Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9157D65/1A0DA82A406111EAA2BCE512C4F9AE02/F84C1D9C406111EAA351F913C4F9AE02.roa
File:                     F84C1D9C406111EAA351F913C4F9AE02.roa (raw, json)
Hash identifier:          QMRA0FVStEOYnc4bxxbjBfYHOGHS2jiP/r1+CjS/IZg=
Subject key identifier:   43:9B:F5:36:BE:A2:EF:C8:F0:B0:DE:02:8A:E1:38:9C:AD:4F:65:CC
Certificate issuer:       /CN=A9157D65/serialNumber=A77838D7F541C61DB069DABCE5D83709A7C2AE0D
Certificate serial:       0A18
Authority key identifier: A7:78:38:D7:F5:41:C6:1D:B0:69:DA:BC:E5:D8:37:09:A7:C2:AE:0D
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/p3g41_VBxh2wadq85dg3CafCrg0.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9157D65/1A0DA82A406111EAA2BCE512C4F9AE02/F84C1D9C406111EAA351F913C4F9AE02.roa
Signing time:             Sat 06 Jan 2024 20:18:20 +0000
ROA not before:           Sat 06 Jan 2024 20:18:20 +0000
ROA not after:            Mon 31 Mar 2025 00:00:00 +0000
asID:                     138551
IP address blocks:        103.132.187.0/24 maxlen: 24
                          103.148.108.0/24 maxlen: 24
                          2001:df7:8500::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9157D65/1A0DA82A406111EAA2BCE512C4F9AE02/p3g41_VBxh2wadq85dg3CafCrg0.crl
                          rsync://rpki.apnic.net/member_repository/A9157D65/1A0DA82A406111EAA2BCE512C4F9AE02/p3g41_VBxh2wadq85dg3CafCrg0.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/p3g41_VBxh2wadq85dg3CafCrg0.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 03 Dec 2024 19:12:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2584 (0xa18)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9157D65/serialNumber=A77838D7F541C61DB069DABCE5D83709A7C2AE0D
        Validity
            Not Before: Jan  6 20:18:20 2024 GMT
            Not After : Mar 31 00:00:00 2025 GMT
        Subject: CN=6599b58c-1ba4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:51:42:57:66:68:b4:68:81:56:48:8d:00:06:
                    12:81:29:bd:58:00:e0:fd:c5:2f:87:95:7a:ae:99:
                    dd:5a:4c:e3:54:e1:2b:2a:37:eb:34:64:84:f9:d7:
                    c0:95:83:d3:04:53:b9:9e:ac:67:1f:4b:13:cc:7c:
                    55:b0:cb:b6:2b:24:6e:ad:c5:92:7d:12:a0:44:24:
                    b6:bd:13:88:ef:20:8c:d1:36:6a:c3:a6:d3:59:ae:
                    85:40:25:6c:ba:39:fb:c7:59:43:74:51:6e:c8:1d:
                    57:c7:2e:21:dc:c4:c8:0f:20:c1:ba:dc:8d:86:c5:
                    0e:10:51:a8:15:c3:3b:6e:5f:16:fe:7a:5e:82:8e:
                    fc:19:c1:ea:50:11:33:12:d1:a3:fe:ae:9a:53:36:
                    a5:4a:90:d7:c5:52:a6:e7:d2:5c:86:86:8a:26:d1:
                    af:ee:37:cf:f4:6a:32:3f:1f:17:d1:ca:65:66:2c:
                    11:94:0a:9b:fe:92:50:9e:99:7b:37:b8:a4:d9:e9:
                    45:51:35:80:1d:90:3b:cf:b4:20:32:5f:33:3a:38:
                    df:89:5c:31:3e:07:95:9f:df:35:2b:24:84:77:a8:
                    82:0a:56:e3:84:02:2a:8f:44:34:33:35:6e:3b:88:
                    ea:39:20:7a:67:80:ab:e3:60:24:31:96:59:91:2c:
                    06:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:9B:F5:36:BE:A2:EF:C8:F0:B0:DE:02:8A:E1:38:9C:AD:4F:65:CC
            X509v3 Authority Key Identifier:
                keyid:A7:78:38:D7:F5:41:C6:1D:B0:69:DA:BC:E5:D8:37:09:A7:C2:AE:0D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9157D65/1A0DA82A406111EAA2BCE512C4F9AE02/p3g41_VBxh2wadq85dg3CafCrg0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/p3g41_VBxh2wadq85dg3CafCrg0.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9157D65/1A0DA82A406111EAA2BCE512C4F9AE02/F84C1D9C406111EAA351F913C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.132.187.0/24
                  103.148.108.0/24
                IPv6:
                  2001:df7:8500::/48

    Signature Algorithm: sha256WithRSAEncryption
         3d:96:0a:72:d7:87:2d:b9:78:e1:39:8c:70:94:08:c6:78:de:
         87:f4:f5:02:6a:9a:94:fa:ed:37:c8:f1:bc:8d:f8:08:8d:37:
         09:be:ad:f0:2c:bd:34:44:c7:77:75:78:71:ab:b8:9c:ff:39:
         1d:98:9f:e9:c2:e6:b1:9a:76:ee:60:28:46:56:85:e8:56:e7:
         6d:ec:4b:e1:e4:ab:8f:58:ca:53:4c:48:a1:ef:17:60:39:4b:
         03:dd:a0:75:62:23:b6:0d:e7:b9:84:d3:3f:36:b5:24:5e:5a:
         e7:27:73:18:38:01:67:60:d1:99:64:a8:c2:db:05:96:79:3c:
         99:cf:fb:69:d3:d3:d9:3c:3a:1a:bd:0c:0a:78:1b:af:cd:1f:
         ef:f0:f1:37:3a:93:c5:e0:b0:e0:b4:f8:93:33:6a:89:13:f9:
         a4:b1:44:24:29:4b:97:1f:b8:4f:e4:79:8d:4d:21:c0:e7:13:
         47:93:08:77:db:90:ec:74:77:fe:f1:ff:f8:e6:39:9a:a3:23:
         c9:0c:31:7d:35:f3:a1:3e:51:55:99:ee:fe:2b:9b:fa:3b:ca:
         5f:02:52:5a:78:c6:29:1d:85:1c:98:d0:b9:9b:50:89:0f:6c:
         2d:8e:73:93:2b:61:20:6c:0a:21:5b:40:e3:cc:51:04:fd:93:
         b0:fb:87:42
-----BEGIN CERTIFICATE-----
MIIFiDCCBHCgAwIBAgICChgwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NTdENjUxMTAvBgNVBAUTKEE3NzgzOEQ3RjU0MUM2MURCMDY5REFCQ0U1RDgzNzA5
QTdDMkFFMEQwHhcNMjQwMTA2MjAxODIwWhcNMjUwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTk5YjU4Yy0xYmE0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA4VFCV2ZotGiBVkiNAAYSgSm9WADg/cUvh5V6rpndWkzjVOErKjfrNGSE+dfA
lYPTBFO5nqxnH0sTzHxVsMu2KyRurcWSfRKgRCS2vROI7yCM0TZqw6bTWa6FQCVs
ujn7x1lDdFFuyB1Xxy4h3MTIDyDButyNhsUOEFGoFcM7bl8W/npego78GcHqUBEz
EtGj/q6aUzalSpDXxVKm59JchoaKJtGv7jfP9GoyPx8X0cplZiwRlAqb/pJQnpl7
N7ik2elFUTWAHZA7z7QgMl8zOjjfiVwxPgeVn981KySEd6iCClbjhAIqj0Q0MzVu
O4jqOSB6Z4Cr42AkMZZZkSwGgQIDAQABo4ICrDCCAqgwHQYDVR0OBBYEFEOb9Ta+
ou/I8LDeAorhOJytT2XMMB8GA1UdIwQYMBaAFKd4ONf1QcYdsGnavOXYNwmnwq4N
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1N0Q2NS8xQTBEQTgyQTQw
NjExMUVBQTJCQ0U1MTJDNEY5QUUwMi9wM2c0MV9WQnhoMndhZHE4NWRnM0NhZkNy
ZzAuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3AzZzQxX1ZCeGgyd2FkcTg1ZGczQ2FmQ3JnMC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NTdENjUvMUEwREE4MkE0MDYxMTFFQUEyQkNFNTEyQzRGOUFFMDIvRjg0QzFEOUM0
MDYxMTFFQUEzNTFGOTEzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNgYIKwYBBQUHAQcBAf8E
JzAlMBIEAgABMAwDBABnhLsDBABnlGwwDwQCAAIwCQMHACABDfeFADANBgkqhkiG
9w0BAQsFAAOCAQEAPZYKcteHLbl44TmMcJQIxnjeh/T1AmqalPrtN8jxvI34CI03
Cb6t8Cy9NETHd3V4cau4nP85HZif6cLmsZp27mAoRlaF6FbnbexL4eSrj1jKU0xI
oe8XYDlLA92gdWIjtg3nuYTTPza1JF5a5ydzGDgBZ2DRmWSowtsFlnk8mc/7adPT
2Tw6Gr0MCngbr80f7/DxNzqTxeCw4LT4kzNqiRP5pLFEJClLlx+4T+R5jU0hwOcT
R5MId9uQ7HR3/vH/+OY5mqMjyQwxfTXzoT5RVZnu/iub+jvKXwJSWnjGKR2FHJjQ
uZtQiQ9sLY5zkythIGwKIVtA48xRBP2TsPuHQg==
-----END CERTIFICATE-----
Generated at Tue Nov 26 21:52:50 2024 by rpki-client on console-ams.rpki-client.org