Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91D0B40/1FA0225038E011EF94B84D7FC4F9AE02/ACCFC92C38E111EF99DA0575C4F9AE02.roa
File:                     ACCFC92C38E111EF99DA0575C4F9AE02.roa (raw, json)
Hash identifier:          IQkb9vrLkHbIT0l31y7TiaLX4Y+rsb5o734kaa0aCok=
Subject key identifier:   AC:67:A6:DB:BD:9D:C6:55:A5:65:43:85:5D:44:32:2D:98:92:21:88
Certificate issuer:       /CN=A91D0B40/serialNumber=2D7484A17F4E9E69410051EF53B7BE71937F9F9C
Certificate serial:       02
Authority key identifier: 2D:74:84:A1:7F:4E:9E:69:41:00:51:EF:53:B7:BE:71:93:7F:9F:9C
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/LXSEoX9OnmlBAFHvU7e-cZN_n5w.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91D0B40/1FA0225038E011EF94B84D7FC4F9AE02/ACCFC92C38E111EF99DA0575C4F9AE02.roa
Signing time:             Wed 03 Jul 2024 02:12:19 +0000
ROA not before:           Wed 03 Jul 2024 02:12:19 +0000
ROA not after:            Thu 01 May 2025 00:00:00 +0000
asID:                     152905
IP address blocks:        157.15.106.0/24 maxlen: 24
                          157.15.107.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91D0B40/1FA0225038E011EF94B84D7FC4F9AE02/LXSEoX9OnmlBAFHvU7e-cZN_n5w.crl
                          rsync://rpki.apnic.net/member_repository/A91D0B40/1FA0225038E011EF94B84D7FC4F9AE02/LXSEoX9OnmlBAFHvU7e-cZN_n5w.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/LXSEoX9OnmlBAFHvU7e-cZN_n5w.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 16 Nov 2024 02:50:10 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91D0B40/serialNumber=2D7484A17F4E9E69410051EF53B7BE71937F9F9C
        Validity
            Not Before: Jul  3 02:12:19 2024 GMT
            Not After : May  1 00:00:00 2025 GMT
        Subject: CN=6684b383-24e8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a0:fc:4c:6e:41:c7:9e:9a:21:5d:fe:a6:1b:bd:
                    0e:44:d4:17:ef:06:02:a2:2a:8c:d0:42:30:a4:c0:
                    06:e3:8a:dc:8f:e8:b2:3a:0b:63:fa:2d:47:cd:1b:
                    4f:5a:b9:3c:cf:9b:fb:aa:2b:bc:4d:d0:14:c3:1d:
                    09:93:68:2d:77:bd:c4:22:2a:a3:3f:b5:f2:30:b3:
                    4d:ad:ff:47:a7:b6:51:7f:7d:44:9d:f9:5a:ee:80:
                    36:60:61:e9:c0:64:33:86:aa:03:25:a6:d1:c4:d5:
                    7f:5b:57:9f:33:a6:a0:1c:40:34:39:7c:15:7c:71:
                    e7:8f:e0:be:06:01:fd:41:0b:59:b5:5c:10:94:27:
                    99:a9:fb:86:97:60:5b:e5:4e:71:35:5d:1e:7b:13:
                    50:70:3a:c5:88:51:42:40:f0:71:05:10:32:88:58:
                    a5:6f:ac:20:18:dc:1a:65:35:4e:64:d6:bf:6a:27:
                    ee:a8:c6:fa:fc:6a:12:93:76:e7:77:a4:a2:f7:cd:
                    9e:1c:06:6a:1e:1e:1e:a0:14:cd:08:c8:35:f9:3b:
                    e2:cc:57:29:1d:eb:d4:2d:0e:1c:c5:96:43:1d:5b:
                    34:13:2a:63:6c:e7:77:5b:4b:41:a7:a3:fe:56:f0:
                    ba:2d:df:d3:92:0e:66:81:4d:3e:41:36:bc:85:de:
                    95:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:67:A6:DB:BD:9D:C6:55:A5:65:43:85:5D:44:32:2D:98:92:21:88
            X509v3 Authority Key Identifier:
                keyid:2D:74:84:A1:7F:4E:9E:69:41:00:51:EF:53:B7:BE:71:93:7F:9F:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91D0B40/1FA0225038E011EF94B84D7FC4F9AE02/LXSEoX9OnmlBAFHvU7e-cZN_n5w.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/LXSEoX9OnmlBAFHvU7e-cZN_n5w.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91D0B40/1FA0225038E011EF94B84D7FC4F9AE02/ACCFC92C38E111EF99DA0575C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.15.106.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9e:32:3e:e3:f3:5e:1e:8d:3c:35:02:03:95:b7:64:bb:56:4c:
         3c:5c:61:56:02:01:92:a3:62:6a:b9:66:00:d2:19:26:f0:3c:
         fe:9e:c6:3b:b2:54:67:84:f8:b3:77:90:55:16:f1:c0:2c:99:
         78:83:b0:8d:e0:a3:13:24:64:05:6a:e4:35:9c:54:a6:ba:f4:
         a5:b3:65:4f:55:74:51:ca:fa:fa:99:ca:5c:29:ff:60:01:52:
         ca:b7:75:4f:c6:cf:cb:d3:da:9a:74:b1:a2:4a:7c:17:9a:62:
         27:f0:dc:d2:90:bd:61:0e:d0:f8:4e:1c:bc:a1:f5:f2:2c:16:
         a3:44:0a:cd:a5:38:71:be:61:04:ba:d2:f5:a6:e1:98:07:e2:
         a3:ce:16:34:08:f9:35:5a:7d:28:b2:00:97:47:78:d9:3d:ce:
         0d:cf:10:fe:ae:de:08:9c:26:92:78:ce:bc:ec:63:42:81:2a:
         80:83:d3:8e:35:92:61:64:23:63:b8:c9:83:28:2f:19:13:70:
         3c:77:1b:78:06:b0:e0:5f:e2:90:49:79:e8:c2:b1:78:8e:92:
         82:e2:79:eb:9f:22:a8:e2:c6:18:49:ad:8c:bf:65:37:0b:49:
         8e:cb:78:64:5b:af:f2:3c:d8:3c:f6:6c:52:94:ff:88:fe:34:
         8e:df:03:95
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgIBAjANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFE
MEI0MDExMC8GA1UEBRMoMkQ3NDg0QTE3RjRFOUU2OTQxMDA1MUVGNTNCN0JFNzE5
MzdGOUY5QzAeFw0yNDA3MDMwMjEyMTlaFw0yNTA1MDEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY2ODRiMzgzLTI0ZTgwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCg/ExuQceemiFd/qYbvQ5E1BfvBgKiKozQQjCkwAbjityP6LI6C2P6LUfNG09a
uTzPm/uqK7xN0BTDHQmTaC13vcQiKqM/tfIws02t/0entlF/fUSd+VrugDZgYenA
ZDOGqgMlptHE1X9bV58zpqAcQDQ5fBV8ceeP4L4GAf1BC1m1XBCUJ5mp+4aXYFvl
TnE1XR57E1BwOsWIUUJA8HEFEDKIWKVvrCAY3BplNU5k1r9qJ+6oxvr8ahKTdud3
pKL3zZ4cBmoeHh6gFM0IyDX5O+LMVykd69QtDhzFlkMdWzQTKmNs53dbS0Gno/5W
8Lot39OSDmaBTT5BNryF3pWdAgMBAAGjggKVMIICkTAdBgNVHQ4EFgQUrGem272d
xlWlZUOFXUQyLZiSIYgwHwYDVR0jBBgwFoAULXSEoX9OnmlBAFHvU7e+cZN/n5ww
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUQwQjQwLzFGQTAyMjUwMzhF
MDExRUY5NEI4NEQ3RkM0RjlBRTAyL0xYU0VvWDlPbm1sQkFGSHZVN2UtY1pOX241
dy5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRGMjAxRDY2MTFFMjhBQzg4MzdDNzJG
RDFGRjIvTFhTRW9YOU9ubWxCQUZIdlU3ZS1jWk5fbjV3LmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFE
MEI0MC8xRkEwMjI1MDM4RTAxMUVGOTRCODREN0ZDNEY5QUUwMi9BQ0NGQzkyQzM4
RTExMUVGOTlEQTA1NzVDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEAZ0PajANBgkqhkiG9w0BAQsFAAOCAQEAnjI+4/NeHo08NQID
lbdku1ZMPFxhVgIBkqNiarlmANIZJvA8/p7GO7JUZ4T4s3eQVRbxwCyZeIOwjeCj
EyRkBWrkNZxUprr0pbNlT1V0Ucr6+pnKXCn/YAFSyrd1T8bPy9PamnSxokp8F5pi
J/Dc0pC9YQ7Q+E4cvKH18iwWo0QKzaU4cb5hBLrS9abhmAfio84WNAj5NVp9KLIA
l0d42T3ODc8Q/q7eCJwmknjOvOxjQoEqgIPTjjWSYWQjY7jJgygvGRNwPHcbeAaw
4F/ikEl56MKxeI6SguJ5658iqOLGGEmtjL9lNwtJjst4ZFuv8jzYPPZsUpT/iP40
jt8DlQ==
-----END CERTIFICATE-----
Generated at Sat Nov 9 06:56:21 2024 by rpki-client on console-fra.rpki-client.org