Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9121836/F1DB1D44F4FB11ED938F9447C4F9AE02/6CE6E15ECEF311EEBCE7894DC4F9AE02.roa
File:                     6CE6E15ECEF311EEBCE7894DC4F9AE02.roa (raw, json)
Hash identifier:          ssaH/8SpdKsqdDitk2qgJT2SCDl83tgdMRPI1+sqRAs=
Subject key identifier:   69:58:8F:60:41:01:7B:79:66:81:B2:6B:AC:69:E8:8D:3F:FE:74:F4
Certificate issuer:       /CN=A9121836/serialNumber=66B214D11C7F961A95C4256703428E93CBA72986
Certificate serial:       AD
Authority key identifier: 66:B2:14:D1:1C:7F:96:1A:95:C4:25:67:03:42:8E:93:CB:A7:29:86
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ZrIU0Rx_lhqVxCVnA0KOk8unKYY.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9121836/F1DB1D44F4FB11ED938F9447C4F9AE02/6CE6E15ECEF311EEBCE7894DC4F9AE02.roa
Signing time:             Mon 19 Feb 2024 06:52:20 +0000
ROA not before:           Mon 19 Feb 2024 06:52:19 +0000
ROA not after:            Mon 30 Dec 2024 00:00:00 +0000
asID:                     9268
IP address blocks:        103.25.115.0/24 maxlen: 24
                          103.74.216.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9121836/F1DB1D44F4FB11ED938F9447C4F9AE02/ZrIU0Rx_lhqVxCVnA0KOk8unKYY.crl
                          rsync://rpki.apnic.net/member_repository/A9121836/F1DB1D44F4FB11ED938F9447C4F9AE02/ZrIU0Rx_lhqVxCVnA0KOk8unKYY.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ZrIU0Rx_lhqVxCVnA0KOk8unKYY.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 20 Jun 2024 02:50:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 173 (0xad)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9121836/serialNumber=66B214D11C7F961A95C4256703428E93CBA72986
        Validity
            Not Before: Feb 19 06:52:19 2024 GMT
            Not After : Dec 30 00:00:00 2024 GMT
        Subject: CN=65d2faa3-2bc7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:84:77:79:cd:a3:f7:61:6e:55:d3:a2:a8:8e:
                    54:33:27:62:54:c6:3c:4e:15:f9:41:4d:5f:0f:38:
                    79:21:0f:4f:fc:3b:15:cf:47:df:23:05:6e:4a:e3:
                    63:25:c1:8a:91:eb:4e:cd:53:df:7a:11:8e:ef:94:
                    a5:16:0e:44:16:62:b3:7d:33:98:e9:6f:e2:3f:8c:
                    cb:c5:71:4b:c6:fa:bd:3f:e5:a8:c8:5f:2a:d8:c6:
                    79:35:10:95:5d:13:c7:68:3d:4d:1b:b2:f7:a3:17:
                    f1:bb:11:05:be:b1:38:67:db:a5:76:dc:99:16:1f:
                    57:9b:b4:38:78:c7:d0:1c:07:3a:00:be:42:99:e1:
                    8d:c4:92:86:43:df:a9:c9:1e:37:a0:73:b0:b4:68:
                    20:7e:c9:7d:ec:20:76:fb:76:6f:22:4c:b7:54:7c:
                    7d:e9:c7:a5:15:09:d4:e2:04:1d:c2:0a:3d:16:80:
                    cc:24:0f:ca:6e:cf:38:7a:a2:fd:28:2a:c2:88:17:
                    e5:2f:c8:9c:fd:95:28:e1:6b:ad:2b:83:ba:10:83:
                    35:d4:69:3d:96:27:d9:df:23:01:77:40:1a:fc:9f:
                    67:c3:92:46:c1:65:3e:d0:54:d4:f5:6b:ad:e1:7a:
                    86:ce:0f:dc:9a:64:6b:6d:04:50:0b:3c:ab:44:4a:
                    9f:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:58:8F:60:41:01:7B:79:66:81:B2:6B:AC:69:E8:8D:3F:FE:74:F4
            X509v3 Authority Key Identifier:
                keyid:66:B2:14:D1:1C:7F:96:1A:95:C4:25:67:03:42:8E:93:CB:A7:29:86

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9121836/F1DB1D44F4FB11ED938F9447C4F9AE02/ZrIU0Rx_lhqVxCVnA0KOk8unKYY.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ZrIU0Rx_lhqVxCVnA0KOk8unKYY.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9121836/F1DB1D44F4FB11ED938F9447C4F9AE02/6CE6E15ECEF311EEBCE7894DC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.25.115.0/24
                  103.74.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         30:df:10:44:b1:85:dc:7b:47:8f:a2:de:c0:d7:86:a8:7d:59:
         d5:c5:30:3b:03:50:d7:72:0c:bf:d7:fd:e1:63:cd:dd:22:4a:
         2a:eb:e7:a5:35:9e:0b:74:8b:cc:08:29:9d:8b:a7:0c:79:b0:
         60:63:e7:f7:da:54:8a:86:af:97:83:08:78:7b:1f:a1:ab:9b:
         0f:48:9d:1a:d0:6d:60:cd:61:bc:59:db:35:8a:42:80:a5:2d:
         5f:50:a9:b0:43:5d:fb:2d:5a:39:11:b1:72:d3:9b:e6:79:cb:
         85:2d:c1:7e:0d:3b:5f:ce:77:19:03:42:37:a8:10:e9:36:2a:
         aa:23:3c:37:7e:f0:6d:2e:ba:ad:ea:86:14:f8:2d:da:44:f4:
         8d:65:14:27:12:cd:1e:e9:cf:0e:a4:68:26:8a:d6:18:98:f8:
         a1:1a:76:52:1a:4f:95:9c:00:bb:73:17:65:7d:2b:a2:eb:79:
         bf:ae:14:b5:83:6a:d5:a4:90:aa:59:49:f8:6a:34:6e:9c:2b:
         58:bb:83:57:45:4a:b6:3f:25:62:9a:a1:6d:48:70:b2:34:f4:
         7e:73:46:41:22:d0:f5:25:e8:88:91:df:00:48:a0:d3:3c:df:
         86:eb:66:80:64:38:14:07:98:92:5d:b7:d6:59:ed:a6:c1:30:
         70:b5:04:4c
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICAK0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MjE4MzYxMTAvBgNVBAUTKDY2QjIxNEQxMUM3Rjk2MUE5NUM0MjU2NzAzNDI4RTkz
Q0JBNzI5ODYwHhcNMjQwMjE5MDY1MjE5WhcNMjQxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWQyZmFhMy0yYmM3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAr4R3ec2j92FuVdOiqI5UMydiVMY8ThX5QU1fDzh5IQ9P/DsVz0ffIwVuSuNj
JcGKketOzVPfehGO75SlFg5EFmKzfTOY6W/iP4zLxXFLxvq9P+WoyF8q2MZ5NRCV
XRPHaD1NG7L3oxfxuxEFvrE4Z9uldtyZFh9Xm7Q4eMfQHAc6AL5CmeGNxJKGQ9+p
yR43oHOwtGggfsl97CB2+3ZvIky3VHx96celFQnU4gQdwgo9FoDMJA/Kbs84eqL9
KCrCiBflL8ic/ZUo4WutK4O6EIM11Gk9lifZ3yMBd0Aa/J9nw5JGwWU+0FTU9Wut
4XqGzg/cmmRrbQRQCzyrREqflwIDAQABo4ICmzCCApcwHQYDVR0OBBYEFGlYj2BB
AXt5ZoGya6xp6I0//nT0MB8GA1UdIwQYMBaAFGayFNEcf5YalcQlZwNCjpPLpymG
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEyMTgzNi9GMURCMUQ0NEY0
RkIxMUVEOTM4Rjk0NDdDNEY5QUUwMi9acklVMFJ4X2xocVZ4Q1ZuQTBLT2s4dW5L
WVkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1pySVUwUnhfbGhxVnhDVm5BMEtPazh1bktZWS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MjE4MzYvRjFEQjFENDRGNEZCMTFFRDkzOEY5NDQ3QzRGOUFFMDIvNkNFNkUxNUVD
RUYzMTFFRUJDRTc4OTREQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBABnGXMDBABnStgwDQYJKoZIhvcNAQELBQADggEBADDfEESx
hdx7R4+i3sDXhqh9WdXFMDsDUNdyDL/X/eFjzd0iSirr56U1ngt0i8wIKZ2Lpwx5
sGBj5/faVIqGr5eDCHh7H6Grmw9InRrQbWDNYbxZ2zWKQoClLV9QqbBDXfstWjkR
sXLTm+Z5y4UtwX4NO1/OdxkDQjeoEOk2KqojPDd+8G0uuq3qhhT4LdpE9I1lFCcS
zR7pzw6kaCaK1hiY+KEadlIaT5WcALtzF2V9K6Lreb+uFLWDatWkkKpZSfhqNG6c
K1i7g1dFSrY/JWKaoW1IcLI09H5zRkEi0PUl6IiR3wBIoNM834brZoBkOBQHmJJd
t9ZZ7abBMHC1BEw=
-----END CERTIFICATE-----
Generated at Thu Jun 13 06:58:26 2024 by rpki-client on console-fra.rpki-client.org