Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9167D07/D74AE2741BA911E8A8F57865C4F9AE02/EFE8CDF6C8D111EE95249F25C4F9AE02.roa
File:                     EFE8CDF6C8D111EE95249F25C4F9AE02.roa (raw, json)
Hash identifier:          tFtn/VHQEvDcsoWqBX4q0RUPrGxjEwECyPDacA7Txlo=
Subject key identifier:   08:91:03:4D:6F:54:BE:5B:06:21:F4:AF:02:9F:38:32:11:AD:D2:E0
Certificate issuer:       /CN=A9167D07/serialNumber=037B8F05F4902D9DA8B424C39340865F3DAC9B26
Certificate serial:       1542
Authority key identifier: 03:7B:8F:05:F4:90:2D:9D:A8:B4:24:C3:93:40:86:5F:3D:AC:9B:26
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/A3uPBfSQLZ2otCTDk0CGXz2smyY.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9167D07/D74AE2741BA911E8A8F57865C4F9AE02/EFE8CDF6C8D111EE95249F25C4F9AE02.roa
Signing time:             Sat 02 Mar 2024 17:25:13 +0000
ROA not before:           Sat 02 Mar 2024 17:25:13 +0000
ROA not after:            Thu 01 May 2025 00:00:00 +0000
asID:                     55427
IP address blocks:        43.245.92.0/22 maxlen: 22
                          43.245.92.0/23 maxlen: 23
                          43.245.92.0/24 maxlen: 24
                          43.245.93.0/24 maxlen: 24
                          43.245.94.0/23 maxlen: 23
                          43.245.94.0/24 maxlen: 24
                          43.245.95.0/24 maxlen: 24
                          103.232.228.0/22 maxlen: 22
                          103.232.228.0/23 maxlen: 23
                          103.232.228.0/24 maxlen: 24
                          103.232.229.0/24 maxlen: 24
                          103.232.230.0/23 maxlen: 23
                          103.232.230.0/24 maxlen: 24
                          103.232.231.0/24 maxlen: 24
                          182.50.64.0/22 maxlen: 24
                          2402:a300::/32 maxlen: 32
                          2402:a300:3e6::/48 maxlen: 48
                          2402:a300:3e7::/48 maxlen: 48
                          2402:a300:3e8::/48 maxlen: 48
                          2402:a300:13e6::/48 maxlen: 48
                          2402:a300:13e7::/48 maxlen: 48
                          2402:a300:13e8::/48 maxlen: 48
                          2402:a300:23e8::/48 maxlen: 48
                          2402:a300:4000::/36 maxlen: 36
                          2402:a300:4005::/48 maxlen: 48
                          2402:a300:8000::/36 maxlen: 36
                          2402:a300:8005::/48 maxlen: 48
                          2402:a300:800a::/48 maxlen: 48
                          2402:a300:c000::/36 maxlen: 36
                          2402:a300:c005::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9167D07/D74AE2741BA911E8A8F57865C4F9AE02/A3uPBfSQLZ2otCTDk0CGXz2smyY.crl
                          rsync://rpki.apnic.net/member_repository/A9167D07/D74AE2741BA911E8A8F57865C4F9AE02/A3uPBfSQLZ2otCTDk0CGXz2smyY.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/A3uPBfSQLZ2otCTDk0CGXz2smyY.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 21 Jun 2024 17:30:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 5442 (0x1542)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9167D07/serialNumber=037B8F05F4902D9DA8B424C39340865F3DAC9B26
        Validity
            Not Before: Mar  2 17:25:13 2024 GMT
            Not After : May  1 00:00:00 2025 GMT
        Subject: CN=65e360f9-912f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:eb:41:fa:8f:c4:19:b6:8a:30:a0:97:fe:0b:6c:
                    4a:72:af:ed:41:32:a2:59:e0:50:7b:d0:ed:7e:3d:
                    65:ca:10:39:12:6d:fb:09:f7:78:86:b4:43:71:2a:
                    78:ad:c8:e4:32:6d:08:98:5c:18:94:12:5b:6e:be:
                    8b:b8:17:76:61:88:58:d8:d9:6c:df:ec:94:0c:83:
                    9c:c6:de:bb:26:0f:89:5d:39:c6:b8:2c:38:a0:72:
                    01:7b:63:3f:95:1d:3d:19:a1:ec:df:a3:ca:6f:f3:
                    7a:ff:2b:6b:9f:f6:7b:e5:3d:08:4f:6e:df:5e:7b:
                    29:ff:29:28:84:dc:0c:1a:04:35:f8:87:51:64:59:
                    06:a2:0b:d6:e1:37:c4:4a:79:de:59:8e:df:0f:5e:
                    a8:b6:ce:dd:ff:70:84:7f:70:d9:f7:95:d8:05:9b:
                    a1:d9:c5:1a:85:d1:53:07:10:7b:7c:57:49:33:42:
                    1f:a9:b0:28:c8:ad:92:69:ec:3b:37:8b:19:17:9d:
                    6c:b8:db:ac:2a:d4:f1:2d:7b:0c:58:6d:8b:1a:1d:
                    d5:4d:3d:85:02:d9:5b:a6:43:22:4c:90:e4:a7:71:
                    88:11:91:51:fe:77:e8:00:2d:68:01:e1:34:41:53:
                    90:86:ec:fd:0b:7a:28:71:e2:02:33:10:66:12:84:
                    08:81
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                08:91:03:4D:6F:54:BE:5B:06:21:F4:AF:02:9F:38:32:11:AD:D2:E0
            X509v3 Authority Key Identifier:
                keyid:03:7B:8F:05:F4:90:2D:9D:A8:B4:24:C3:93:40:86:5F:3D:AC:9B:26

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9167D07/D74AE2741BA911E8A8F57865C4F9AE02/A3uPBfSQLZ2otCTDk0CGXz2smyY.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/A3uPBfSQLZ2otCTDk0CGXz2smyY.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9167D07/D74AE2741BA911E8A8F57865C4F9AE02/EFE8CDF6C8D111EE95249F25C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.245.92.0/22
                  103.232.228.0/22
                  182.50.64.0/22
                IPv6:
                  2402:a300::/32

    Signature Algorithm: sha256WithRSAEncryption
         64:ce:b6:84:c0:a8:12:b9:b3:1c:a5:23:61:26:e2:af:88:88:
         ea:19:d4:40:dd:e9:82:07:8b:58:da:97:d6:bd:71:bb:8a:0d:
         7c:51:3a:6e:dc:97:13:d5:d0:68:29:ff:50:8b:fe:fe:92:28:
         ad:e1:63:b1:34:fb:31:42:e4:46:c4:9a:e6:e5:93:e6:c2:03:
         f9:00:72:67:7d:fe:38:69:20:13:21:42:16:a6:c6:3d:83:e3:
         f3:67:14:f2:de:e7:61:ca:25:53:51:9c:a2:f9:b8:41:75:8d:
         11:6c:9c:39:41:28:39:57:94:1d:cc:4f:6b:e1:a4:99:24:12:
         ee:24:00:f5:94:12:b2:9b:d9:73:d5:7d:a7:df:4d:97:b6:ab:
         d3:ec:a3:f3:d8:ab:cb:65:e9:e9:fc:5b:87:fd:45:85:b9:39:
         40:51:b8:e1:49:02:ea:2e:75:22:76:a5:ed:af:d1:17:dc:98:
         36:90:c6:db:27:6b:0e:e6:24:c8:98:89:3a:50:33:b8:79:7a:
         62:02:d9:37:72:6a:32:90:1a:a4:f6:c8:b2:bc:89:dc:2a:c1:
         a2:2f:ce:a3:72:57:13:01:05:3f:0a:61:4c:0b:30:a0:c8:6d:
         00:57:b2:a8:3c:6c:01:e9:07:2d:86:bc:82:da:57:b5:96:1d:
         b2:56:09:f9
-----BEGIN CERTIFICATE-----
MIIFjDCCBHSgAwIBAgICFUIwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NjdEMDcxMTAvBgNVBAUTKDAzN0I4RjA1RjQ5MDJEOURBOEI0MjRDMzkzNDA4NjVG
M0RBQzlCMjYwHhcNMjQwMzAyMTcyNTEzWhcNMjUwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWUzNjBmOS05MTJmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA60H6j8QZtoowoJf+C2xKcq/tQTKiWeBQe9Dtfj1lyhA5Em37Cfd4hrRDcSp4
rcjkMm0ImFwYlBJbbr6LuBd2YYhY2Nls3+yUDIOcxt67Jg+JXTnGuCw4oHIBe2M/
lR09GaHs36PKb/N6/ytrn/Z75T0IT27fXnsp/ykohNwMGgQ1+IdRZFkGogvW4TfE
SnneWY7fD16ots7d/3CEf3DZ95XYBZuh2cUahdFTBxB7fFdJM0IfqbAoyK2Saew7
N4sZF51suNusKtTxLXsMWG2LGh3VTT2FAtlbpkMiTJDkp3GIEZFR/nfoAC1oAeE0
QVOQhuz9C3ooceICMxBmEoQIgQIDAQABo4ICsDCCAqwwHQYDVR0OBBYEFAiRA01v
VL5bBiH0rwKfODIRrdLgMB8GA1UdIwQYMBaAFAN7jwX0kC2dqLQkw5NAhl89rJsm
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE2N0QwNy9ENzRBRTI3NDFC
QTkxMUU4QThGNTc4NjVDNEY5QUUwMi9BM3VQQmZTUUxaMm90Q1REazBDR1h6MnNt
eVkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0EzdVBCZlNRTFoyb3RDVERrMENHWHoyc215WS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NjdEMDcvRDc0QUUyNzQxQkE5MTFFOEE4RjU3ODY1QzRGOUFFMDIvRUZFOENERjZD
OEQxMTFFRTk1MjQ5RjI1QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwOgYIKwYBBQUHAQcBAf8E
KzApMBgEAgABMBIDBAIr9VwDBAJn6OQDBAK2MkAwDQQCAAIwBwMFACQCowAwDQYJ
KoZIhvcNAQELBQADggEBAGTOtoTAqBK5sxylI2Em4q+IiOoZ1EDd6YIHi1jal9a9
cbuKDXxROm7clxPV0Ggp/1CL/v6SKK3hY7E0+zFC5EbEmublk+bCA/kAcmd9/jhp
IBMhQhamxj2D4/NnFPLe52HKJVNRnKL5uEF1jRFsnDlBKDlXlB3MT2vhpJkkEu4k
APWUErKb2XPVfaffTZe2q9Pso/PYq8tl6en8W4f9RYW5OUBRuOFJAuoudSJ2pe2v
0RfcmDaQxtsnaw7mJMiYiTpQM7h5emIC2TdyajKQGqT2yLK8idwqwaIvzqNyVxMB
BT8KYUwLMKDIbQBXsqg8bAHpBy2GvILaV7WWHbJWCfk=
-----END CERTIFICATE-----
Generated at Fri Jun 14 19:09:28 2024 by rpki-client on console-ams.rpki-client.org