Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9118689/515ECB32C4A711EE875D082CC4F9AE02/D1D880A6C4FB11EEA30ECF34C4F9AE02.roa
File:                     D1D880A6C4FB11EEA30ECF34C4F9AE02.roa (raw, json)
Hash identifier:          +EZuiXa6xRwpbcKtp4FRN0MvHlDfGmQTO3Xpng4ngHU=
Subject key identifier:   34:DC:B7:48:0B:7E:8E:E3:84:AB:26:CB:E8:DA:5B:3F:15:2D:5F:1B
Certificate issuer:       /CN=A9118689/serialNumber=63FC2F5DE094C8396DC8BC9744ED682FF4B23881
Certificate serial:       03
Authority key identifier: 63:FC:2F:5D:E0:94:C8:39:6D:C8:BC:97:44:ED:68:2F:F4:B2:38:81
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Y_wvXeCUyDltyLyXRO1oL_SyOIE.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9118689/515ECB32C4A711EE875D082CC4F9AE02/D1D880A6C4FB11EEA30ECF34C4F9AE02.roa
Signing time:             Tue 06 Feb 2024 14:27:13 +0000
ROA not before:           Tue 06 Feb 2024 14:27:13 +0000
ROA not after:            Fri 31 Jan 2025 00:00:00 +0000
asID:                     151977
IP address blocks:        103.67.60.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9118689/515ECB32C4A711EE875D082CC4F9AE02/Y_wvXeCUyDltyLyXRO1oL_SyOIE.crl
                          rsync://rpki.apnic.net/member_repository/A9118689/515ECB32C4A711EE875D082CC4F9AE02/Y_wvXeCUyDltyLyXRO1oL_SyOIE.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Y_wvXeCUyDltyLyXRO1oL_SyOIE.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 22 Jun 2024 02:50:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3 (0x3)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9118689/serialNumber=63FC2F5DE094C8396DC8BC9744ED682FF4B23881
        Validity
            Not Before: Feb  6 14:27:13 2024 GMT
            Not After : Jan 31 00:00:00 2025 GMT
        Subject: CN=65c241c1-3f4e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:07:ab:55:82:bb:33:a8:1c:46:0b:42:fe:ab:
                    80:ff:b8:cb:a3:e3:f3:e5:2a:90:9c:c1:d0:16:7d:
                    4b:cd:ab:c1:cf:98:d9:1f:c9:9d:96:fb:68:24:a4:
                    fe:94:e5:c6:38:36:c2:bf:d8:65:58:1f:50:6a:ed:
                    ca:43:13:8a:15:d2:ba:e8:17:0f:b9:d4:78:f1:85:
                    b3:9f:79:34:1f:f2:a5:f8:8e:e2:0d:45:03:0a:c4:
                    3d:96:26:51:43:2b:97:19:59:98:50:a3:26:9e:a5:
                    5b:97:e7:a4:0e:5c:94:1f:40:37:da:f3:1e:5e:33:
                    ad:0f:f0:79:9e:d0:25:a7:f6:e1:7a:90:b7:6a:91:
                    c9:b2:80:e2:e7:89:24:b9:28:30:89:19:f6:e0:04:
                    be:6c:77:9a:3c:33:55:e0:b3:56:f1:4f:b8:7f:90:
                    a6:3d:ae:95:af:4b:c5:28:21:47:e7:22:d2:97:c7:
                    ed:ab:64:d9:03:46:be:bb:72:ee:8b:43:22:90:73:
                    e0:65:ab:19:81:f8:04:27:24:37:68:8e:5f:6c:20:
                    d3:01:00:16:35:2b:ff:91:62:13:12:1b:39:3c:fe:
                    48:69:6e:5e:f6:1e:e4:fd:11:04:66:78:af:7d:64:
                    17:2d:f3:84:d3:c0:99:d4:9d:51:2f:7a:bd:f2:0e:
                    00:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                34:DC:B7:48:0B:7E:8E:E3:84:AB:26:CB:E8:DA:5B:3F:15:2D:5F:1B
            X509v3 Authority Key Identifier:
                keyid:63:FC:2F:5D:E0:94:C8:39:6D:C8:BC:97:44:ED:68:2F:F4:B2:38:81

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9118689/515ECB32C4A711EE875D082CC4F9AE02/Y_wvXeCUyDltyLyXRO1oL_SyOIE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Y_wvXeCUyDltyLyXRO1oL_SyOIE.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9118689/515ECB32C4A711EE875D082CC4F9AE02/D1D880A6C4FB11EEA30ECF34C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.67.60.0/23

    Signature Algorithm: sha256WithRSAEncryption
         12:76:82:31:92:7c:b5:50:8e:96:47:99:47:16:aa:da:b7:df:
         d7:ab:0a:00:79:4e:69:a6:0d:3e:11:89:28:89:4b:b7:23:12:
         66:b9:c6:d9:2c:cf:3b:1d:b6:85:9d:85:dc:7b:e9:07:29:ca:
         c6:43:27:d3:d5:f1:f5:e6:56:8f:cd:e0:14:a0:c0:f7:6e:5e:
         ec:5d:45:9d:d3:93:0f:c4:3f:ae:61:27:09:92:48:23:09:a6:
         21:41:91:0f:d9:cd:32:68:15:53:8c:e0:00:f1:c8:d4:a3:9b:
         66:f2:a7:fd:51:2d:0e:1b:00:c2:b2:e5:5f:99:c5:5e:b5:15:
         44:92:53:60:dc:e4:c5:60:1b:68:ad:7a:99:a9:73:cc:e7:7f:
         2b:dd:23:be:53:ce:3c:8e:51:af:07:fe:f0:00:9c:73:e6:ae:
         13:57:a7:96:d1:35:62:ae:19:b1:cd:17:f5:42:c6:f1:b2:27:
         40:a5:4a:ec:1a:5d:65:7b:6f:97:7e:e3:da:cd:34:0f:e1:00:
         dd:76:ee:c7:e0:e3:31:a3:09:5d:c6:e7:6d:af:8a:bc:27:30:
         25:23:c4:f8:86:55:c2:cb:8c:9e:c3:ad:f3:2a:a9:81:2a:73:
         20:78:26:94:31:85:f5:78:5c:84:5f:98:b2:92:8b:d2:dc:5b:
         78:70:dd:95
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgIBAzANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTEx
ODY4OTExMC8GA1UEBRMoNjNGQzJGNURFMDk0QzgzOTZEQzhCQzk3NDRFRDY4MkZG
NEIyMzg4MTAeFw0yNDAyMDYxNDI3MTNaFw0yNTAxMzEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY1YzI0MWMxLTNmNGUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDAB6tVgrszqBxGC0L+q4D/uMuj4/PlKpCcwdAWfUvNq8HPmNkfyZ2W+2gkpP6U
5cY4NsK/2GVYH1Bq7cpDE4oV0rroFw+51HjxhbOfeTQf8qX4juINRQMKxD2WJlFD
K5cZWZhQoyaepVuX56QOXJQfQDfa8x5eM60P8Hme0CWn9uF6kLdqkcmygOLniSS5
KDCJGfbgBL5sd5o8M1Xgs1bxT7h/kKY9rpWvS8UoIUfnItKXx+2rZNkDRr67cu6L
QyKQc+BlqxmB+AQnJDdojl9sINMBABY1K/+RYhMSGzk8/khpbl72HuT9EQRmeK99
ZBct84TTwJnUnVEver3yDgDtAgMBAAGjggKVMIICkTAdBgNVHQ4EFgQUNNy3SAt+
juOEqybL6NpbPxUtXxswHwYDVR0jBBgwFoAUY/wvXeCUyDltyLyXRO1oL/SyOIEw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTE4Njg5LzUxNUVDQjMyQzRB
NzExRUU4NzVEMDgyQ0M0RjlBRTAyL1lfd3ZYZUNVeURsdHlMeVhSTzFvTF9TeU9J
RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvWV93dlhlQ1V5RGx0eUx5WFJPMW9MX1N5T0lFLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEx
ODY4OS81MTVFQ0IzMkM0QTcxMUVFODc1RDA4MkNDNEY5QUUwMi9EMUQ4ODBBNkM0
RkIxMUVFQTMwRUNGMzRDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEAWdDPDANBgkqhkiG9w0BAQsFAAOCAQEAEnaCMZJ8tVCOlkeZ
Rxaq2rff16sKAHlOaaYNPhGJKIlLtyMSZrnG2SzPOx22hZ2F3HvpBynKxkMn09Xx
9eZWj83gFKDA925e7F1FndOTD8Q/rmEnCZJIIwmmIUGRD9nNMmgVU4zgAPHI1KOb
ZvKn/VEtDhsAwrLlX5nFXrUVRJJTYNzkxWAbaK16malzzOd/K90jvlPOPI5Rrwf+
8ACcc+auE1enltE1Yq4Zsc0X9ULG8bInQKVK7BpdZXtvl37j2s00D+EA3Xbux+Dj
MaMJXcbnba+KvCcwJSPE+IZVwsuMnsOt8yqpgSpzIHgmlDGF9XhchF+YspKL0txb
eHDdlQ==
-----END CERTIFICATE-----
Generated at Sat Jun 15 10:17:30 2024 by rpki-client on console-fra.rpki-client.org