Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A917EA7F/E964AF4C0B5911EB93590A5FC4F9AE02/1994E0780B5B11EB80C8B15FC4F9AE02.roa
File:                     1994E0780B5B11EB80C8B15FC4F9AE02.roa (raw, json)
Hash identifier:          +giITiM/YdqmbzO/BW3K/sDxzMMEjUhYcrvpZd/m8Ys=
Subject key identifier:   64:BD:C0:51:29:35:8D:BA:98:C4:44:10:B6:60:1E:28:9F:CB:5A:FD
Certificate issuer:       /CN=A917EA7F/serialNumber=18442A116C30101BEC8C89F4501978C092036BB8
Certificate serial:       063D
Authority key identifier: 18:44:2A:11:6C:30:10:1B:EC:8C:89:F4:50:19:78:C0:92:03:6B:B8
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/GEQqEWwwEBvsjIn0UBl4wJIDa7g.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A917EA7F/E964AF4C0B5911EB93590A5FC4F9AE02/1994E0780B5B11EB80C8B15FC4F9AE02.roa
Signing time:             Wed 26 Jul 2023 22:19:13 +0000
ROA not before:           Wed 26 Jul 2023 22:19:13 +0000
ROA not after:            Sat 31 Aug 2024 00:00:00 +0000
asID:                     55720
IP address blocks:        45.121.144.0/24 maxlen: 24
                          45.121.145.0/24 maxlen: 24
                          45.121.146.0/24 maxlen: 24
                          45.121.147.0/24 maxlen: 24
                          103.249.84.0/24 maxlen: 24
                          103.249.85.0/24 maxlen: 24
                          103.249.86.0/24 maxlen: 24
                          103.249.87.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A917EA7F/E964AF4C0B5911EB93590A5FC4F9AE02/GEQqEWwwEBvsjIn0UBl4wJIDa7g.crl
                          rsync://rpki.apnic.net/member_repository/A917EA7F/E964AF4C0B5911EB93590A5FC4F9AE02/GEQqEWwwEBvsjIn0UBl4wJIDa7g.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/GEQqEWwwEBvsjIn0UBl4wJIDa7g.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 23 Jun 2024 23:08:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1597 (0x63d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A917EA7F/serialNumber=18442A116C30101BEC8C89F4501978C092036BB8
        Validity
            Not Before: Jul 26 22:19:13 2023 GMT
            Not After : Aug 31 00:00:00 2024 GMT
        Subject: CN=64c19be1-e0f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:98:26:ef:92:3b:95:cf:c2:e6:49:98:52:17:
                    a0:b6:9e:3c:b7:f0:77:d0:26:ba:31:58:cb:75:35:
                    97:ef:7c:ac:2c:8a:0e:7b:76:25:83:0f:f3:e5:99:
                    5f:6a:db:45:b4:a0:17:22:b4:32:23:eb:e4:f5:25:
                    e4:46:7b:38:a2:eb:33:49:b5:70:76:ce:82:60:5e:
                    96:97:58:d4:89:5f:4b:9f:15:38:91:e5:7d:2a:b8:
                    7d:a7:aa:c4:28:52:85:32:ae:54:79:7c:df:d3:a8:
                    cf:e6:f3:11:ea:5e:7d:b6:c2:52:92:2a:71:df:4c:
                    b1:ac:e1:61:96:8b:6c:16:ab:68:49:66:64:27:9d:
                    00:76:ec:19:38:01:0c:45:4b:04:06:6f:00:9c:81:
                    11:01:9f:7d:3f:2f:36:88:9d:9a:6a:40:f7:f4:43:
                    f0:d2:1b:d2:16:a9:98:e0:d4:86:6a:90:e8:84:ef:
                    5f:b5:0e:5c:cd:5d:b9:2d:48:d3:37:a9:bb:12:b7:
                    7a:00:f3:07:90:3d:a9:36:55:89:88:16:ca:d5:81:
                    56:1d:ff:83:c7:0e:a8:01:04:94:f4:07:af:11:cd:
                    7a:bb:f7:f8:3c:50:bc:f9:ec:1e:cc:bb:47:95:b8:
                    ab:ae:6c:36:3d:e1:7c:b2:1b:a2:b2:8c:a8:6b:b0:
                    ba:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:BD:C0:51:29:35:8D:BA:98:C4:44:10:B6:60:1E:28:9F:CB:5A:FD
            X509v3 Authority Key Identifier:
                keyid:18:44:2A:11:6C:30:10:1B:EC:8C:89:F4:50:19:78:C0:92:03:6B:B8

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A917EA7F/E964AF4C0B5911EB93590A5FC4F9AE02/GEQqEWwwEBvsjIn0UBl4wJIDa7g.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/GEQqEWwwEBvsjIn0UBl4wJIDa7g.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A917EA7F/E964AF4C0B5911EB93590A5FC4F9AE02/1994E0780B5B11EB80C8B15FC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.121.144.0/22
                  103.249.84.0/22

    Signature Algorithm: sha256WithRSAEncryption
         30:fb:ae:b5:9c:60:17:06:c2:e6:fc:45:1f:59:e2:71:b1:79:
         26:49:f5:68:c6:98:4e:bc:ca:96:b0:6d:b2:fa:02:46:61:ce:
         99:5c:72:98:62:8b:2e:af:0a:cc:57:44:f8:45:2b:30:d5:4d:
         05:d1:92:d1:1b:52:17:77:ea:30:06:30:9e:52:43:72:6c:23:
         7a:56:c3:50:72:de:a5:d1:b2:56:cd:4a:13:c8:87:25:54:21:
         71:9f:5d:eb:9e:af:3b:67:9c:7b:8d:e5:bf:49:32:81:26:05:
         b7:4f:27:48:eb:a0:cc:09:e2:d1:a0:91:bc:c7:75:54:3e:da:
         68:c8:fa:8c:64:1f:66:a3:83:01:97:ec:31:e8:d1:7f:c9:13:
         7e:05:bb:d6:0f:39:94:9b:8b:2c:58:17:ef:63:96:4c:a9:a6:
         a4:24:24:f8:bf:2d:36:ce:d9:05:1a:ba:b7:1a:13:72:46:3a:
         df:96:d1:5a:38:4d:c1:bc:1f:28:4f:b9:9c:96:cc:bf:a1:c6:
         23:92:7c:03:4e:0d:17:4f:b9:63:7b:9a:ac:df:e5:c2:6c:2d:
         c4:da:2e:3d:38:67:f9:aa:8f:60:5a:7d:a9:c0:80:90:54:67:
         13:74:1c:df:8d:cb:b7:00:18:b1:15:4a:3e:9c:f1:3a:b8:e1:
         a4:16:36:c0
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICBj0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
N0VBN0YxMTAvBgNVBAUTKDE4NDQyQTExNkMzMDEwMUJFQzhDODlGNDUwMTk3OEMw
OTIwMzZCQjgwHhcNMjMwNzI2MjIxOTEzWhcNMjQwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NGMxOWJlMS1lMGYzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA3Jgm75I7lc/C5kmYUhegtp48t/B30Ca6MVjLdTWX73ysLIoOe3Ylgw/z5Zlf
attFtKAXIrQyI+vk9SXkRns4ouszSbVwds6CYF6Wl1jUiV9LnxU4keV9Krh9p6rE
KFKFMq5UeXzf06jP5vMR6l59tsJSkipx30yxrOFhlotsFqtoSWZkJ50AduwZOAEM
RUsEBm8AnIERAZ99Py82iJ2aakD39EPw0hvSFqmY4NSGapDohO9ftQ5czV25LUjT
N6m7Erd6APMHkD2pNlWJiBbK1YFWHf+Dxw6oAQSU9AevEc16u/f4PFC8+ewezLtH
lbirrmw2PeF8shuisoyoa7C6zQIDAQABo4ICmzCCApcwHQYDVR0OBBYEFGS9wFEp
NY26mMREELZgHiify1r9MB8GA1UdIwQYMBaAFBhEKhFsMBAb7IyJ9FAZeMCSA2u4
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3RUE3Ri9FOTY0QUY0QzBC
NTkxMUVCOTM1OTBBNUZDNEY5QUUwMi9HRVFxRVd3d0VCdnNqSW4wVUJsNHdKSURh
N2cuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0dFUXFFV3d3RUJ2c2pJbjBVQmw0d0pJRGE3Zy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
N0VBN0YvRTk2NEFGNEMwQjU5MTFFQjkzNTkwQTVGQzRGOUFFMDIvMTk5NEUwNzgw
QjVCMTFFQjgwQzhCMTVGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBAIteZADBAJn+VQwDQYJKoZIhvcNAQELBQADggEBADD7rrWc
YBcGwub8RR9Z4nGxeSZJ9WjGmE68ypawbbL6AkZhzplccphiiy6vCsxXRPhFKzDV
TQXRktEbUhd36jAGMJ5SQ3JsI3pWw1By3qXRslbNShPIhyVUIXGfXeuerztnnHuN
5b9JMoEmBbdPJ0jroMwJ4tGgkbzHdVQ+2mjI+oxkH2ajgwGX7DHo0X/JE34Fu9YP
OZSbiyxYF+9jlkyppqQkJPi/LTbO2QUaurcaE3JGOt+W0Vo4TcG8HyhPuZyWzL+h
xiOSfANODRdPuWN7mqzf5cJsLcTaLj04Z/mqj2BafanAgJBUZxN0HN+Ny7cAGLEV
Sj6c8Tq44aQWNsA=
-----END CERTIFICATE-----
Generated at Mon Jun 17 02:12:18 2024 by rpki-client on console-ams.rpki-client.org