Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91CEAA2/D2AB292C1D9911E2BA529A8608B02CD2/F2C1B32AD59511EC9A77CC14C4F9AE02.roa
File:                     F2C1B32AD59511EC9A77CC14C4F9AE02.roa (raw, json)
Hash identifier:          uhlffbcdYKcTTzZ4/rK2stZpIMJc+HDHstbtMJ9TZK0=
Subject key identifier:   BB:44:B4:6A:A1:43:24:41:42:FA:3A:EF:FA:9E:78:48:15:99:76:75
Certificate issuer:       /CN=A91CEAA2/serialNumber=FF495293CB5F15E5D14BACC2DB1052B2E2C825C8
Certificate serial:       3363
Authority key identifier: FF:49:52:93:CB:5F:15:E5:D1:4B:AC:C2:DB:10:52:B2:E2:C8:25:C8
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_0lSk8tfFeXRS6zC2xBSsuLIJcg.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91CEAA2/D2AB292C1D9911E2BA529A8608B02CD2/F2C1B32AD59511EC9A77CC14C4F9AE02.roa
Signing time:             Wed 30 Aug 2023 15:00:55 +0000
ROA not before:           Wed 30 Aug 2023 15:00:55 +0000
ROA not after:            Thu 31 Oct 2024 00:00:00 +0000
asID:                     16509
IP address blocks:        116.214.100.0/24 maxlen: 24
                          116.214.101.0/24 maxlen: 24
                          116.214.120.0/24 maxlen: 24
                          116.214.121.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91CEAA2/D2AB292C1D9911E2BA529A8608B02CD2/_0lSk8tfFeXRS6zC2xBSsuLIJcg.crl
                          rsync://rpki.apnic.net/member_repository/A91CEAA2/D2AB292C1D9911E2BA529A8608B02CD2/_0lSk8tfFeXRS6zC2xBSsuLIJcg.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_0lSk8tfFeXRS6zC2xBSsuLIJcg.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 04 Apr 2024 14:50:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 13155 (0x3363)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91CEAA2/serialNumber=FF495293CB5F15E5D14BACC2DB1052B2E2C825C8
        Validity
            Not Before: Aug 30 15:00:55 2023 GMT
            Not After : Oct 31 00:00:00 2024 GMT
        Subject: CN=64ef59a7-6b5b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:84:35:cf:35:6e:88:f5:8b:65:95:64:8a:91:
                    74:1c:7e:3e:82:f0:84:bd:b5:a7:97:4c:8c:e4:e2:
                    b9:dc:b1:74:b5:ee:c5:08:c1:95:f9:92:87:d8:95:
                    f2:86:bc:c1:c1:63:12:6b:33:7b:e0:5a:96:f7:00:
                    dc:e2:67:33:7b:0c:d0:3d:ca:09:7d:0b:5a:0a:e6:
                    07:48:27:c8:92:bd:a2:20:2f:66:7f:6f:f5:35:87:
                    79:6e:bc:ea:f2:c4:66:de:2e:22:f6:7f:3b:d5:c2:
                    ac:ce:4a:e0:42:52:60:4c:0c:31:14:7f:fc:8e:fe:
                    94:1b:8f:2a:59:32:5f:fd:06:11:87:ea:87:56:50:
                    ee:7e:07:0e:6b:15:37:cc:39:78:03:dd:b7:39:89:
                    2a:30:c5:cc:c0:75:73:a2:79:dc:a5:68:ca:64:55:
                    00:9b:c9:15:41:a2:8c:6a:64:59:80:25:bd:b0:18:
                    30:bc:92:5e:c3:1d:7d:59:d0:43:27:54:d7:07:67:
                    70:90:76:9c:a6:1a:ec:a7:00:3b:51:35:fe:54:7e:
                    30:9c:1e:be:24:9e:c7:f2:a7:56:03:b6:3d:d6:a2:
                    55:4b:0b:27:e0:f9:72:f0:3e:7a:7e:5c:01:3d:ba:
                    17:c4:c5:a0:36:20:16:28:44:3d:e7:f1:2d:79:17:
                    f7:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:44:B4:6A:A1:43:24:41:42:FA:3A:EF:FA:9E:78:48:15:99:76:75
            X509v3 Authority Key Identifier:
                keyid:FF:49:52:93:CB:5F:15:E5:D1:4B:AC:C2:DB:10:52:B2:E2:C8:25:C8

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91CEAA2/D2AB292C1D9911E2BA529A8608B02CD2/_0lSk8tfFeXRS6zC2xBSsuLIJcg.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_0lSk8tfFeXRS6zC2xBSsuLIJcg.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91CEAA2/D2AB292C1D9911E2BA529A8608B02CD2/F2C1B32AD59511EC9A77CC14C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  116.214.100.0/23
                  116.214.120.0/23

    Signature Algorithm: sha256WithRSAEncryption
         ba:a0:13:21:8a:6c:a1:b6:65:7e:8f:dd:e9:82:b5:47:0a:ed:
         0f:99:ee:ee:cc:f4:44:3c:d4:1b:27:04:6c:aa:5d:4c:d4:b4:
         84:62:dd:91:b7:1e:05:8b:6d:1f:35:05:1d:db:5c:81:6e:97:
         35:43:2b:6b:f0:e8:04:dc:a6:4e:21:9a:4f:48:b8:b1:80:1f:
         cf:78:78:91:44:0c:e5:20:5d:4c:38:1b:81:0d:f3:23:7c:f2:
         7f:02:4c:c3:d1:a9:ee:68:95:92:8d:76:aa:0c:c7:90:e5:e7:
         b1:97:56:93:b9:1e:b4:71:5b:f8:53:f1:02:2c:3f:45:6d:7f:
         13:2e:dd:90:7b:af:12:d8:b3:83:30:98:6c:41:59:42:14:23:
         fb:92:28:b8:f3:d8:17:09:3e:21:b3:9d:89:aa:bd:b5:1f:a5:
         6b:eb:65:10:f3:04:91:c0:81:a6:ce:b8:30:ef:09:88:3a:91:
         2b:a0:2b:1a:5d:27:e8:34:64:4c:2e:90:10:71:35:8a:ac:35:
         08:25:ea:59:48:4c:5c:bc:09:dd:f2:3b:a9:24:a5:5c:52:e7:
         fe:1a:62:01:61:8e:f2:f4:15:70:bb:18:9c:01:a6:e3:1e:d5:
         cc:3a:22:c6:57:84:f8:92:3f:69:da:6d:54:69:8b:69:2b:3f:
         b4:e1:ad:bc
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICM2MwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Q0VBQTIxMTAvBgNVBAUTKEZGNDk1MjkzQ0I1RjE1RTVEMTRCQUNDMkRCMTA1MkIy
RTJDODI1QzgwHhcNMjMwODMwMTUwMDU1WhcNMjQxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NGVmNTlhNy02YjViMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA8IQ1zzVuiPWLZZVkipF0HH4+gvCEvbWnl0yM5OK53LF0te7FCMGV+ZKH2JXy
hrzBwWMSazN74FqW9wDc4mczewzQPcoJfQtaCuYHSCfIkr2iIC9mf2/1NYd5brzq
8sRm3i4i9n871cKszkrgQlJgTAwxFH/8jv6UG48qWTJf/QYRh+qHVlDufgcOaxU3
zDl4A923OYkqMMXMwHVzonncpWjKZFUAm8kVQaKMamRZgCW9sBgwvJJewx19WdBD
J1TXB2dwkHacphrspwA7UTX+VH4wnB6+JJ7H8qdWA7Y91qJVSwsn4Ply8D56flwB
PboXxMWgNiAWKEQ95/EteRf3gwIDAQABo4ICmzCCApcwHQYDVR0OBBYEFLtEtGqh
QyRBQvo67/qeeEgVmXZ1MB8GA1UdIwQYMBaAFP9JUpPLXxXl0UuswtsQUrLiyCXI
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDRUFBMi9EMkFCMjkyQzFE
OTkxMUUyQkE1MjlBODYwOEIwMkNEMi9fMGxTazh0ZkZlWFJTNnpDMnhCU3N1TElK
Y2cuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL18wbFNrOHRmRmVYUlM2ekMyeEJTc3VMSUpjZy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Q0VBQTIvRDJBQjI5MkMxRDk5MTFFMkJBNTI5QTg2MDhCMDJDRDIvRjJDMUIzMkFE
NTk1MTFFQzlBNzdDQzE0QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBAF01mQDBAF01ngwDQYJKoZIhvcNAQELBQADggEBALqgEyGK
bKG2ZX6P3emCtUcK7Q+Z7u7M9EQ81BsnBGyqXUzUtIRi3ZG3HgWLbR81BR3bXIFu
lzVDK2vw6ATcpk4hmk9IuLGAH894eJFEDOUgXUw4G4EN8yN88n8CTMPRqe5olZKN
dqoMx5Dl57GXVpO5HrRxW/hT8QIsP0VtfxMu3ZB7rxLYs4MwmGxBWUIUI/uSKLjz
2BcJPiGznYmqvbUfpWvrZRDzBJHAgabOuDDvCYg6kSugKxpdJ+g0ZEwukBBxNYqs
NQgl6llITFy8Cd3yO6kkpVxS5/4aYgFhjvL0FXC7GJwBpuMe1cw6IsZXhPiSP2na
bVRpi2krP7Thrbw=
-----END CERTIFICATE-----
Generated at Thu Mar 28 16:07:43 2024 by rpki-client on console-ams.rpki-client.org