Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91288D9/BA59535E425711EA8F838A43C4F9AE02/E0FCE614425811EAADEA3B45C4F9AE02.roa
File:                     E0FCE614425811EAADEA3B45C4F9AE02.roa (raw, json)
Hash identifier:          uo0CqqDq1LW4OE16oHJh3v7l3D+UDenz/raY8uxIHFA=
Subject key identifier:   AC:EA:7D:36:E1:E8:5A:31:A4:DC:03:E4:18:D1:9D:3D:E8:2A:E5:F9
Certificate issuer:       /CN=A91288D9/serialNumber=541E0A66FE60F3AAC02502CEF1E48E627A62F741
Certificate serial:       0A55
Authority key identifier: 54:1E:0A:66:FE:60:F3:AA:C0:25:02:CE:F1:E4:8E:62:7A:62:F7:41
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/VB4KZv5g86rAJQLO8eSOYnpi90E.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91288D9/BA59535E425711EA8F838A43C4F9AE02/E0FCE614425811EAADEA3B45C4F9AE02.roa
Signing time:             Thu 06 Jun 2024 21:16:48 +0000
ROA not before:           Thu 06 Jun 2024 21:16:48 +0000
ROA not after:            Sun 31 Aug 2025 00:00:00 +0000
asID:                     58935
IP address blocks:        103.249.56.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91288D9/BA59535E425711EA8F838A43C4F9AE02/VB4KZv5g86rAJQLO8eSOYnpi90E.crl
                          rsync://rpki.apnic.net/member_repository/A91288D9/BA59535E425711EA8F838A43C4F9AE02/VB4KZv5g86rAJQLO8eSOYnpi90E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/VB4KZv5g86rAJQLO8eSOYnpi90E.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 21 Jun 2024 20:19:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2645 (0xa55)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91288D9/serialNumber=541E0A66FE60F3AAC02502CEF1E48E627A62F741
        Validity
            Not Before: Jun  6 21:16:48 2024 GMT
            Not After : Aug 31 00:00:00 2025 GMT
        Subject: CN=66622740-2b1d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:76:62:2f:c3:46:2b:f2:be:b5:f8:fc:e9:d5:
                    09:2b:b0:7a:0f:cd:22:9d:0f:55:af:7b:e7:9c:bc:
                    24:6e:19:e7:47:bc:1f:f8:8b:9c:0f:2f:c4:72:6f:
                    78:e4:31:eb:d6:e2:95:b9:55:26:52:fc:c2:b7:53:
                    e8:9f:55:22:68:c9:25:ce:b3:21:d6:56:29:46:01:
                    89:e7:dc:60:1f:57:72:4a:6c:5c:f5:4e:30:73:6a:
                    0a:a4:b4:4f:f7:23:59:a5:83:e8:b2:39:2d:9c:1b:
                    ec:a9:76:d7:ae:e3:d4:3f:a4:ed:10:73:a9:d1:8e:
                    96:84:12:66:6a:d0:17:e2:7d:49:51:89:9d:fb:5e:
                    c6:2d:69:53:11:6f:39:08:ad:ed:f6:fd:03:9d:c7:
                    68:34:88:2f:7a:50:37:63:d0:34:cd:15:09:dc:bb:
                    8f:c9:b7:66:af:2a:a8:92:1e:3c:23:0d:47:a0:62:
                    cf:26:4e:2a:2e:df:f5:1f:4b:94:ca:35:73:43:3e:
                    17:0c:ab:cc:ab:1a:59:e6:fb:ec:3c:7f:07:68:9b:
                    23:aa:e5:5d:e7:8c:45:71:81:d9:ff:fc:09:7a:65:
                    e4:ad:33:59:f5:41:d6:52:db:1e:c7:14:29:12:7d:
                    c5:97:d5:54:5e:9f:c7:9f:bd:95:e2:03:49:1b:8b:
                    99:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AC:EA:7D:36:E1:E8:5A:31:A4:DC:03:E4:18:D1:9D:3D:E8:2A:E5:F9
            X509v3 Authority Key Identifier:
                keyid:54:1E:0A:66:FE:60:F3:AA:C0:25:02:CE:F1:E4:8E:62:7A:62:F7:41

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91288D9/BA59535E425711EA8F838A43C4F9AE02/VB4KZv5g86rAJQLO8eSOYnpi90E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/VB4KZv5g86rAJQLO8eSOYnpi90E.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91288D9/BA59535E425711EA8F838A43C4F9AE02/E0FCE614425811EAADEA3B45C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.249.56.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:cb:64:17:49:d3:dd:9e:26:fb:27:ed:5e:ad:ab:77:37:1e:
         ff:98:bd:a7:e3:0a:ec:04:85:8e:44:d0:81:e4:92:f6:18:57:
         fc:1b:ee:4b:36:0e:2c:e7:8f:25:49:5b:15:85:fb:f1:53:d0:
         2b:d7:e3:99:1e:9f:7d:eb:bc:cc:be:d3:2c:25:f8:47:97:85:
         ab:1d:78:be:23:51:30:70:14:be:14:fc:6e:02:28:bb:51:7a:
         ae:b5:2e:97:9e:e3:73:15:80:2e:b3:2f:56:5c:0b:5d:ca:87:
         d1:36:82:bd:20:11:3d:c3:74:d6:66:12:0c:a1:80:4f:5e:ff:
         28:06:bc:04:09:7e:bc:85:fe:28:a6:a9:90:47:e5:6a:3d:2c:
         c7:3a:7b:42:dc:1f:6b:99:87:54:a7:8c:7c:0d:74:0d:b9:1a:
         33:58:a9:68:1f:4f:71:33:ef:67:25:c9:67:c3:e3:ed:1e:3a:
         84:19:05:9a:3e:05:65:a1:8e:ed:11:e0:16:c6:71:d3:b7:90:
         b3:fb:13:78:7f:c3:ab:f5:e1:8e:be:b4:d8:47:2b:51:d3:47:
         3a:d5:db:96:b1:8e:0a:3d:81:6b:38:94:b1:e8:68:63:bc:5a:
         68:0b:32:46:1e:13:0c:b6:10:f9:07:43:b8:96:7c:85:69:14:
         81:c4:5f:e4
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICClUwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Mjg4RDkxMTAvBgNVBAUTKDU0MUUwQTY2RkU2MEYzQUFDMDI1MDJDRUYxRTQ4RTYy
N0E2MkY3NDEwHhcNMjQwNjA2MjExNjQ4WhcNMjUwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjYyMjc0MC0yYjFkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAuHZiL8NGK/K+tfj86dUJK7B6D80inQ9Vr3vnnLwkbhnnR7wf+IucDy/Ecm94
5DHr1uKVuVUmUvzCt1Pon1UiaMklzrMh1lYpRgGJ59xgH1dySmxc9U4wc2oKpLRP
9yNZpYPosjktnBvsqXbXruPUP6TtEHOp0Y6WhBJmatAX4n1JUYmd+17GLWlTEW85
CK3t9v0DncdoNIgvelA3Y9A0zRUJ3LuPybdmryqokh48Iw1HoGLPJk4qLt/1H0uU
yjVzQz4XDKvMqxpZ5vvsPH8HaJsjquVd54xFcYHZ//wJemXkrTNZ9UHWUtsexxQp
En3Fl9VUXp/Hn72V4gNJG4uZtQIDAQABo4IClTCCApEwHQYDVR0OBBYEFKzqfTbh
6FoxpNwD5BjRnT3oKuX5MB8GA1UdIwQYMBaAFFQeCmb+YPOqwCUCzvHkjmJ6YvdB
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEyODhEOS9CQTU5NTM1RTQy
NTcxMUVBOEY4MzhBNDNDNEY5QUUwMi9WQjRLWnY1Zzg2ckFKUUxPOGVTT1lucGk5
MEUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1ZCNEtadjVnODZyQUpRTE84ZVNPWW5waTkwRS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Mjg4RDkvQkE1OTUzNUU0MjU3MTFFQThGODM4QTQzQzRGOUFFMDIvRTBGQ0U2MTQ0
MjU4MTFFQUFERUEzQjQ1QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBABn+TgwDQYJKoZIhvcNAQELBQADggEBAC3LZBdJ092eJvsn
7V6tq3c3Hv+YvafjCuwEhY5E0IHkkvYYV/wb7ks2DiznjyVJWxWF+/FT0CvX45ke
n33rvMy+0ywl+EeXhasdeL4jUTBwFL4U/G4CKLtReq61Lpee43MVgC6zL1ZcC13K
h9E2gr0gET3DdNZmEgyhgE9e/ygGvAQJfryF/iimqZBH5Wo9LMc6e0LcH2uZh1Sn
jHwNdA25GjNYqWgfT3Ez72clyWfD4+0eOoQZBZo+BWWhju0R4BbGcdO3kLP7E3h/
w6v14Y6+tNhHK1HTRzrV25axjgo9gWs4lLHoaGO8WmgLMkYeEwy2EPkHQ7iWfIVp
FIHEX+Q=
-----END CERTIFICATE-----
Generated at Fri Jun 14 21:14:23 2024 by rpki-client on console-fra.rpki-client.org