Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91D63AF/4DFE6824B6B711EEA9D7FC3AC4F9AE02/6241069011E111EFBBB70B32C4F9AE02.roa
File:                     6241069011E111EFBBB70B32C4F9AE02.roa (raw, json)
Hash identifier:          JxI86Wejjp4xvatXjkIX7nssbC2BudoqYiXNb8glC5E=
Subject key identifier:   75:76:CA:97:4E:25:61:FB:7E:6E:03:43:AD:E3:C4:DD:A0:75:91:2A
Certificate issuer:       /CN=A91D63AF/serialNumber=3474C2539861100AFD963A163C802D0264F8EC7D
Certificate serial:       42
Authority key identifier: 34:74:C2:53:98:61:10:0A:FD:96:3A:16:3C:80:2D:02:64:F8:EC:7D
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/NHTCU5hhEAr9ljoWPIAtAmT47H0.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91D63AF/4DFE6824B6B711EEA9D7FC3AC4F9AE02/6241069011E111EFBBB70B32C4F9AE02.roa
Signing time:             Tue 14 May 2024 11:01:59 +0000
ROA not before:           Tue 14 May 2024 11:01:59 +0000
ROA not after:            Thu 01 May 2025 00:00:00 +0000
asID:                     152339
IP address blocks:        157.10.250.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91D63AF/4DFE6824B6B711EEA9D7FC3AC4F9AE02/NHTCU5hhEAr9ljoWPIAtAmT47H0.crl
                          rsync://rpki.apnic.net/member_repository/A91D63AF/4DFE6824B6B711EEA9D7FC3AC4F9AE02/NHTCU5hhEAr9ljoWPIAtAmT47H0.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/NHTCU5hhEAr9ljoWPIAtAmT47H0.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 28 Nov 2024 02:50:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 66 (0x42)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91D63AF/serialNumber=3474C2539861100AFD963A163C802D0264F8EC7D
        Validity
            Not Before: May 14 11:01:59 2024 GMT
            Not After : May  1 00:00:00 2025 GMT
        Subject: CN=664344a6-61b9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:4d:97:d5:c6:3a:bf:4c:80:3e:a0:bc:78:eb:
                    da:74:54:02:32:2a:ae:91:c5:51:99:40:1e:a6:0a:
                    fc:04:71:71:38:ec:d0:37:a4:96:ff:75:16:3a:b1:
                    eb:be:29:3a:ac:3c:45:31:54:76:d4:4e:b5:08:ee:
                    81:d3:b3:64:23:d6:da:35:61:af:94:32:5a:e5:de:
                    48:eb:da:76:ee:24:27:ea:f4:38:17:84:da:7c:a4:
                    73:1b:2e:4c:34:62:f1:30:6c:c6:47:a7:9a:ac:1b:
                    01:63:a6:cb:1f:ac:b2:bc:00:8f:cd:d0:f8:06:46:
                    e2:b2:5a:72:c9:b1:79:15:81:37:70:fc:a4:91:78:
                    69:f5:02:37:1d:d6:06:65:97:12:a5:4e:3e:90:29:
                    95:cc:fb:a0:e6:5f:b3:d3:35:a6:8e:5a:79:62:f0:
                    65:31:a0:20:29:1c:aa:59:3f:1f:c4:71:f1:c7:d6:
                    19:35:8d:45:54:10:30:47:f9:bf:f1:02:24:95:9b:
                    1e:82:b3:88:f5:79:04:4c:bf:b5:4d:e2:c6:ce:39:
                    47:ad:f6:de:2d:ef:fd:5e:d5:a6:4a:52:92:d5:cb:
                    31:b5:15:09:7f:1e:dd:c4:86:a9:94:f2:10:3c:b7:
                    90:a8:ef:d6:ff:4c:5a:a7:01:70:c2:59:62:5b:57:
                    15:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                75:76:CA:97:4E:25:61:FB:7E:6E:03:43:AD:E3:C4:DD:A0:75:91:2A
            X509v3 Authority Key Identifier:
                keyid:34:74:C2:53:98:61:10:0A:FD:96:3A:16:3C:80:2D:02:64:F8:EC:7D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91D63AF/4DFE6824B6B711EEA9D7FC3AC4F9AE02/NHTCU5hhEAr9ljoWPIAtAmT47H0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/NHTCU5hhEAr9ljoWPIAtAmT47H0.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91D63AF/4DFE6824B6B711EEA9D7FC3AC4F9AE02/6241069011E111EFBBB70B32C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.10.250.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:5c:f7:4d:21:f1:f9:67:2c:d5:44:01:e7:0d:13:5b:f1:aa:
         b1:19:d0:86:f6:e8:bd:07:51:ff:cd:31:5a:8d:94:dd:d4:b7:
         be:cb:99:b4:80:88:f0:f3:27:69:48:8a:41:3a:f1:c2:80:bc:
         0b:f6:ef:8e:94:9a:09:c4:73:13:99:a3:1b:73:7d:84:ba:1a:
         d2:0b:41:e2:6e:0d:7f:e0:58:db:73:be:0d:2b:89:8a:7a:48:
         3d:05:5d:f3:94:67:52:2a:36:0f:a7:ca:d2:75:80:35:75:70:
         64:e5:04:12:01:e7:9a:93:5a:4f:a0:05:dd:dc:b9:39:bf:4f:
         6c:f0:05:14:49:c1:9e:b2:b5:5f:f7:7c:f4:aa:02:d0:d6:eb:
         ad:7f:35:8f:02:9c:c4:80:28:59:cd:14:a2:96:56:d1:22:9a:
         f5:39:ec:51:86:1b:39:b6:a5:b3:82:29:6a:96:9f:66:66:0c:
         5c:8e:58:fc:0b:b6:f4:32:fe:22:c2:de:dc:78:9d:bd:b6:3c:
         02:43:2a:37:51:b5:19:a0:c2:55:e7:bf:3b:87:41:64:4e:d9:
         63:18:2b:54:22:43:fd:90:b9:cf:08:94:ba:44:ab:f0:b3:0f:
         f4:35:c6:13:b9:7e:75:18:0f:d6:1c:db:84:00:b7:ee:13:3a:
         f5:63:db:95
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgIBQjANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFE
NjNBRjExMC8GA1UEBRMoMzQ3NEMyNTM5ODYxMTAwQUZEOTYzQTE2M0M4MDJEMDI2
NEY4RUM3RDAeFw0yNDA1MTQxMTAxNTlaFw0yNTA1MDEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY2NDM0NGE2LTYxYjkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDRTZfVxjq/TIA+oLx469p0VAIyKq6RxVGZQB6mCvwEcXE47NA3pJb/dRY6seu+
KTqsPEUxVHbUTrUI7oHTs2Qj1to1Ya+UMlrl3kjr2nbuJCfq9DgXhNp8pHMbLkw0
YvEwbMZHp5qsGwFjpssfrLK8AI/N0PgGRuKyWnLJsXkVgTdw/KSReGn1Ajcd1gZl
lxKlTj6QKZXM+6DmX7PTNaaOWnli8GUxoCApHKpZPx/EcfHH1hk1jUVUEDBH+b/x
AiSVmx6Cs4j1eQRMv7VN4sbOOUet9t4t7/1e1aZKUpLVyzG1FQl/Ht3EhqmU8hA8
t5Co79b/TFqnAXDCWWJbVxU5AgMBAAGjggKVMIICkTAdBgNVHQ4EFgQUdXbKl04l
Yft+bgNDrePE3aB1kSowHwYDVR0jBBgwFoAUNHTCU5hhEAr9ljoWPIAtAmT47H0w
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUQ2M0FGLzRERkU2ODI0QjZC
NzExRUVBOUQ3RkMzQUM0RjlBRTAyL05IVENVNWhoRUFyOWxqb1dQSUF0QW1UNDdI
MC5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRGMjAxRDY2MTFFMjhBQzg4MzdDNzJG
RDFGRjIvTkhUQ1U1aGhFQXI5bGpvV1BJQXRBbVQ0N0gwLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFE
NjNBRi80REZFNjgyNEI2QjcxMUVFQTlEN0ZDM0FDNEY5QUUwMi82MjQxMDY5MDEx
RTExMUVGQkJCNzBCMzJDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEAJ0K+jANBgkqhkiG9w0BAQsFAAOCAQEAM1z3TSHx+Wcs1UQB
5w0TW/GqsRnQhvbovQdR/80xWo2U3dS3vsuZtICI8PMnaUiKQTrxwoC8C/bvjpSa
CcRzE5mjG3N9hLoa0gtB4m4Nf+BY23O+DSuJinpIPQVd85RnUio2D6fK0nWANXVw
ZOUEEgHnmpNaT6AF3dy5Ob9PbPAFFEnBnrK1X/d89KoC0NbrrX81jwKcxIAoWc0U
opZW0SKa9TnsUYYbObals4IpapafZmYMXI5Y/Au29DL+IsLe3HidvbY8AkMqN1G1
GaDCVee/O4dBZE7ZYxgrVCJD/ZC5zwiUukSr8LMP9DXGE7l+dRgP1hzbhAC37hM6
9WPblQ==
-----END CERTIFICATE-----
Generated at Thu Nov 21 05:37:17 2024 by rpki-client on console-ams.rpki-client.org