Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91DCD09/EAC7EEA0112D11EC8D87057DC4F9AE02/43AB9FC641A311ECA73C8C0EC4F9AE02.roa
File:                     43AB9FC641A311ECA73C8C0EC4F9AE02.roa (raw, json)
Hash identifier:          kro1c24JWf3+Pl5/Us2iCFO7ciSwGi2aZqtJsdIe9Mc=
Subject key identifier:   AA:C3:01:39:D3:19:BE:15:52:BB:68:8C:9F:D4:72:F8:64:01:7D:B6
Certificate issuer:       /CN=A91DCD09/serialNumber=ADB98978FD751F99D9A8EB2AE72D3C0C550453A4
Certificate serial:       03FB
Authority key identifier: AD:B9:89:78:FD:75:1F:99:D9:A8:EB:2A:E7:2D:3C:0C:55:04:53:A4
Authority info access:    rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/rbmJeP11H5nZqOsq5y08DFUEU6Q.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91DCD09/EAC7EEA0112D11EC8D87057DC4F9AE02/43AB9FC641A311ECA73C8C0EC4F9AE02.roa
Signing time:             Wed 22 Nov 2023 20:05:31 +0000
ROA not before:           Wed 22 Nov 2023 20:05:31 +0000
ROA not after:            Sun 01 Dec 2024 00:00:00 +0000
asID:                     16509
IP address blocks:        213.170.156.0/24 maxlen: 24
                          213.170.157.0/24 maxlen: 24
                          213.170.158.0/24 maxlen: 24
                          213.170.159.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91DCD09/EAC7EEA0112D11EC8D87057DC4F9AE02/rbmJeP11H5nZqOsq5y08DFUEU6Q.crl
                          rsync://rpki.apnic.net/member_repository/A91DCD09/EAC7EEA0112D11EC8D87057DC4F9AE02/rbmJeP11H5nZqOsq5y08DFUEU6Q.mft
                          rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/rbmJeP11H5nZqOsq5y08DFUEU6Q.cer
                          rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/DPzneFf88B852ZpitKpi5hWedvg.crl
                          rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/DPzneFf88B852ZpitKpi5hWedvg.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DPzneFf88B852ZpitKpi5hWedvg.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 04 Apr 2024 14:50:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1019 (0x3fb)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91DCD09/serialNumber=ADB98978FD751F99D9A8EB2AE72D3C0C550453A4
        Validity
            Not Before: Nov 22 20:05:31 2023 GMT
            Not After : Dec  1 00:00:00 2024 GMT
        Subject: CN=655e5f0a-743a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:98:b6:af:9e:a7:75:92:30:bb:a9:d6:a6:28:
                    3c:94:68:88:c2:63:90:e6:43:49:fd:de:57:f4:2a:
                    b9:58:66:60:18:92:c3:3d:7b:e0:9c:60:5f:b0:b3:
                    52:39:ee:26:68:9e:f3:ee:5f:4b:8c:bd:62:e4:d8:
                    f5:43:33:06:4a:50:7d:bf:48:93:96:dc:2a:d7:63:
                    ed:9b:07:22:38:eb:50:14:39:5f:cb:a8:ac:79:90:
                    bf:d7:e5:a5:ff:2b:67:b6:0d:d3:95:77:99:ec:ee:
                    e5:68:03:80:21:03:8e:23:a9:15:8b:3d:b8:6d:dd:
                    1d:28:ce:01:77:1e:cf:02:f3:fe:03:4f:a8:65:29:
                    da:15:f8:d6:1f:12:59:92:6b:f8:48:db:83:b8:b7:
                    3a:77:9c:b5:27:d3:9e:c1:a1:3b:97:88:14:bb:35:
                    33:49:6c:c2:61:34:0f:da:1d:dc:0a:8b:12:30:99:
                    fd:1f:8f:b6:00:96:02:a8:8c:6b:54:5a:5a:99:e0:
                    09:45:b4:4f:8c:2d:88:c8:45:3c:06:3b:b0:f3:2d:
                    d9:fe:43:94:40:24:d1:03:23:c7:a2:b4:13:ea:de:
                    2a:75:06:a8:63:59:20:2b:57:2a:54:42:bb:7a:7c:
                    f3:15:81:22:af:e5:ec:18:f8:bf:e9:d8:c9:80:54:
                    c5:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AA:C3:01:39:D3:19:BE:15:52:BB:68:8C:9F:D4:72:F8:64:01:7D:B6
            X509v3 Authority Key Identifier:
                keyid:AD:B9:89:78:FD:75:1F:99:D9:A8:EB:2A:E7:2D:3C:0C:55:04:53:A4

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91DCD09/EAC7EEA0112D11EC8D87057DC4F9AE02/rbmJeP11H5nZqOsq5y08DFUEU6Q.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/rbmJeP11H5nZqOsq5y08DFUEU6Q.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91DCD09/EAC7EEA0112D11EC8D87057DC4F9AE02/43AB9FC641A311ECA73C8C0EC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  213.170.156.0/22

    Signature Algorithm: sha256WithRSAEncryption
         50:ef:c6:5b:9c:8f:de:3e:fe:e3:14:0d:47:2b:2c:fb:5f:a0:
         2a:6c:d9:2d:36:ba:5e:2e:d6:0a:4c:28:68:0e:b7:18:08:4b:
         99:ad:a5:60:30:bf:5e:56:6d:8a:c7:f0:4a:ba:78:ed:a9:3a:
         fb:bd:47:40:ab:c5:07:47:9d:f0:6f:d0:d3:5e:f7:03:af:f5:
         ec:ca:aa:0d:d9:7c:1b:c6:a2:ce:88:df:cc:ab:14:6a:bb:df:
         63:fc:dc:20:67:29:12:b0:5f:21:4b:66:71:b9:7a:2c:a6:3c:
         3a:25:48:f9:94:8b:34:63:a0:10:98:ef:44:08:4f:4f:85:04:
         46:c0:2c:f3:aa:8c:c1:b7:29:78:87:16:ab:03:66:87:af:48:
         c6:18:db:d2:bc:d9:9c:67:33:ef:64:9f:21:40:0a:1a:d4:38:
         71:da:62:d0:2a:2c:e2:5c:d3:6f:74:15:b4:42:05:98:0b:7b:
         6c:78:6c:34:dd:e9:61:d8:59:31:d1:2c:c8:9e:0b:8c:f7:77:
         c6:5e:6e:d0:39:d7:ea:82:fa:76:09:e7:d9:31:28:39:85:ca:
         99:d5:17:7a:cf:af:f2:9e:fd:9e:a3:66:7a:8f:12:ae:54:1b:
         86:03:9c:36:ed:3f:96:40:fa:43:02:6b:e2:29:af:9d:b2:a6:
         2e:bc:ba:05
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICA/swDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RENEMDkxMTAvBgNVBAUTKEFEQjk4OTc4RkQ3NTFGOTlEOUE4RUIyQUU3MkQzQzBD
NTUwNDUzQTQwHhcNMjMxMTIyMjAwNTMxWhcNMjQxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTVlNWYwYS03NDNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA4Zi2r56ndZIwu6nWpig8lGiIwmOQ5kNJ/d5X9Cq5WGZgGJLDPXvgnGBfsLNS
Oe4maJ7z7l9LjL1i5Nj1QzMGSlB9v0iTltwq12PtmwciOOtQFDlfy6iseZC/1+Wl
/ytntg3TlXeZ7O7laAOAIQOOI6kViz24bd0dKM4Bdx7PAvP+A0+oZSnaFfjWHxJZ
kmv4SNuDuLc6d5y1J9OewaE7l4gUuzUzSWzCYTQP2h3cCosSMJn9H4+2AJYCqIxr
VFpameAJRbRPjC2IyEU8Bjuw8y3Z/kOUQCTRAyPHorQT6t4qdQaoY1kgK1cqVEK7
enzzFYEir+XsGPi/6djJgFTFZwIDAQABo4IClTCCApEwHQYDVR0OBBYEFKrDATnT
Gb4VUrtojJ/UcvhkAX22MB8GA1UdIwQYMBaAFK25iXj9dR+Z2ajrKuctPAxVBFOk
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFEQ0QwOS9FQUM3RUVBMDEx
MkQxMUVDOEQ4NzA1N0RDNEY5QUUwMi9yYm1KZVAxMUg1blpxT3NxNXkwOERGVUVV
NlEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzMjJBNUY0MUQ2NjExRTJBM0YyN0Y3Qzcy
RkQxRkYyL3JibUplUDExSDVuWnFPc3E1eTA4REZVRVU2US5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RENEMDkvRUFDN0VFQTAxMTJEMTFFQzhEODcwNTdEQzRGOUFFMDIvNDNBQjlGQzY0
MUEzMTFFQ0E3M0M4QzBFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBALVqpwwDQYJKoZIhvcNAQELBQADggEBAFDvxlucj94+/uMU
DUcrLPtfoCps2S02ul4u1gpMKGgOtxgIS5mtpWAwv15WbYrH8Eq6eO2pOvu9R0Cr
xQdHnfBv0NNe9wOv9ezKqg3ZfBvGos6I38yrFGq732P83CBnKRKwXyFLZnG5eiym
PDolSPmUizRjoBCY70QIT0+FBEbALPOqjMG3KXiHFqsDZoevSMYY29K82ZxnM+9k
nyFAChrUOHHaYtAqLOJc0290FbRCBZgLe2x4bDTd6WHYWTHRLMieC4z3d8ZebtA5
1+qC+nYJ59kxKDmFypnVF3rPr/Ke/Z6jZnqPEq5UG4YDnDbtP5ZA+kMCa+Ipr52y
pi68ugU=
-----END CERTIFICATE-----
Generated at Thu Mar 28 19:44:25 2024 by rpki-client on console-fra.rpki-client.org