Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A912D70A/41ABD29E1B8611EA9C9AF243C4F9AE02/61EE7C6C281211EA881CC32DC4F9AE02.roa
File:                     61EE7C6C281211EA881CC32DC4F9AE02.roa (raw, json)
Hash identifier:          Ts5oBok7cHgF7s6+IaaEWPvESWyczXjROfZF1hCcNGI=
Subject key identifier:   E5:96:93:98:6E:73:8E:90:F0:C0:E5:BF:57:75:B2:A0:2A:39:4A:93
Certificate issuer:       /CN=A912D70A/serialNumber=ED330820FFABD0AB2841BA93E902EA682992DAA9
Certificate serial:       0A5E
Authority key identifier: ED:33:08:20:FF:AB:D0:AB:28:41:BA:93:E9:02:EA:68:29:92:DA:A9
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/7TMIIP-r0KsoQbqT6QLqaCmS2qk.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A912D70A/41ABD29E1B8611EA9C9AF243C4F9AE02/61EE7C6C281211EA881CC32DC4F9AE02.roa
Signing time:             Wed 10 May 2023 21:01:33 +0000
ROA not before:           Wed 10 May 2023 21:01:33 +0000
ROA not after:            Mon 01 Jul 2024 00:00:00 +0000
asID:                     14618
IP address blocks:        103.229.8.0/24 maxlen: 24
                          103.229.9.0/24 maxlen: 24
                          103.229.10.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A912D70A/41ABD29E1B8611EA9C9AF243C4F9AE02/7TMIIP-r0KsoQbqT6QLqaCmS2qk.crl
                          rsync://rpki.apnic.net/member_repository/A912D70A/41ABD29E1B8611EA9C9AF243C4F9AE02/7TMIIP-r0KsoQbqT6QLqaCmS2qk.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/7TMIIP-r0KsoQbqT6QLqaCmS2qk.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 02 Apr 2024 19:50:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2654 (0xa5e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A912D70A/serialNumber=ED330820FFABD0AB2841BA93E902EA682992DAA9
        Validity
            Not Before: May 10 21:01:33 2023 GMT
            Not After : Jul  1 00:00:00 2024 GMT
        Subject: CN=645c062c-8070
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a9:6b:a7:f5:6d:72:7c:db:4e:d5:16:c8:61:9d:
                    0f:4b:ef:c5:c7:ad:ae:4c:cd:2f:89:9a:37:9f:a7:
                    2c:c4:83:5f:b6:30:c5:53:46:ac:67:12:f4:52:47:
                    20:e4:2e:aa:13:d1:3e:60:40:e8:35:ff:1c:05:64:
                    a5:ba:4c:9e:9a:b6:71:6f:55:fe:c0:b2:58:23:7d:
                    b2:77:37:34:cb:7a:38:b9:d9:a5:43:92:a2:ab:bb:
                    0e:ab:ba:40:d2:b5:e2:2c:cd:d7:f5:36:b5:61:de:
                    97:77:91:8c:ba:fd:e1:bb:d1:d3:14:80:96:d7:d0:
                    e8:ab:74:97:eb:b9:09:6e:e6:66:3a:92:d7:4c:fd:
                    cf:06:66:75:9c:48:89:ff:f8:6c:a7:a7:1b:c4:a0:
                    7c:d0:ec:fb:9f:63:fb:e0:f8:ed:45:2f:c4:97:52:
                    bb:27:94:ab:04:d3:6e:b1:dd:84:c2:ad:25:87:7f:
                    6a:01:f1:b1:90:79:7f:87:98:44:2b:70:7f:b8:7e:
                    e5:ad:58:b9:7e:78:94:6b:4d:3f:2d:d6:ff:4f:a4:
                    07:82:f6:e0:b7:02:7d:1b:d6:b7:b1:19:85:7e:cf:
                    0e:33:e2:11:77:e6:fe:8e:77:8d:ee:18:28:c7:13:
                    08:8b:04:2e:28:07:00:ad:18:42:fe:d7:d1:5c:88:
                    05:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E5:96:93:98:6E:73:8E:90:F0:C0:E5:BF:57:75:B2:A0:2A:39:4A:93
            X509v3 Authority Key Identifier:
                keyid:ED:33:08:20:FF:AB:D0:AB:28:41:BA:93:E9:02:EA:68:29:92:DA:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A912D70A/41ABD29E1B8611EA9C9AF243C4F9AE02/7TMIIP-r0KsoQbqT6QLqaCmS2qk.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/7TMIIP-r0KsoQbqT6QLqaCmS2qk.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A912D70A/41ABD29E1B8611EA9C9AF243C4F9AE02/61EE7C6C281211EA881CC32DC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.229.8.0-103.229.10.255

    Signature Algorithm: sha256WithRSAEncryption
         7d:76:16:d8:3b:8c:41:60:87:21:f3:94:dc:bc:38:04:16:a9:
         e4:7b:c5:4a:8f:e9:b0:e7:79:83:8d:e6:91:69:c5:a3:48:99:
         d4:3c:96:4c:5d:32:4c:77:0a:12:c4:27:b6:3d:56:90:0e:7c:
         3a:35:ac:62:4f:7a:b4:7d:41:81:ec:08:50:99:75:93:21:8d:
         db:a2:19:b6:00:56:8c:ab:8c:6a:87:a2:9f:2b:3d:58:c1:12:
         df:85:64:b6:c7:d6:d5:f8:8d:32:77:b2:e3:27:99:18:d2:ad:
         b3:a3:13:71:6c:f9:d4:df:10:7a:b1:f2:ad:2e:01:29:9e:63:
         a9:23:04:c9:60:26:59:f0:09:e6:ea:89:0f:a1:53:84:85:45:
         7a:a7:7f:d8:fe:5c:6a:8b:e2:6f:6a:dd:e4:1e:60:d9:54:b9:
         40:38:ee:36:19:76:f1:a5:64:9a:7f:0c:3c:23:fa:a3:24:43:
         c0:c1:e3:59:d3:ad:6b:25:e2:4c:3e:12:0d:35:2b:53:5e:e6:
         64:9d:5e:a4:bd:33:a8:a1:5f:77:d4:63:9b:06:c9:ed:10:a3:
         f4:39:58:a8:8c:6c:7f:c4:63:f0:75:1a:ad:f1:74:17:5e:48:
         65:bd:ea:1f:45:82:e0:67:2e:fe:41:f8:72:f9:c4:0d:9a:45:
         c3:14:e7:65
-----BEGIN CERTIFICATE-----
MIIFeTCCBGGgAwIBAgICCl4wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MkQ3MEExMTAvBgNVBAUTKEVEMzMwODIwRkZBQkQwQUIyODQxQkE5M0U5MDJFQTY4
Mjk5MkRBQTkwHhcNMjMwNTEwMjEwMTMzWhcNMjQwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDVjMDYyYy04MDcwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAqWun9W1yfNtO1RbIYZ0PS+/Fx62uTM0viZo3n6csxINftjDFU0asZxL0Ukcg
5C6qE9E+YEDoNf8cBWSlukyemrZxb1X+wLJYI32ydzc0y3o4udmlQ5Kiq7sOq7pA
0rXiLM3X9Ta1Yd6Xd5GMuv3hu9HTFICW19Doq3SX67kJbuZmOpLXTP3PBmZ1nEiJ
//hsp6cbxKB80Oz7n2P74PjtRS/El1K7J5SrBNNusd2Ewq0lh39qAfGxkHl/h5hE
K3B/uH7lrVi5fniUa00/Ldb/T6QHgvbgtwJ9G9a3sRmFfs8OM+IRd+b+jneN7hgo
xxMIiwQuKAcArRhC/tfRXIgFfQIDAQABo4ICnTCCApkwHQYDVR0OBBYEFOWWk5hu
c46Q8MDlv1d1sqAqOUqTMB8GA1UdIwQYMBaAFO0zCCD/q9CrKEG6k+kC6mgpktqp
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEyRDcwQS80MUFCRDI5RTFC
ODYxMUVBOUM5QUYyNDNDNEY5QUUwMi83VE1JSVAtcjBLc29RYnFUNlFMcWFDbVMy
cWsuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzdUTUlJUC1yMEtzb1FicVQ2UUxxYUNtUzJxay5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MkQ3MEEvNDFBQkQyOUUxQjg2MTFFQTlDOUFGMjQzQzRGOUFFMDIvNjFFRTdDNkMy
ODEyMTFFQTg4MUNDMzJEQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJwYIKwYBBQUHAQcBAf8E
GDAWMBQEAgABMA4wDAMEA2flCAMEAGflCjANBgkqhkiG9w0BAQsFAAOCAQEAfXYW
2DuMQWCHIfOU3Lw4BBap5HvFSo/psOd5g43mkWnFo0iZ1DyWTF0yTHcKEsQntj1W
kA58OjWsYk96tH1BgewIUJl1kyGN26IZtgBWjKuMaoeinys9WMES34VktsfW1fiN
Mney4yeZGNKts6MTcWz51N8QerHyrS4BKZ5jqSMEyWAmWfAJ5uqJD6FThIVFeqd/
2P5caovib2rd5B5g2VS5QDjuNhl28aVkmn8MPCP6oyRDwMHjWdOtayXiTD4SDTUr
U17mZJ1epL0zqKFfd9RjmwbJ7RCj9DlYqIxsf8Rj8HUarfF0F15IZb3qH0WC4Gcu
/kH4cvnEDZpFwxTnZQ==
-----END CERTIFICATE-----
Generated at Tue Mar 26 21:06:53 2024 by rpki-client on console-fra.rpki-client.org