Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9147CDA/49B27D8A054D11EE9DFC1624C4F9AE02/1D7A0DE468FF11EE8F94AD6AC4F9AE02.roa
File:                     1D7A0DE468FF11EE8F94AD6AC4F9AE02.roa (raw, json)
Hash identifier:          woS729tk0hFtPGLUns+ELkiLka/6z63X+WiwGWiKLrQ=
Subject key identifier:   27:87:09:E9:1D:77:D1:6E:1F:64:C8:99:AE:00:A8:C1:68:63:74:79
Certificate issuer:       /CN=A9147CDA/serialNumber=F3DA51FE80BCDA97087525E204621EA9F5574199
Certificate serial:       EF
Authority key identifier: F3:DA:51:FE:80:BC:DA:97:08:75:25:E2:04:62:1E:A9:F5:57:41:99
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/89pR_oC82pcIdSXiBGIeqfVXQZk.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9147CDA/49B27D8A054D11EE9DFC1624C4F9AE02/1D7A0DE468FF11EE8F94AD6AC4F9AE02.roa
Signing time:             Fri 07 Jun 2024 07:41:32 +0000
ROA not before:           Fri 07 Jun 2024 07:41:32 +0000
ROA not after:            Sun 31 Aug 2025 00:00:00 +0000
asID:                     3223
IP address blocks:        103.197.84.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9147CDA/49B27D8A054D11EE9DFC1624C4F9AE02/89pR_oC82pcIdSXiBGIeqfVXQZk.crl
                          rsync://rpki.apnic.net/member_repository/A9147CDA/49B27D8A054D11EE9DFC1624C4F9AE02/89pR_oC82pcIdSXiBGIeqfVXQZk.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/89pR_oC82pcIdSXiBGIeqfVXQZk.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 24 Jun 2024 06:51:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 239 (0xef)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9147CDA/serialNumber=F3DA51FE80BCDA97087525E204621EA9F5574199
        Validity
            Not Before: Jun  7 07:41:32 2024 GMT
            Not After : Aug 31 00:00:00 2025 GMT
        Subject: CN=6662b9ab-c9ff
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:3d:54:8d:6a:c3:b9:05:33:ff:b8:e1:04:52:
                    74:8b:2a:ff:b5:ff:99:c4:4e:8f:33:c4:b6:9e:bb:
                    3f:e2:fe:cc:de:7f:bf:b9:1f:4b:d9:1e:2e:fb:b2:
                    36:91:76:fa:96:70:44:f8:dd:57:74:7c:74:76:cb:
                    3d:51:f7:5a:28:c5:c1:80:2a:ab:35:44:ed:d1:17:
                    a4:e5:5c:ee:0e:14:cb:de:3b:8b:c8:c9:2b:90:0e:
                    00:35:78:0a:b5:d6:13:bc:df:a7:ad:68:03:71:52:
                    cb:71:50:43:1f:74:46:db:a0:c1:d5:2d:1b:ef:ef:
                    ad:54:16:fd:be:2b:75:96:03:70:40:e2:18:ba:c6:
                    68:27:8a:31:66:3c:2d:f2:1e:68:fb:e5:0b:e0:52:
                    b4:07:98:8f:e1:79:b1:f9:64:e1:04:0f:ae:0d:c3:
                    0b:5e:fe:f9:5a:2a:e2:83:e3:91:58:fb:2f:59:f4:
                    22:5d:0f:82:df:2b:5d:5a:42:e8:16:af:76:33:36:
                    50:de:1f:d5:c1:f9:73:b9:a6:53:ac:ba:6e:f6:a0:
                    6b:72:5e:33:b4:17:41:4d:33:b5:3f:6d:09:33:02:
                    c9:29:e8:1d:45:7b:ec:17:1e:11:5f:95:73:c4:40:
                    43:1b:e6:75:79:f9:aa:17:81:a0:c3:97:c1:3d:df:
                    60:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:87:09:E9:1D:77:D1:6E:1F:64:C8:99:AE:00:A8:C1:68:63:74:79
            X509v3 Authority Key Identifier:
                keyid:F3:DA:51:FE:80:BC:DA:97:08:75:25:E2:04:62:1E:A9:F5:57:41:99

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9147CDA/49B27D8A054D11EE9DFC1624C4F9AE02/89pR_oC82pcIdSXiBGIeqfVXQZk.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/89pR_oC82pcIdSXiBGIeqfVXQZk.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9147CDA/49B27D8A054D11EE9DFC1624C4F9AE02/1D7A0DE468FF11EE8F94AD6AC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.197.84.0/24

    Signature Algorithm: sha256WithRSAEncryption
         85:4e:51:89:de:76:b6:d8:67:c4:0b:30:85:4b:b3:90:16:04:
         8c:00:f3:7f:67:2d:b7:2c:6a:6c:a6:e7:76:02:4c:7b:ed:9a:
         95:32:f3:11:28:45:4a:66:fc:56:35:1e:e2:d4:8e:17:25:bd:
         7d:12:bd:8b:d5:a0:f4:3f:a7:51:64:23:00:5a:f7:b8:c1:26:
         ee:94:39:80:6c:3c:87:e2:af:9c:17:e7:c7:a9:be:b8:d4:0d:
         db:c4:8b:1d:d4:d0:b1:00:39:19:f8:f2:92:4a:98:37:a3:71:
         2a:eb:75:a8:a5:17:66:bf:ae:e6:bf:6a:3e:ff:23:89:17:44:
         27:d7:a9:e0:18:b8:37:97:5a:4a:94:3d:26:35:96:84:c1:9d:
         02:6a:b8:e3:ba:d1:f9:d4:b2:bc:a6:e9:4c:3f:44:d0:42:94:
         06:00:d8:cd:d8:ea:12:22:cf:06:c8:ce:2a:02:41:eb:e4:6f:
         53:41:6a:24:46:55:87:4b:38:d8:6a:c7:af:a5:da:7f:c1:50:
         c1:4a:65:68:b1:43:82:0d:1e:cc:78:12:39:2c:5f:28:bb:b0:
         8c:2f:6c:be:4e:f1:7f:d6:4b:73:1a:73:81:52:2c:cd:df:3a:
         04:07:e8:02:4b:be:18:81:2e:0d:37:0f:50:5f:8c:9e:f7:58:
         60:d0:6c:15
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICAO8wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDdDREExMTAvBgNVBAUTKEYzREE1MUZFODBCQ0RBOTcwODc1MjVFMjA0NjIxRUE5
RjU1NzQxOTkwHhcNMjQwNjA3MDc0MTMyWhcNMjUwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjYyYjlhYi1jOWZmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA1j1UjWrDuQUz/7jhBFJ0iyr/tf+ZxE6PM8S2nrs/4v7M3n+/uR9L2R4u+7I2
kXb6lnBE+N1XdHx0dss9UfdaKMXBgCqrNUTt0Rek5VzuDhTL3juLyMkrkA4ANXgK
tdYTvN+nrWgDcVLLcVBDH3RG26DB1S0b7++tVBb9vit1lgNwQOIYusZoJ4oxZjwt
8h5o++UL4FK0B5iP4Xmx+WThBA+uDcMLXv75Wirig+ORWPsvWfQiXQ+C3ytdWkLo
Fq92MzZQ3h/VwflzuaZTrLpu9qBrcl4ztBdBTTO1P20JMwLJKegdRXvsFx4RX5Vz
xEBDG+Z1efmqF4Ggw5fBPd9gPwIDAQABo4IClTCCApEwHQYDVR0OBBYEFCeHCekd
d9FuH2TIma4AqMFoY3R5MB8GA1UdIwQYMBaAFPPaUf6AvNqXCHUl4gRiHqn1V0GZ
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0N0NEQS80OUIyN0Q4QTA1
NEQxMUVFOURGQzE2MjRDNEY5QUUwMi84OXBSX29DODJwY0lkU1hpQkdJZXFmVlhR
WmsuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzg5cFJfb0M4MnBjSWRTWGlCR0llcWZWWFFaay5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDdDREEvNDlCMjdEOEEwNTREMTFFRTlERkMxNjI0QzRGOUFFMDIvMUQ3QTBERTQ2
OEZGMTFFRThGOTRBRDZBQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBABnxVQwDQYJKoZIhvcNAQELBQADggEBAIVOUYnedrbYZ8QL
MIVLs5AWBIwA839nLbcsamym53YCTHvtmpUy8xEoRUpm/FY1HuLUjhclvX0SvYvV
oPQ/p1FkIwBa97jBJu6UOYBsPIfir5wX58epvrjUDdvEix3U0LEAORn48pJKmDej
cSrrdailF2a/rua/aj7/I4kXRCfXqeAYuDeXWkqUPSY1loTBnQJquOO60fnUsrym
6Uw/RNBClAYA2M3Y6hIizwbIzioCQevkb1NBaiRGVYdLONhqx6+l2n/BUMFKZWix
Q4INHsx4EjksXyi7sIwvbL5O8X/WS3Mac4FSLM3fOgQH6AJLvhiBLg03D1BfjJ73
WGDQbBU=
-----END CERTIFICATE-----
Generated at Mon Jun 17 08:43:14 2024 by rpki-client on console-ams.rpki-client.org