Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9162CCE/B755DA28B99411EB93F8265DC4F9AE02/6D5F7C74B99611EBB5E9AE5EC4F9AE02.roa
File:                     6D5F7C74B99611EBB5E9AE5EC4F9AE02.roa (raw, json)
Hash identifier:          inV57aEFQYsgNDwEQlzRsIvBso5mFUr5urdtIa2D6os=
Subject key identifier:   D4:F0:EA:A7:FA:0B:62:FE:6B:92:68:C4:F5:ED:E8:AC:86:1D:23:D0
Certificate issuer:       /CN=A9162CCE/serialNumber=61F45DC54F47E252FAC6552DDBB3965854C6C801
Certificate serial:       050A
Authority key identifier: 61:F4:5D:C5:4F:47:E2:52:FA:C6:55:2D:DB:B3:96:58:54:C6:C8:01
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/YfRdxU9H4lL6xlUt27OWWFTGyAE.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9162CCE/B755DA28B99411EB93F8265DC4F9AE02/6D5F7C74B99611EBB5E9AE5EC4F9AE02.roa
Signing time:             Fri 05 Apr 2024 01:34:42 +0000
ROA not before:           Fri 05 Apr 2024 01:34:42 +0000
ROA not after:            Thu 01 May 2025 00:00:00 +0000
asID:                     141691
IP address blocks:        103.162.12.0/23 maxlen: 23
                          103.162.12.0/24 maxlen: 24
                          103.162.13.0/24 maxlen: 24
                          2001:df5:df80::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9162CCE/B755DA28B99411EB93F8265DC4F9AE02/YfRdxU9H4lL6xlUt27OWWFTGyAE.crl
                          rsync://rpki.apnic.net/member_repository/A9162CCE/B755DA28B99411EB93F8265DC4F9AE02/YfRdxU9H4lL6xlUt27OWWFTGyAE.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/YfRdxU9H4lL6xlUt27OWWFTGyAE.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 19 Jun 2024 22:27:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1290 (0x50a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9162CCE/serialNumber=61F45DC54F47E252FAC6552DDBB3965854C6C801
        Validity
            Not Before: Apr  5 01:34:42 2024 GMT
            Not After : May  1 00:00:00 2025 GMT
        Subject: CN=660f5532-e56b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:ba:f0:e1:81:f7:13:83:f1:1e:01:8f:73:6a:
                    23:65:f7:1d:d8:6d:22:f1:2f:0b:03:a0:96:4a:f1:
                    e8:a0:ac:44:f9:a1:21:22:e3:c0:8c:db:3b:9a:ad:
                    6f:a4:2c:5f:d4:9e:5a:b8:3e:06:90:4e:f7:24:33:
                    3f:f9:86:8e:d1:4c:41:f1:99:e7:2f:63:1e:7a:43:
                    43:ba:03:5c:d6:c4:cb:04:f8:8a:c8:0f:9f:30:ad:
                    be:03:d4:b7:c7:93:e7:6b:ef:12:ef:e0:ec:cd:72:
                    ab:7e:82:e3:65:a2:56:3b:27:d5:93:51:93:6f:9e:
                    0b:7f:6f:dd:62:98:e4:47:d8:39:1e:32:e0:78:8f:
                    9c:fa:3b:f0:21:9d:b7:f2:90:0b:11:fd:f5:6e:6a:
                    33:57:17:73:53:22:6f:74:52:53:7c:46:70:99:bd:
                    cb:ed:7b:c6:57:f2:cd:24:8d:38:f4:f4:ee:00:b8:
                    40:a4:e3:e0:50:7c:e1:f4:01:f9:0d:8c:98:d3:e7:
                    f2:b5:05:88:5a:ed:16:6b:cb:1b:98:81:f1:a5:aa:
                    60:b3:ed:69:27:5a:47:8e:46:21:df:19:10:c5:e9:
                    7e:68:69:23:f6:c1:c5:06:e1:f6:a4:df:af:ee:5a:
                    bc:54:c1:40:21:b7:25:0a:b5:69:9d:88:c9:e1:27:
                    17:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D4:F0:EA:A7:FA:0B:62:FE:6B:92:68:C4:F5:ED:E8:AC:86:1D:23:D0
            X509v3 Authority Key Identifier:
                keyid:61:F4:5D:C5:4F:47:E2:52:FA:C6:55:2D:DB:B3:96:58:54:C6:C8:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9162CCE/B755DA28B99411EB93F8265DC4F9AE02/YfRdxU9H4lL6xlUt27OWWFTGyAE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/YfRdxU9H4lL6xlUt27OWWFTGyAE.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9162CCE/B755DA28B99411EB93F8265DC4F9AE02/6D5F7C74B99611EBB5E9AE5EC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.162.12.0/23
                IPv6:
                  2001:df5:df80::/48

    Signature Algorithm: sha256WithRSAEncryption
         2c:f8:fd:94:ce:da:a8:b7:ef:50:84:20:c1:0e:ea:94:83:5b:
         25:08:c2:0b:be:eb:bf:ec:1f:20:ed:b7:a0:18:76:b2:21:3a:
         ee:af:49:45:47:74:82:4f:14:0a:c1:7e:6e:e9:92:67:2b:1c:
         f5:9a:cc:4e:1b:3a:7c:f3:31:a0:8f:7d:87:dc:ec:15:62:cf:
         3e:d3:e6:d7:f2:0c:d1:af:39:7b:eb:13:e2:54:ad:1e:e8:a4:
         3a:e7:8f:51:6e:3f:7c:9b:5e:e2:77:6e:59:e5:2c:0f:46:27:
         7b:c8:a2:4e:37:3f:16:80:98:b5:91:ca:3e:f3:a5:bb:14:bb:
         b8:b5:ec:78:1b:6d:2a:57:6a:d1:e6:db:bc:5b:eb:f5:ba:0c:
         53:82:71:1c:1a:ff:eb:50:03:0a:88:15:e9:74:3c:c8:a8:4e:
         47:29:b7:e5:71:1b:23:43:aa:7c:70:55:11:29:a3:31:ab:1e:
         67:1d:0e:3f:3f:de:18:18:d9:61:86:ee:c3:f4:37:4f:30:7b:
         f9:7c:91:ad:dc:89:06:52:a6:69:69:35:20:8a:cd:9a:bc:a3:
         7d:87:d9:9e:18:c2:e4:c7:90:9c:da:50:0d:4a:05:30:aa:17:
         f0:2e:c8:27:ad:47:7d:3e:5d:bc:3c:6c:5f:ec:ba:05:78:a3:
         8c:ef:bb:06
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICBQowDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NjJDQ0UxMTAvBgNVBAUTKDYxRjQ1REM1NEY0N0UyNTJGQUM2NTUyRERCQjM5NjU4
NTRDNkM4MDEwHhcNMjQwNDA1MDEzNDQyWhcNMjUwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjBmNTUzMi1lNTZiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAs7rw4YH3E4PxHgGPc2ojZfcd2G0i8S8LA6CWSvHooKxE+aEhIuPAjNs7mq1v
pCxf1J5auD4GkE73JDM/+YaO0UxB8ZnnL2MeekNDugNc1sTLBPiKyA+fMK2+A9S3
x5Pna+8S7+DszXKrfoLjZaJWOyfVk1GTb54Lf2/dYpjkR9g5HjLgeI+c+jvwIZ23
8pALEf31bmozVxdzUyJvdFJTfEZwmb3L7XvGV/LNJI049PTuALhApOPgUHzh9AH5
DYyY0+fytQWIWu0Wa8sbmIHxpapgs+1pJ1pHjkYh3xkQxel+aGkj9sHFBuH2pN+v
7lq8VMFAIbclCrVpnYjJ4ScXBwIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFNTw6qf6
C2L+a5JoxPXt6KyGHSPQMB8GA1UdIwQYMBaAFGH0XcVPR+JS+sZVLduzllhUxsgB
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE2MkNDRS9CNzU1REEyOEI5
OTQxMUVCOTNGODI2NURDNEY5QUUwMi9ZZlJkeFU5SDRsTDZ4bFV0MjdPV1dGVEd5
QUUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1lmUmR4VTlINGxMNnhsVXQyN09XV0ZUR3lBRS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NjJDQ0UvQjc1NURBMjhCOTk0MTFFQjkzRjgyNjVEQzRGOUFFMDIvNkQ1RjdDNzRC
OTk2MTFFQkI1RTlBRTVFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBAFnogwwDwQCAAIwCQMHACABDfXfgDANBgkqhkiG9w0BAQsF
AAOCAQEALPj9lM7aqLfvUIQgwQ7qlINbJQjCC77rv+wfIO23oBh2siE67q9JRUd0
gk8UCsF+bumSZysc9ZrMThs6fPMxoI99h9zsFWLPPtPm1/IM0a85e+sT4lStHuik
OuePUW4/fJte4nduWeUsD0Yne8iiTjc/FoCYtZHKPvOluxS7uLXseBttKldq0ebb
vFvr9boMU4JxHBr/61ADCogV6XQ8yKhORym35XEbI0OqfHBVESmjMaseZx0OPz/e
GBjZYYbuw/Q3TzB7+XyRrdyJBlKmaWk1IIrNmryjfYfZnhjC5MeQnNpQDUoFMKoX
8C7IJ61HfT5dvDxsX+y6BXijjO+7Bg==
-----END CERTIFICATE-----
Generated at Thu Jun 13 01:52:11 2024 by rpki-client on console-fra.rpki-client.org