Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91E0CE8/900D2646066A11E8B9BAF682C4F9AE02/20A2C900115711EB8E58CE15C4F9AE02.roa
File:                     20A2C900115711EB8E58CE15C4F9AE02.roa (raw, json)
Hash identifier:          NsMEJco1Cbnm7CTmba+MzKbnVDI/T5E3H5+hP+qM9tw=
Subject key identifier:   28:92:8C:11:5F:79:93:2C:DB:F5:46:8E:65:05:CA:7F:E6:74:CF:45
Certificate issuer:       /CN=A91E0CE8/serialNumber=06C627D9C312C7B47D1C3A53B44755A10A68487C
Certificate serial:       1573
Authority key identifier: 06:C6:27:D9:C3:12:C7:B4:7D:1C:3A:53:B4:47:55:A1:0A:68:48:7C
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BsYn2cMSx7R9HDpTtEdVoQpoSHw.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91E0CE8/900D2646066A11E8B9BAF682C4F9AE02/20A2C900115711EB8E58CE15C4F9AE02.roa
Signing time:             Wed 06 Dec 2023 17:24:36 +0000
ROA not before:           Wed 06 Dec 2023 17:24:36 +0000
ROA not after:            Sun 02 Mar 2025 00:00:00 +0000
asID:                     137443
IP address blocks:        43.224.152.0/23 maxlen: 23
                          43.224.154.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91E0CE8/900D2646066A11E8B9BAF682C4F9AE02/BsYn2cMSx7R9HDpTtEdVoQpoSHw.crl
                          rsync://rpki.apnic.net/member_repository/A91E0CE8/900D2646066A11E8B9BAF682C4F9AE02/BsYn2cMSx7R9HDpTtEdVoQpoSHw.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BsYn2cMSx7R9HDpTtEdVoQpoSHw.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 04 Apr 2024 17:16:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 5491 (0x1573)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E0CE8/serialNumber=06C627D9C312C7B47D1C3A53B44755A10A68487C
        Validity
            Not Before: Dec  6 17:24:36 2023 GMT
            Not After : Mar  2 00:00:00 2025 GMT
        Subject: CN=6570ae54-222a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:66:08:f4:26:40:66:fe:93:ee:a8:20:95:d9:
                    1f:6d:f5:77:7b:9f:8d:df:13:4d:5a:d9:e6:8e:1a:
                    9a:9b:35:44:2c:65:7a:95:86:be:32:f0:1f:86:18:
                    16:cf:b1:65:4a:71:17:f4:5f:43:51:e8:09:ce:aa:
                    03:14:0b:01:2b:ae:0b:b4:52:dc:ee:e4:8e:91:fa:
                    5b:1f:fa:48:7b:28:06:7d:22:f7:48:66:99:92:a3:
                    ee:65:36:6b:57:16:d4:b4:5f:e6:01:01:49:40:5d:
                    75:47:91:24:47:97:21:5c:ac:6f:9f:8f:bb:20:25:
                    e9:94:2d:d3:a4:a6:36:27:b0:6a:d3:d2:df:b7:b1:
                    b2:78:42:8c:53:b6:d4:7c:10:49:28:bd:81:f2:8f:
                    a8:a2:38:6d:0d:d5:0b:8e:42:93:c3:82:2a:63:18:
                    c9:60:e0:01:74:97:ec:4b:01:90:d7:74:72:de:5a:
                    bf:09:80:47:62:50:9e:b9:ee:56:34:bd:28:c3:a6:
                    70:ea:b5:3b:c8:a3:10:1c:47:07:e5:e4:77:1f:d9:
                    2c:c8:eb:c1:34:00:e4:c2:66:0d:f6:be:55:12:dd:
                    21:7e:ff:a1:83:e0:48:8c:ea:9f:a4:23:f9:95:66:
                    3e:fd:c8:ef:cd:80:07:73:28:7e:71:c6:05:43:a3:
                    be:bb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                28:92:8C:11:5F:79:93:2C:DB:F5:46:8E:65:05:CA:7F:E6:74:CF:45
            X509v3 Authority Key Identifier:
                keyid:06:C6:27:D9:C3:12:C7:B4:7D:1C:3A:53:B4:47:55:A1:0A:68:48:7C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91E0CE8/900D2646066A11E8B9BAF682C4F9AE02/BsYn2cMSx7R9HDpTtEdVoQpoSHw.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BsYn2cMSx7R9HDpTtEdVoQpoSHw.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91E0CE8/900D2646066A11E8B9BAF682C4F9AE02/20A2C900115711EB8E58CE15C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.224.152.0/22

    Signature Algorithm: sha256WithRSAEncryption
         47:e8:88:ea:2c:22:af:d4:23:43:da:9d:8e:9f:e4:f0:d3:16:
         0e:9c:53:0e:61:d6:e0:21:71:04:e7:3f:6c:5f:d7:4b:f9:9b:
         50:ff:9a:e8:83:79:58:13:ef:c3:de:8f:b7:c5:2a:ad:63:60:
         d9:d0:c5:1a:d4:9d:f5:2e:b8:82:e4:af:c8:51:22:53:38:05:
         ed:be:5f:29:7e:9f:6c:3c:55:0f:a3:30:29:7b:e4:9c:60:18:
         f9:cc:12:17:1c:72:38:52:98:24:c2:c2:19:f7:0d:2f:89:9a:
         5f:b1:59:46:95:e1:d7:a5:af:5e:5c:11:2e:d5:3e:2b:3b:8c:
         10:10:5b:f8:7a:65:d4:d6:7e:36:80:00:be:95:20:69:83:dc:
         b2:4c:7e:7a:db:97:c0:c9:ca:c2:99:db:07:47:36:11:b6:d0:
         6b:24:e9:c5:b3:cc:b7:1d:ee:a6:92:84:00:80:c3:77:49:39:
         10:33:cf:33:c7:07:6a:56:40:a4:09:84:ce:01:37:1a:c4:fe:
         81:76:3c:ad:a2:76:e8:b7:9f:7d:4b:ea:e5:d0:01:74:b3:f6:
         c3:62:f7:90:4c:57:e4:70:05:10:7c:4f:a7:8f:a9:68:9d:49:
         7f:fb:9f:55:1a:1a:3a:86:75:bf:d1:73:07:e8:71:6a:a2:34:
         92:c6:bc:e8
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICFXMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RTBDRTgxMTAvBgNVBAUTKDA2QzYyN0Q5QzMxMkM3QjQ3RDFDM0E1M0I0NDc1NUEx
MEE2ODQ4N0MwHhcNMjMxMjA2MTcyNDM2WhcNMjUwMzAyMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTcwYWU1NC0yMjJhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA6WYI9CZAZv6T7qggldkfbfV3e5+N3xNNWtnmjhqamzVELGV6lYa+MvAfhhgW
z7FlSnEX9F9DUegJzqoDFAsBK64LtFLc7uSOkfpbH/pIeygGfSL3SGaZkqPuZTZr
VxbUtF/mAQFJQF11R5EkR5chXKxvn4+7ICXplC3TpKY2J7Bq09Lft7GyeEKMU7bU
fBBJKL2B8o+oojhtDdULjkKTw4IqYxjJYOABdJfsSwGQ13Ry3lq/CYBHYlCeue5W
NL0ow6Zw6rU7yKMQHEcH5eR3H9ksyOvBNADkwmYN9r5VEt0hfv+hg+BIjOqfpCP5
lWY+/cjvzYAHcyh+ccYFQ6O+uwIDAQABo4IClTCCApEwHQYDVR0OBBYEFCiSjBFf
eZMs2/VGjmUFyn/mdM9FMB8GA1UdIwQYMBaAFAbGJ9nDEse0fRw6U7RHVaEKaEh8
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFMENFOC85MDBEMjY0NjA2
NkExMUU4QjlCQUY2ODJDNEY5QUUwMi9Cc1luMmNNU3g3UjlIRHBUdEVkVm9RcG9T
SHcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0JzWW4yY01TeDdSOUhEcFR0RWRWb1Fwb1NIdy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RTBDRTgvOTAwRDI2NDYwNjZBMTFFOEI5QkFGNjgyQzRGOUFFMDIvMjBBMkM5MDAx
MTU3MTFFQjhFNThDRTE1QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAIr4JgwDQYJKoZIhvcNAQELBQADggEBAEfoiOosIq/UI0Pa
nY6f5PDTFg6cUw5h1uAhcQTnP2xf10v5m1D/muiDeVgT78Pej7fFKq1jYNnQxRrU
nfUuuILkr8hRIlM4Be2+Xyl+n2w8VQ+jMCl75JxgGPnMEhcccjhSmCTCwhn3DS+J
ml+xWUaV4delr15cES7VPis7jBAQW/h6ZdTWfjaAAL6VIGmD3LJMfnrbl8DJysKZ
2wdHNhG20Gsk6cWzzLcd7qaShACAw3dJORAzzzPHB2pWQKQJhM4BNxrE/oF2PK2i
dui3n31L6uXQAXSz9sNi95BMV+RwBRB8T6ePqWidSX/7n1UaGjqGdb/RcwfocWqi
NJLGvOg=
-----END CERTIFICATE-----
Generated at Thu Mar 28 18:54:43 2024 by rpki-client on console-ams.rpki-client.org