Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A911CA82/0BEB375ABE4411EBAE3D4348C4F9AE02/CB304C36307111EDB0CBD946C4F9AE02.roa
File:                     CB304C36307111EDB0CBD946C4F9AE02.roa (raw, json)
Hash identifier:          uxXFko4v1AL31DsxVShIW21OhPh6hu+4O3UHY6p5BM0=
Subject key identifier:   1A:C3:7B:F3:19:9B:C9:0E:D3:3E:3D:A2:D1:E3:E3:6A:06:FB:F1:1C
Certificate issuer:       /CN=A911CA82/serialNumber=D2A0871BCD8376C11A8F049A39855AFCDB183064
Certificate serial:       054A
Authority key identifier: D2:A0:87:1B:CD:83:76:C1:1A:8F:04:9A:39:85:5A:FC:DB:18:30:64
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/0qCHG82DdsEajwSaOYVa_NsYMGQ.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A911CA82/0BEB375ABE4411EBAE3D4348C4F9AE02/CB304C36307111EDB0CBD946C4F9AE02.roa
Signing time:             Wed 08 May 2024 20:55:19 +0000
ROA not before:           Wed 08 May 2024 20:55:19 +0000
ROA not after:            Sun 01 Dec 2024 00:00:00 +0000
asID:                     139628
IP address blocks:        103.20.80.0/22 maxlen: 22
                          103.20.80.0/24 maxlen: 24
                          103.20.81.0/24 maxlen: 24
                          103.20.82.0/24 maxlen: 24
                          103.20.83.0/24 maxlen: 24
                          103.106.204.0/22 maxlen: 22
                          103.106.204.0/24 maxlen: 24
                          103.106.205.0/24 maxlen: 24
                          103.106.206.0/24 maxlen: 24
                          103.106.207.0/24 maxlen: 24
                          103.119.96.0/22 maxlen: 22
                          103.119.96.0/24 maxlen: 24
                          103.119.97.0/24 maxlen: 24
                          103.119.98.0/24 maxlen: 24
                          103.119.99.0/24 maxlen: 24
                          103.136.176.0/22 maxlen: 22
                          103.136.176.0/24 maxlen: 24
                          103.136.177.0/24 maxlen: 24
                          103.136.178.0/24 maxlen: 24
                          103.136.179.0/24 maxlen: 24
                          103.142.208.0/23 maxlen: 23
                          103.142.208.0/24 maxlen: 24
                          103.142.209.0/24 maxlen: 24
                          111.67.96.0/22 maxlen: 22
                          111.67.96.0/24 maxlen: 24
                          111.67.97.0/24 maxlen: 24
                          111.67.98.0/24 maxlen: 24
                          111.67.99.0/24 maxlen: 24
                          111.67.100.0/22 maxlen: 22
                          111.67.100.0/24 maxlen: 24
                          111.67.101.0/24 maxlen: 24
                          111.67.102.0/24 maxlen: 24
                          111.67.103.0/24 maxlen: 24
                          115.178.24.0/23 maxlen: 23
                          115.178.24.0/24 maxlen: 24
                          115.178.25.0/24 maxlen: 24
                          124.108.4.0/22 maxlen: 22
                          124.108.4.0/24 maxlen: 24
                          124.108.5.0/24 maxlen: 24
                          124.108.6.0/24 maxlen: 24
                          124.108.7.0/24 maxlen: 24
                          150.129.20.0/22 maxlen: 22
                          150.129.20.0/24 maxlen: 24
                          150.129.21.0/24 maxlen: 24
                          150.129.22.0/24 maxlen: 24
                          150.129.23.0/24 maxlen: 24
                          202.58.16.0/23 maxlen: 23
                          202.58.16.0/24 maxlen: 24
                          202.58.17.0/24 maxlen: 24
                          202.58.18.0/23 maxlen: 23
                          202.58.18.0/24 maxlen: 24
                          202.58.19.0/24 maxlen: 24
                          203.80.170.0/23 maxlen: 23
                          203.80.170.0/24 maxlen: 24
                          203.80.171.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A911CA82/0BEB375ABE4411EBAE3D4348C4F9AE02/0qCHG82DdsEajwSaOYVa_NsYMGQ.crl
                          rsync://rpki.apnic.net/member_repository/A911CA82/0BEB375ABE4411EBAE3D4348C4F9AE02/0qCHG82DdsEajwSaOYVa_NsYMGQ.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/0qCHG82DdsEajwSaOYVa_NsYMGQ.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 23 Jun 2024 23:55:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1354 (0x54a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A911CA82/serialNumber=D2A0871BCD8376C11A8F049A39855AFCDB183064
        Validity
            Not Before: May  8 20:55:19 2024 GMT
            Not After : Dec  1 00:00:00 2024 GMT
        Subject: CN=663be6b7-a6ee
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:aa:95:d5:d3:35:a1:3e:ca:8e:7b:78:08:d8:81:
                    11:f8:1e:a2:eb:79:2b:42:10:4e:ca:43:f6:df:b6:
                    57:4f:94:cc:9b:eb:53:06:99:a5:b0:29:30:5b:25:
                    dc:34:94:6f:ed:79:fb:5f:75:9a:f0:21:7e:f0:46:
                    73:0b:eb:40:2a:a8:77:12:9c:75:b5:55:3e:1b:d1:
                    21:f7:af:5a:56:56:a4:5d:36:c0:f8:47:66:90:ad:
                    a1:25:7e:92:04:6b:64:3a:a2:81:1b:fd:4c:eb:aa:
                    14:d2:d3:f1:b8:d3:9a:07:16:04:94:17:fd:75:de:
                    fc:4c:24:9b:15:9d:fe:b7:1d:b8:d8:bd:68:6f:57:
                    dd:74:a0:cb:a7:4d:78:3e:be:9f:3f:b5:a5:bb:79:
                    8d:f3:48:aa:e4:0b:d9:20:7d:f7:5b:a4:f7:32:74:
                    12:19:66:77:9d:60:b6:3f:d1:ef:d2:1b:9d:c9:67:
                    e3:52:82:c5:19:36:e8:83:e9:59:e5:81:e3:65:2f:
                    b4:28:ac:67:11:9d:cd:cf:5d:52:b7:16:d8:fd:19:
                    2a:1f:8b:37:f4:56:39:d1:04:fd:e0:ec:5c:ba:18:
                    21:c7:a6:b0:ef:0e:dc:b4:c7:11:de:30:55:33:e9:
                    e9:da:c5:5a:37:bc:81:a5:6b:b5:59:30:0f:9d:b9:
                    99:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:C3:7B:F3:19:9B:C9:0E:D3:3E:3D:A2:D1:E3:E3:6A:06:FB:F1:1C
            X509v3 Authority Key Identifier:
                keyid:D2:A0:87:1B:CD:83:76:C1:1A:8F:04:9A:39:85:5A:FC:DB:18:30:64

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A911CA82/0BEB375ABE4411EBAE3D4348C4F9AE02/0qCHG82DdsEajwSaOYVa_NsYMGQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/0qCHG82DdsEajwSaOYVa_NsYMGQ.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A911CA82/0BEB375ABE4411EBAE3D4348C4F9AE02/CB304C36307111EDB0CBD946C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.20.80.0/22
                  103.106.204.0/22
                  103.119.96.0/22
                  103.136.176.0/22
                  103.142.208.0/23
                  111.67.96.0/21
                  115.178.24.0/23
                  124.108.4.0/22
                  150.129.20.0/22
                  202.58.16.0/22
                  203.80.170.0/23

    Signature Algorithm: sha256WithRSAEncryption
         8f:ec:59:ea:2b:9b:f0:8b:54:0a:53:17:43:a2:f9:f2:b4:55:
         01:2f:c0:d1:b8:1c:d5:6e:ba:ca:8a:46:07:f5:1c:63:39:5b:
         c8:32:0e:13:1b:9b:be:49:0a:32:af:1f:da:d1:b2:b1:e1:a0:
         2d:70:60:4f:49:35:98:a1:74:8d:9a:ce:21:8d:8c:58:8c:c7:
         96:c4:15:7a:00:7c:57:e8:37:68:33:d1:0e:04:61:27:a3:df:
         47:17:9b:9f:5a:36:3a:9e:6a:33:2d:24:56:e6:56:dd:54:79:
         9b:96:94:c7:bb:31:2f:b8:9e:c6:e5:c2:32:0c:69:93:c9:bf:
         d4:f1:76:30:63:9d:f9:2c:3c:56:25:32:28:31:3f:1a:c4:87:
         d2:5a:56:b2:af:db:8c:37:04:8f:68:59:98:d2:b2:2c:26:ee:
         48:5b:2d:f4:fc:63:fb:60:f1:40:a2:db:53:bc:34:7c:45:63:
         4c:40:e7:84:80:9e:7a:08:ab:75:7e:a0:b9:1a:e6:ae:17:f8:
         6a:b2:1b:78:1c:12:47:7d:38:b1:8d:11:86:fc:4e:bb:ea:15:
         c4:54:9f:e3:b5:7c:0b:44:ea:80:6c:a3:be:37:58:c8:b6:3b:
         0e:f7:c8:85:15:f4:a6:f3:6a:7d:87:76:77:76:bf:1c:6d:bc:
         e6:6a:25:4b
-----BEGIN CERTIFICATE-----
MIIFrTCCBJWgAwIBAgICBUowDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MUNBODIxMTAvBgNVBAUTKEQyQTA4NzFCQ0Q4Mzc2QzExQThGMDQ5QTM5ODU1QUZD
REIxODMwNjQwHhcNMjQwNTA4MjA1NTE5WhcNMjQxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjNiZTZiNy1hNmVlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAqpXV0zWhPsqOe3gI2IER+B6i63krQhBOykP237ZXT5TMm+tTBpmlsCkwWyXc
NJRv7Xn7X3Wa8CF+8EZzC+tAKqh3Epx1tVU+G9Eh969aVlakXTbA+EdmkK2hJX6S
BGtkOqKBG/1M66oU0tPxuNOaBxYElBf9dd78TCSbFZ3+tx242L1ob1fddKDLp014
Pr6fP7Wlu3mN80iq5AvZIH33W6T3MnQSGWZ3nWC2P9Hv0hudyWfjUoLFGTbog+lZ
5YHjZS+0KKxnEZ3Nz11StxbY/RkqH4s39FY50QT94Oxcuhghx6aw7w7ctMcR3jBV
M+np2sVaN7yBpWu1WTAPnbmZdwIDAQABo4IC0TCCAs0wHQYDVR0OBBYEFBrDe/MZ
m8kO0z49otHj42oG+/EcMB8GA1UdIwQYMBaAFNKghxvNg3bBGo8EmjmFWvzbGDBk
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTExQ0E4Mi8wQkVCMzc1QUJF
NDQxMUVCQUUzRDQzNDhDNEY5QUUwMi8wcUNIRzgyRGRzRWFqd1NhT1lWYV9Oc1lN
R1EuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzBxQ0hHODJEZHNFYWp3U2FPWVZhX05zWU1HUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MUNBODIvMEJFQjM3NUFCRTQ0MTFFQkFFM0Q0MzQ4QzRGOUFFMDIvQ0IzMDRDMzYz
MDcxMTFFREIwQ0JEOTQ2QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwWwYIKwYBBQUHAQcBAf8E
TDBKMEgEAgABMEIDBAJnFFADBAJnaswDBAJnd2ADBAJniLADBAFnjtADBANvQ2AD
BAFzshgDBAJ8bAQDBAKWgRQDBALKOhADBAHLUKowDQYJKoZIhvcNAQELBQADggEB
AI/sWeorm/CLVApTF0Oi+fK0VQEvwNG4HNVuusqKRgf1HGM5W8gyDhMbm75JCjKv
H9rRsrHhoC1wYE9JNZihdI2aziGNjFiMx5bEFXoAfFfoN2gz0Q4EYSej30cXm59a
NjqeajMtJFbmVt1UeZuWlMe7MS+4nsblwjIMaZPJv9TxdjBjnfksPFYlMigxPxrE
h9JaVrKv24w3BI9oWZjSsiwm7khbLfT8Y/tg8UCi21O8NHxFY0xA54SAnnoIq3V+
oLka5q4X+GqyG3gcEkd9OLGNEYb8TrvqFcRUn+O1fAtE6oBso743WMi2Ow73yIUV
9Kbzan2Hdnd2vxxtvOZqJUs=
-----END CERTIFICATE-----
Generated at Mon Jun 17 02:12:11 2024 by rpki-client on console-ams.rpki-client.org