Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91DC5BE/D401619A1D6911E2AFB64EA708B02CD2/539CC922366C11EEBEBBBE1DC4F9AE02.roa
File:                     539CC922366C11EEBEBBBE1DC4F9AE02.roa (raw, json)
Hash identifier:          TrayTHMiKb+Dm5posHRv3ZfOvi01WiwhoUD8use0rkY=
Subject key identifier:   08:35:37:3B:DB:62:1C:A6:63:D8:BC:65:AA:62:DC:81:1F:AF:23:4F
Certificate issuer:       /CN=A91DC5BE/serialNumber=ADA8AED32B15B87E611252D29D1E1D5BDE581646
Certificate serial:       3400
Authority key identifier: AD:A8:AE:D3:2B:15:B8:7E:61:12:52:D2:9D:1E:1D:5B:DE:58:16:46
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/raiu0ysVuH5hElLSnR4dW95YFkY.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91DC5BE/D401619A1D6911E2AFB64EA708B02CD2/539CC922366C11EEBEBBBE1DC4F9AE02.roa
Signing time:             Wed 09 Aug 2023 04:22:18 +0000
ROA not before:           Wed 09 Aug 2023 04:22:18 +0000
ROA not after:            Mon 31 Mar 2031 00:00:00 +0000
asID:                     24555
IP address blocks:        220.247.144.0/20 maxlen: 22
                          2001:df9::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91DC5BE/D401619A1D6911E2AFB64EA708B02CD2/raiu0ysVuH5hElLSnR4dW95YFkY.crl
                          rsync://rpki.apnic.net/member_repository/A91DC5BE/D401619A1D6911E2AFB64EA708B02CD2/raiu0ysVuH5hElLSnR4dW95YFkY.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/raiu0ysVuH5hElLSnR4dW95YFkY.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 23 Jun 2024 14:16:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 13312 (0x3400)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91DC5BE/serialNumber=ADA8AED32B15B87E611252D29D1E1D5BDE581646
        Validity
            Not Before: Aug  9 04:22:18 2023 GMT
            Not After : Mar 31 00:00:00 2031 GMT
        Subject: CN=64d3147a-9878
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:f5:ea:df:4a:5c:a6:bc:6d:c7:4e:ce:4c:9a:
                    6e:09:73:57:ec:a6:1f:97:f6:43:72:76:ba:55:35:
                    a8:13:78:7e:d2:81:a2:27:55:fa:7c:67:05:11:ca:
                    ef:2e:d0:80:20:2e:22:d2:56:81:ce:75:e5:25:5b:
                    89:16:94:f0:e6:f1:c7:06:a6:07:5b:25:13:c6:f9:
                    d3:6d:b4:aa:1c:05:56:cf:02:79:4e:7a:3b:70:c4:
                    d2:3d:8b:6a:a2:a5:89:16:bb:53:19:39:be:15:3c:
                    4a:0e:86:55:73:0f:02:67:d8:f8:28:17:64:5e:1e:
                    4b:0a:a0:b6:8d:14:27:36:69:c1:d7:c4:0a:1d:6c:
                    84:6c:57:90:25:22:2b:2a:ea:fc:44:af:04:dd:c0:
                    25:a4:f5:34:b6:fa:65:24:7d:dc:0f:52:f2:d8:dd:
                    c8:9d:11:09:33:1b:da:24:f4:3d:05:70:2a:1f:84:
                    80:c6:13:32:5f:74:d1:9f:a4:a9:42:21:1b:56:38:
                    c0:62:b2:67:9b:c6:d3:b2:f0:a7:a0:c6:a0:e5:cb:
                    fc:10:76:c5:41:ea:f3:49:1c:cc:ee:8f:7c:f8:b3:
                    d3:79:75:63:d4:2e:1b:fb:30:4a:5a:18:65:cf:3b:
                    97:85:e5:98:22:88:66:12:d9:9d:d5:e0:8f:e4:83:
                    8a:13
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:35:37:3B:DB:62:1C:A6:63:D8:BC:65:AA:62:DC:81:1F:AF:23:4F
            X509v3 Authority Key Identifier:
                keyid:AD:A8:AE:D3:2B:15:B8:7E:61:12:52:D2:9D:1E:1D:5B:DE:58:16:46

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91DC5BE/D401619A1D6911E2AFB64EA708B02CD2/raiu0ysVuH5hElLSnR4dW95YFkY.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/raiu0ysVuH5hElLSnR4dW95YFkY.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91DC5BE/D401619A1D6911E2AFB64EA708B02CD2/539CC922366C11EEBEBBBE1DC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  220.247.144.0/20
                IPv6:
                  2001:df9::/32

    Signature Algorithm: sha256WithRSAEncryption
         76:fa:78:3c:6e:be:6f:d0:3b:14:f4:3f:78:be:9d:f2:49:77:
         32:27:1d:47:4e:28:52:9b:b9:ad:66:d6:5d:7d:5f:7b:e9:40:
         7e:1d:6e:bc:51:2f:09:02:bb:aa:22:e3:b0:ec:38:31:1d:fd:
         3c:5f:5c:f8:20:4e:b7:e4:12:71:f2:56:44:3b:a6:21:6d:c6:
         f6:18:6c:c1:73:e7:b1:20:03:0a:32:1a:06:80:54:0d:a9:26:
         84:39:cf:34:bc:2d:07:1c:df:86:99:f2:bb:bb:e8:c4:f0:3b:
         23:2b:bb:b4:64:97:ee:00:19:ee:1c:c4:e2:77:07:9d:2e:8b:
         e3:44:eb:50:0f:68:63:bb:3c:66:3f:21:18:9c:ab:c9:d1:03:
         e5:95:17:4e:ea:a5:53:bd:ac:0a:9c:d8:33:0b:5c:81:fb:ef:
         b3:41:72:5a:28:f9:52:8e:20:18:08:2c:58:43:05:41:20:c2:
         a2:3a:2b:81:97:7a:8d:dd:44:7f:8d:7b:8e:4d:f2:f8:ba:33:
         23:37:30:2a:ca:1f:79:fb:03:23:64:25:e1:6e:59:8d:17:cc:
         ef:9a:61:7e:b7:fe:b7:2c:65:25:95:45:27:eb:b3:98:43:6a:
         5d:94:b6:53:d4:e8:28:9b:a9:3f:d7:ef:50:79:a9:44:9f:ac:
         b9:d9:7a:ed
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICNAAwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
REM1QkUxMTAvBgNVBAUTKEFEQThBRUQzMkIxNUI4N0U2MTEyNTJEMjlEMUUxRDVC
REU1ODE2NDYwHhcNMjMwODA5MDQyMjE4WhcNMzEwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NGQzMTQ3YS05ODc4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAufXq30pcprxtx07OTJpuCXNX7KYfl/ZDcna6VTWoE3h+0oGiJ1X6fGcFEcrv
LtCAIC4i0laBznXlJVuJFpTw5vHHBqYHWyUTxvnTbbSqHAVWzwJ5Tno7cMTSPYtq
oqWJFrtTGTm+FTxKDoZVcw8CZ9j4KBdkXh5LCqC2jRQnNmnB18QKHWyEbFeQJSIr
Kur8RK8E3cAlpPU0tvplJH3cD1Ly2N3InREJMxvaJPQ9BXAqH4SAxhMyX3TRn6Sp
QiEbVjjAYrJnm8bTsvCnoMag5cv8EHbFQerzSRzM7o98+LPTeXVj1C4b+zBKWhhl
zzuXheWYIohmEtmd1eCP5IOKEwIDAQABo4ICpDCCAqAwHQYDVR0OBBYEFAg1Nzvb
YhymY9i8Zapi3IEfryNPMB8GA1UdIwQYMBaAFK2ortMrFbh+YRJS0p0eHVveWBZG
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFEQzVCRS9ENDAxNjE5QTFE
NjkxMUUyQUZCNjRFQTcwOEIwMkNEMi9yYWl1MHlzVnVINWhFbExTblI0ZFc5NVlG
a1kuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3JhaXUweXNWdUg1aEVsTFNuUjRkVzk1WUZrWS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
REM1QkUvRDQwMTYxOUExRDY5MTFFMkFGQjY0RUE3MDhCMDJDRDIvNTM5Q0M5MjIz
NjZDMTFFRUJFQkJCRTFEQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLgYIKwYBBQUHAQcBAf8E
HzAdMAwEAgABMAYDBATc95AwDQQCAAIwBwMFACABDfkwDQYJKoZIhvcNAQELBQAD
ggEBAHb6eDxuvm/QOxT0P3i+nfJJdzInHUdOKFKbua1m1l19X3vpQH4dbrxRLwkC
u6oi47DsODEd/TxfXPggTrfkEnHyVkQ7piFtxvYYbMFz57EgAwoyGgaAVA2pJoQ5
zzS8LQcc34aZ8ru76MTwOyMru7Rkl+4AGe4cxOJ3B50ui+NE61APaGO7PGY/IRic
q8nRA+WVF07qpVO9rAqc2DMLXIH777NBcloo+VKOIBgILFhDBUEgwqI6K4GXeo3d
RH+Ne45N8vi6MyM3MCrKH3n7AyNkJeFuWY0XzO+aYX63/rcsZSWVRSfrs5hDal2U
tlPU6CibqT/X71B5qUSfrLnZeu0=
-----END CERTIFICATE-----
Generated at Sun Jun 16 15:20:24 2024 by rpki-client on console-fra.rpki-client.org