Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91EE92F/12085D18740B11EF9E9C0336C4F9AE02/2DFD4A1E740C11EFB881CE37C4F9AE02.roa
File:                     2DFD4A1E740C11EFB881CE37C4F9AE02.roa (raw, json)
Hash identifier:          T+wmuYYMTFF61NV8D+auleLzw90NK0dFwG6cz8qIwGw=
Subject key identifier:   77:D3:3C:64:4F:D2:2A:BC:41:6A:AA:1A:F0:18:12:EF:C9:ED:53:E8
Certificate issuer:       /CN=A91EE92F/serialNumber=457DB766E1B0D6A4DCC7F9AECD287D4DC3E70C9E
Certificate serial:       02
Authority key identifier: 45:7D:B7:66:E1:B0:D6:A4:DC:C7:F9:AE:CD:28:7D:4D:C3:E7:0C:9E
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/RX23ZuGw1qTcx_muzSh9TcPnDJ4.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91EE92F/12085D18740B11EF9E9C0336C4F9AE02/2DFD4A1E740C11EFB881CE37C4F9AE02.roa
Signing time:             Mon 16 Sep 2024 09:15:14 +0000
ROA not before:           Mon 16 Sep 2024 09:15:14 +0000
ROA not after:            Tue 30 Dec 2025 00:00:00 +0000
asID:                     153329
IP address blocks:        160.187.56.0/23 maxlen: 23
                          160.187.56.0/24 maxlen: 24
                          160.187.57.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91EE92F/12085D18740B11EF9E9C0336C4F9AE02/RX23ZuGw1qTcx_muzSh9TcPnDJ4.crl
                          rsync://rpki.apnic.net/member_repository/A91EE92F/12085D18740B11EF9E9C0336C4F9AE02/RX23ZuGw1qTcx_muzSh9TcPnDJ4.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/RX23ZuGw1qTcx_muzSh9TcPnDJ4.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 28 Nov 2024 02:50:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91EE92F/serialNumber=457DB766E1B0D6A4DCC7F9AECD287D4DC3E70C9E
        Validity
            Not Before: Sep 16 09:15:14 2024 GMT
            Not After : Dec 30 00:00:00 2025 GMT
        Subject: CN=66e7f721-40be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:e9:1b:6c:5e:c8:7a:90:86:eb:67:2d:82:d9:
                    21:0f:88:e8:5c:5c:2e:fa:c5:1e:ac:80:84:1f:a2:
                    4a:31:21:46:d5:83:72:4a:e2:84:80:27:09:65:c6:
                    17:15:9d:1b:a5:32:73:f3:63:7d:2c:21:d0:a4:c8:
                    73:f5:47:dc:32:6a:a5:5b:52:48:c4:7a:4a:46:f7:
                    45:31:1d:af:40:fc:7b:b9:2f:c1:79:8e:c4:be:07:
                    32:33:36:53:6e:5c:e5:e2:4f:30:6b:fd:d3:41:4a:
                    73:86:aa:e3:33:a0:56:dc:27:29:1d:14:9f:30:90:
                    eb:fc:3e:44:4c:2b:c1:12:a4:da:53:11:83:02:44:
                    f2:db:30:12:07:6f:72:7a:13:db:69:79:c8:42:1f:
                    30:68:23:29:65:2d:f4:b4:ea:8e:66:45:4c:4c:1b:
                    5d:48:a4:dc:6e:6d:6e:6d:71:92:9c:63:9d:00:ba:
                    3c:f2:98:da:6c:fe:e3:58:a2:9c:a4:5f:44:bd:b7:
                    59:3f:11:7e:2c:a8:23:2a:02:83:c7:e9:19:40:1a:
                    de:76:d8:cd:5d:9f:3c:b4:33:50:a3:6a:9c:47:bf:
                    c2:3b:7f:1f:85:f1:c5:e4:4b:5c:90:49:fa:d1:a4:
                    9a:4a:d2:f8:87:d8:ce:0e:93:9b:77:d5:63:cf:e8:
                    89:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:D3:3C:64:4F:D2:2A:BC:41:6A:AA:1A:F0:18:12:EF:C9:ED:53:E8
            X509v3 Authority Key Identifier:
                keyid:45:7D:B7:66:E1:B0:D6:A4:DC:C7:F9:AE:CD:28:7D:4D:C3:E7:0C:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91EE92F/12085D18740B11EF9E9C0336C4F9AE02/RX23ZuGw1qTcx_muzSh9TcPnDJ4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/RX23ZuGw1qTcx_muzSh9TcPnDJ4.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91EE92F/12085D18740B11EF9E9C0336C4F9AE02/2DFD4A1E740C11EFB881CE37C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.187.56.0/23

    Signature Algorithm: sha256WithRSAEncryption
         55:ad:8c:78:00:4b:56:8a:8b:30:d6:c1:5a:4e:66:7e:18:1e:
         79:8d:d9:d1:10:f5:e8:9d:5b:d4:8b:25:c4:d9:5d:c6:72:9d:
         ba:f3:79:3a:b5:08:8b:5a:21:ff:24:d0:ef:9f:30:84:bf:d2:
         c6:a5:bc:90:bb:d1:df:2a:9d:30:23:f7:35:d7:cf:0f:6a:6e:
         11:6b:5f:93:2f:4b:c0:9c:96:65:ea:11:e2:24:42:8a:39:81:
         d0:9b:86:da:fc:fc:3f:cc:50:6c:bb:b5:2c:29:3a:c5:fa:8a:
         27:e0:b6:8c:68:55:db:6c:ad:f0:b7:5f:29:9c:ca:93:d3:e6:
         8a:87:54:4f:54:af:6d:7a:6d:66:42:cb:85:30:6e:bc:17:ce:
         63:94:22:d2:48:a8:0c:b9:3d:f7:3c:fd:71:39:96:50:94:3d:
         4b:66:ce:ed:fd:4f:dd:a4:ed:e0:82:6d:22:8a:17:42:20:3d:
         d9:9d:fb:b4:94:02:2f:3a:2e:c2:ac:09:f4:e7:dd:44:d1:dc:
         0b:af:d4:35:cf:9b:c9:69:ec:6c:8c:cc:db:9f:2c:8f:15:6c:
         b7:66:a6:e9:69:a7:75:f4:a5:d4:a2:c6:51:b0:f4:d7:8c:75:
         1a:38:cb:a8:d1:66:d8:dc:6d:96:7f:be:53:4b:64:f9:b3:52:
         81:1a:d9:c9
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgIBAjANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFF
RTkyRjExMC8GA1UEBRMoNDU3REI3NjZFMUIwRDZBNERDQzdGOUFFQ0QyODdENERD
M0U3MEM5RTAeFw0yNDA5MTYwOTE1MTRaFw0yNTEyMzAwMDAwMDBaMBgxFjAUBgNV
BAMTDTY2ZTdmNzIxLTQwYmUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCj6RtsXsh6kIbrZy2C2SEPiOhcXC76xR6sgIQfokoxIUbVg3JK4oSAJwllxhcV
nRulMnPzY30sIdCkyHP1R9wyaqVbUkjEekpG90UxHa9A/Hu5L8F5jsS+BzIzNlNu
XOXiTzBr/dNBSnOGquMzoFbcJykdFJ8wkOv8PkRMK8ESpNpTEYMCRPLbMBIHb3J6
E9tpechCHzBoIyllLfS06o5mRUxMG11IpNxubW5tcZKcY50AujzymNps/uNYopyk
X0S9t1k/EX4sqCMqAoPH6RlAGt522M1dnzy0M1CjapxHv8I7fx+F8cXkS1yQSfrR
pJpK0viH2M4Ok5t31WPP6IkpAgMBAAGjggKVMIICkTAdBgNVHQ4EFgQUd9M8ZE/S
KrxBaqoa8BgS78ntU+gwHwYDVR0jBBgwFoAURX23ZuGw1qTcx/muzSh9TcPnDJ4w
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUVFOTJGLzEyMDg1RDE4NzQw
QjExRUY5RTlDMDMzNkM0RjlBRTAyL1JYMjNadUd3MXFUY3hfbXV6U2g5VGNQbkRK
NC5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRGMjAxRDY2MTFFMjhBQzg4MzdDNzJG
RDFGRjIvUlgyM1p1R3cxcVRjeF9tdXpTaDlUY1BuREo0LmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFF
RTkyRi8xMjA4NUQxODc0MEIxMUVGOUU5QzAzMzZDNEY5QUUwMi8yREZENEExRTc0
MEMxMUVGQjg4MUNFMzdDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEAaC7ODANBgkqhkiG9w0BAQsFAAOCAQEAVa2MeABLVoqLMNbB
Wk5mfhgeeY3Z0RD16J1b1IslxNldxnKduvN5OrUIi1oh/yTQ758whL/SxqW8kLvR
3yqdMCP3NdfPD2puEWtfky9LwJyWZeoR4iRCijmB0JuG2vz8P8xQbLu1LCk6xfqK
J+C2jGhV22yt8LdfKZzKk9PmiodUT1SvbXptZkLLhTBuvBfOY5Qi0kioDLk99zz9
cTmWUJQ9S2bO7f1P3aTt4IJtIooXQiA92Z37tJQCLzouwqwJ9OfdRNHcC6/UNc+b
yWnsbIzM258sjxVst2am6WmndfSl1KLGUbD014x1GjjLqNFm2Nxtln++U0tk+bNS
gRrZyQ==
-----END CERTIFICATE-----
Generated at Thu Nov 21 07:40:39 2024 by rpki-client on console-ams.rpki-client.org