Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91DC5BE/D401619A1D6911E2AFB64EA708B02CD2/662A2F2286B411E6BAEB2614C4F9AE02.roa
File:                     662A2F2286B411E6BAEB2614C4F9AE02.roa (raw, json)
Hash identifier:          MRkFXSabw9acLO92YltXC7hoPQwJsDF6DX+Xsg12tnY=
Subject key identifier:   87:FF:98:72:0F:99:ED:3F:A2:9C:CF:23:33:A6:2D:7D:09:87:CC:9D
Certificate issuer:       /CN=A91DC5BE/serialNumber=ADA8AED32B15B87E611252D29D1E1D5BDE581646
Certificate serial:       2DFF
Authority key identifier: AD:A8:AE:D3:2B:15:B8:7E:61:12:52:D2:9D:1E:1D:5B:DE:58:16:46
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/raiu0ysVuH5hElLSnR4dW95YFkY.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91DC5BE/D401619A1D6911E2AFB64EA708B02CD2/662A2F2286B411E6BAEB2614C4F9AE02.roa
Signing time:             Fri 27 Nov 2020 14:20:07 +0000
ROA not before:           Fri 27 Nov 2020 14:20:07 +0000
ROA not after:            Mon 31 Mar 2031 00:00:00 +0000
asID:                     18368
IP address blocks:        203.119.86.0/24 maxlen: 24
                          2001:dd8:6::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91DC5BE/D401619A1D6911E2AFB64EA708B02CD2/raiu0ysVuH5hElLSnR4dW95YFkY.crl
                          rsync://rpki.apnic.net/member_repository/A91DC5BE/D401619A1D6911E2AFB64EA708B02CD2/raiu0ysVuH5hElLSnR4dW95YFkY.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/raiu0ysVuH5hElLSnR4dW95YFkY.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 23 Jun 2024 14:16:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 11775 (0x2dff)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91DC5BE/serialNumber=ADA8AED32B15B87E611252D29D1E1D5BDE581646
        Validity
            Not Before: Nov 27 14:20:07 2020 GMT
            Not After : Mar 31 00:00:00 2031 GMT
        Subject: CN=5fc10b16-c753
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:0b:c6:d4:2e:39:96:ad:fb:ff:8e:f6:be:0b:
                    a7:f7:05:57:ac:2e:6a:55:c5:dc:bd:33:03:0f:81:
                    06:74:cc:50:b8:1f:21:08:40:1e:ac:ac:2b:19:04:
                    9a:2c:47:27:d2:95:19:d5:83:42:3c:7f:8a:04:ab:
                    c5:61:e3:6b:e7:dc:0e:53:0d:fe:27:a6:da:b6:0c:
                    60:40:a5:4e:2a:e3:4c:09:39:72:1f:69:87:5a:eb:
                    5c:20:de:71:6d:f6:dc:9a:0d:f7:d6:6f:7f:25:12:
                    09:4e:d5:bd:f3:6e:44:bc:1c:12:e5:92:d3:f3:fb:
                    87:04:75:4c:31:0f:b5:26:0c:63:58:91:5e:95:63:
                    cd:6a:32:5c:12:02:13:0d:ae:d0:5c:7e:06:23:53:
                    4c:cb:19:bf:fd:a7:c2:d8:9a:6e:8b:dd:e7:ca:13:
                    c6:40:10:1c:36:66:ac:00:3b:d7:81:47:3b:c6:b6:
                    cf:ab:1d:d2:91:17:72:46:a2:8a:b3:fd:ec:c9:d9:
                    c7:cd:13:67:01:9f:10:61:79:9e:97:4f:46:33:53:
                    70:1e:54:ea:b0:fe:76:27:4b:43:93:ca:74:2f:c1:
                    e6:f8:2a:d6:58:2b:cd:13:06:8b:07:fb:50:7d:27:
                    7b:5e:44:84:f6:f6:2f:17:c5:06:a2:46:35:a5:7d:
                    8a:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:FF:98:72:0F:99:ED:3F:A2:9C:CF:23:33:A6:2D:7D:09:87:CC:9D
            X509v3 Authority Key Identifier:
                keyid:AD:A8:AE:D3:2B:15:B8:7E:61:12:52:D2:9D:1E:1D:5B:DE:58:16:46

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91DC5BE/D401619A1D6911E2AFB64EA708B02CD2/raiu0ysVuH5hElLSnR4dW95YFkY.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/raiu0ysVuH5hElLSnR4dW95YFkY.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91DC5BE/D401619A1D6911E2AFB64EA708B02CD2/662A2F2286B411E6BAEB2614C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.119.86.0/24
                IPv6:
                  2001:dd8:6::/48

    Signature Algorithm: sha256WithRSAEncryption
         2f:55:6e:49:72:1c:75:fb:2e:60:8f:fb:62:42:ab:42:50:85:
         01:9d:48:b9:d2:96:22:d1:c9:e9:c3:13:9d:aa:cb:df:0b:8f:
         6d:63:e9:c5:e3:2e:77:ff:98:e1:4d:f4:4c:d9:ba:2e:f1:4d:
         07:b3:b5:8f:e5:ea:18:f8:96:4a:e1:d2:be:ea:58:a1:46:ad:
         d3:0f:50:55:a3:7c:39:7a:a5:18:e6:e8:9b:92:f3:e6:15:43:
         16:2a:3a:81:10:bb:b4:c9:9f:bd:c8:11:65:35:f4:d6:95:ce:
         db:20:dc:cf:ee:8e:7b:7d:5f:65:90:5b:2a:54:62:04:11:a0:
         9f:c3:3e:2b:85:c9:39:60:38:33:42:7f:a2:95:b7:20:af:05:
         74:c7:84:45:57:d0:b7:c6:ca:38:c1:93:8a:9f:01:a4:ba:1b:
         01:fe:e1:95:14:23:73:9e:48:51:aa:2e:96:6a:07:f3:a1:b3:
         9c:ef:ea:60:ab:07:e7:d8:89:20:a6:1a:29:b7:a3:bd:5d:4c:
         ff:c1:89:32:14:05:25:7b:73:a1:bd:7b:8f:a1:38:0b:a5:d0:
         80:4a:c9:85:d6:09:27:3f:fb:8d:d0:4a:6f:ae:01:13:04:c2:
         73:ac:e7:68:95:22:74:35:3c:55:9b:a1:0a:c5:29:fa:66:9c:
         42:36:d4:c6
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICLf8wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
REM1QkUxMTAvBgNVBAUTKEFEQThBRUQzMkIxNUI4N0U2MTEyNTJEMjlEMUUxRDVC
REU1ODE2NDYwHhcNMjAxMTI3MTQyMDA3WhcNMzEwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw01ZmMxMGIxNi1jNzUzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAvwvG1C45lq37/472vgun9wVXrC5qVcXcvTMDD4EGdMxQuB8hCEAerKwrGQSa
LEcn0pUZ1YNCPH+KBKvFYeNr59wOUw3+J6batgxgQKVOKuNMCTlyH2mHWutcIN5x
bfbcmg331m9/JRIJTtW9825EvBwS5ZLT8/uHBHVMMQ+1JgxjWJFelWPNajJcEgIT
Da7QXH4GI1NMyxm//afC2Jpui93nyhPGQBAcNmasADvXgUc7xrbPqx3SkRdyRqKK
s/3sydnHzRNnAZ8QYXmel09GM1NwHlTqsP52J0tDk8p0L8Hm+CrWWCvNEwaLB/tQ
fSd7XkSE9vYvF8UGokY1pX2K1QIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFIf/mHIP
me0/opzPIzOmLX0Jh8ydMB8GA1UdIwQYMBaAFK2ortMrFbh+YRJS0p0eHVveWBZG
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFEQzVCRS9ENDAxNjE5QTFE
NjkxMUUyQUZCNjRFQTcwOEIwMkNEMi9yYWl1MHlzVnVINWhFbExTblI0ZFc5NVlG
a1kuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3JhaXUweXNWdUg1aEVsTFNuUjRkVzk1WUZrWS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
REM1QkUvRDQwMTYxOUExRDY5MTFFMkFGQjY0RUE3MDhCMDJDRDIvNjYyQTJGMjI4
NkI0MTFFNkJBRUIyNjE0QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBADLd1YwDwQCAAIwCQMHACABDdgABjANBgkqhkiG9w0BAQsF
AAOCAQEAL1VuSXIcdfsuYI/7YkKrQlCFAZ1IudKWItHJ6cMTnarL3wuPbWPpxeMu
d/+Y4U30TNm6LvFNB7O1j+XqGPiWSuHSvupYoUat0w9QVaN8OXqlGObom5Lz5hVD
Fio6gRC7tMmfvcgRZTX01pXO2yDcz+6Oe31fZZBbKlRiBBGgn8M+K4XJOWA4M0J/
opW3IK8FdMeERVfQt8bKOMGTip8BpLobAf7hlRQjc55IUaoulmoH86GznO/qYKsH
59iJIKYaKbejvV1M/8GJMhQFJXtzob17j6E4C6XQgErJhdYJJz/7jdBKb64BEwTC
c6znaJUidDU8VZuhCsUp+macQjbUxg==
-----END CERTIFICATE-----
Generated at Sun Jun 16 15:56:56 2024 by rpki-client on console-ams.rpki-client.org