Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9186214/C65D5364331A11E4AF2AB37CC4F9AE02/7909FCC06DF211EA806B671BC4F9AE02.roa
File:                     7909FCC06DF211EA806B671BC4F9AE02.roa (raw, json)
Hash identifier:          4bAY8PvQtqzAh0BR34CDGwXsMO5R8pvHAnktWyTK8Q0=
Subject key identifier:   D3:CB:2F:86:EC:39:76:6D:F6:41:62:6B:14:E9:28:08:25:E6:14:FC
Certificate issuer:       /CN=A9186214/serialNumber=F3DB9F162008BD666CBF8C99607814CFAB24D7E7
Certificate serial:       3357
Authority key identifier: F3:DB:9F:16:20:08:BD:66:6C:BF:8C:99:60:78:14:CF:AB:24:D7:E7
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/89ufFiAIvWZsv4yZYHgUz6sk1-c.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9186214/C65D5364331A11E4AF2AB37CC4F9AE02/7909FCC06DF211EA806B671BC4F9AE02.roa
Signing time:             Tue 30 Jan 2024 16:12:41 +0000
ROA not before:           Tue 30 Jan 2024 16:12:41 +0000
ROA not after:            Sat 31 Aug 2024 00:00:00 +0000
asID:                     23951
IP address blocks:        103.101.136.0/24 maxlen: 24
                          103.101.137.0/24 maxlen: 24
                          103.101.138.0/24 maxlen: 24
                          103.101.139.0/24 maxlen: 24
                          117.20.48.0/24 maxlen: 24
                          117.20.49.0/24 maxlen: 24
                          117.20.50.0/24 maxlen: 24
                          117.20.51.0/24 maxlen: 24
                          117.20.52.0/24 maxlen: 24
                          117.20.53.0/24 maxlen: 24
                          117.20.54.0/24 maxlen: 24
                          117.20.55.0/24 maxlen: 24
                          117.20.56.0/24 maxlen: 24
                          117.20.57.0/24 maxlen: 24
                          117.20.58.0/24 maxlen: 24
                          117.20.59.0/24 maxlen: 24
                          117.20.60.0/24 maxlen: 24
                          117.20.61.0/24 maxlen: 24
                          117.20.62.0/24 maxlen: 24
                          117.20.63.0/24 maxlen: 24
                          202.152.129.0/24 maxlen: 24
                          202.152.130.0/24 maxlen: 24
                          202.152.131.0/24 maxlen: 24
                          202.152.132.0/24 maxlen: 24
                          202.152.133.0/24 maxlen: 24
                          202.152.134.0/24 maxlen: 24
                          202.152.135.0/24 maxlen: 24
                          202.152.136.0/24 maxlen: 24
                          202.152.137.0/24 maxlen: 24
                          202.152.138.0/24 maxlen: 24
                          202.152.139.0/24 maxlen: 24
                          202.152.140.0/24 maxlen: 24
                          202.152.141.0/24 maxlen: 24
                          202.152.142.0/24 maxlen: 24
                          202.152.143.0/24 maxlen: 24
                          202.152.144.0/24 maxlen: 24
                          202.152.145.0/24 maxlen: 24
                          202.152.146.0/24 maxlen: 24
                          202.152.147.0/24 maxlen: 24
                          202.152.148.0/24 maxlen: 24
                          202.152.149.0/24 maxlen: 24
                          202.152.150.0/24 maxlen: 24
                          202.152.151.0/24 maxlen: 24
                          202.152.152.0/24 maxlen: 24
                          202.152.153.0/24 maxlen: 24
                          202.152.154.0/24 maxlen: 24
                          202.152.155.0/24 maxlen: 24
                          202.152.156.0/24 maxlen: 24
                          202.152.157.0/24 maxlen: 24
                          202.152.158.0/24 maxlen: 24
                          202.152.159.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9186214/C65D5364331A11E4AF2AB37CC4F9AE02/89ufFiAIvWZsv4yZYHgUz6sk1-c.crl
                          rsync://rpki.apnic.net/member_repository/A9186214/C65D5364331A11E4AF2AB37CC4F9AE02/89ufFiAIvWZsv4yZYHgUz6sk1-c.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/89ufFiAIvWZsv4yZYHgUz6sk1-c.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 04 Apr 2024 15:54:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 13143 (0x3357)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9186214/serialNumber=F3DB9F162008BD666CBF8C99607814CFAB24D7E7
        Validity
            Not Before: Jan 30 16:12:41 2024 GMT
            Not After : Aug 31 00:00:00 2024 GMT
        Subject: CN=65b91ff9-8ed1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:3b:53:ca:61:28:d9:bd:67:30:1c:41:f8:03:
                    53:1a:f3:67:1b:53:13:c2:0b:af:ba:26:5a:11:be:
                    33:a6:78:e6:d6:3a:e0:b9:ec:0f:e4:8b:ae:3e:ea:
                    3b:98:7d:56:a7:6d:99:69:85:6a:b8:21:4c:9d:8d:
                    78:2c:05:9c:46:43:96:7a:b4:db:5c:e4:5d:92:e7:
                    f0:ae:9d:0d:e1:40:9c:51:9e:1b:35:07:20:53:45:
                    a3:51:8d:66:9d:cb:c9:96:62:a5:2c:14:5a:e1:55:
                    0d:6a:ef:97:42:f2:aa:4a:ab:60:ca:2a:31:da:1b:
                    8b:42:d5:d5:49:4c:65:c9:19:8f:22:7f:ca:f4:c2:
                    3f:ac:e1:ff:b2:81:11:f6:6f:4e:c5:f5:fe:ef:20:
                    65:de:c7:31:52:87:5a:4f:89:e6:32:20:fa:35:70:
                    40:bd:e1:e4:b8:09:d5:c0:19:c9:08:8e:4b:e0:2d:
                    52:64:1c:4c:9b:8e:22:ea:24:3e:6c:56:4d:f6:d4:
                    87:5c:d9:94:e3:82:fc:67:5c:f5:03:f2:fc:2a:12:
                    b8:61:3f:a6:fc:67:45:f1:85:aa:9c:c1:78:58:f8:
                    06:56:f5:f9:4a:ca:ff:c6:4d:9a:e6:15:c3:f1:f5:
                    88:45:03:00:7a:eb:c0:b4:c1:c2:c1:4c:d0:ef:40:
                    9c:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D3:CB:2F:86:EC:39:76:6D:F6:41:62:6B:14:E9:28:08:25:E6:14:FC
            X509v3 Authority Key Identifier:
                keyid:F3:DB:9F:16:20:08:BD:66:6C:BF:8C:99:60:78:14:CF:AB:24:D7:E7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9186214/C65D5364331A11E4AF2AB37CC4F9AE02/89ufFiAIvWZsv4yZYHgUz6sk1-c.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/89ufFiAIvWZsv4yZYHgUz6sk1-c.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9186214/C65D5364331A11E4AF2AB37CC4F9AE02/7909FCC06DF211EA806B671BC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.101.136.0/22
                  117.20.48.0/20
                  202.152.129.0-202.152.159.255

    Signature Algorithm: sha256WithRSAEncryption
         7d:e4:e1:c8:15:eb:d9:b9:5c:bf:d9:39:1b:d6:5b:68:ac:7e:
         c3:ee:0c:48:bb:af:cf:1c:ab:73:78:6d:5a:bb:f2:89:dc:5f:
         ae:dc:27:18:60:2d:2e:48:93:db:50:96:38:80:d8:7c:36:85:
         bd:57:46:c4:93:6e:e0:0f:0c:c9:f7:a7:b1:53:ca:d0:1a:2d:
         45:9c:72:2e:5a:a6:be:45:a7:29:31:53:63:68:aa:29:8b:47:
         25:95:8a:cf:d7:9f:ad:96:ee:ea:3f:84:21:df:66:c1:ab:c5:
         d0:af:3b:d3:6e:0a:8c:14:00:cd:9a:27:37:3d:8c:5b:66:da:
         71:da:92:23:54:99:13:33:79:06:dd:5d:1a:68:60:fa:3f:ac:
         51:93:23:3d:18:99:91:b5:d3:80:d8:83:fc:ab:cf:9c:00:b0:
         da:98:fb:29:c1:4e:88:33:1d:07:f5:86:fe:f7:2c:63:85:62:
         9d:df:ab:6e:cf:7b:f3:e9:3f:ed:79:9f:21:00:fd:3c:0b:d4:
         95:b9:35:0e:84:e8:fb:3c:52:d6:15:a1:82:9c:05:87:42:6c:
         69:82:d9:5d:c3:eb:a4:a5:fe:80:34:f4:48:9c:26:e4:c1:79:
         0a:b2:40:f4:6d:79:02:ad:6f:92:31:29:2f:03:61:40:91:2d:
         e3:df:8c:e7
-----BEGIN CERTIFICATE-----
MIIFhTCCBG2gAwIBAgICM1cwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
ODYyMTQxMTAvBgNVBAUTKEYzREI5RjE2MjAwOEJENjY2Q0JGOEM5OTYwNzgxNENG
QUIyNEQ3RTcwHhcNMjQwMTMwMTYxMjQxWhcNMjQwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWI5MWZmOS04ZWQxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA1TtTymEo2b1nMBxB+ANTGvNnG1MTwguvuiZaEb4zpnjm1jrguewP5IuuPuo7
mH1Wp22ZaYVquCFMnY14LAWcRkOWerTbXORdkufwrp0N4UCcUZ4bNQcgU0WjUY1m
ncvJlmKlLBRa4VUNau+XQvKqSqtgyiox2huLQtXVSUxlyRmPIn/K9MI/rOH/soER
9m9OxfX+7yBl3scxUodaT4nmMiD6NXBAveHkuAnVwBnJCI5L4C1SZBxMm44i6iQ+
bFZN9tSHXNmU44L8Z1z1A/L8KhK4YT+m/GdF8YWqnMF4WPgGVvX5Ssr/xk2a5hXD
8fWIRQMAeuvAtMHCwUzQ70Cc9QIDAQABo4ICqTCCAqUwHQYDVR0OBBYEFNPLL4bs
OXZt9kFiaxTpKAgl5hT8MB8GA1UdIwQYMBaAFPPbnxYgCL1mbL+MmWB4FM+rJNfn
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4NjIxNC9DNjVENTM2NDMz
MUExMUU0QUYyQUIzN0NDNEY5QUUwMi84OXVmRmlBSXZXWnN2NHlaWUhnVXo2c2sx
LWMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzg5dWZGaUFJdldac3Y0eVpZSGdVejZzazEtYy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
ODYyMTQvQzY1RDUzNjQzMzFBMTFFNEFGMkFCMzdDQzRGOUFFMDIvNzkwOUZDQzA2
REYyMTFFQTgwNkI2NzFCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMwYIKwYBBQUHAQcBAf8E
JDAiMCAEAgABMBoDBAJnZYgDBAR1FDAwDAMEAMqYgQMEBcqYgDANBgkqhkiG9w0B
AQsFAAOCAQEAfeThyBXr2blcv9k5G9ZbaKx+w+4MSLuvzxyrc3htWrvyidxfrtwn
GGAtLkiT21CWOIDYfDaFvVdGxJNu4A8MyfensVPK0BotRZxyLlqmvkWnKTFTY2iq
KYtHJZWKz9efrZbu6j+EId9mwavF0K87024KjBQAzZonNz2MW2bacdqSI1SZEzN5
Bt1dGmhg+j+sUZMjPRiZkbXTgNiD/KvPnACw2pj7KcFOiDMdB/WG/vcsY4Vind+r
bs978+k/7XmfIQD9PAvUlbk1DoTo+zxS1hWhgpwFh0JsaYLZXcPrpKX+gDT0SJwm
5MF5CrJA9G15Aq1vkjEpLwNhQJEt49+M5w==
-----END CERTIFICATE-----
Generated at Thu Mar 28 16:47:23 2024 by rpki-client on console-fra.rpki-client.org