Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A912D072/3A418936FBE611EAB353660CC4F9AE02/452550BCACBC11EBB0651B63C4F9AE02.roa
File:                     452550BCACBC11EBB0651B63C4F9AE02.roa (raw, json)
Hash identifier:          3wANlA4sHia2AY4hIvFyq0yEmoVbLKrSyE1vk2c14vk=
Subject key identifier:   F7:AA:12:CA:68:7E:3E:01:17:D7:B4:A9:A7:C0:6C:1B:C2:D7:63:41
Certificate issuer:       /CN=A912D072/serialNumber=475752844BEA7A49705BC25AA8F0C9EF100C98F8
Certificate serial:       0692
Authority key identifier: 47:57:52:84:4B:EA:7A:49:70:5B:C2:5A:A8:F0:C9:EF:10:0C:98:F8
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/R1dShEvqeklwW8JaqPDJ7xAMmPg.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A912D072/3A418936FBE611EAB353660CC4F9AE02/452550BCACBC11EBB0651B63C4F9AE02.roa
Signing time:             Wed 20 Sep 2023 22:00:06 +0000
ROA not before:           Wed 20 Sep 2023 22:00:06 +0000
ROA not after:            Thu 31 Oct 2024 00:00:00 +0000
asID:                     138538
IP address blocks:        103.153.138.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A912D072/3A418936FBE611EAB353660CC4F9AE02/R1dShEvqeklwW8JaqPDJ7xAMmPg.crl
                          rsync://rpki.apnic.net/member_repository/A912D072/3A418936FBE611EAB353660CC4F9AE02/R1dShEvqeklwW8JaqPDJ7xAMmPg.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/R1dShEvqeklwW8JaqPDJ7xAMmPg.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 21 Jun 2024 22:51:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1682 (0x692)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A912D072/serialNumber=475752844BEA7A49705BC25AA8F0C9EF100C98F8
        Validity
            Not Before: Sep 20 22:00:06 2023 GMT
            Not After : Oct 31 00:00:00 2024 GMT
        Subject: CN=650b6b65-19bf
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:ef:4b:5d:e8:7d:cd:ff:45:ef:8a:44:5c:01:
                    9d:2a:b7:ca:f1:a9:ee:14:43:aa:b5:d1:3e:aa:dd:
                    11:58:62:f3:ec:d3:04:ea:42:40:63:d6:66:f1:f6:
                    16:f1:22:f7:36:c0:87:e7:91:14:6d:09:e1:c2:68:
                    fc:48:aa:80:3a:25:76:9d:49:50:73:23:a3:b0:be:
                    17:58:2d:41:ac:9e:5d:f9:65:f0:ae:f2:e6:38:21:
                    6e:20:c3:d3:b8:76:37:51:04:d2:57:98:6e:af:d3:
                    a0:3d:7a:e6:e1:7d:62:32:d5:97:bb:8e:7d:fa:01:
                    11:14:b7:d4:47:0a:53:a1:28:5c:e6:c4:8c:01:a6:
                    72:13:9e:8e:6d:8c:58:80:4e:83:25:62:32:4d:fb:
                    35:01:fe:b3:b4:a1:d1:dc:01:c2:0b:ec:b7:95:a4:
                    c6:f8:c2:12:ee:9c:3a:d9:1a:6e:ce:55:14:96:38:
                    a2:ac:9c:8e:3e:5f:1d:14:6b:7a:a0:62:c4:e7:58:
                    79:e7:77:32:92:42:6e:5b:98:cb:59:f3:9b:c8:8a:
                    d4:80:6a:ff:bd:86:ab:a3:91:b2:16:b3:52:e3:96:
                    45:bf:00:01:f9:28:d0:b7:8e:e0:07:fc:c8:cf:f7:
                    11:75:3c:36:19:39:c4:be:73:bd:a8:fd:07:5b:ac:
                    54:d9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:AA:12:CA:68:7E:3E:01:17:D7:B4:A9:A7:C0:6C:1B:C2:D7:63:41
            X509v3 Authority Key Identifier:
                keyid:47:57:52:84:4B:EA:7A:49:70:5B:C2:5A:A8:F0:C9:EF:10:0C:98:F8

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A912D072/3A418936FBE611EAB353660CC4F9AE02/R1dShEvqeklwW8JaqPDJ7xAMmPg.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/R1dShEvqeklwW8JaqPDJ7xAMmPg.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A912D072/3A418936FBE611EAB353660CC4F9AE02/452550BCACBC11EBB0651B63C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.153.138.0/23

    Signature Algorithm: sha256WithRSAEncryption
         89:b7:7e:34:9a:21:21:02:6c:ca:a2:39:5c:e9:6a:bd:29:51:
         d2:0a:a6:88:24:68:1f:23:28:09:ca:3f:79:77:7f:87:e4:e2:
         7e:68:1e:dc:59:67:d9:55:5c:05:74:b0:e3:3c:f3:51:3e:7f:
         37:ff:ef:74:1a:9d:46:43:e8:39:a2:02:a2:29:bf:1b:8d:49:
         71:a8:2d:79:15:ac:e1:82:cd:c2:d8:7b:66:8e:3b:37:ad:c7:
         5b:aa:2e:a9:0f:25:45:dc:a1:35:4e:7a:08:27:6d:1b:e4:07:
         46:04:2f:64:1a:b9:63:d1:53:ee:dc:28:d9:ea:a3:43:f9:d7:
         aa:58:1e:9a:d0:11:f4:5a:40:d3:0d:53:a5:3c:e0:8a:47:ae:
         10:38:48:0c:b6:59:1d:69:90:93:52:65:14:fb:f2:54:62:da:
         86:32:08:e4:1a:ff:28:9e:a0:5e:04:97:d9:12:0e:d7:5f:a0:
         4e:aa:3b:dc:d7:89:a6:82:1d:09:36:c3:bb:13:05:f5:54:46:
         49:a8:ff:bd:0b:6d:cd:c9:ef:10:40:3f:61:3f:3b:6b:1e:b9:
         f9:b4:d4:05:4a:46:5d:60:20:ab:d0:c6:7a:cd:7c:ae:c7:54:
         97:54:b5:54:0b:94:02:97:9d:b0:ce:25:57:1f:b9:3a:cf:78:
         66:c2:80:78
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICBpIwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MkQwNzIxMTAvBgNVBAUTKDQ3NTc1Mjg0NEJFQTdBNDk3MDVCQzI1QUE4RjBDOUVG
MTAwQzk4RjgwHhcNMjMwOTIwMjIwMDA2WhcNMjQxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTBiNmI2NS0xOWJmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA2u9LXeh9zf9F74pEXAGdKrfK8anuFEOqtdE+qt0RWGLz7NME6kJAY9Zm8fYW
8SL3NsCH55EUbQnhwmj8SKqAOiV2nUlQcyOjsL4XWC1BrJ5d+WXwrvLmOCFuIMPT
uHY3UQTSV5hur9OgPXrm4X1iMtWXu459+gERFLfURwpToShc5sSMAaZyE56ObYxY
gE6DJWIyTfs1Af6ztKHR3AHCC+y3laTG+MIS7pw62RpuzlUUljiirJyOPl8dFGt6
oGLE51h553cykkJuW5jLWfObyIrUgGr/vYaro5GyFrNS45ZFvwAB+SjQt47gB/zI
z/cRdTw2GTnEvnO9qP0HW6xU2QIDAQABo4IClTCCApEwHQYDVR0OBBYEFPeqEspo
fj4BF9e0qafAbBvC12NBMB8GA1UdIwQYMBaAFEdXUoRL6npJcFvCWqjwye8QDJj4
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEyRDA3Mi8zQTQxODkzNkZC
RTYxMUVBQjM1MzY2MENDNEY5QUUwMi9SMWRTaEV2cWVrbHdXOEphcVBESjd4QU1t
UGcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1IxZFNoRXZxZWtsd1c4SmFxUERKN3hBTW1QZy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MkQwNzIvM0E0MTg5MzZGQkU2MTFFQUIzNTM2NjBDQzRGOUFFMDIvNDUyNTUwQkNB
Q0JDMTFFQkIwNjUxQjYzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAFnmYowDQYJKoZIhvcNAQELBQADggEBAIm3fjSaISECbMqi
OVzpar0pUdIKpogkaB8jKAnKP3l3f4fk4n5oHtxZZ9lVXAV0sOM881E+fzf/73Qa
nUZD6DmiAqIpvxuNSXGoLXkVrOGCzcLYe2aOOzetx1uqLqkPJUXcoTVOeggnbRvk
B0YEL2QauWPRU+7cKNnqo0P516pYHprQEfRaQNMNU6U84IpHrhA4SAy2WR1pkJNS
ZRT78lRi2oYyCOQa/yieoF4El9kSDtdfoE6qO9zXiaaCHQk2w7sTBfVURkmo/70L
bc3J7xBAP2E/O2seufm01AVKRl1gIKvQxnrNfK7HVJdUtVQLlAKXnbDOJVcfuTrP
eGbCgHg=
-----END CERTIFICATE-----
Generated at Fri Jun 14 23:50:40 2024 by rpki-client on console-ams.rpki-client.org