Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9194692/885A32FE429411EB90491A34C4F9AE02/DF0A2BF4B15E11EE8E75695CC4F9AE02.roa
File:                     DF0A2BF4B15E11EE8E75695CC4F9AE02.roa (raw, json)
Hash identifier:          +hvAkUjJQDkxg4YO4MDeyWdMQFculz4teJUZHUzCNDs=
Subject key identifier:   3A:49:AB:F6:DA:C0:A9:C6:CA:4E:20:F2:80:34:CB:BA:71:68:3C:71
Certificate issuer:       /CN=A9194692/serialNumber=AFE5B3CD2DC567AB8A58EB3980D5E5E784290A40
Certificate serial:       0610
Authority key identifier: AF:E5:B3:CD:2D:C5:67:AB:8A:58:EB:39:80:D5:E5:E7:84:29:0A:40
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/r-WzzS3FZ6uKWOs5gNXl54QpCkA.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9194692/885A32FE429411EB90491A34C4F9AE02/DF0A2BF4B15E11EE8E75695CC4F9AE02.roa
Signing time:             Fri 12 Jan 2024 23:31:25 +0000
ROA not before:           Fri 12 Jan 2024 23:31:25 +0000
ROA not after:            Fri 31 Jan 2025 00:00:00 +0000
asID:                     136429
IP address blocks:        103.158.211.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9194692/885A32FE429411EB90491A34C4F9AE02/r-WzzS3FZ6uKWOs5gNXl54QpCkA.crl
                          rsync://rpki.apnic.net/member_repository/A9194692/885A32FE429411EB90491A34C4F9AE02/r-WzzS3FZ6uKWOs5gNXl54QpCkA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/r-WzzS3FZ6uKWOs5gNXl54QpCkA.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 22 Jun 2024 00:06:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1552 (0x610)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9194692/serialNumber=AFE5B3CD2DC567AB8A58EB3980D5E5E784290A40
        Validity
            Not Before: Jan 12 23:31:25 2024 GMT
            Not After : Jan 31 00:00:00 2025 GMT
        Subject: CN=65a1cbcc-b57e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:e9:48:a1:f3:52:67:51:80:c4:cb:8c:74:30:
                    1f:ce:07:e9:9d:d8:32:f3:4e:e4:4c:22:ca:8c:ae:
                    0f:83:08:bd:da:c7:78:e6:f5:ad:83:20:30:75:d7:
                    1a:50:e7:43:32:27:64:42:d6:c3:00:b1:22:5f:fd:
                    cd:c4:b6:88:94:dc:84:17:20:cc:33:38:e3:da:e7:
                    a3:62:a1:40:65:c1:c9:d4:1a:c2:18:26:a1:0b:7a:
                    c3:06:f9:fb:84:48:61:97:e8:3f:fc:e6:db:51:74:
                    f7:c7:ad:29:49:77:91:94:4b:cd:c3:ff:90:ad:8d:
                    fe:d8:9b:46:e2:a7:72:29:83:8d:99:c8:17:d1:54:
                    fa:34:cd:fa:85:ff:1a:19:c0:b1:69:01:23:e0:e6:
                    9d:17:90:dd:c0:fd:eb:b2:29:c1:97:c3:47:42:99:
                    1a:e2:19:05:fb:c0:e2:45:36:99:fd:2a:db:f3:75:
                    d7:02:c7:94:bd:4e:d3:7e:19:87:16:0b:f8:bb:01:
                    d8:e7:f0:5e:df:49:ec:46:2d:62:51:0c:7b:5d:32:
                    57:a1:bb:38:11:73:61:7b:35:28:8e:59:0e:97:55:
                    b8:53:6e:d0:81:2c:3d:a2:35:c2:89:d1:d1:ea:05:
                    af:c3:5a:77:f0:f0:1f:07:67:d5:65:e8:e7:7d:72:
                    bb:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:49:AB:F6:DA:C0:A9:C6:CA:4E:20:F2:80:34:CB:BA:71:68:3C:71
            X509v3 Authority Key Identifier:
                keyid:AF:E5:B3:CD:2D:C5:67:AB:8A:58:EB:39:80:D5:E5:E7:84:29:0A:40

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9194692/885A32FE429411EB90491A34C4F9AE02/r-WzzS3FZ6uKWOs5gNXl54QpCkA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/r-WzzS3FZ6uKWOs5gNXl54QpCkA.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9194692/885A32FE429411EB90491A34C4F9AE02/DF0A2BF4B15E11EE8E75695CC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.158.211.0/24

    Signature Algorithm: sha256WithRSAEncryption
         75:a2:d9:01:c0:3d:18:0f:04:22:11:bd:a9:81:20:d1:f2:3d:
         be:40:e7:5d:b4:5b:98:ee:68:96:12:98:cd:d6:9f:f1:a9:1c:
         d1:f8:58:3b:df:05:c8:6d:27:df:a2:6d:65:8c:1e:df:c8:12:
         14:c8:fa:4c:29:e2:ce:29:bc:67:53:69:12:3e:78:d8:1b:f9:
         bf:f0:31:97:9a:4a:07:bc:8f:e4:2c:92:3d:a6:74:2e:bd:e8:
         dd:49:af:cf:82:45:f2:64:48:54:63:ac:6b:37:4e:24:f3:c2:
         e3:84:85:9f:3c:5d:34:6c:7d:fc:fd:b2:b9:a0:4b:77:60:e5:
         77:bd:ae:78:5e:d2:cb:ce:31:5e:0a:01:0e:9a:62:a4:55:6b:
         b7:3a:1a:36:9b:98:7d:c2:8a:da:8d:4b:1d:9e:ea:e3:25:43:
         d0:68:bd:72:b2:1f:38:14:f8:95:cc:0f:d9:1e:2b:aa:93:d7:
         4c:73:2c:fa:be:58:da:f4:25:2d:ba:69:17:1a:28:9e:9d:97:
         0c:77:2c:17:91:05:7f:ed:d5:3f:fa:7a:f6:d4:f2:a1:52:1e:
         88:56:c2:f4:80:18:09:21:ad:c3:aa:5a:35:18:f9:9c:bb:e5:
         25:81:00:fc:dc:d6:08:0f:e0:82:e0:90:c1:c2:31:94:3c:78:
         9e:63:b3:09
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICBhAwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OTQ2OTIxMTAvBgNVBAUTKEFGRTVCM0NEMkRDNTY3QUI4QTU4RUIzOTgwRDVFNUU3
ODQyOTBBNDAwHhcNMjQwMTEyMjMzMTI1WhcNMjUwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWExY2JjYy1iNTdlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA0OlIofNSZ1GAxMuMdDAfzgfpndgy807kTCLKjK4Pgwi92sd45vWtgyAwddca
UOdDMidkQtbDALEiX/3NxLaIlNyEFyDMMzjj2uejYqFAZcHJ1BrCGCahC3rDBvn7
hEhhl+g//ObbUXT3x60pSXeRlEvNw/+QrY3+2JtG4qdyKYONmcgX0VT6NM36hf8a
GcCxaQEj4OadF5DdwP3rsinBl8NHQpka4hkF+8DiRTaZ/Srb83XXAseUvU7TfhmH
Fgv4uwHY5/Be30nsRi1iUQx7XTJXobs4EXNhezUojlkOl1W4U27QgSw9ojXCidHR
6gWvw1p38PAfB2fVZejnfXK7ewIDAQABo4IClTCCApEwHQYDVR0OBBYEFDpJq/ba
wKnGyk4g8oA0y7pxaDxxMB8GA1UdIwQYMBaAFK/ls80txWeriljrOYDV5eeEKQpA
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5NDY5Mi84ODVBMzJGRTQy
OTQxMUVCOTA0OTFBMzRDNEY5QUUwMi9yLVd6elMzRlo2dUtXT3M1Z05YbDU0UXBD
a0EuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3ItV3p6UzNGWjZ1S1dPczVnTlhsNTRRcENrQS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OTQ2OTIvODg1QTMyRkU0Mjk0MTFFQjkwNDkxQTM0QzRGOUFFMDIvREYwQTJCRjRC
MTVFMTFFRThFNzU2OTVDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBABnntMwDQYJKoZIhvcNAQELBQADggEBAHWi2QHAPRgPBCIR
vamBINHyPb5A5120W5juaJYSmM3Wn/GpHNH4WDvfBchtJ9+ibWWMHt/IEhTI+kwp
4s4pvGdTaRI+eNgb+b/wMZeaSge8j+Qskj2mdC696N1Jr8+CRfJkSFRjrGs3TiTz
wuOEhZ88XTRsffz9srmgS3dg5Xe9rnhe0svOMV4KAQ6aYqRVa7c6GjabmH3CitqN
Sx2e6uMlQ9BovXKyHzgU+JXMD9keK6qT10xzLPq+WNr0JS26aRcaKJ6dlwx3LBeR
BX/t1T/6evbU8qFSHohWwvSAGAkhrcOqWjUY+Zy75SWBAPzc1ggP4ILgkMHCMZQ8
eJ5jswk=
-----END CERTIFICATE-----
Generated at Sat Jun 15 02:44:45 2024 by rpki-client on console-ams.rpki-client.org