Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9113153/86077980ADB211E98DAEC479C4F9AE02/28BC5490487F11EAB8C7545FC4F9AE02.roa
File:                     28BC5490487F11EAB8C7545FC4F9AE02.roa (raw, json)
Hash identifier:          15crmq3nVNNj/aBK0J4PIqUDbAK0LDbctTwSm1bZbZE=
Subject key identifier:   9A:17:8D:B1:42:3F:BC:2B:E0:C1:92:21:41:2F:AB:E6:4E:A3:B0:74
Certificate issuer:       /CN=A9113153/serialNumber=48C27FFFB6424712FC6FC62871D536C531FEF19B
Certificate serial:       0CB8
Authority key identifier: 48:C2:7F:FF:B6:42:47:12:FC:6F:C6:28:71:D5:36:C5:31:FE:F1:9B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/SMJ__7ZCRxL8b8YocdU2xTH-8Zs.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9113153/86077980ADB211E98DAEC479C4F9AE02/28BC5490487F11EAB8C7545FC4F9AE02.roa
Signing time:             Wed 02 Aug 2023 18:36:16 +0000
ROA not before:           Wed 02 Aug 2023 18:36:16 +0000
ROA not after:            Thu 31 Oct 2024 00:00:00 +0000
asID:                     16509
IP address blocks:        103.141.120.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9113153/86077980ADB211E98DAEC479C4F9AE02/SMJ__7ZCRxL8b8YocdU2xTH-8Zs.crl
                          rsync://rpki.apnic.net/member_repository/A9113153/86077980ADB211E98DAEC479C4F9AE02/SMJ__7ZCRxL8b8YocdU2xTH-8Zs.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/SMJ__7ZCRxL8b8YocdU2xTH-8Zs.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 02 Apr 2024 18:37:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3256 (0xcb8)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9113153/serialNumber=48C27FFFB6424712FC6FC62871D536C531FEF19B
        Validity
            Not Before: Aug  2 18:36:16 2023 GMT
            Not After : Oct 31 00:00:00 2024 GMT
        Subject: CN=64caa220-9c9f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:be:df:53:20:26:db:b4:9f:35:d4:67:36:58:
                    7a:9c:4c:ca:05:00:8b:7b:a9:7c:3f:09:96:5d:0e:
                    4b:a6:0e:12:52:73:ee:23:ba:36:e6:70:61:f7:2b:
                    24:2b:3f:ab:9e:a0:45:ef:f2:05:fa:79:4e:df:a6:
                    34:60:c9:81:91:6f:1d:37:8f:97:9c:94:0a:60:df:
                    0a:b3:ff:42:41:61:d8:99:33:9b:5b:f6:41:ad:ec:
                    bd:6b:d4:94:b4:08:2f:e4:74:02:ec:6f:fc:cc:96:
                    00:01:aa:b2:61:1e:96:c3:7f:9d:6e:5b:b1:7d:1b:
                    cb:fd:d9:4d:19:07:a0:79:22:bc:d2:1d:df:bd:9c:
                    2b:96:db:32:3c:c0:20:1c:4b:97:08:bd:5e:a8:80:
                    58:7f:69:63:e7:1f:41:d5:ff:41:45:f6:6e:f2:4a:
                    64:b3:ca:f6:f7:33:a7:40:86:4b:e5:f9:da:90:d9:
                    bb:34:42:c7:4e:36:5c:ac:97:bc:8f:44:20:24:81:
                    ef:74:cb:91:44:d8:7f:cc:2e:84:04:90:4b:8d:f2:
                    19:88:ae:bb:43:1e:7e:e4:48:e6:c1:f0:50:cd:81:
                    24:ff:f2:89:d8:86:4e:bd:81:ae:c6:01:34:42:6f:
                    b3:f3:59:fe:22:cc:7b:ad:3b:fd:ee:e1:3b:b1:25:
                    f1:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9A:17:8D:B1:42:3F:BC:2B:E0:C1:92:21:41:2F:AB:E6:4E:A3:B0:74
            X509v3 Authority Key Identifier:
                keyid:48:C2:7F:FF:B6:42:47:12:FC:6F:C6:28:71:D5:36:C5:31:FE:F1:9B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9113153/86077980ADB211E98DAEC479C4F9AE02/SMJ__7ZCRxL8b8YocdU2xTH-8Zs.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/SMJ__7ZCRxL8b8YocdU2xTH-8Zs.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9113153/86077980ADB211E98DAEC479C4F9AE02/28BC5490487F11EAB8C7545FC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.141.120.0/24

    Signature Algorithm: sha256WithRSAEncryption
         59:aa:63:83:8a:99:d4:5b:70:32:8d:99:30:80:0c:0c:9f:4f:
         5b:e7:b6:89:d0:a9:b0:41:dc:b8:8c:a4:bc:9b:c3:c7:c8:a4:
         2d:7b:e1:0f:c0:a2:46:5e:14:30:c6:84:4a:79:f9:11:e0:7a:
         96:4d:1c:55:b6:ee:75:7c:3c:7c:ba:0c:eb:e0:96:ae:f9:cb:
         5f:0c:3b:59:a2:11:91:25:d4:a2:39:ff:e7:bd:2c:4b:ac:2d:
         04:a9:e0:2e:24:1c:c9:25:9a:51:71:07:e1:82:d9:d6:13:53:
         0f:3f:fd:d6:2e:c3:1d:b3:00:6f:85:00:b3:f6:a9:8d:2f:92:
         d2:39:36:94:7f:88:e3:bc:bf:af:51:7f:f2:ce:3c:bf:8d:5c:
         15:2e:0a:cc:5e:80:b4:bb:a0:e6:7b:38:2f:b2:39:8d:14:08:
         c4:29:a6:4d:b0:1d:1c:e5:8f:d8:69:80:29:07:7b:ce:4d:ca:
         d1:55:d7:f1:f5:69:f4:3a:c4:d1:30:4f:1d:b1:98:29:66:b8:
         4d:f1:b8:da:42:16:39:22:0a:6b:e4:c9:3d:72:19:07:1a:76:
         35:f3:dc:aa:8e:80:dd:14:76:c8:2d:e2:a9:43:3f:14:af:35:
         56:e2:c8:ad:99:a7:e4:23:42:01:11:93:5f:17:44:7b:62:48:
         ac:4e:05:77
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICDLgwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MTMxNTMxMTAvBgNVBAUTKDQ4QzI3RkZGQjY0MjQ3MTJGQzZGQzYyODcxRDUzNkM1
MzFGRUYxOUIwHhcNMjMwODAyMTgzNjE2WhcNMjQxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NGNhYTIyMC05YzlmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA0b7fUyAm27SfNdRnNlh6nEzKBQCLe6l8PwmWXQ5Lpg4SUnPuI7o25nBh9ysk
Kz+rnqBF7/IF+nlO36Y0YMmBkW8dN4+XnJQKYN8Ks/9CQWHYmTObW/ZBrey9a9SU
tAgv5HQC7G/8zJYAAaqyYR6Ww3+dbluxfRvL/dlNGQegeSK80h3fvZwrltsyPMAg
HEuXCL1eqIBYf2lj5x9B1f9BRfZu8kpks8r29zOnQIZL5fnakNm7NELHTjZcrJe8
j0QgJIHvdMuRRNh/zC6EBJBLjfIZiK67Qx5+5EjmwfBQzYEk//KJ2IZOvYGuxgE0
Qm+z81n+Isx7rTv97uE7sSXxRwIDAQABo4IClTCCApEwHQYDVR0OBBYEFJoXjbFC
P7wr4MGSIUEvq+ZOo7B0MB8GA1UdIwQYMBaAFEjCf/+2QkcS/G/GKHHVNsUx/vGb
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTExMzE1My84NjA3Nzk4MEFE
QjIxMUU5OERBRUM0NzlDNEY5QUUwMi9TTUpfXzdaQ1J4TDhiOFlvY2RVMnhUSC04
WnMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1NNSl9fN1pDUnhMOGI4WW9jZFUyeFRILThacy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MTMxNTMvODYwNzc5ODBBREIyMTFFOThEQUVDNDc5QzRGOUFFMDIvMjhCQzU0OTA0
ODdGMTFFQUI4Qzc1NDVGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBABnjXgwDQYJKoZIhvcNAQELBQADggEBAFmqY4OKmdRbcDKN
mTCADAyfT1vntonQqbBB3LiMpLybw8fIpC174Q/AokZeFDDGhEp5+RHgepZNHFW2
7nV8PHy6DOvglq75y18MO1miEZEl1KI5/+e9LEusLQSp4C4kHMklmlFxB+GC2dYT
Uw8//dYuwx2zAG+FALP2qY0vktI5NpR/iOO8v69Rf/LOPL+NXBUuCsxegLS7oOZ7
OC+yOY0UCMQppk2wHRzlj9hpgCkHe85NytFV1/H1afQ6xNEwTx2xmClmuE3xuNpC
FjkiCmvkyT1yGQcadjXz3KqOgN0Udsgt4qlDPxSvNVbiyK2Zp+QjQgERk18XRHti
SKxOBXc=
-----END CERTIFICATE-----
Generated at Tue Mar 26 20:42:59 2024 by rpki-client on console-ams.rpki-client.org