Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A913C1CB/E38E3280405C11ECB17F6819C4F9AE02/3DDAFD5EA2B811ED8FED0B6EC4F9AE02.roa
File:                     3DDAFD5EA2B811ED8FED0B6EC4F9AE02.roa (raw, json)
Hash identifier:          njD1iNph4a79Pk80u6vCYjOqwamg0LYQyJ5AqgrkM20=
Subject key identifier:   27:1F:93:B1:C3:91:45:39:06:A9:DC:B4:48:69:7D:46:90:81:82:85
Certificate issuer:       /CN=A913C1CB/serialNumber=48C5DB5A1BBDEB2211058C07D27670B42B6D876A
Certificate serial:       0440
Authority key identifier: 48:C5:DB:5A:1B:BD:EB:22:11:05:8C:07:D2:76:70:B4:2B:6D:87:6A
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/SMXbWhu96yIRBYwH0nZwtCtth2o.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A913C1CB/E38E3280405C11ECB17F6819C4F9AE02/3DDAFD5EA2B811ED8FED0B6EC4F9AE02.roa
Signing time:             Thu 19 Dec 2024 00:03:35 +0000
ROA not before:           Thu 19 Dec 2024 00:03:35 +0000
ROA not after:            Mon 02 Mar 2026 00:00:00 +0000
asID:                     134562
IP address blocks:        103.175.242.0/24 maxlen: 24
                          103.175.243.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A913C1CB/E38E3280405C11ECB17F6819C4F9AE02/SMXbWhu96yIRBYwH0nZwtCtth2o.crl
                          rsync://rpki.apnic.net/member_repository/A913C1CB/E38E3280405C11ECB17F6819C4F9AE02/SMXbWhu96yIRBYwH0nZwtCtth2o.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/SMXbWhu96yIRBYwH0nZwtCtth2o.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 12 Apr 2025 00:13:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1088 (0x440)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A913C1CB
        Validity
            Not Before: Dec 19 00:03:35 2024 GMT
            Not After : Mar  2 00:00:00 2026 GMT
        Subject: CN=676362d6-9543
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:38:3d:28:89:b4:3c:f3:06:34:56:d7:b7:a7:
                    7e:fe:c4:1c:38:ba:61:87:11:eb:f5:9a:45:ce:e0:
                    da:82:40:18:a0:23:da:36:2a:f7:be:0a:b1:b6:da:
                    d4:c7:4b:b1:87:6b:79:84:7b:f3:a4:ba:13:ba:de:
                    f8:22:2c:63:9b:6b:ab:3a:87:25:12:b0:9f:d2:3a:
                    64:fe:76:16:fb:f1:5b:98:09:c0:7c:51:89:66:de:
                    79:db:c3:66:b9:3e:1c:ec:b4:85:3a:a4:ac:88:f1:
                    44:be:df:77:53:d0:66:3f:0e:d0:bf:83:55:c4:dd:
                    73:c8:d6:36:f6:e3:c3:22:4a:e6:89:7b:8e:3e:1e:
                    04:91:4b:ad:03:52:cf:e4:c8:cb:05:23:57:94:5d:
                    6d:b5:3e:dc:df:73:12:e2:08:7b:27:21:a8:a4:9b:
                    5c:f7:1c:6e:7a:a9:5d:df:2a:cb:b5:ea:d2:7f:5f:
                    e5:03:52:ed:b7:f9:63:26:ad:c7:5c:f3:24:f9:96:
                    6f:dd:5f:e3:d7:09:b9:47:33:63:5b:b7:ae:f5:40:
                    3c:c9:87:92:9d:62:6d:77:dc:aa:f5:2c:43:ab:27:
                    f8:0c:2f:9a:11:a7:69:ab:20:6f:d5:d3:70:46:f1:
                    63:d0:4a:93:b2:51:52:41:21:20:90:10:e2:42:36:
                    58:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:1F:93:B1:C3:91:45:39:06:A9:DC:B4:48:69:7D:46:90:81:82:85
            X509v3 Authority Key Identifier:
                keyid:48:C5:DB:5A:1B:BD:EB:22:11:05:8C:07:D2:76:70:B4:2B:6D:87:6A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A913C1CB/E38E3280405C11ECB17F6819C4F9AE02/SMXbWhu96yIRBYwH0nZwtCtth2o.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/SMXbWhu96yIRBYwH0nZwtCtth2o.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A913C1CB/E38E3280405C11ECB17F6819C4F9AE02/3DDAFD5EA2B811ED8FED0B6EC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.175.242.0/23

    Signature Algorithm: sha256WithRSAEncryption
         77:4e:4f:4f:7c:e8:d0:43:f8:97:78:fe:a1:54:9a:37:3e:67:
         74:c8:a0:8d:ab:a9:0a:e0:1e:b4:55:43:e4:66:43:a2:17:e3:
         8c:21:6e:b0:b0:a3:48:b8:71:61:8a:f4:e9:f9:67:2f:78:48:
         00:09:c8:a7:40:5d:c5:10:ad:b3:c0:7d:0d:e0:23:51:a7:b3:
         4d:95:47:ca:ef:9b:ef:46:c9:64:3a:d4:2b:98:6d:41:63:33:
         72:cb:24:b9:19:d5:58:99:82:cb:72:f6:bc:90:b9:77:e7:e3:
         e0:0c:c7:54:29:5f:c8:b8:98:ac:00:3c:37:c0:04:6f:e3:c8:
         97:63:df:9e:5e:e3:e4:9e:07:a4:af:26:22:9d:b3:1c:d8:18:
         03:61:e7:93:57:ac:7a:af:08:1e:39:e2:43:78:18:79:41:07:
         45:d7:5c:3a:79:f0:fb:66:98:0a:b2:86:5f:3d:b9:3e:95:12:
         9c:4c:a5:bb:0b:82:46:5d:f3:da:e5:bb:0a:52:45:6b:66:4e:
         25:7d:f3:6a:d0:41:e8:49:e1:54:32:fb:97:ab:14:42:ee:d7:
         f2:68:31:c5:43:71:51:53:91:53:da:7c:92:2c:5f:b7:1f:c3:
         a3:e5:0e:b0:6a:49:61:2d:a4:51:ea:64:ef:c2:cb:88:de:37:
         09:6f:5a:b4
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICBEAwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
M0MxQ0IxMTAvBgNVBAUTKDQ4QzVEQjVBMUJCREVCMjIxMTA1OEMwN0QyNzY3MEI0
MkI2RDg3NkEwHhcNMjQxMjE5MDAwMzM1WhcNMjYwMzAyMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzYzNjJkNi05NTQzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAuTg9KIm0PPMGNFbXt6d+/sQcOLphhxHr9ZpFzuDagkAYoCPaNir3vgqxttrU
x0uxh2t5hHvzpLoTut74Iixjm2urOoclErCf0jpk/nYW+/FbmAnAfFGJZt5528Nm
uT4c7LSFOqSsiPFEvt93U9BmPw7Qv4NVxN1zyNY29uPDIkrmiXuOPh4EkUutA1LP
5MjLBSNXlF1ttT7c33MS4gh7JyGopJtc9xxueqld3yrLterSf1/lA1Ltt/ljJq3H
XPMk+ZZv3V/j1wm5RzNjW7eu9UA8yYeSnWJtd9yq9SxDqyf4DC+aEadpqyBv1dNw
RvFj0EqTslFSQSEgkBDiQjZYmwIDAQABo4IClTCCApEwHQYDVR0OBBYEFCcfk7HD
kUU5BqnctEhpfUaQgYKFMB8GA1UdIwQYMBaAFEjF21obvesiEQWMB9J2cLQrbYdq
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEzQzFDQi9FMzhFMzI4MDQw
NUMxMUVDQjE3RjY4MTlDNEY5QUUwMi9TTVhiV2h1OTZ5SVJCWXdIMG5ad3RDdHRo
Mm8uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1NNWGJXaHU5NnlJUkJZd0gwblp3dEN0dGgyby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
M0MxQ0IvRTM4RTMyODA0MDVDMTFFQ0IxN0Y2ODE5QzRGOUFFMDIvM0REQUZENUVB
MkI4MTFFRDhGRUQwQjZFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAFnr/IwDQYJKoZIhvcNAQELBQADggEBAHdOT0986NBD+Jd4
/qFUmjc+Z3TIoI2rqQrgHrRVQ+RmQ6IX44whbrCwo0i4cWGK9On5Zy94SAAJyKdA
XcUQrbPAfQ3gI1Gns02VR8rvm+9GyWQ61CuYbUFjM3LLJLkZ1ViZgsty9ryQuXfn
4+AMx1QpX8i4mKwAPDfABG/jyJdj355e4+SeB6SvJiKdsxzYGANh55NXrHqvCB45
4kN4GHlBB0XXXDp58PtmmAqyhl89uT6VEpxMpbsLgkZd89rluwpSRWtmTiV982rQ
QehJ4VQy+5erFELu1/JoMcVDcVFTkVPafJIsX7cfw6PlDrBqSWEtpFHqZO/Cy4je
NwlvWrQ=
-----END CERTIFICATE-----
Generated at Sat Apr 5 05:52:27 2025 by rpki-client