Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91DC24F/3C130576671011EE9EC9A127C4F9AE02/E4A5F20468D011EE8509F75CC4F9AE02.roa
File:                     E4A5F20468D011EE8509F75CC4F9AE02.roa (raw, json)
Hash identifier:          JQKbNYMf/zVARnkpO4HdrpLHL11BuAmo0S1Bwvh58kQ=
Subject key identifier:   CE:09:4F:2B:E2:EA:CE:CA:13:3A:58:63:73:CF:29:BA:0A:64:53:35
Certificate issuer:       /CN=A91DC24F/serialNumber=D26E22306218DA96C302FBEAAC9437275B1EC6ED
Certificate serial:       DD
Authority key identifier: D2:6E:22:30:62:18:DA:96:C3:02:FB:EA:AC:94:37:27:5B:1E:C6:ED
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/0m4iMGIY2pbDAvvqrJQ3J1sexu0.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91DC24F/3C130576671011EE9EC9A127C4F9AE02/E4A5F20468D011EE8509F75CC4F9AE02.roa
Signing time:             Tue 19 Nov 2024 03:57:45 +0000
ROA not before:           Tue 19 Nov 2024 03:57:45 +0000
ROA not after:            Sat 31 Jan 2026 00:00:00 +0000
asID:                     139603
IP address blocks:        36.50.38.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91DC24F/3C130576671011EE9EC9A127C4F9AE02/0m4iMGIY2pbDAvvqrJQ3J1sexu0.crl
                          rsync://rpki.apnic.net/member_repository/A91DC24F/3C130576671011EE9EC9A127C4F9AE02/0m4iMGIY2pbDAvvqrJQ3J1sexu0.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/0m4iMGIY2pbDAvvqrJQ3J1sexu0.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 30 Nov 2024 02:50:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 221 (0xdd)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91DC24F/serialNumber=D26E22306218DA96C302FBEAAC9437275B1EC6ED
        Validity
            Not Before: Nov 19 03:57:45 2024 GMT
            Not After : Jan 31 00:00:00 2026 GMT
        Subject: CN=673c0cb9-1750
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:18:b7:ba:77:99:5b:07:a3:73:33:2e:70:f8:
                    67:07:d5:7d:bf:75:7e:aa:41:37:9a:b2:18:d6:83:
                    30:3e:54:48:83:78:ae:0c:f4:01:99:3c:eb:75:7c:
                    03:a2:ef:cf:33:3a:ae:f0:89:23:21:4c:45:e2:59:
                    da:d0:d8:07:a7:e1:05:97:7b:fa:3f:5d:04:d8:c9:
                    79:06:61:ea:32:00:a6:42:50:d4:2e:db:18:9c:f5:
                    16:38:a1:8b:1e:84:aa:1d:3e:13:56:2a:29:97:5f:
                    78:d7:62:4c:24:92:79:35:be:ca:92:0d:91:01:b7:
                    6b:df:4c:3c:8b:87:88:ba:4e:cd:fc:ca:c7:05:9b:
                    b4:e1:ad:46:b2:19:c3:d6:4e:70:e3:d1:8d:b6:6b:
                    6a:84:fa:f2:17:6a:e1:7b:9f:81:90:02:8f:26:31:
                    e1:4c:f2:1e:78:14:1d:d5:54:b5:89:9b:f7:52:4c:
                    be:e0:6c:8d:69:e8:77:a5:9e:09:68:a7:4e:7e:2f:
                    50:31:77:e6:47:49:e0:b2:0b:09:7e:93:35:c5:89:
                    15:eb:dd:31:fb:2e:f2:67:17:b4:a6:3c:1d:de:68:
                    d7:09:f6:41:88:cf:d4:01:ac:4c:85:86:6d:cc:32:
                    23:38:ad:c4:dc:13:42:c8:25:9d:72:2a:05:8a:47:
                    52:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:09:4F:2B:E2:EA:CE:CA:13:3A:58:63:73:CF:29:BA:0A:64:53:35
            X509v3 Authority Key Identifier:
                keyid:D2:6E:22:30:62:18:DA:96:C3:02:FB:EA:AC:94:37:27:5B:1E:C6:ED

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91DC24F/3C130576671011EE9EC9A127C4F9AE02/0m4iMGIY2pbDAvvqrJQ3J1sexu0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/0m4iMGIY2pbDAvvqrJQ3J1sexu0.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91DC24F/3C130576671011EE9EC9A127C4F9AE02/E4A5F20468D011EE8509F75CC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  36.50.38.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8e:b8:95:ef:ac:79:a2:b1:60:5a:16:c4:bc:2e:6d:1e:4b:2b:
         7a:86:92:6f:29:21:b5:54:84:5c:fb:a8:15:13:fe:1c:aa:3a:
         75:1d:54:43:a7:14:14:72:6b:9f:29:07:58:e4:0e:fa:be:ed:
         61:f9:f7:4e:cf:b1:63:d8:0b:19:ca:b6:45:72:0f:b3:ec:b3:
         c6:da:4d:c8:37:3d:34:4f:45:fc:a9:18:d9:e0:64:58:8e:02:
         b4:4e:a4:e1:66:62:29:1d:18:84:14:3d:92:09:b3:55:9a:d3:
         8b:5b:6b:b3:33:b3:57:ec:b3:b6:c0:06:c4:9c:01:26:3f:f7:
         23:97:24:fb:89:66:b8:4d:8e:39:02:da:b6:e0:b2:3f:0f:20:
         00:cd:7b:ec:d2:b3:2b:72:08:82:0d:01:17:eb:79:57:0d:df:
         a7:d8:df:53:66:bd:0c:60:06:0b:8d:d2:98:85:5c:41:85:80:
         d5:f2:32:0c:b5:71:32:5b:14:a6:8e:86:41:01:73:52:9d:13:
         cc:4b:e7:94:ab:35:31:60:1b:64:58:66:5e:45:4e:d1:d2:81:
         10:33:fc:52:14:f6:d8:36:97:c0:8f:8a:fb:d5:40:ab:f0:a8:
         ff:95:75:c7:1b:db:c9:5a:fb:e8:f7:0c:41:b3:0b:b9:4a:5a:
         19:9d:65:6e
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICAN0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
REMyNEYxMTAvBgNVBAUTKEQyNkUyMjMwNjIxOERBOTZDMzAyRkJFQUFDOTQzNzI3
NUIxRUM2RUQwHhcNMjQxMTE5MDM1NzQ1WhcNMjYwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzNjMGNiOS0xNzUwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEApxi3uneZWwejczMucPhnB9V9v3V+qkE3mrIY1oMwPlRIg3iuDPQBmTzrdXwD
ou/PMzqu8IkjIUxF4lna0NgHp+EFl3v6P10E2Ml5BmHqMgCmQlDULtsYnPUWOKGL
HoSqHT4TViopl19412JMJJJ5Nb7Kkg2RAbdr30w8i4eIuk7N/MrHBZu04a1GshnD
1k5w49GNtmtqhPryF2rhe5+BkAKPJjHhTPIeeBQd1VS1iZv3Uky+4GyNaeh3pZ4J
aKdOfi9QMXfmR0ngsgsJfpM1xYkV690x+y7yZxe0pjwd3mjXCfZBiM/UAaxMhYZt
zDIjOK3E3BNCyCWdcioFikdSsQIDAQABo4IClTCCApEwHQYDVR0OBBYEFM4JTyvi
6s7KEzpYY3PPKboKZFM1MB8GA1UdIwQYMBaAFNJuIjBiGNqWwwL76qyUNydbHsbt
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFEQzI0Ri8zQzEzMDU3NjY3
MTAxMUVFOUVDOUExMjdDNEY5QUUwMi8wbTRpTUdJWTJwYkRBdnZxckpRM0oxc2V4
dTAuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzBtNGlNR0lZMnBiREF2dnFySlEzSjFzZXh1MC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
REMyNEYvM0MxMzA1NzY2NzEwMTFFRTlFQzlBMTI3QzRGOUFFMDIvRTRBNUYyMDQ2
OEQwMTFFRTg1MDlGNzVDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAEkMiYwDQYJKoZIhvcNAQELBQADggEBAI64le+seaKxYFoW
xLwubR5LK3qGkm8pIbVUhFz7qBUT/hyqOnUdVEOnFBRya58pB1jkDvq+7WH5907P
sWPYCxnKtkVyD7Pss8baTcg3PTRPRfypGNngZFiOArROpOFmYikdGIQUPZIJs1Wa
04tba7Mzs1fss7bABsScASY/9yOXJPuJZrhNjjkC2rbgsj8PIADNe+zSsytyCIIN
ARfreVcN36fY31NmvQxgBguN0piFXEGFgNXyMgy1cTJbFKaOhkEBc1KdE8xL55Sr
NTFgG2RYZl5FTtHSgRAz/FIU9tg2l8CPivvVQKvwqP+Vdccb28la++j3DEGzC7lK
WhmdZW4=
-----END CERTIFICATE-----
Generated at Sat Nov 23 05:02:59 2024 by rpki-client on console-fra.rpki-client.org