Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A912B2EE/1F411F586C2111E9B76FA909C4F9AE02/05449490E17B11EC93AB7473C4F9AE02.roa
File:                     05449490E17B11EC93AB7473C4F9AE02.roa (raw, json)
Hash identifier:          PcZWjC6UVwgJAg7JfBerYqiOjHVIHel2AtVeK/QvypU=
Subject key identifier:   05:3B:16:48:AC:20:6B:89:39:6F:AA:F7:7A:62:D1:32:8D:A6:A2:3B
Certificate issuer:       /CN=A912B2EE/serialNumber=C824347425BAC8AF59B4E1966BC10DBFA8BDAB82
Certificate serial:       0EC1
Authority key identifier: C8:24:34:74:25:BA:C8:AF:59:B4:E1:96:6B:C1:0D:BF:A8:BD:AB:82
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/yCQ0dCW6yK9ZtOGWa8ENv6i9q4I.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A912B2EE/1F411F586C2111E9B76FA909C4F9AE02/05449490E17B11EC93AB7473C4F9AE02.roa
Signing time:             Sat 08 Jun 2024 18:41:39 +0000
ROA not before:           Sat 08 Jun 2024 18:41:39 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     139924
IP address blocks:        103.138.158.0/23 maxlen: 23
                          103.138.158.0/24 maxlen: 24
                          103.138.159.0/24 maxlen: 24
                          2407:98c0::/32 maxlen: 32
                          2407:98c0::/48 maxlen: 48
                          2407:98c0:1::/48 maxlen: 48
                          2407:98c0:2::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A912B2EE/1F411F586C2111E9B76FA909C4F9AE02/yCQ0dCW6yK9ZtOGWa8ENv6i9q4I.crl
                          rsync://rpki.apnic.net/member_repository/A912B2EE/1F411F586C2111E9B76FA909C4F9AE02/yCQ0dCW6yK9ZtOGWa8ENv6i9q4I.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/yCQ0dCW6yK9ZtOGWa8ENv6i9q4I.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 21 Jun 2024 18:35:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3777 (0xec1)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A912B2EE/serialNumber=C824347425BAC8AF59B4E1966BC10DBFA8BDAB82
        Validity
            Not Before: Jun  8 18:41:39 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6664a5e2-8836
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:36:78:64:da:cf:84:ac:bd:65:03:0a:0f:4e:
                    1a:38:c2:96:6d:6d:6e:44:38:c1:80:4c:e3:cb:82:
                    3e:04:b2:55:6e:56:8a:c3:42:ca:5d:11:1a:b7:c9:
                    ee:a4:40:d9:94:a5:00:32:30:5f:e8:1f:13:8f:1b:
                    a1:70:4e:dc:b5:3f:37:e6:83:ab:3f:b0:7f:bf:58:
                    24:c5:36:a2:dc:85:ad:43:71:1a:b1:93:89:4e:b3:
                    43:8b:4e:2f:20:43:19:12:16:97:39:ea:e5:8d:f1:
                    0e:28:bd:61:46:a1:dc:ac:55:04:d4:f8:da:fd:bd:
                    3d:21:d3:77:8d:69:67:1b:37:c0:e9:20:ec:a8:d3:
                    e9:f6:03:21:f7:e3:36:b7:72:75:2a:f2:6b:76:f5:
                    46:f8:19:c7:d6:20:07:81:77:db:18:15:4f:7b:2a:
                    ca:e1:80:71:db:05:3c:d6:cd:eb:85:61:51:c5:6b:
                    90:67:bc:eb:5a:ca:34:28:de:e3:f5:77:06:3e:a8:
                    97:0e:45:85:f3:48:49:54:88:96:3c:62:d6:13:3c:
                    e0:02:ff:f4:76:24:84:6f:4c:19:9e:41:ff:6c:58:
                    4f:60:0e:f3:07:bf:ae:f0:79:90:42:0d:53:89:e7:
                    40:55:09:a6:ef:db:74:68:fb:15:26:8b:4e:3b:d7:
                    ed:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                05:3B:16:48:AC:20:6B:89:39:6F:AA:F7:7A:62:D1:32:8D:A6:A2:3B
            X509v3 Authority Key Identifier:
                keyid:C8:24:34:74:25:BA:C8:AF:59:B4:E1:96:6B:C1:0D:BF:A8:BD:AB:82

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A912B2EE/1F411F586C2111E9B76FA909C4F9AE02/yCQ0dCW6yK9ZtOGWa8ENv6i9q4I.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/yCQ0dCW6yK9ZtOGWa8ENv6i9q4I.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A912B2EE/1F411F586C2111E9B76FA909C4F9AE02/05449490E17B11EC93AB7473C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.138.158.0/23
                IPv6:
                  2407:98c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         21:ee:7f:c3:1d:d9:a4:a9:5d:60:a4:71:ca:92:d3:84:04:f2:
         f8:6b:21:ff:74:bf:1e:92:59:52:b8:14:a7:1f:93:88:3b:c0:
         6c:dd:a6:9f:c2:91:b2:40:7c:92:b4:18:60:57:ef:c9:e8:06:
         95:cb:c7:c2:1d:35:2d:40:36:af:15:64:3d:f4:b9:cb:91:8b:
         d5:ac:f0:bf:8d:08:ae:9c:0a:87:8f:ce:d9:0f:4a:14:e8:4f:
         7f:37:7c:1e:cc:3d:f5:29:ce:49:39:e7:74:01:78:6c:91:92:
         bd:bb:85:b5:2f:a1:e5:35:fe:ae:70:0a:93:06:0a:a4:b2:59:
         df:74:bc:ee:7d:5c:d4:60:32:ca:61:93:77:b7:05:47:97:f2:
         b9:e1:4e:eb:22:0f:a4:bb:0a:18:57:d8:51:24:24:23:c5:38:
         59:2b:dc:8a:47:9e:db:a0:e3:5b:c8:88:3c:ca:37:5a:02:25:
         7f:1e:45:c0:dd:62:53:ca:99:32:a8:30:f2:d8:1e:25:b6:64:
         31:8a:26:1c:9a:ea:8e:52:a7:87:b3:fc:a2:2d:b0:7b:ba:00:
         25:fe:af:b6:4e:13:45:77:03:a7:0e:b0:00:0e:d3:f5:c8:4d:
         d1:8f:f7:13:17:dc:99:17:f1:00:4c:c8:85:96:d7:7f:3e:a1:
         98:b3:ac:e5
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICDsEwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MkIyRUUxMTAvBgNVBAUTKEM4MjQzNDc0MjVCQUM4QUY1OUI0RTE5NjZCQzEwREJG
QThCREFCODIwHhcNMjQwNjA4MTg0MTM5WhcNMjUwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjY0YTVlMi04ODM2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAqTZ4ZNrPhKy9ZQMKD04aOMKWbW1uRDjBgEzjy4I+BLJVblaKw0LKXREat8nu
pEDZlKUAMjBf6B8TjxuhcE7ctT835oOrP7B/v1gkxTai3IWtQ3EasZOJTrNDi04v
IEMZEhaXOerljfEOKL1hRqHcrFUE1Pja/b09IdN3jWlnGzfA6SDsqNPp9gMh9+M2
t3J1KvJrdvVG+BnH1iAHgXfbGBVPeyrK4YBx2wU81s3rhWFRxWuQZ7zrWso0KN7j
9XcGPqiXDkWF80hJVIiWPGLWEzzgAv/0diSEb0wZnkH/bFhPYA7zB7+u8HmQQg1T
iedAVQmm79t0aPsVJotOO9ftxQIDAQABo4ICpDCCAqAwHQYDVR0OBBYEFAU7Fkis
IGuJOW+q93pi0TKNpqI7MB8GA1UdIwQYMBaAFMgkNHQlusivWbThlmvBDb+ovauC
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEyQjJFRS8xRjQxMUY1ODZD
MjExMUU5Qjc2RkE5MDlDNEY5QUUwMi95Q1EwZENXNnlLOVp0T0dXYThFTnY2aTlx
NEkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3lDUTBkQ1c2eUs5WnRPR1dhOEVOdjZpOXE0SS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MkIyRUUvMUY0MTFGNTg2QzIxMTFFOUI3NkZBOTA5QzRGOUFFMDIvMDU0NDk0OTBF
MTdCMTFFQzkzQUI3NDczQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLgYIKwYBBQUHAQcBAf8E
HzAdMAwEAgABMAYDBAFnip4wDQQCAAIwBwMFACQHmMAwDQYJKoZIhvcNAQELBQAD
ggEBACHuf8Md2aSpXWCkccqS04QE8vhrIf90vx6SWVK4FKcfk4g7wGzdpp/CkbJA
fJK0GGBX78noBpXLx8IdNS1ANq8VZD30ucuRi9Ws8L+NCK6cCoePztkPShToT383
fB7MPfUpzkk553QBeGyRkr27hbUvoeU1/q5wCpMGCqSyWd90vO59XNRgMsphk3e3
BUeX8rnhTusiD6S7ChhX2FEkJCPFOFkr3IpHntug41vIiDzKN1oCJX8eRcDdYlPK
mTKoMPLYHiW2ZDGKJhya6o5Sp4ez/KItsHu6ACX+r7ZOE0V3A6cOsAAO0/XITdGP
9xMX3JkX8QBMyIWW138+oZizrOU=
-----END CERTIFICATE-----
Generated at Fri Jun 14 19:35:56 2024 by rpki-client on console-fra.rpki-client.org