwaV4lP
+mJy/94=
-----END CERTIFICATE-----
Generated at Wed Nov 20 23:11:48 2024 by rpki-client on console-fra.rpki-client.org