Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91F6D91/E517F2B69AE511EB837F135EC4F9AE02/0E2711E6830711ECB472CA0AC4F9AE02.roa
File:                     0E2711E6830711ECB472CA0AC4F9AE02.roa (raw, json)
Hash identifier:          sAPblarR1RVbcdAB8jcZ3zm1ZUu8MrXig2RJFCDYAAk=
Subject key identifier:   30:DA:8B:52:DC:98:F9:33:CA:EF:21:9F:8E:53:90:35:AD:75:F9:F7
Certificate issuer:       /CN=A91F6D91/serialNumber=F6718A5E5E42D08E253A2FB300FF09C3F5351D32
Certificate serial:       0546
Authority key identifier: F6:71:8A:5E:5E:42:D0:8E:25:3A:2F:B3:00:FF:09:C3:F5:35:1D:32
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/9nGKXl5C0I4lOi-zAP8Jw_U1HTI.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91F6D91/E517F2B69AE511EB837F135EC4F9AE02/0E2711E6830711ECB472CA0AC4F9AE02.roa
Signing time:             Fri 19 Jan 2024 00:42:00 +0000
ROA not before:           Fri 19 Jan 2024 00:42:00 +0000
ROA not after:            Sun 02 Mar 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        203.175.0.0/24 maxlen: 24
                          203.175.1.0/24 maxlen: 24
                          203.175.2.0/24 maxlen: 24
                          203.175.3.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91F6D91/E517F2B69AE511EB837F135EC4F9AE02/9nGKXl5C0I4lOi-zAP8Jw_U1HTI.crl
                          rsync://rpki.apnic.net/member_repository/A91F6D91/E517F2B69AE511EB837F135EC4F9AE02/9nGKXl5C0I4lOi-zAP8Jw_U1HTI.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/9nGKXl5C0I4lOi-zAP8Jw_U1HTI.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 27 Nov 2024 20:33:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1350 (0x546)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F6D91/serialNumber=F6718A5E5E42D08E253A2FB300FF09C3F5351D32
        Validity
            Not Before: Jan 19 00:42:00 2024 GMT
            Not After : Mar  2 00:00:00 2025 GMT
        Subject: CN=65a9c558-8449
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:ab:e6:f8:4f:03:b9:56:c1:60:e7:ef:ad:98:
                    35:fc:ad:56:db:06:ae:07:94:32:da:6c:ba:ed:c3:
                    50:4c:72:7e:60:08:f0:e5:31:a7:8b:8a:d1:23:f1:
                    95:b0:93:35:d7:13:67:01:dd:ad:c1:4d:36:ab:4e:
                    22:e7:7c:91:80:fd:73:56:6a:14:12:7a:3b:b9:85:
                    45:08:61:95:f4:eb:06:80:0e:a6:57:29:c1:be:65:
                    29:1b:a4:61:e3:96:48:68:1d:06:47:03:64:c5:a7:
                    01:d4:50:09:dc:bc:09:bb:02:22:57:41:a6:53:96:
                    1f:da:2e:d2:dd:e6:64:e7:2c:fc:3e:7c:d9:99:16:
                    d2:02:f6:8f:41:42:c9:77:a1:f9:60:b8:82:9b:5f:
                    0e:a7:05:1b:7d:e3:76:5c:bb:d0:53:a6:cc:a8:25:
                    3a:39:8b:77:c5:bb:cd:6b:fe:73:93:20:17:9c:01:
                    c7:02:a3:db:4c:43:ee:e5:39:a6:be:45:c2:a2:fd:
                    75:81:fb:32:f9:c7:30:fd:1b:69:33:62:80:45:67:
                    4e:4c:9c:d7:ad:ac:3d:cb:0f:f9:b0:58:2e:1d:f9:
                    d2:eb:f1:e9:21:85:98:f5:17:07:72:f8:a8:2f:bf:
                    b9:a1:d1:07:4a:ba:96:4f:e9:5d:c9:66:f2:fb:63:
                    b3:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                30:DA:8B:52:DC:98:F9:33:CA:EF:21:9F:8E:53:90:35:AD:75:F9:F7
            X509v3 Authority Key Identifier:
                keyid:F6:71:8A:5E:5E:42:D0:8E:25:3A:2F:B3:00:FF:09:C3:F5:35:1D:32

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91F6D91/E517F2B69AE511EB837F135EC4F9AE02/9nGKXl5C0I4lOi-zAP8Jw_U1HTI.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/9nGKXl5C0I4lOi-zAP8Jw_U1HTI.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91F6D91/E517F2B69AE511EB837F135EC4F9AE02/0E2711E6830711ECB472CA0AC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.175.0.0/22

    Signature Algorithm: sha256WithRSAEncryption
         49:45:1d:18:bc:d1:d7:f1:66:13:6f:5a:e1:b2:fc:6e:e0:32:
         66:66:c9:fd:97:05:dc:13:0c:41:2e:df:12:a3:b5:ea:18:0e:
         04:b7:96:a1:ed:f6:22:d3:ca:4c:07:f4:8c:96:04:88:2f:da:
         93:44:20:11:a7:e7:4e:7e:08:29:a7:23:32:2b:e4:8b:05:f0:
         88:f3:ba:5b:a2:00:b6:2c:3c:e3:1e:97:46:f5:56:11:c0:0e:
         70:5d:00:6e:dc:36:6a:88:f5:e4:9e:da:c3:5e:b8:48:30:c4:
         a6:97:23:2c:b8:ac:ab:4a:54:08:90:20:7c:7c:3a:cf:56:d5:
         1b:28:83:55:57:90:ad:7c:cf:a3:f6:9a:c9:95:4b:84:0a:e0:
         13:c3:19:6c:17:5d:58:6c:f4:2a:d1:19:f8:1d:6e:26:3c:0c:
         70:c7:fb:a4:a6:83:3f:fc:a7:f8:81:7a:39:00:d0:8e:81:71:
         03:ca:90:63:65:a3:14:5d:c2:86:2f:1d:8b:04:3a:50:ca:87:
         60:bc:aa:e8:9b:db:0a:7b:1b:b7:0b:75:1e:33:4c:48:b1:83:
         3e:8c:1f:91:c4:bc:97:8d:5a:c4:b7:b2:2a:c2:aa:2e:e5:45:
         d2:22:95:4e:84:eb:0e:6d:7d:97:7d:ec:8f:90:51:00:68:ed:
         92:0f:0d:b2
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICBUYwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RjZEOTExMTAvBgNVBAUTKEY2NzE4QTVFNUU0MkQwOEUyNTNBMkZCMzAwRkYwOUMz
RjUzNTFEMzIwHhcNMjQwMTE5MDA0MjAwWhcNMjUwMzAyMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWE5YzU1OC04NDQ5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAr6vm+E8DuVbBYOfvrZg1/K1W2wauB5Qy2my67cNQTHJ+YAjw5TGni4rRI/GV
sJM11xNnAd2twU02q04i53yRgP1zVmoUEno7uYVFCGGV9OsGgA6mVynBvmUpG6Rh
45ZIaB0GRwNkxacB1FAJ3LwJuwIiV0GmU5Yf2i7S3eZk5yz8PnzZmRbSAvaPQULJ
d6H5YLiCm18OpwUbfeN2XLvQU6bMqCU6OYt3xbvNa/5zkyAXnAHHAqPbTEPu5Tmm
vkXCov11gfsy+ccw/RtpM2KARWdOTJzXraw9yw/5sFguHfnS6/HpIYWY9RcHcvio
L7+5odEHSrqWT+ldyWby+2OzpwIDAQABo4IClTCCApEwHQYDVR0OBBYEFDDai1Lc
mPkzyu8hn45TkDWtdfn3MB8GA1UdIwQYMBaAFPZxil5eQtCOJTovswD/CcP1NR0y
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGNkQ5MS9FNTE3RjJCNjlB
RTUxMUVCODM3RjEzNUVDNEY5QUUwMi85bkdLWGw1QzBJNGxPaS16QVA4SndfVTFI
VEkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzluR0tYbDVDMEk0bE9pLXpBUDhKd19VMUhUSS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RjZEOTEvRTUxN0YyQjY5QUU1MTFFQjgzN0YxMzVFQzRGOUFFMDIvMEUyNzExRTY4
MzA3MTFFQ0I0NzJDQTBBQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBALLrwAwDQYJKoZIhvcNAQELBQADggEBAElFHRi80dfxZhNv
WuGy/G7gMmZmyf2XBdwTDEEu3xKjteoYDgS3lqHt9iLTykwH9IyWBIgv2pNEIBGn
505+CCmnIzIr5IsF8IjzuluiALYsPOMel0b1VhHADnBdAG7cNmqI9eSe2sNeuEgw
xKaXIyy4rKtKVAiQIHx8Os9W1Rsog1VXkK18z6P2msmVS4QK4BPDGWwXXVhs9CrR
GfgdbiY8DHDH+6Smgz/8p/iBejkA0I6BcQPKkGNloxRdwoYvHYsEOlDKh2C8quib
2wp7G7cLdR4zTEixgz6MH5HEvJeNWsS3sirCqi7lRdIilU6E6w5tfZd97I+QUQBo
7ZIPDbI=
-----END CERTIFICATE-----
Generated at Wed Nov 20 23:56:03 2024 by rpki-client on console-ams.rpki-client.org