Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91DC5BE/D401619A1D6911E2AFB64EA708B02CD2/E2446DD228AA11E79582F36BC4F9AE02.roa
File:                     E2446DD228AA11E79582F36BC4F9AE02.roa (raw, json)
Hash identifier:          ZJSRmEu8ZSRqTlcPEDfX6hYX2fzOC+1QV4+V6A/VckU=
Subject key identifier:   CB:BD:02:FF:6F:9A:44:1C:C4:72:B5:8C:B0:52:67:AE:87:EB:E6:A1
Certificate issuer:       /CN=A91DC5BE/serialNumber=ADA8AED32B15B87E611252D29D1E1D5BDE581646
Certificate serial:       2E00
Authority key identifier: AD:A8:AE:D3:2B:15:B8:7E:61:12:52:D2:9D:1E:1D:5B:DE:58:16:46
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/raiu0ysVuH5hElLSnR4dW95YFkY.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91DC5BE/D401619A1D6911E2AFB64EA708B02CD2/E2446DD228AA11E79582F36BC4F9AE02.roa
Signing time:             Fri 27 Nov 2020 14:20:08 +0000
ROA not before:           Fri 27 Nov 2020 14:20:08 +0000
ROA not after:            Mon 31 Mar 2031 00:00:00 +0000
asID:                     18369
IP address blocks:        203.119.95.0/24 maxlen: 24
                          2001:ddd::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91DC5BE/D401619A1D6911E2AFB64EA708B02CD2/raiu0ysVuH5hElLSnR4dW95YFkY.crl
                          rsync://rpki.apnic.net/member_repository/A91DC5BE/D401619A1D6911E2AFB64EA708B02CD2/raiu0ysVuH5hElLSnR4dW95YFkY.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/raiu0ysVuH5hElLSnR4dW95YFkY.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 23 Jun 2024 14:16:34 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 11776 (0x2e00)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91DC5BE/serialNumber=ADA8AED32B15B87E611252D29D1E1D5BDE581646
        Validity
            Not Before: Nov 27 14:20:08 2020 GMT
            Not After : Mar 31 00:00:00 2031 GMT
        Subject: CN=5fc10b18-d84f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:fa:3b:1a:82:0e:17:c1:9d:6c:27:6e:93:9b:
                    6a:a6:f4:fd:38:99:24:12:4d:be:b6:64:26:f1:9a:
                    33:2d:55:a2:f0:ec:77:01:4d:6c:6d:87:26:30:51:
                    eb:45:22:6b:33:3f:5c:52:2c:81:88:1b:f2:87:32:
                    ea:be:31:f1:e1:c5:64:43:be:e2:4b:c2:1e:16:8f:
                    07:f9:77:21:d8:9c:b8:88:50:f6:78:02:98:08:23:
                    b2:81:f1:73:c2:56:83:9e:f8:af:ca:4a:b9:fd:4b:
                    47:1d:89:76:6e:56:66:b8:0f:91:d1:0a:d9:3e:98:
                    76:ff:bb:44:8d:06:f8:24:6d:ea:c9:80:14:d8:eb:
                    10:5d:4e:45:35:59:6f:7e:28:c5:ae:84:17:1e:58:
                    42:e9:3f:d8:10:c3:7d:c7:0b:ee:6a:57:22:bd:ca:
                    98:a7:52:ef:2c:ac:1e:ea:b9:c5:1e:96:b1:af:38:
                    b8:e2:30:af:29:85:7a:29:09:b5:bd:33:68:b6:58:
                    ba:d2:50:17:cf:f7:28:94:a7:d4:09:2f:7a:35:58:
                    f6:20:66:95:cc:2f:3c:e5:a1:52:66:6b:12:0f:e6:
                    0c:fb:d0:62:5e:14:51:99:4a:62:2c:7b:a8:80:d8:
                    dd:1b:a4:e7:59:e5:db:0a:e3:b5:97:42:23:ba:74:
                    5f:6f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:BD:02:FF:6F:9A:44:1C:C4:72:B5:8C:B0:52:67:AE:87:EB:E6:A1
            X509v3 Authority Key Identifier:
                keyid:AD:A8:AE:D3:2B:15:B8:7E:61:12:52:D2:9D:1E:1D:5B:DE:58:16:46

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91DC5BE/D401619A1D6911E2AFB64EA708B02CD2/raiu0ysVuH5hElLSnR4dW95YFkY.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/raiu0ysVuH5hElLSnR4dW95YFkY.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91DC5BE/D401619A1D6911E2AFB64EA708B02CD2/E2446DD228AA11E79582F36BC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.119.95.0/24
                IPv6:
                  2001:ddd::/48

    Signature Algorithm: sha256WithRSAEncryption
         4b:8d:55:65:bd:72:42:27:59:39:39:5c:73:6e:0e:b0:24:e0:
         cd:71:c4:06:32:53:0e:1c:04:05:0a:3e:05:56:6b:20:3f:9f:
         53:41:51:e2:d6:ba:08:dc:0d:40:c9:b1:f8:79:33:33:e6:c2:
         90:cd:6e:86:0a:7e:09:44:20:d6:01:d5:5e:23:7d:b9:cb:43:
         85:11:8d:7a:02:6f:b5:2e:96:bc:ea:e1:47:c4:93:85:d2:a4:
         52:da:0e:b5:0f:cb:ff:9c:3f:f2:ce:f4:c9:08:12:8b:c2:be:
         63:a8:08:c7:70:9b:26:47:3f:4b:ce:d2:c2:dd:36:f8:56:b9:
         29:4c:b6:98:4c:3d:34:75:98:da:06:8a:97:ef:15:9e:80:0b:
         0c:ad:af:b0:a1:75:da:3d:42:f1:80:ff:0f:7a:69:a5:8f:11:
         8d:0f:e2:ee:fe:dd:8f:71:5d:21:49:9d:55:a0:5e:79:6b:31:
         1c:f7:85:3f:8b:18:6e:5b:d6:21:82:1b:ed:7e:60:55:1d:f2:
         b3:aa:f8:76:07:a6:f7:c1:02:6f:51:56:19:f4:23:06:c3:6f:
         8d:18:22:e5:ec:fa:c2:de:2d:ee:1d:ae:c1:de:6b:b7:70:3a:
         1a:09:08:4b:03:09:c2:db:93:f0:eb:e0:6e:34:cd:ab:3c:86:
         f1:80:54:0d
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICLgAwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
REM1QkUxMTAvBgNVBAUTKEFEQThBRUQzMkIxNUI4N0U2MTEyNTJEMjlEMUUxRDVC
REU1ODE2NDYwHhcNMjAxMTI3MTQyMDA4WhcNMzEwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw01ZmMxMGIxOC1kODRmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAyvo7GoIOF8GdbCduk5tqpvT9OJkkEk2+tmQm8ZozLVWi8Ox3AU1sbYcmMFHr
RSJrMz9cUiyBiBvyhzLqvjHx4cVkQ77iS8IeFo8H+Xch2Jy4iFD2eAKYCCOygfFz
wlaDnvivykq5/UtHHYl2blZmuA+R0QrZPph2/7tEjQb4JG3qyYAU2OsQXU5FNVlv
fijFroQXHlhC6T/YEMN9xwvualcivcqYp1LvLKwe6rnFHpaxrzi44jCvKYV6KQm1
vTNotli60lAXz/colKfUCS96NVj2IGaVzC885aFSZmsSD+YM+9BiXhRRmUpiLHuo
gNjdG6TnWeXbCuO1l0IjunRfbwIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFMu9Av9v
mkQcxHK1jLBSZ66H6+ahMB8GA1UdIwQYMBaAFK2ortMrFbh+YRJS0p0eHVveWBZG
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFEQzVCRS9ENDAxNjE5QTFE
NjkxMUUyQUZCNjRFQTcwOEIwMkNEMi9yYWl1MHlzVnVINWhFbExTblI0ZFc5NVlG
a1kuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3JhaXUweXNWdUg1aEVsTFNuUjRkVzk1WUZrWS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
REM1QkUvRDQwMTYxOUExRDY5MTFFMkFGQjY0RUE3MDhCMDJDRDIvRTI0NDZERDIy
OEFBMTFFNzk1ODJGMzZCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBADLd18wDwQCAAIwCQMHACABDd0AADANBgkqhkiG9w0BAQsF
AAOCAQEAS41VZb1yQidZOTlcc24OsCTgzXHEBjJTDhwEBQo+BVZrID+fU0FR4ta6
CNwNQMmx+HkzM+bCkM1uhgp+CUQg1gHVXiN9uctDhRGNegJvtS6WvOrhR8SThdKk
UtoOtQ/L/5w/8s70yQgSi8K+Y6gIx3CbJkc/S87Swt02+Fa5KUy2mEw9NHWY2gaK
l+8VnoALDK2vsKF12j1C8YD/D3pppY8RjQ/i7v7dj3FdIUmdVaBeeWsxHPeFP4sY
blvWIYIb7X5gVR3ys6r4dgem98ECb1FWGfQjBsNvjRgi5ez6wt4t7h2uwd5rt3A6
GgkISwMJwtuT8OvgbjTNqzyG8YBUDQ==
-----END CERTIFICATE-----
Generated at Sun Jun 16 15:20:24 2024 by rpki-client on console-fra.rpki-client.org