Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9160244/7EAFECB03C0711E5B16CEF63C4F9AE02/E1FACBC0B10D11E5894F4D1CC4F9AE02.roa
File:                     E1FACBC0B10D11E5894F4D1CC4F9AE02.roa (raw, json)
Hash identifier:          XWbz1NzkQiBtcleuNfII5o5wCXCQejLmoK40q68PraU=
Subject key identifier:   A8:E4:0A:D6:5F:2B:1D:38:A8:60:21:6D:86:41:5A:E2:BC:B9:27:76
Certificate issuer:       /CN=A9160244/serialNumber=0434017186DB84CA89477570DDA10AD731597FF1
Certificate serial:       2404
Authority key identifier: 04:34:01:71:86:DB:84:CA:89:47:75:70:DD:A1:0A:D7:31:59:7F:F1
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BDQBcYbbhMqJR3Vw3aEK1zFZf_E.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9160244/7EAFECB03C0711E5B16CEF63C4F9AE02/E1FACBC0B10D11E5894F4D1CC4F9AE02.roa
Signing time:             Sun 02 Jun 2024 16:25:08 +0000
ROA not before:           Sun 02 Jun 2024 16:25:08 +0000
ROA not after:            Wed 30 Jul 2025 00:00:00 +0000
asID:                     58921
IP address blocks:        43.225.176.0/24 maxlen: 24
                          43.225.179.0/24 maxlen: 24
                          103.248.4.0/24 maxlen: 24
                          103.248.5.0/24 maxlen: 24
                          103.248.6.0/24 maxlen: 24
                          103.248.7.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9160244/7EAFECB03C0711E5B16CEF63C4F9AE02/BDQBcYbbhMqJR3Vw3aEK1zFZf_E.crl
                          rsync://rpki.apnic.net/member_repository/A9160244/7EAFECB03C0711E5B16CEF63C4F9AE02/BDQBcYbbhMqJR3Vw3aEK1zFZf_E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BDQBcYbbhMqJR3Vw3aEK1zFZf_E.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 23 Jun 2024 14:50:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 9220 (0x2404)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9160244/serialNumber=0434017186DB84CA89477570DDA10AD731597FF1
        Validity
            Not Before: Jun  2 16:25:08 2024 GMT
            Not After : Jul 30 00:00:00 2025 GMT
        Subject: CN=665c9ce3-cc3f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:5a:88:a4:0a:9c:44:b9:25:21:1b:c6:7a:eb:
                    bc:61:9f:02:9e:ec:21:bf:92:46:28:1b:84:8d:35:
                    4d:c0:21:ee:2b:b1:c9:38:2e:a5:9b:93:58:cd:60:
                    a5:a7:b4:7d:22:8b:7d:52:d8:c8:30:23:7c:c9:66:
                    6c:27:d7:3c:ed:f2:69:0d:6c:38:59:42:eb:a3:c7:
                    bb:e7:97:7d:bd:d8:6d:72:0a:54:92:7b:cb:a4:8c:
                    9a:94:78:be:b9:ed:8e:70:2e:9b:5a:6c:e5:64:28:
                    0f:ad:f0:fc:2a:c4:89:4b:f9:50:73:20:37:91:6b:
                    8d:f2:b8:a9:9b:92:26:36:3b:6d:99:63:75:9a:70:
                    14:bc:83:7f:cc:9e:15:fe:34:1b:ef:65:01:6f:06:
                    bd:28:be:35:ac:93:5e:18:84:90:7d:71:2f:07:e8:
                    35:29:21:75:33:3f:d2:b8:62:e9:ec:af:f1:25:29:
                    23:3a:00:92:f9:df:eb:47:0b:22:a9:75:70:66:8f:
                    5f:44:6a:b1:7c:99:d4:15:5e:02:03:2a:c6:24:48:
                    06:98:4a:a5:56:ef:9d:5e:57:bb:ce:cf:18:81:ae:
                    54:b8:d0:ec:03:ed:6f:67:77:95:94:49:18:62:44:
                    d6:76:9e:63:c2:3b:ef:43:a5:0f:77:f4:70:c1:a5:
                    83:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A8:E4:0A:D6:5F:2B:1D:38:A8:60:21:6D:86:41:5A:E2:BC:B9:27:76
            X509v3 Authority Key Identifier:
                keyid:04:34:01:71:86:DB:84:CA:89:47:75:70:DD:A1:0A:D7:31:59:7F:F1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9160244/7EAFECB03C0711E5B16CEF63C4F9AE02/BDQBcYbbhMqJR3Vw3aEK1zFZf_E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/BDQBcYbbhMqJR3Vw3aEK1zFZf_E.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9160244/7EAFECB03C0711E5B16CEF63C4F9AE02/E1FACBC0B10D11E5894F4D1CC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.225.176.0/24
                  43.225.179.0/24
                  103.248.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         1e:e1:80:12:b7:70:ce:f5:49:18:32:ce:57:9b:4c:78:12:c8:
         4f:26:46:a3:2e:f5:93:0f:3e:51:af:07:af:8b:9a:48:d2:00:
         74:84:9a:01:77:ad:08:11:00:f5:f9:ab:56:5c:f9:14:87:aa:
         20:71:27:d9:30:5f:78:de:b4:50:63:f6:db:82:67:ca:d1:75:
         5f:59:8a:98:e2:01:24:72:6e:6e:ae:78:9f:72:82:7a:cb:1a:
         02:bd:23:4d:6c:0d:e4:7a:1c:0f:35:07:2d:c4:12:0e:b5:9d:
         04:9c:85:31:5d:55:a6:79:8e:e7:e5:ec:c6:f6:4a:b6:b2:19:
         67:71:23:90:d0:92:7c:25:f2:1e:03:9b:ef:fe:ca:16:22:73:
         7d:73:33:12:e7:77:90:26:75:97:ce:15:6a:e0:b8:6d:06:e0:
         bf:a3:7a:01:4c:4c:5b:4b:e1:2c:bb:37:e9:c4:36:1b:11:8f:
         17:b6:cb:3d:ce:eb:bb:08:a5:eb:37:3b:a4:f2:33:c9:ca:8b:
         71:29:dc:04:23:27:e2:59:3f:5f:77:04:20:b1:98:09:b7:f5:
         9e:eb:c2:ed:38:b7:f3:53:9d:e3:a2:51:69:eb:fd:c9:c0:56:
         1c:f9:79:67:f8:61:5b:30:3d:89:13:cd:37:45:8c:8a:4f:7f:
         c6:6d:9b:0d
-----BEGIN CERTIFICATE-----
MIIFfTCCBGWgAwIBAgICJAQwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NjAyNDQxMTAvBgNVBAUTKDA0MzQwMTcxODZEQjg0Q0E4OTQ3NzU3MEREQTEwQUQ3
MzE1OTdGRjEwHhcNMjQwNjAyMTYyNTA4WhcNMjUwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjVjOWNlMy1jYzNmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAuFqIpAqcRLklIRvGeuu8YZ8Cnuwhv5JGKBuEjTVNwCHuK7HJOC6lm5NYzWCl
p7R9Iot9UtjIMCN8yWZsJ9c87fJpDWw4WULro8e755d9vdhtcgpUknvLpIyalHi+
ue2OcC6bWmzlZCgPrfD8KsSJS/lQcyA3kWuN8ripm5ImNjttmWN1mnAUvIN/zJ4V
/jQb72UBbwa9KL41rJNeGISQfXEvB+g1KSF1Mz/SuGLp7K/xJSkjOgCS+d/rRwsi
qXVwZo9fRGqxfJnUFV4CAyrGJEgGmEqlVu+dXle7zs8Yga5UuNDsA+1vZ3eVlEkY
YkTWdp5jwjvvQ6UPd/RwwaWDkQIDAQABo4ICoTCCAp0wHQYDVR0OBBYEFKjkCtZf
Kx04qGAhbYZBWuK8uSd2MB8GA1UdIwQYMBaAFAQ0AXGG24TKiUd1cN2hCtcxWX/x
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE2MDI0NC83RUFGRUNCMDND
MDcxMUU1QjE2Q0VGNjNDNEY5QUUwMi9CRFFCY1liYmhNcUpSM1Z3M2FFSzF6Rlpm
X0UuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0JEUUJjWWJiaE1xSlIzVnczYUVLMXpGWmZfRS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NjAyNDQvN0VBRkVDQjAzQzA3MTFFNUIxNkNFRjYzQzRGOUFFMDIvRTFGQUNCQzBC
MTBEMTFFNTg5NEY0RDFDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwKwYIKwYBBQUHAQcBAf8E
HDAaMBgEAgABMBIDBAAr4bADBAAr4bMDBAJn+AQwDQYJKoZIhvcNAQELBQADggEB
AB7hgBK3cM71SRgyzlebTHgSyE8mRqMu9ZMPPlGvB6+LmkjSAHSEmgF3rQgRAPX5
q1Zc+RSHqiBxJ9kwX3jetFBj9tuCZ8rRdV9ZipjiASRybm6ueJ9ygnrLGgK9I01s
DeR6HA81By3EEg61nQSchTFdVaZ5jufl7Mb2SrayGWdxI5DQknwl8h4Dm+/+yhYi
c31zMxLnd5AmdZfOFWrguG0G4L+jegFMTFtL4Sy7N+nENhsRjxe2yz3O67sIpes3
O6TyM8nKi3Ep3AQjJ+JZP193BCCxmAm39Z7rwu04t/NTneOiUWnr/cnAVhz5eWf4
YVswPYkTzTdFjIpPf8Ztmw0=
-----END CERTIFICATE-----
Generated at Sun Jun 16 17:32:44 2024 by rpki-client on console-fra.rpki-client.org