Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91F916A/1D7AD0BA458D11E5B3957A79C4F9AE02/81C0C29CB0F311E5AB30F151C4F9AE02.roa
File:                     81C0C29CB0F311E5AB30F151C4F9AE02.roa (raw, json)
Hash identifier:          2riXC0FO7TMtR4S3u1D3k+k65Q5x7dYqk1A2MagfmPs=
Subject key identifier:   85:1D:DA:D2:4B:11:C0:F2:D6:F5:16:E9:01:A0:87:37:A5:73:83:BF
Certificate issuer:       /CN=A91F916A/serialNumber=CF7AC6E7853E4958287006430076584657E0C950
Certificate serial:       239E
Authority key identifier: CF:7A:C6:E7:85:3E:49:58:28:70:06:43:00:76:58:46:57:E0:C9:50
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/z3rG54U-SVgocAZDAHZYRlfgyVA.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91F916A/1D7AD0BA458D11E5B3957A79C4F9AE02/81C0C29CB0F311E5AB30F151C4F9AE02.roa
Signing time:             Tue 16 Jan 2024 16:12:41 +0000
ROA not before:           Tue 16 Jan 2024 16:12:41 +0000
ROA not after:            Thu 01 May 2025 00:00:00 +0000
asID:                     9911
IP address blocks:        202.176.192.0/19 maxlen: 19
                          202.176.192.0/24 maxlen: 24
                          202.176.193.0/24 maxlen: 24
                          202.176.194.0/24 maxlen: 24
                          202.176.195.0/24 maxlen: 24
                          202.176.196.0/24 maxlen: 24
                          202.176.197.0/24 maxlen: 24
                          202.176.198.0/24 maxlen: 24
                          202.176.199.0/24 maxlen: 24
                          202.176.200.0/24 maxlen: 24
                          202.176.201.0/24 maxlen: 24
                          202.176.202.0/24 maxlen: 24
                          202.176.203.0/24 maxlen: 24
                          202.176.204.0/24 maxlen: 24
                          202.176.205.0/24 maxlen: 24
                          202.176.206.0/24 maxlen: 24
                          202.176.207.0/24 maxlen: 24
                          202.176.208.0/24 maxlen: 24
                          202.176.209.0/24 maxlen: 24
                          202.176.210.0/24 maxlen: 24
                          202.176.211.0/24 maxlen: 24
                          202.176.212.0/24 maxlen: 24
                          202.176.213.0/24 maxlen: 24
                          202.176.214.0/24 maxlen: 24
                          202.176.215.0/24 maxlen: 24
                          202.176.216.0/24 maxlen: 24
                          202.176.217.0/24 maxlen: 24
                          202.176.218.0/24 maxlen: 24
                          202.176.219.0/24 maxlen: 24
                          202.176.220.0/24 maxlen: 24
                          202.176.221.0/24 maxlen: 24
                          202.176.222.0/24 maxlen: 24
                          202.176.223.0/24 maxlen: 24
                          203.208.224.0/19 maxlen: 19
                          203.208.224.0/24 maxlen: 24
                          203.208.225.0/24 maxlen: 24
                          203.208.226.0/24 maxlen: 24
                          203.208.227.0/24 maxlen: 24
                          203.208.228.0/24 maxlen: 24
                          203.208.229.0/24 maxlen: 24
                          203.208.230.0/24 maxlen: 24
                          203.208.231.0/24 maxlen: 24
                          203.208.232.0/24 maxlen: 24
                          203.208.233.0/24 maxlen: 24
                          203.208.234.0/24 maxlen: 24
                          203.208.235.0/24 maxlen: 24
                          203.208.236.0/24 maxlen: 24
                          203.208.237.0/24 maxlen: 24
                          203.208.238.0/24 maxlen: 24
                          203.208.239.0/24 maxlen: 24
                          203.208.240.0/24 maxlen: 24
                          203.208.241.0/24 maxlen: 24
                          203.208.242.0/24 maxlen: 24
                          203.208.243.0/24 maxlen: 24
                          203.208.244.0/24 maxlen: 24
                          203.208.245.0/24 maxlen: 24
                          203.208.246.0/24 maxlen: 24
                          203.208.247.0/24 maxlen: 24
                          203.208.248.0/24 maxlen: 24
                          203.208.249.0/24 maxlen: 24
                          203.208.250.0/24 maxlen: 24
                          203.208.251.0/24 maxlen: 24
                          203.208.252.0/24 maxlen: 24
                          203.208.253.0/24 maxlen: 24
                          203.208.254.0/24 maxlen: 24
                          203.208.255.0/24 maxlen: 24
                          2404:5800::/32 maxlen: 32
                          2404:5800::/40 maxlen: 40
                          2404:5800:100::/48 maxlen: 48
                          2404:5800:101::/48 maxlen: 48
                          2404:5800:102::/48 maxlen: 48
                          2404:5800:103::/48 maxlen: 48
                          2404:5800:104::/46 maxlen: 46
                          2404:5800:104::/48 maxlen: 48
                          2404:5800:105::/48 maxlen: 48
                          2404:5800:106::/48 maxlen: 48
                          2404:5800:107::/48 maxlen: 48
                          2404:5800:108::/45 maxlen: 45
                          2404:5800:110::/44 maxlen: 44
                          2404:5800:120::/43 maxlen: 43
                          2404:5800:140::/42 maxlen: 42
                          2404:5800:180::/41 maxlen: 41
                          2404:5800:200::/39 maxlen: 39
                          2404:5800:400::/38 maxlen: 38
                          2404:5800:800::/37 maxlen: 37
                          2404:5800:1000::/36 maxlen: 36
                          2404:5800:2000::/35 maxlen: 35
                          2404:5800:4000::/34 maxlen: 34
                          2404:5800:8000::/33 maxlen: 33

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91F916A/1D7AD0BA458D11E5B3957A79C4F9AE02/z3rG54U-SVgocAZDAHZYRlfgyVA.crl
                          rsync://rpki.apnic.net/member_repository/A91F916A/1D7AD0BA458D11E5B3957A79C4F9AE02/z3rG54U-SVgocAZDAHZYRlfgyVA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/z3rG54U-SVgocAZDAHZYRlfgyVA.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 29 Nov 2024 15:22:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 9118 (0x239e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F916A/serialNumber=CF7AC6E7853E4958287006430076584657E0C950
        Validity
            Not Before: Jan 16 16:12:41 2024 GMT
            Not After : May  1 00:00:00 2025 GMT
        Subject: CN=65a6aaf9-a948
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:87:4a:45:54:13:68:3a:c5:5d:e5:79:8a:d1:
                    7c:bc:c7:8c:09:43:0c:56:db:66:12:15:d9:da:9a:
                    ac:06:83:57:a8:e9:2a:36:a5:36:fc:0d:7a:45:8d:
                    17:36:69:ae:b2:26:82:e3:6e:c1:af:5d:84:4b:e5:
                    87:67:1c:b3:47:af:2b:ab:5a:32:55:a1:59:b1:2a:
                    e5:91:3d:d3:a8:90:65:c4:a9:68:22:97:db:34:99:
                    61:52:17:49:51:b8:ae:04:18:cf:5c:05:26:c3:7b:
                    6a:57:6d:a8:83:0a:17:ef:d2:e4:97:62:0e:e5:98:
                    95:04:fd:35:e6:50:a4:3c:72:ec:7e:fe:b7:38:d4:
                    81:27:bf:d7:9b:9f:e8:c0:81:cc:88:e9:ea:a8:ba:
                    e4:a8:aa:a4:36:39:a0:58:1b:f6:b6:f5:e2:c3:fd:
                    c3:87:4d:70:25:2f:22:09:d8:38:9d:54:ec:1b:60:
                    c6:e8:29:ed:d0:01:31:cf:72:92:b2:69:87:5d:35:
                    2d:c1:5f:1e:09:9c:a9:04:43:95:eb:87:ed:21:d2:
                    70:4d:de:2e:03:7f:0f:4b:c3:0c:da:58:2b:ce:3d:
                    74:65:94:05:7f:27:62:a9:1d:08:a7:e1:e2:3a:2c:
                    2a:e7:09:d6:dc:d1:56:e6:8a:5f:0b:51:31:f4:1c:
                    37:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:1D:DA:D2:4B:11:C0:F2:D6:F5:16:E9:01:A0:87:37:A5:73:83:BF
            X509v3 Authority Key Identifier:
                keyid:CF:7A:C6:E7:85:3E:49:58:28:70:06:43:00:76:58:46:57:E0:C9:50

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91F916A/1D7AD0BA458D11E5B3957A79C4F9AE02/z3rG54U-SVgocAZDAHZYRlfgyVA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/z3rG54U-SVgocAZDAHZYRlfgyVA.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91F916A/1D7AD0BA458D11E5B3957A79C4F9AE02/81C0C29CB0F311E5AB30F151C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.176.192.0/19
                  203.208.224.0/19
                IPv6:
                  2404:5800::/32

    Signature Algorithm: sha256WithRSAEncryption
         7c:4a:52:a2:55:c9:37:f1:53:c9:67:d1:43:a6:49:a4:0b:b1:
         7c:5b:ff:da:ab:f8:b6:a2:8d:73:07:1b:c9:cc:e6:c5:60:2e:
         33:1f:50:75:fe:57:1b:bc:81:35:6b:fb:7a:af:85:d3:3c:ca:
         14:28:93:fd:e4:47:48:2f:6b:e9:f9:cd:df:67:c9:08:38:e1:
         7e:ac:3d:59:bd:bc:7d:2b:1e:6b:cd:ca:0c:57:6e:c4:48:d7:
         2a:5d:3a:ca:8a:38:f4:da:54:19:b6:11:c5:be:85:65:23:13:
         89:1b:9c:45:5e:71:e2:73:62:ba:9b:b3:4a:d6:7c:77:07:ec:
         d1:db:84:5a:de:1f:ae:a5:8d:39:9e:a9:42:40:ae:03:c3:84:
         0f:72:28:87:14:01:2b:43:4f:29:9f:79:30:23:40:35:c9:1c:
         9a:94:34:7d:bd:cb:37:62:77:be:49:65:0b:53:5c:d5:10:03:
         14:7b:4e:c8:23:5d:c4:f7:7c:41:99:be:22:bb:77:ca:b1:09:
         f6:17:89:e4:e2:de:38:c8:93:4b:f3:28:6f:4f:3a:b9:38:75:
         e9:92:89:60:6a:22:7c:f0:86:73:0c:6b:d9:86:2d:38:0e:ec:
         93:60:5c:5e:4a:5f:bf:e5:50:b5:c6:83:4c:71:1b:05:4b:71:
         70:0b:2b:a4
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgICI54wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RjkxNkExMTAvBgNVBAUTKENGN0FDNkU3ODUzRTQ5NTgyODcwMDY0MzAwNzY1ODQ2
NTdFMEM5NTAwHhcNMjQwMTE2MTYxMjQxWhcNMjUwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWE2YWFmOS1hOTQ4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAtodKRVQTaDrFXeV5itF8vMeMCUMMVttmEhXZ2pqsBoNXqOkqNqU2/A16RY0X
NmmusiaC427Br12ES+WHZxyzR68rq1oyVaFZsSrlkT3TqJBlxKloIpfbNJlhUhdJ
UbiuBBjPXAUmw3tqV22ogwoX79Lkl2IO5ZiVBP015lCkPHLsfv63ONSBJ7/Xm5/o
wIHMiOnqqLrkqKqkNjmgWBv2tvXiw/3Dh01wJS8iCdg4nVTsG2DG6Cnt0AExz3KS
smmHXTUtwV8eCZypBEOV64ftIdJwTd4uA38PS8MM2lgrzj10ZZQFfydiqR0Ip+Hi
Oiwq5wnW3NFW5opfC1Ex9Bw3aQIDAQABo4ICqjCCAqYwHQYDVR0OBBYEFIUd2tJL
EcDy1vUW6QGghzelc4O/MB8GA1UdIwQYMBaAFM96xueFPklYKHAGQwB2WEZX4MlQ
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGOTE2QS8xRDdBRDBCQTQ1
OEQxMUU1QjM5NTdBNzlDNEY5QUUwMi96M3JHNTRVLVNWZ29jQVpEQUhaWVJsZmd5
VkEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3ozckc1NFUtU1Znb2NBWkRBSFpZUmxmZ3lWQS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RjkxNkEvMUQ3QUQwQkE0NThEMTFFNUIzOTU3QTc5QzRGOUFFMDIvODFDMEMyOUNC
MEYzMTFFNUFCMzBGMTUxQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNAYIKwYBBQUHAQcBAf8E
JTAjMBIEAgABMAwDBAXKsMADBAXL0OAwDQQCAAIwBwMFACQEWAAwDQYJKoZIhvcN
AQELBQADggEBAHxKUqJVyTfxU8ln0UOmSaQLsXxb/9qr+LaijXMHG8nM5sVgLjMf
UHX+Vxu8gTVr+3qvhdM8yhQok/3kR0gva+n5zd9nyQg44X6sPVm9vH0rHmvNygxX
bsRI1ypdOsqKOPTaVBm2EcW+hWUjE4kbnEVeceJzYrqbs0rWfHcH7NHbhFreH66l
jTmeqUJArgPDhA9yKIcUAStDTymfeTAjQDXJHJqUNH29yzdid75JZQtTXNUQAxR7
TsgjXcT3fEGZviK7d8qxCfYXieTi3jjIk0vzKG9POrk4demSiWBqInzwhnMMa9mG
LTgO7JNgXF5KX7/lULXGg0xxGwVLcXALK6Q=
-----END CERTIFICATE-----
Generated at Fri Nov 22 16:50:06 2024 by rpki-client on console-ams.rpki-client.org