Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91EAE3D/97B6E0CE75DE11E8B704A246C4F9AE02/777818EE811411EABAD68C17C4F9AE02.roa
File:                     777818EE811411EABAD68C17C4F9AE02.roa (raw, json)
Hash identifier:          uTH4DdnkHvUCoP3voYzyx8m9UxRezv60J9sATz8UShU=
Subject key identifier:   3E:95:CE:D9:D3:14:02:0E:C4:8D:5D:88:29:69:C0:ED:D4:46:4C:CC
Certificate issuer:       /CN=A91EAE3D/serialNumber=C7269B124C420C55E29FB51D3C1B0D9D476CBD00
Certificate serial:       17A3
Authority key identifier: C7:26:9B:12:4C:42:0C:55:E2:9F:B5:1D:3C:1B:0D:9D:47:6C:BD:00
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xyabEkxCDFXin7UdPBsNnUdsvQA.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91EAE3D/97B6E0CE75DE11E8B704A246C4F9AE02/777818EE811411EABAD68C17C4F9AE02.roa
Signing time:             Tue 20 Feb 2024 17:55:41 +0000
ROA not before:           Tue 20 Feb 2024 17:55:41 +0000
ROA not after:            Thu 01 May 2025 00:00:00 +0000
asID:                     55561
IP address blocks:        125.168.221.0/24 maxlen: 24
                          125.168.222.0/24 maxlen: 24
                          125.168.223.0/24 maxlen: 24
                          203.57.203.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91EAE3D/97B6E0CE75DE11E8B704A246C4F9AE02/xyabEkxCDFXin7UdPBsNnUdsvQA.crl
                          rsync://rpki.apnic.net/member_repository/A91EAE3D/97B6E0CE75DE11E8B704A246C4F9AE02/xyabEkxCDFXin7UdPBsNnUdsvQA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xyabEkxCDFXin7UdPBsNnUdsvQA.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 29 Nov 2024 16:57:53 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 6051 (0x17a3)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91EAE3D/serialNumber=C7269B124C420C55E29FB51D3C1B0D9D476CBD00
        Validity
            Not Before: Feb 20 17:55:41 2024 GMT
            Not After : May  1 00:00:00 2025 GMT
        Subject: CN=65d4e79d-1dc6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:6a:07:88:ac:0a:44:84:a5:f4:36:db:83:6a:
                    cd:d0:03:4c:d1:f7:49:ef:3b:a1:85:eb:14:fc:85:
                    4f:e4:17:a3:c4:7e:e2:9d:58:02:db:64:35:83:a3:
                    f6:3b:a4:46:88:de:1e:55:a5:b1:49:fe:0f:09:38:
                    08:92:d8:21:6a:9a:fc:67:5b:34:3c:83:85:94:c6:
                    99:96:6d:a3:a2:f9:64:b7:94:0d:45:0d:da:ad:95:
                    3b:04:12:f5:a3:68:ca:49:02:e6:8c:b1:ea:c8:84:
                    29:71:60:b7:b8:bf:14:e8:14:cb:1e:05:0a:ec:d5:
                    c8:8e:26:4c:22:4f:e0:19:4c:74:29:e1:38:30:e6:
                    78:ce:19:94:84:91:20:6b:3c:50:63:88:d7:a1:58:
                    6f:76:0c:97:a8:07:ac:ba:34:b1:3e:ec:c3:5f:db:
                    49:5a:e1:56:93:09:11:2f:66:fe:2f:a6:55:75:b9:
                    30:03:ea:c1:a8:90:40:2c:73:c5:15:d1:6e:80:13:
                    c2:e6:45:19:45:b9:69:93:09:8c:11:6e:72:8b:3c:
                    d0:fe:f2:04:bf:4e:bd:ab:eb:4c:1d:18:54:e4:24:
                    23:be:1d:65:e1:fa:61:9b:32:58:f3:66:de:6d:d5:
                    f4:20:5d:2f:2d:ac:7a:21:11:44:5e:aa:96:bc:31:
                    c3:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3E:95:CE:D9:D3:14:02:0E:C4:8D:5D:88:29:69:C0:ED:D4:46:4C:CC
            X509v3 Authority Key Identifier:
                keyid:C7:26:9B:12:4C:42:0C:55:E2:9F:B5:1D:3C:1B:0D:9D:47:6C:BD:00

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91EAE3D/97B6E0CE75DE11E8B704A246C4F9AE02/xyabEkxCDFXin7UdPBsNnUdsvQA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xyabEkxCDFXin7UdPBsNnUdsvQA.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91EAE3D/97B6E0CE75DE11E8B704A246C4F9AE02/777818EE811411EABAD68C17C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  125.168.221.0-125.168.223.255
                  203.57.203.0/24

    Signature Algorithm: sha256WithRSAEncryption
         50:15:02:00:39:ef:aa:89:73:02:3c:e5:42:6c:72:68:aa:8f:
         d6:5d:84:7c:f7:fe:dc:39:ce:91:60:dd:32:60:7d:38:4f:29:
         bb:22:ab:02:34:44:50:bb:19:6c:33:9f:5c:f4:a3:05:50:b5:
         bc:fd:7f:10:7f:d0:2b:02:8c:08:93:69:29:11:aa:54:01:f6:
         9f:74:f3:6c:ac:ee:c7:0c:84:17:be:2b:44:c1:8c:e7:b6:08:
         fc:b7:24:31:a1:9a:1e:42:09:5b:fc:e5:c3:78:76:92:cc:d7:
         49:54:c8:34:04:9b:03:7c:e9:84:e7:8e:9e:4d:0a:f5:a4:6a:
         5b:f5:fd:c5:4e:bb:fc:48:85:d8:97:15:c7:00:dd:c4:b9:aa:
         d1:e1:6b:4e:a1:e6:8c:57:87:07:a0:9d:f7:3d:76:b0:9f:d2:
         27:bc:bd:e8:5f:ff:f8:3e:2d:9f:8c:76:ec:3b:a4:43:97:70:
         c6:2b:5a:d8:3b:23:b4:76:09:9f:f4:66:5c:dd:77:a8:ef:8c:
         19:26:6c:00:52:59:06:53:8d:82:49:56:2d:aa:7d:03:6e:c3:
         73:fe:2a:55:ed:ae:de:4b:57:97:3b:ee:bc:2a:1a:9c:1d:83:
         07:81:3a:8c:46:61:ed:ed:b4:ea:a1:bd:28:2a:0a:d1:8a:c4:
         b6:d8:77:8f
-----BEGIN CERTIFICATE-----
MIIFfzCCBGegAwIBAgICF6MwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RUFFM0QxMTAvBgNVBAUTKEM3MjY5QjEyNEM0MjBDNTVFMjlGQjUxRDNDMUIwRDlE
NDc2Q0JEMDAwHhcNMjQwMjIwMTc1NTQxWhcNMjUwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWQ0ZTc5ZC0xZGM2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAwGoHiKwKRISl9Dbbg2rN0ANM0fdJ7zuhhesU/IVP5BejxH7inVgC22Q1g6P2
O6RGiN4eVaWxSf4PCTgIktghapr8Z1s0PIOFlMaZlm2jovlkt5QNRQ3arZU7BBL1
o2jKSQLmjLHqyIQpcWC3uL8U6BTLHgUK7NXIjiZMIk/gGUx0KeE4MOZ4zhmUhJEg
azxQY4jXoVhvdgyXqAesujSxPuzDX9tJWuFWkwkRL2b+L6ZVdbkwA+rBqJBALHPF
FdFugBPC5kUZRblpkwmMEW5yizzQ/vIEv069q+tMHRhU5CQjvh1l4fphmzJY82be
bdX0IF0vLax6IRFEXqqWvDHDBwIDAQABo4ICozCCAp8wHQYDVR0OBBYEFD6VztnT
FAIOxI1diClpwO3URkzMMB8GA1UdIwQYMBaAFMcmmxJMQgxV4p+1HTwbDZ1HbL0A
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFQUUzRC85N0I2RTBDRTc1
REUxMUU4QjcwNEEyNDZDNEY5QUUwMi94eWFiRWt4Q0RGWGluN1VkUEJzTm5VZHN2
UUEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3h5YWJFa3hDREZYaW43VWRQQnNOblVkc3ZRQS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RUFFM0QvOTdCNkUwQ0U3NURFMTFFOEI3MDRBMjQ2QzRGOUFFMDIvNzc3ODE4RUU4
MTE0MTFFQUJBRDY4QzE3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLQYIKwYBBQUHAQcBAf8E
HjAcMBoEAgABMBQwDAMEAH2o3QMEBX2owAMEAMs5yzANBgkqhkiG9w0BAQsFAAOC
AQEAUBUCADnvqolzAjzlQmxyaKqP1l2EfPf+3DnOkWDdMmB9OE8puyKrAjREULsZ
bDOfXPSjBVC1vP1/EH/QKwKMCJNpKRGqVAH2n3TzbKzuxwyEF74rRMGM57YI/Lck
MaGaHkIJW/zlw3h2kszXSVTINASbA3zphOeOnk0K9aRqW/X9xU67/EiF2JcVxwDd
xLmq0eFrTqHmjFeHB6Cd9z12sJ/SJ7y96F//+D4tn4x27DukQ5dwxita2DsjtHYJ
n/RmXN13qO+MGSZsAFJZBlONgklWLap9A27Dc/4qVe2u3ktXlzvuvCoanB2DB4E6
jEZh7e206qG9KCoK0YrEtth3jw==
-----END CERTIFICATE-----
Generated at Fri Nov 22 19:50:22 2024 by rpki-client on console-ams.rpki-client.org