Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91F89D9/EABFEBF26F5C11EF835A7B66C4F9AE02/A18C777C6F5F11EFAF849B28C4F9AE02.roa
File:                     A18C777C6F5F11EFAF849B28C4F9AE02.roa (raw, json)
Hash identifier:          fujb24eQPYgPwcrZc8i7YcmXNyel+exUWMY7rJXI438=
Subject key identifier:   91:AD:7C:7F:EE:AD:F6:26:A7:99:40:B9:19:A1:2D:A4:16:D7:FB:A3
Certificate issuer:       /CN=A91F89D9/serialNumber=175D42022BF50BD6C20F30B1C5AD8C94E085BC4E
Certificate serial:       05
Authority key identifier: 17:5D:42:02:2B:F5:0B:D6:C2:0F:30:B1:C5:AD:8C:94:E0:85:BC:4E
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/F11CAiv1C9bCDzCxxa2MlOCFvE4.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91F89D9/EABFEBF26F5C11EF835A7B66C4F9AE02/A18C777C6F5F11EFAF849B28C4F9AE02.roa
Signing time:             Tue 10 Sep 2024 10:57:16 +0000
ROA not before:           Tue 10 Sep 2024 10:57:16 +0000
ROA not after:            Mon 01 Dec 2025 00:00:00 +0000
asID:                     138558
IP address blocks:        160.30.184.0/24 maxlen: 24
                          160.30.185.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91F89D9/EABFEBF26F5C11EF835A7B66C4F9AE02/F11CAiv1C9bCDzCxxa2MlOCFvE4.crl
                          rsync://rpki.apnic.net/member_repository/A91F89D9/EABFEBF26F5C11EF835A7B66C4F9AE02/F11CAiv1C9bCDzCxxa2MlOCFvE4.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/F11CAiv1C9bCDzCxxa2MlOCFvE4.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 28 Nov 2024 02:50:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 5 (0x5)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F89D9/serialNumber=175D42022BF50BD6C20F30B1C5AD8C94E085BC4E
        Validity
            Not Before: Sep 10 10:57:16 2024 GMT
            Not After : Dec  1 00:00:00 2025 GMT
        Subject: CN=66e0260c-7d21
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:30:88:06:76:8a:fd:60:ca:a1:cb:5d:1f:1c:
                    2f:6c:80:2a:59:42:d9:a6:a5:41:4a:b0:20:82:dc:
                    54:42:01:47:38:7b:0c:ad:7d:93:66:52:54:c0:7e:
                    36:a8:6c:59:84:e6:92:7a:95:9e:65:8d:0a:4c:8e:
                    8c:44:51:f2:9b:f7:2a:84:09:44:0b:c6:99:b8:f4:
                    72:5a:88:9f:cb:02:1d:cb:56:4e:d0:5d:24:8f:7d:
                    8e:91:8a:7c:72:28:d6:4f:f4:32:80:54:02:31:54:
                    f4:0e:18:2c:4c:da:ae:7c:22:7e:5e:84:34:f1:4c:
                    29:ad:00:59:dc:ec:43:fc:1c:58:ae:51:39:ab:e2:
                    98:1c:61:61:7f:b4:cc:05:90:9e:c5:89:a6:7a:02:
                    ca:90:2d:93:61:59:9b:5a:d2:bc:61:c1:d3:ef:ef:
                    fe:a0:2b:1d:a5:d7:a8:dc:28:42:db:d0:61:f3:6f:
                    2a:9d:e5:b8:da:2b:82:e8:30:72:58:85:26:f2:ea:
                    98:2d:89:0e:ba:35:bf:b3:c3:72:61:b0:55:a5:01:
                    dc:92:4a:f5:45:2b:57:6b:33:c7:b6:45:81:00:fc:
                    35:46:66:10:a6:89:f1:0a:3f:e1:c3:da:66:78:ad:
                    95:64:fb:d1:09:f3:ba:7b:21:55:f0:02:f7:3f:ca:
                    bc:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:AD:7C:7F:EE:AD:F6:26:A7:99:40:B9:19:A1:2D:A4:16:D7:FB:A3
            X509v3 Authority Key Identifier:
                keyid:17:5D:42:02:2B:F5:0B:D6:C2:0F:30:B1:C5:AD:8C:94:E0:85:BC:4E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91F89D9/EABFEBF26F5C11EF835A7B66C4F9AE02/F11CAiv1C9bCDzCxxa2MlOCFvE4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/F11CAiv1C9bCDzCxxa2MlOCFvE4.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91F89D9/EABFEBF26F5C11EF835A7B66C4F9AE02/A18C777C6F5F11EFAF849B28C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.30.184.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2f:60:01:4b:49:5b:20:5a:fe:f4:48:6d:18:b5:32:9e:1c:d9:
         78:02:ee:96:7b:05:43:6c:13:14:a4:f6:e0:98:f9:3a:2f:2d:
         2a:21:53:40:a3:25:ee:d1:f9:8e:ef:d4:84:3c:26:10:75:b2:
         69:58:e6:8f:3d:9e:a9:d9:98:3a:f4:63:d5:5f:a4:b5:3c:82:
         82:9b:e0:fc:3b:6a:32:06:8e:f0:5b:ed:9d:7f:c1:21:8d:6d:
         e9:55:22:69:f2:4f:69:70:3c:5e:38:0d:25:a8:f0:f3:98:2c:
         81:45:22:2d:58:e0:08:91:09:62:9d:b0:82:98:42:1c:d1:ec:
         c8:ca:42:f7:43:7d:53:57:b0:d6:8d:0d:1d:58:7a:a2:d4:04:
         bf:ea:d0:52:6d:d5:f7:43:8a:dd:90:4a:aa:3f:68:ce:36:84:
         b6:fa:7e:9d:40:57:f2:68:3d:27:8d:89:90:cb:d8:c9:a7:6d:
         a5:3a:47:14:a6:10:ed:cd:0c:9a:66:53:ca:48:a2:f8:37:c2:
         50:b7:30:89:43:59:54:37:c1:04:e0:25:93:df:0e:25:fb:ec:
         f0:36:60:ec:61:7e:e5:8a:5d:02:04:27:1f:95:84:1c:80:d7:
         6a:e4:f8:72:76:c9:4f:9e:8d:2b:f7:4d:06:e5:70:35:72:f4:
         8f:58:c3:ad
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgIBBTANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFG
ODlEOTExMC8GA1UEBRMoMTc1RDQyMDIyQkY1MEJENkMyMEYzMEIxQzVBRDhDOTRF
MDg1QkM0RTAeFw0yNDA5MTAxMDU3MTZaFw0yNTEyMDEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY2ZTAyNjBjLTdkMjEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCnMIgGdor9YMqhy10fHC9sgCpZQtmmpUFKsCCC3FRCAUc4ewytfZNmUlTAfjao
bFmE5pJ6lZ5ljQpMjoxEUfKb9yqECUQLxpm49HJaiJ/LAh3LVk7QXSSPfY6Rinxy
KNZP9DKAVAIxVPQOGCxM2q58In5ehDTxTCmtAFnc7EP8HFiuUTmr4pgcYWF/tMwF
kJ7FiaZ6AsqQLZNhWZta0rxhwdPv7/6gKx2l16jcKELb0GHzbyqd5bjaK4LoMHJY
hSby6pgtiQ66Nb+zw3JhsFWlAdySSvVFK1drM8e2RYEA/DVGZhCmifEKP+HD2mZ4
rZVk+9EJ87p7IVXwAvc/yrzTAgMBAAGjggKVMIICkTAdBgNVHQ4EFgQUka18f+6t
9ianmUC5GaEtpBbX+6MwHwYDVR0jBBgwFoAUF11CAiv1C9bCDzCxxa2MlOCFvE4w
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUY4OUQ5L0VBQkZFQkYyNkY1
QzExRUY4MzVBN0I2NkM0RjlBRTAyL0YxMUNBaXYxQzliQ0R6Q3h4YTJNbE9DRnZF
NC5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRGMjAxRDY2MTFFMjhBQzg4MzdDNzJG
RDFGRjIvRjExQ0FpdjFDOWJDRHpDeHhhMk1sT0NGdkU0LmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFG
ODlEOS9FQUJGRUJGMjZGNUMxMUVGODM1QTdCNjZDNEY5QUUwMi9BMThDNzc3QzZG
NUYxMUVGQUY4NDlCMjhDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEAaAeuDANBgkqhkiG9w0BAQsFAAOCAQEAL2ABS0lbIFr+9Eht
GLUynhzZeALulnsFQ2wTFKT24Jj5Oi8tKiFTQKMl7tH5ju/UhDwmEHWyaVjmjz2e
qdmYOvRj1V+ktTyCgpvg/DtqMgaO8FvtnX/BIY1t6VUiafJPaXA8XjgNJajw85gs
gUUiLVjgCJEJYp2wgphCHNHsyMpC90N9U1ew1o0NHVh6otQEv+rQUm3V90OK3ZBK
qj9ozjaEtvp+nUBX8mg9J42JkMvYyadtpTpHFKYQ7c0MmmZTykii+DfCULcwiUNZ
VDfBBOAlk98OJfvs8DZg7GF+5YpdAgQnH5WEHIDXauT4cnbJT56NK/dNBuVwNXL0
j1jDrQ==
-----END CERTIFICATE-----
Generated at Thu Nov 21 06:50:53 2024 by rpki-client on console-fra.rpki-client.org