Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91DACA7/517E6E4C45B211EFA5DF6D19C4F9AE02/ECB0C56845B211EFBCC09A1AC4F9AE02.roa
File:                     ECB0C56845B211EFBCC09A1AC4F9AE02.roa (raw, json)
Hash identifier:          PWJ2Cs2LxUKJ+e1M3VEz765niJLh/sYfiYQBfZ6dULY=
Subject key identifier:   B7:9B:83:A1:46:E8:B9:47:F6:8E:40:42:CC:05:D4:C6:3B:40:0C:B6
Certificate issuer:       /CN=A91DACA7/serialNumber=01BB28FDBE155A8662C5EE680CFDF0C98D4EBD1D
Certificate serial:       02
Authority key identifier: 01:BB:28:FD:BE:15:5A:86:62:C5:EE:68:0C:FD:F0:C9:8D:4E:BD:1D
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/Abso_b4VWoZixe5oDP3wyY1OvR0.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91DACA7/517E6E4C45B211EFA5DF6D19C4F9AE02/ECB0C56845B211EFBCC09A1AC4F9AE02.roa
Signing time:             Fri 19 Jul 2024 09:40:25 +0000
ROA not before:           Fri 19 Jul 2024 09:40:25 +0000
ROA not after:            Sun 02 Mar 2025 00:00:00 +0000
asID:                     152317
IP address blocks:        157.10.128.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91DACA7/517E6E4C45B211EFA5DF6D19C4F9AE02/Abso_b4VWoZixe5oDP3wyY1OvR0.crl
                          rsync://rpki.apnic.net/member_repository/A91DACA7/517E6E4C45B211EFA5DF6D19C4F9AE02/Abso_b4VWoZixe5oDP3wyY1OvR0.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/Abso_b4VWoZixe5oDP3wyY1OvR0.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 28 Nov 2024 02:50:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91DACA7/serialNumber=01BB28FDBE155A8662C5EE680CFDF0C98D4EBD1D
        Validity
            Not Before: Jul 19 09:40:25 2024 GMT
            Not After : Mar  2 00:00:00 2025 GMT
        Subject: CN=669a3489-f9d2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:6a:a6:3e:a7:e1:82:04:03:19:44:9e:c2:8a:
                    18:6f:d1:eb:f0:19:a3:b3:fc:22:8b:dd:b6:ac:43:
                    d9:f2:a4:29:17:8e:63:34:63:6b:57:ea:d6:74:21:
                    0d:15:cb:e8:66:70:db:32:b0:b5:10:67:22:3c:c1:
                    16:90:3c:6b:17:c6:ba:5b:c9:b2:33:5e:7a:50:f8:
                    14:15:a6:e1:0a:6d:42:91:81:cf:35:1d:37:9a:4f:
                    7d:51:5e:d0:08:04:75:d7:f8:dc:ef:15:86:82:d4:
                    ec:46:54:99:ef:95:b0:41:59:21:2c:b1:77:42:d3:
                    a8:6f:87:e0:a0:36:6e:03:18:ee:6b:1d:57:b3:52:
                    da:61:a4:05:6c:b5:fb:04:16:f3:60:f6:47:d4:05:
                    ed:0d:2f:ae:46:18:d2:17:7c:12:43:72:ff:0e:86:
                    e5:8d:c4:cf:7f:e5:73:a6:01:1b:f5:c2:70:5d:34:
                    00:4d:4f:34:29:93:8f:81:58:b6:ba:2b:df:3b:76:
                    36:db:90:40:a7:9d:c2:9a:fa:9a:fb:61:13:75:8d:
                    91:73:28:7f:65:1f:90:8b:48:c6:ec:d0:d4:f7:e5:
                    7f:1e:75:ab:73:1b:c1:0e:1c:54:3f:8a:93:79:98:
                    a7:6c:2e:cb:66:7e:31:83:d1:e3:65:68:cf:5a:73:
                    db:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:9B:83:A1:46:E8:B9:47:F6:8E:40:42:CC:05:D4:C6:3B:40:0C:B6
            X509v3 Authority Key Identifier:
                keyid:01:BB:28:FD:BE:15:5A:86:62:C5:EE:68:0C:FD:F0:C9:8D:4E:BD:1D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91DACA7/517E6E4C45B211EFA5DF6D19C4F9AE02/Abso_b4VWoZixe5oDP3wyY1OvR0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/Abso_b4VWoZixe5oDP3wyY1OvR0.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91DACA7/517E6E4C45B211EFA5DF6D19C4F9AE02/ECB0C56845B211EFBCC09A1AC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  157.10.128.0/23

    Signature Algorithm: sha256WithRSAEncryption
         6a:53:04:ca:3a:9d:0e:aa:c5:d5:22:da:30:3a:77:dc:fa:c2:
         9f:1e:1a:86:92:c5:ab:b4:fc:3c:bf:a9:00:7e:d5:66:d2:5e:
         48:65:4b:02:cd:49:59:66:0c:03:e7:87:67:2f:4a:95:5e:29:
         9f:3d:0f:40:fd:a3:44:3d:59:15:be:cb:65:cf:2f:35:8b:1b:
         02:10:10:8d:e9:d7:6e:eb:9e:a6:a3:5b:ce:40:2a:3f:15:e5:
         d2:5f:6a:6e:d7:47:2b:70:f0:c1:ef:7c:ee:09:cb:f9:8f:ef:
         fb:b6:fd:bf:49:3f:9b:f2:b0:44:f6:32:c5:2f:9b:6d:4d:23:
         b4:35:c9:34:7f:5b:9f:b1:0b:80:fe:26:c5:ea:f8:82:24:fd:
         d6:08:7f:97:2a:44:6e:33:29:d5:dc:21:af:d1:31:d2:4a:94:
         6a:25:5d:6e:5b:6b:47:6d:91:91:1e:f3:9e:8e:99:13:03:ea:
         60:55:7d:f2:a0:2e:bd:41:bb:92:31:71:68:9a:e3:a2:66:39:
         35:df:3e:81:f8:89:53:53:da:d5:56:46:38:7e:e1:92:cc:4b:
         37:3d:99:c2:fd:30:83:56:5e:d7:63:ee:62:b2:92:d9:35:54:
         36:0a:ea:8e:1b:81:d4:35:fc:33:76:c1:5d:a9:90:5e:82:02:
         2f:d7:48:58
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgIBAjANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFE
QUNBNzExMC8GA1UEBRMoMDFCQjI4RkRCRTE1NUE4NjYyQzVFRTY4MENGREYwQzk4
RDRFQkQxRDAeFw0yNDA3MTkwOTQwMjVaFw0yNTAzMDIwMDAwMDBaMBgxFjAUBgNV
BAMTDTY2OWEzNDg5LWY5ZDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQC5aqY+p+GCBAMZRJ7Cihhv0evwGaOz/CKL3basQ9nypCkXjmM0Y2tX6tZ0IQ0V
y+hmcNsysLUQZyI8wRaQPGsXxrpbybIzXnpQ+BQVpuEKbUKRgc81HTeaT31RXtAI
BHXX+NzvFYaC1OxGVJnvlbBBWSEssXdC06hvh+CgNm4DGO5rHVezUtphpAVstfsE
FvNg9kfUBe0NL65GGNIXfBJDcv8OhuWNxM9/5XOmARv1wnBdNABNTzQpk4+BWLa6
K987djbbkECnncKa+pr7YRN1jZFzKH9lH5CLSMbs0NT35X8edatzG8EOHFQ/ipN5
mKdsLstmfjGD0eNlaM9ac9ujAgMBAAGjggKVMIICkTAdBgNVHQ4EFgQUt5uDoUbo
uUf2jkBCzAXUxjtADLYwHwYDVR0jBBgwFoAUAbso/b4VWoZixe5oDP3wyY1OvR0w
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MURBQ0E3LzUxN0U2RTRDNDVC
MjExRUZBNURGNkQxOUM0RjlBRTAyL0Fic29fYjRWV29aaXhlNW9EUDN3eVkxT3ZS
MC5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRGMjAxRDY2MTFFMjhBQzg4MzdDNzJG
RDFGRjIvQWJzb19iNFZXb1ppeGU1b0RQM3d5WTFPdlIwLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFE
QUNBNy81MTdFNkU0QzQ1QjIxMUVGQTVERjZEMTlDNEY5QUUwMi9FQ0IwQzU2ODQ1
QjIxMUVGQkNDMDlBMUFDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEAZ0KgDANBgkqhkiG9w0BAQsFAAOCAQEAalMEyjqdDqrF1SLa
MDp33PrCnx4ahpLFq7T8PL+pAH7VZtJeSGVLAs1JWWYMA+eHZy9KlV4pnz0PQP2j
RD1ZFb7LZc8vNYsbAhAQjenXbuuepqNbzkAqPxXl0l9qbtdHK3Dwwe987gnL+Y/v
+7b9v0k/m/KwRPYyxS+bbU0jtDXJNH9bn7ELgP4mxer4giT91gh/lypEbjMp1dwh
r9Ex0kqUaiVdbltrR22RkR7zno6ZEwPqYFV98qAuvUG7kjFxaJrjomY5Nd8+gfiJ
U1Pa1VZGOH7hksxLNz2Zwv0wg1Ze12PuYrKS2TVUNgrqjhuB1DX8M3bBXamQXoIC
L9dIWA==
-----END CERTIFICATE-----
Generated at Thu Nov 21 06:50:51 2024 by rpki-client on console-fra.rpki-client.org