Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9187532/9A66EB9EF64811EDAA671E17C4F9AE02/8D176BFAF65011ED90F79C33C4F9AE02.roa
File:                     8D176BFAF65011ED90F79C33C4F9AE02.roa (raw, json)
Hash identifier:          6AwMX4x/IYWolneJozQYQ/y6c1KiBasFJP05rV+jXS4=
Subject key identifier:   87:0D:5D:18:7B:67:D1:B5:6F:D6:23:76:E5:0A:22:CB:91:B7:AD:C4
Certificate issuer:       /CN=A9187532/serialNumber=C4FA6BBABFD1997CC8F1D20FE6A5574DEE9B3256
Certificate serial:       E6
Authority key identifier: C4:FA:6B:BA:BF:D1:99:7C:C8:F1:D2:0F:E6:A5:57:4D:EE:9B:32:56
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xPprur_RmXzI8dIP5qVXTe6bMlY.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9187532/9A66EB9EF64811EDAA671E17C4F9AE02/8D176BFAF65011ED90F79C33C4F9AE02.roa
Signing time:             Wed 31 Jul 2024 05:36:24 +0000
ROA not before:           Wed 31 Jul 2024 05:36:24 +0000
ROA not after:            Tue 30 Sep 2025 00:00:00 +0000
asID:                     135548
IP address blocks:        103.65.22.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9187532/9A66EB9EF64811EDAA671E17C4F9AE02/xPprur_RmXzI8dIP5qVXTe6bMlY.crl
                          rsync://rpki.apnic.net/member_repository/A9187532/9A66EB9EF64811EDAA671E17C4F9AE02/xPprur_RmXzI8dIP5qVXTe6bMlY.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xPprur_RmXzI8dIP5qVXTe6bMlY.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 30 Nov 2024 02:50:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 230 (0xe6)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9187532/serialNumber=C4FA6BBABFD1997CC8F1D20FE6A5574DEE9B3256
        Validity
            Not Before: Jul 31 05:36:24 2024 GMT
            Not After : Sep 30 00:00:00 2025 GMT
        Subject: CN=66a9cd58-d24e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:11:97:73:15:bf:15:5a:b3:c4:88:38:dc:7a:
                    26:ae:3b:2c:4d:fd:78:c7:87:4a:5c:4f:10:c5:d9:
                    53:38:cb:91:1a:15:b8:ed:5d:df:d6:62:b0:e5:46:
                    93:98:c5:56:26:ad:6a:22:9d:a6:a6:58:f0:2b:84:
                    8b:7f:8d:46:06:1e:85:b5:4c:72:cf:79:c9:9f:96:
                    b5:58:65:3b:67:8b:f5:4b:33:0e:d6:a4:1b:2c:d5:
                    e3:5d:9d:7d:98:af:5f:bf:db:24:0e:e9:32:7f:f0:
                    e7:e6:8d:13:18:01:2d:df:44:1f:4e:ce:0b:c6:0b:
                    15:7b:18:cd:0b:6a:67:c4:5a:84:f0:94:15:ab:7c:
                    a0:fa:15:91:e9:a6:bb:f1:78:59:34:7b:97:3e:d4:
                    e1:cb:97:53:9e:7c:84:db:5b:3c:24:36:d5:cd:40:
                    bd:78:a1:0f:81:00:32:7a:67:43:12:fc:47:0d:71:
                    e8:e6:db:3a:6b:00:4d:c0:af:8e:24:77:af:99:51:
                    b3:cc:34:fa:b4:8d:73:c2:aa:3f:ec:15:44:92:a3:
                    0e:08:f3:4f:64:67:2b:1b:db:0b:25:bd:76:41:f0:
                    26:84:56:b1:95:d4:41:1b:bc:11:8f:37:bb:9b:63:
                    49:ab:ec:0c:34:6e:4f:f0:f8:b3:1f:be:07:2b:2e:
                    2c:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:0D:5D:18:7B:67:D1:B5:6F:D6:23:76:E5:0A:22:CB:91:B7:AD:C4
            X509v3 Authority Key Identifier:
                keyid:C4:FA:6B:BA:BF:D1:99:7C:C8:F1:D2:0F:E6:A5:57:4D:EE:9B:32:56

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9187532/9A66EB9EF64811EDAA671E17C4F9AE02/xPprur_RmXzI8dIP5qVXTe6bMlY.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xPprur_RmXzI8dIP5qVXTe6bMlY.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9187532/9A66EB9EF64811EDAA671E17C4F9AE02/8D176BFAF65011ED90F79C33C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.65.22.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6a:5f:d5:1c:5c:37:48:cf:e6:cf:f3:08:2a:35:c7:49:b9:8d:
         e7:09:24:54:b5:3f:b2:82:84:6e:0c:cd:5f:09:f9:d8:a0:e3:
         bb:1e:f5:de:84:02:09:9e:a8:e3:33:96:9d:6b:0e:c4:bb:0e:
         80:0e:a3:7c:3a:e4:66:86:77:69:56:84:71:01:f4:9e:b8:3d:
         ab:04:01:d8:45:43:78:ba:63:a6:a0:e4:f2:b4:79:30:71:ef:
         7c:a7:ac:bd:5d:16:46:42:e3:13:66:4c:4b:73:4e:39:a8:43:
         17:70:a8:4c:11:e0:8a:83:c3:b1:9d:f2:c6:6c:ff:1b:1c:ed:
         d3:34:8e:37:aa:dc:85:ee:1a:84:72:70:4a:40:40:53:ff:82:
         61:65:c1:7c:dd:5d:24:d0:c6:f8:f2:a3:ce:00:ab:7a:01:df:
         12:0e:40:e2:a1:57:6e:af:a5:6c:b0:5f:ac:d8:5c:97:a8:7a:
         35:4c:b9:f4:09:be:a9:4e:2d:73:64:54:7b:2e:e4:a2:f3:d7:
         c1:ab:3c:2d:2b:25:f8:77:a8:64:be:6e:b8:1a:79:6d:18:81:
         d0:b0:24:d1:ff:fe:3f:e2:c6:eb:43:32:1a:5a:83:e5:39:fb:
         f9:75:66:bf:de:7a:b8:6c:27:95:b3:ce:dc:4e:0a:66:18:3d:
         23:15:2b:3f
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICAOYwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
ODc1MzIxMTAvBgNVBAUTKEM0RkE2QkJBQkZEMTk5N0NDOEYxRDIwRkU2QTU1NzRE
RUU5QjMyNTYwHhcNMjQwNzMxMDUzNjI0WhcNMjUwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NmE5Y2Q1OC1kMjRlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAwRGXcxW/FVqzxIg43HomrjssTf14x4dKXE8QxdlTOMuRGhW47V3f1mKw5UaT
mMVWJq1qIp2mpljwK4SLf41GBh6FtUxyz3nJn5a1WGU7Z4v1SzMO1qQbLNXjXZ19
mK9fv9skDukyf/Dn5o0TGAEt30QfTs4LxgsVexjNC2pnxFqE8JQVq3yg+hWR6aa7
8XhZNHuXPtThy5dTnnyE21s8JDbVzUC9eKEPgQAyemdDEvxHDXHo5ts6awBNwK+O
JHevmVGzzDT6tI1zwqo/7BVEkqMOCPNPZGcrG9sLJb12QfAmhFaxldRBG7wRjze7
m2NJq+wMNG5P8PizH74HKy4sOQIDAQABo4IClTCCApEwHQYDVR0OBBYEFIcNXRh7
Z9G1b9YjduUKIsuRt63EMB8GA1UdIwQYMBaAFMT6a7q/0Zl8yPHSD+alV03umzJW
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4NzUzMi85QTY2RUI5RUY2
NDgxMUVEQUE2NzFFMTdDNEY5QUUwMi94UHBydXJfUm1Yekk4ZElQNXFWWFRlNmJN
bFkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3hQcHJ1cl9SbVh6SThkSVA1cVZYVGU2Yk1sWS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
ODc1MzIvOUE2NkVCOUVGNjQ4MTFFREFBNjcxRTE3QzRGOUFFMDIvOEQxNzZCRkFG
NjUwMTFFRDkwRjc5QzMzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBABnQRYwDQYJKoZIhvcNAQELBQADggEBAGpf1RxcN0jP5s/z
CCo1x0m5jecJJFS1P7KChG4MzV8J+dig47se9d6EAgmeqOMzlp1rDsS7DoAOo3w6
5GaGd2lWhHEB9J64PasEAdhFQ3i6Y6ag5PK0eTBx73ynrL1dFkZC4xNmTEtzTjmo
QxdwqEwR4IqDw7Gd8sZs/xsc7dM0jjeq3IXuGoRycEpAQFP/gmFlwXzdXSTQxvjy
o84Aq3oB3xIOQOKhV26vpWywX6zYXJeoejVMufQJvqlOLXNkVHsu5KLz18GrPC0r
Jfh3qGS+brgaeW0YgdCwJNH//j/ixutDMhpag+U5+/l1Zr/eerhsJ5WzztxOCmYY
PSMVKz8=
-----END CERTIFICATE-----
Generated at Sat Nov 23 05:02:52 2024 by rpki-client on console-fra.rpki-client.org