Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91CF064/F3CA617244E211EFB13F2214C4F9AE02/F74324B0464511EFA4CCFA6DC4F9AE02.roa
File:                     F74324B0464511EFA4CCFA6DC4F9AE02.roa (raw, json)
Hash identifier:          fPKFaBZi29sZTZtbLlYUsELWzYxUxH7zVg+U9ijvWSo=
Subject key identifier:   2D:46:CF:97:C1:AA:4E:A6:F4:A1:BB:48:E3:55:B7:38:86:F0:B6:CD
Certificate issuer:       /CN=A91CF064/serialNumber=AD4332038272C2DB3215DDA3ADFB015354156913
Certificate serial:       06
Authority key identifier: AD:43:32:03:82:72:C2:DB:32:15:DD:A3:AD:FB:01:53:54:15:69:13
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/rUMyA4JywtsyFd2jrfsBU1QVaRM.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91CF064/F3CA617244E211EFB13F2214C4F9AE02/F74324B0464511EFA4CCFA6DC4F9AE02.roa
Signing time:             Sat 20 Jul 2024 03:21:07 +0000
ROA not before:           Sat 20 Jul 2024 03:21:07 +0000
ROA not after:            Wed 30 Jul 2025 00:00:00 +0000
asID:                     141455
IP address blocks:        160.20.126.0/23 maxlen: 23
                          160.20.126.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91CF064/F3CA617244E211EFB13F2214C4F9AE02/rUMyA4JywtsyFd2jrfsBU1QVaRM.crl
                          rsync://rpki.apnic.net/member_repository/A91CF064/F3CA617244E211EFB13F2214C4F9AE02/rUMyA4JywtsyFd2jrfsBU1QVaRM.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/rUMyA4JywtsyFd2jrfsBU1QVaRM.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 30 Nov 2024 02:50:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 6 (0x6)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91CF064/serialNumber=AD4332038272C2DB3215DDA3ADFB015354156913
        Validity
            Not Before: Jul 20 03:21:07 2024 GMT
            Not After : Jul 30 00:00:00 2025 GMT
        Subject: CN=669b2d23-ea1a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:6d:3c:61:12:77:c6:ad:17:ae:10:ad:c8:65:
                    21:23:c0:ed:40:e6:c7:e9:70:9b:bb:ff:67:59:b3:
                    40:62:55:a9:3d:da:6b:08:be:f0:5f:43:2f:44:1c:
                    ca:b4:b9:a5:04:cd:3d:52:fa:29:9d:a5:6c:91:67:
                    a7:05:e7:0c:dd:63:8a:db:02:49:88:a3:c2:27:b2:
                    f2:82:6d:6e:9f:0d:d8:d0:1c:5f:a1:aa:6e:df:dd:
                    ad:48:4a:31:85:33:28:19:fe:9d:f3:26:5f:05:f8:
                    04:da:49:57:b0:0e:e0:bb:48:d6:56:b3:18:8a:03:
                    ee:5e:85:59:c3:38:52:69:67:6e:c6:1d:a1:a8:72:
                    14:8f:81:5c:09:41:eb:bc:94:35:a4:65:74:f5:4e:
                    3c:43:0f:d8:fc:5c:f6:02:6a:af:9b:c8:36:64:e1:
                    e9:55:62:6d:68:80:d0:f3:21:4b:ac:88:d9:23:ca:
                    df:8b:bd:5b:39:25:76:98:2c:54:73:40:9b:c6:92:
                    56:04:99:90:79:52:07:c9:c6:0d:cf:26:f5:96:1c:
                    92:30:b9:71:0f:ef:65:11:9e:05:64:7b:81:f8:b7:
                    ab:4e:3a:40:e6:5f:bb:ef:97:95:68:1a:b8:11:36:
                    a1:e6:4c:2c:a5:26:09:c3:71:01:84:46:d8:af:3d:
                    84:03
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2D:46:CF:97:C1:AA:4E:A6:F4:A1:BB:48:E3:55:B7:38:86:F0:B6:CD
            X509v3 Authority Key Identifier:
                keyid:AD:43:32:03:82:72:C2:DB:32:15:DD:A3:AD:FB:01:53:54:15:69:13

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91CF064/F3CA617244E211EFB13F2214C4F9AE02/rUMyA4JywtsyFd2jrfsBU1QVaRM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/rUMyA4JywtsyFd2jrfsBU1QVaRM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91CF064/F3CA617244E211EFB13F2214C4F9AE02/F74324B0464511EFA4CCFA6DC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.20.126.0/23

    Signature Algorithm: sha256WithRSAEncryption
         67:a7:1f:58:08:12:f9:b2:5a:c1:00:a2:9a:0c:0e:af:a6:72:
         6e:cb:b7:3c:31:c2:b8:bc:7c:e2:8f:31:9a:e7:c5:45:49:da:
         bc:90:c4:19:e2:64:24:3f:9e:05:0f:56:11:aa:be:b5:ef:9a:
         01:4a:13:3b:04:87:41:51:be:9a:9b:19:78:af:6c:de:5a:50:
         72:b8:50:e6:c7:7a:39:e7:50:bd:b1:48:40:cd:23:af:71:71:
         bb:93:4e:a9:e9:bf:3f:a9:ad:2e:14:e2:31:d5:48:a1:ff:8d:
         fd:61:e9:f2:31:a3:7b:af:07:51:c3:0e:ff:e9:33:83:af:b3:
         54:5f:e1:21:7a:6c:23:73:0d:6c:b5:a4:56:06:0f:cb:f9:3d:
         74:07:0f:d9:99:ae:3f:ce:ac:ec:05:3a:6a:4d:93:89:15:80:
         25:42:28:5f:fa:cd:2f:6c:fc:8b:90:cb:3c:db:e0:5e:48:61:
         85:3b:59:58:eb:c0:6a:5f:59:35:2b:48:d8:ec:bc:36:01:6e:
         6c:7b:ea:dd:e0:e1:43:5d:ec:9d:22:a1:02:e8:86:ba:ee:0d:
         ce:25:d8:de:8f:60:cd:b5:a1:db:73:c4:be:a5:0e:09:1b:ba:
         3a:b5:27:86:23:ac:ec:8a:d0:7d:03:4a:db:48:6d:6a:c4:a0:
         b8:15:5b:86
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgIBBjANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFD
RjA2NDExMC8GA1UEBRMoQUQ0MzMyMDM4MjcyQzJEQjMyMTVEREEzQURGQjAxNTM1
NDE1NjkxMzAeFw0yNDA3MjAwMzIxMDdaFw0yNTA3MzAwMDAwMDBaMBgxFjAUBgNV
BAMTDTY2OWIyZDIzLWVhMWEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQC/bTxhEnfGrReuEK3IZSEjwO1A5sfpcJu7/2dZs0BiVak92msIvvBfQy9EHMq0
uaUEzT1S+imdpWyRZ6cF5wzdY4rbAkmIo8InsvKCbW6fDdjQHF+hqm7f3a1ISjGF
MygZ/p3zJl8F+ATaSVewDuC7SNZWsxiKA+5ehVnDOFJpZ27GHaGochSPgVwJQeu8
lDWkZXT1TjxDD9j8XPYCaq+byDZk4elVYm1ogNDzIUusiNkjyt+LvVs5JXaYLFRz
QJvGklYEmZB5UgfJxg3PJvWWHJIwuXEP72URngVke4H4t6tOOkDmX7vvl5VoGrgR
NqHmTCylJgnDcQGERtivPYQDAgMBAAGjggKVMIICkTAdBgNVHQ4EFgQULUbPl8Gq
Tqb0obtI41W3OIbwts0wHwYDVR0jBBgwFoAUrUMyA4JywtsyFd2jrfsBU1QVaRMw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUNGMDY0L0YzQ0E2MTcyNDRF
MjExRUZCMTNGMjIxNEM0RjlBRTAyL3JVTXlBNEp5d3RzeUZkMmpyZnNCVTFRVmFS
TS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRGMjAxRDY2MTFFMjhBQzg4MzdDNzJG
RDFGRjIvclVNeUE0Snl3dHN5RmQyanJmc0JVMVFWYVJNLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFD
RjA2NC9GM0NBNjE3MjQ0RTIxMUVGQjEzRjIyMTRDNEY5QUUwMi9GNzQzMjRCMDQ2
NDUxMUVGQTRDQ0ZBNkRDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEAaAUfjANBgkqhkiG9w0BAQsFAAOCAQEAZ6cfWAgS+bJawQCi
mgwOr6Zybsu3PDHCuLx84o8xmufFRUnavJDEGeJkJD+eBQ9WEaq+te+aAUoTOwSH
QVG+mpsZeK9s3lpQcrhQ5sd6OedQvbFIQM0jr3Fxu5NOqem/P6mtLhTiMdVIof+N
/WHp8jGje68HUcMO/+kzg6+zVF/hIXpsI3MNbLWkVgYPy/k9dAcP2ZmuP86s7AU6
ak2TiRWAJUIoX/rNL2z8i5DLPNvgXkhhhTtZWOvAal9ZNStI2Oy8NgFubHvq3eDh
Q13snSKhAuiGuu4NziXY3o9gzbWh23PEvqUOCRu6OrUnhiOs7IrQfQNK20htasSg
uBVbhg==
-----END CERTIFICATE-----
Generated at Sat Nov 23 06:21:30 2024 by rpki-client on console-fra.rpki-client.org