Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91DC5BE/D401619A1D6911E2AFB64EA708B02CD2/C9B8A270483411ECA6C7C085C4F9AE02.roa
File:                     C9B8A270483411ECA6C7C085C4F9AE02.roa (raw, json)
Hash identifier:          nJvnNt0eJsmGuLUjItzV/NgJ7+2UZ1r5MhffEQ8w0sk=
Subject key identifier:   45:69:CA:CD:23:74:B4:F6:09:EF:4B:AD:E0:1B:6B:38:05:2F:CF:E8
Certificate issuer:       /CN=A91DC5BE/serialNumber=ADA8AED32B15B87E611252D29D1E1D5BDE581646
Certificate serial:       331E
Authority key identifier: AD:A8:AE:D3:2B:15:B8:7E:61:12:52:D2:9D:1E:1D:5B:DE:58:16:46
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/raiu0ysVuH5hElLSnR4dW95YFkY.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91DC5BE/D401619A1D6911E2AFB64EA708B02CD2/C9B8A270483411ECA6C7C085C4F9AE02.roa
Signing time:             Wed 31 Aug 2022 06:30:07 +0000
ROA not before:           Wed 31 Aug 2022 06:30:07 +0000
ROA not after:            Mon 31 Mar 2031 00:00:00 +0000
asID:                     4777
IP address blocks:        202.12.28.0/24 maxlen: 24
                          203.119.0.0/24 maxlen: 24
                          2001:dc0::/35 maxlen: 35
                          2001:dc0:c000::/35 maxlen: 35

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91DC5BE/D401619A1D6911E2AFB64EA708B02CD2/raiu0ysVuH5hElLSnR4dW95YFkY.crl
                          rsync://rpki.apnic.net/member_repository/A91DC5BE/D401619A1D6911E2AFB64EA708B02CD2/raiu0ysVuH5hElLSnR4dW95YFkY.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/raiu0ysVuH5hElLSnR4dW95YFkY.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 23 Jun 2024 14:16:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 13086 (0x331e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91DC5BE/serialNumber=ADA8AED32B15B87E611252D29D1E1D5BDE581646
        Validity
            Not Before: Aug 31 06:30:07 2022 GMT
            Not After : Mar 31 00:00:00 2031 GMT
        Subject: CN=630effef-92d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:96:4b:24:94:1b:52:81:4c:48:dc:4f:59:75:
                    53:24:10:9c:88:1a:95:95:5a:eb:29:68:51:7f:03:
                    f0:af:85:a3:ea:63:82:27:18:e6:20:5c:90:4e:e7:
                    09:fe:f6:66:2d:a2:7c:e2:33:ff:47:2c:d5:63:91:
                    e2:9c:2f:cb:cc:4e:88:51:62:18:4f:68:8e:63:61:
                    16:1c:b3:2b:4b:04:5b:96:29:15:4b:33:a5:f3:6d:
                    9e:4f:a8:2a:91:b4:7a:e0:00:94:9b:10:7c:61:9c:
                    3c:ee:12:1f:89:c2:8a:93:dd:90:99:7b:e9:dc:64:
                    96:20:e2:99:f5:36:df:35:6c:08:07:c3:b3:f0:0c:
                    09:b0:fd:3d:ba:e5:46:4f:fd:b3:3e:2b:ee:d4:44:
                    04:69:22:0d:99:82:22:97:5f:84:ca:13:e4:65:5f:
                    f7:da:5d:00:8d:9f:f7:57:cd:7c:ba:bf:36:4a:b9:
                    f0:b1:c3:7b:98:7e:07:7b:9b:cd:0a:08:8e:33:b5:
                    19:0c:69:9e:86:7b:15:82:ab:0a:c7:c4:99:56:25:
                    97:2f:32:3b:51:5a:9d:f3:14:f4:b4:46:bf:5f:c4:
                    ab:76:8e:6d:66:89:14:d8:41:c5:50:69:52:d9:a9:
                    a4:29:4a:1f:8f:bd:de:27:a6:87:59:65:0a:00:56:
                    68:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:69:CA:CD:23:74:B4:F6:09:EF:4B:AD:E0:1B:6B:38:05:2F:CF:E8
            X509v3 Authority Key Identifier:
                keyid:AD:A8:AE:D3:2B:15:B8:7E:61:12:52:D2:9D:1E:1D:5B:DE:58:16:46

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91DC5BE/D401619A1D6911E2AFB64EA708B02CD2/raiu0ysVuH5hElLSnR4dW95YFkY.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/raiu0ysVuH5hElLSnR4dW95YFkY.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91DC5BE/D401619A1D6911E2AFB64EA708B02CD2/C9B8A270483411ECA6C7C085C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.12.28.0/24
                  203.119.0.0/24
                IPv6:
                  2001:dc0::/35
                  2001:dc0:c000::/35

    Signature Algorithm: sha256WithRSAEncryption
         56:4f:5c:67:f5:2e:3d:a9:c7:b1:4f:4c:6d:77:fd:99:c3:19:
         8d:5f:8c:96:dd:e3:af:b9:89:89:b5:86:b7:d1:ff:51:88:82:
         4a:c0:4c:fd:1a:d4:ef:0e:fa:b2:b9:1b:23:fc:4c:9a:85:53:
         cd:f1:03:af:d6:97:0b:2f:19:51:08:9a:79:f0:ae:77:77:0b:
         db:47:19:99:c5:98:11:da:2d:00:5f:90:88:db:ec:9b:2b:4e:
         fe:92:d0:ea:a8:78:00:f2:9a:dc:8b:13:5c:65:47:fd:b8:c7:
         37:cd:bc:45:73:e6:e9:1e:b0:84:a7:9c:3d:5e:c6:ce:fe:c1:
         b8:08:d3:96:71:6d:1a:ef:5b:03:e6:00:f0:12:4f:00:57:c8:
         a2:fb:00:02:1d:68:c6:ee:57:d6:27:d2:8e:c2:1b:ed:1c:4e:
         8a:dd:36:5d:47:8f:f1:42:ed:1f:a1:48:d1:62:50:90:d0:ee:
         de:f1:5b:74:97:13:f2:54:6e:9b:67:31:30:4f:d9:8e:72:2e:
         1a:7c:71:f5:58:02:9c:0c:81:b5:4b:8f:0a:68:f9:89:8e:d6:
         c6:4f:24:31:ca:26:96:45:1e:7c:fa:0c:fa:85:0f:ce:92:75:
         e6:a6:ef:86:d9:81:4c:cc:ff:a9:b6:53:ba:e7:27:33:9e:f4:
         5c:68:47:b9
-----BEGIN CERTIFICATE-----
MIIFjzCCBHegAwIBAgICMx4wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
REM1QkUxMTAvBgNVBAUTKEFEQThBRUQzMkIxNUI4N0U2MTEyNTJEMjlEMUUxRDVC
REU1ODE2NDYwHhcNMjIwODMxMDYzMDA3WhcNMzEwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MzBlZmZlZi05MmQ3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAyJZLJJQbUoFMSNxPWXVTJBCciBqVlVrrKWhRfwPwr4Wj6mOCJxjmIFyQTucJ
/vZmLaJ84jP/RyzVY5HinC/LzE6IUWIYT2iOY2EWHLMrSwRblikVSzOl822eT6gq
kbR64ACUmxB8YZw87hIficKKk92QmXvp3GSWIOKZ9TbfNWwIB8Oz8AwJsP09uuVG
T/2zPivu1EQEaSINmYIil1+EyhPkZV/32l0AjZ/3V818ur82SrnwscN7mH4He5vN
CgiOM7UZDGmehnsVgqsKx8SZViWXLzI7UVqd8xT0tEa/X8Srdo5tZokU2EHFUGlS
2amkKUofj73eJ6aHWWUKAFZolwIDAQABo4ICszCCAq8wHQYDVR0OBBYEFEVpys0j
dLT2Ce9LreAbazgFL8/oMB8GA1UdIwQYMBaAFK2ortMrFbh+YRJS0p0eHVveWBZG
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFEQzVCRS9ENDAxNjE5QTFE
NjkxMUUyQUZCNjRFQTcwOEIwMkNEMi9yYWl1MHlzVnVINWhFbExTblI0ZFc5NVlG
a1kuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3JhaXUweXNWdUg1aEVsTFNuUjRkVzk1WUZrWS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
REM1QkUvRDQwMTYxOUExRDY5MTFFMkFGQjY0RUE3MDhCMDJDRDIvQzlCOEEyNzA0
ODM0MTFFQ0E2QzdDMDg1QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwPQYIKwYBBQUHAQcBAf8E
LjAsMBIEAgABMAwDBADKDBwDBADLdwAwFgQCAAIwEAMGBSABDcAAAwYFIAENwMAw
DQYJKoZIhvcNAQELBQADggEBAFZPXGf1Lj2px7FPTG13/ZnDGY1fjJbd46+5iYm1
hrfR/1GIgkrATP0a1O8O+rK5GyP8TJqFU83xA6/WlwsvGVEImnnwrnd3C9tHGZnF
mBHaLQBfkIjb7JsrTv6S0OqoeADymtyLE1xlR/24xzfNvEVz5ukesISnnD1exs7+
wbgI05ZxbRrvWwPmAPASTwBXyKL7AAIdaMbuV9Yn0o7CG+0cTordNl1Hj/FC7R+h
SNFiUJDQ7t7xW3SXE/JUbptnMTBP2Y5yLhp8cfVYApwMgbVLjwpo+YmO1sZPJDHK
JpZFHnz6DPqFD86Sdeam74bZgUzM/6m2U7rnJzOe9FxoR7k=
-----END CERTIFICATE-----
Generated at Sun Jun 16 15:20:24 2024 by rpki-client on console-fra.rpki-client.org