Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9196F73/A29707F653A111EAAEEEBE0BC4F9AE02/9AE4F7EC53A211EA8D26BD0CC4F9AE02.roa
File:                     9AE4F7EC53A211EA8D26BD0CC4F9AE02.roa (raw, json)
Hash identifier:          azNLWyQtsna0ToR5xIDq69XlfBRyTv4GpuhLiIlA5aY=
Subject key identifier:   5A:58:E2:13:24:44:77:95:74:00:19:D7:91:10:4C:3F:65:9C:7C:9E
Certificate issuer:       /CN=A9196F73/serialNumber=89A31D44E94F1CC27850BBAC16C02C20AAB39CE5
Certificate serial:       0987
Authority key identifier: 89:A3:1D:44:E9:4F:1C:C2:78:50:BB:AC:16:C0:2C:20:AA:B3:9C:E5
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/iaMdROlPHMJ4ULusFsAsIKqznOU.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9196F73/A29707F653A111EAAEEEBE0BC4F9AE02/9AE4F7EC53A211EA8D26BD0CC4F9AE02.roa
Signing time:             Tue 26 Sep 2023 20:18:34 +0000
ROA not before:           Tue 26 Sep 2023 20:18:34 +0000
ROA not after:            Sun 01 Dec 2024 00:00:00 +0000
asID:                     16509
IP address blocks:        103.39.86.0/23 maxlen: 23
                          103.39.112.0/24 maxlen: 24
                          103.211.172.0/24 maxlen: 24
                          202.8.25.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9196F73/A29707F653A111EAAEEEBE0BC4F9AE02/iaMdROlPHMJ4ULusFsAsIKqznOU.crl
                          rsync://rpki.apnic.net/member_repository/A9196F73/A29707F653A111EAAEEEBE0BC4F9AE02/iaMdROlPHMJ4ULusFsAsIKqznOU.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/iaMdROlPHMJ4ULusFsAsIKqznOU.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 04 Apr 2024 20:41:24 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2439 (0x987)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9196F73/serialNumber=89A31D44E94F1CC27850BBAC16C02C20AAB39CE5
        Validity
            Not Before: Sep 26 20:18:34 2023 GMT
            Not After : Dec  1 00:00:00 2024 GMT
        Subject: CN=65133c9a-a48d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e1:f4:ae:96:b4:52:f7:c5:49:84:39:d2:74:44:
                    af:75:68:2d:b0:a6:3c:6a:8f:dc:b4:35:02:d1:f9:
                    43:fa:79:a3:eb:1b:d7:aa:b9:43:c7:14:c6:c1:b5:
                    42:d6:80:e7:d7:f1:95:29:a0:0a:cb:a0:c7:6c:a7:
                    e0:5d:34:78:6d:ab:0a:6e:79:5c:fb:ef:e6:87:d0:
                    b3:6d:d5:a1:fc:51:0a:70:d3:9e:ef:f0:31:f5:97:
                    12:a5:b3:01:9a:87:e6:59:58:65:ac:40:e9:35:b1:
                    9d:1c:61:a3:7c:09:9e:5c:94:51:97:23:a2:7e:00:
                    d1:00:a4:09:54:d8:26:d0:28:91:09:2f:20:79:e1:
                    f4:6c:ab:60:d4:bf:a3:c5:b4:7c:88:a3:02:3d:25:
                    df:ab:1d:5d:2f:07:d6:57:c4:68:cc:84:53:7c:ac:
                    f8:8c:05:57:54:57:ec:84:94:21:b1:a8:7b:5e:7b:
                    bb:ab:1d:d2:0c:c0:7f:86:c9:a2:86:cb:80:ba:0c:
                    c7:29:3e:d7:74:47:d8:50:38:7e:55:17:f3:f6:ab:
                    56:b3:4c:02:6e:34:54:df:6c:5f:d7:da:73:73:98:
                    36:c6:95:b6:fa:cb:fc:8e:db:10:ca:c3:3c:d7:d2:
                    16:6c:f0:63:c9:12:9b:fc:44:6d:e2:0b:c4:53:65:
                    9f:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:58:E2:13:24:44:77:95:74:00:19:D7:91:10:4C:3F:65:9C:7C:9E
            X509v3 Authority Key Identifier:
                keyid:89:A3:1D:44:E9:4F:1C:C2:78:50:BB:AC:16:C0:2C:20:AA:B3:9C:E5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9196F73/A29707F653A111EAAEEEBE0BC4F9AE02/iaMdROlPHMJ4ULusFsAsIKqznOU.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/iaMdROlPHMJ4ULusFsAsIKqznOU.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9196F73/A29707F653A111EAAEEEBE0BC4F9AE02/9AE4F7EC53A211EA8D26BD0CC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.39.86.0/23
                  103.39.112.0/24
                  103.211.172.0/24
                  202.8.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         27:0e:3d:4f:20:8c:f3:7b:ca:f4:5f:ce:4f:13:70:88:17:a3:
         32:05:21:d0:bc:ba:cc:d2:2d:8a:16:e5:98:b4:56:0d:58:b8:
         19:72:30:4b:92:6c:2c:e9:ce:89:be:1f:2a:6a:4c:d3:ef:ff:
         38:dd:e5:02:b1:06:e5:93:cc:0d:c0:ec:fd:ee:9c:6f:37:d9:
         b9:62:65:23:25:bc:9a:16:36:ca:6d:cf:4c:9f:11:60:6f:04:
         28:17:98:3c:c3:bd:6e:dd:47:c9:a8:62:89:0d:b9:4d:2d:35:
         e4:4f:38:bf:a7:cf:64:fc:db:c2:2a:db:ba:a0:9a:3e:19:13:
         ce:89:e8:01:ba:e5:38:e8:27:23:bd:31:42:d9:e2:ab:af:a0:
         b2:f5:83:7d:18:a6:b7:4c:cb:af:67:99:6e:23:c4:03:08:08:
         0c:58:09:58:09:f7:59:11:34:c5:e6:f4:c1:0c:67:24:3b:44:
         5a:4c:80:97:7c:1f:e8:a8:ce:c4:d2:ca:5e:3b:b9:f9:d6:ba:
         94:3e:00:03:8f:40:1f:77:69:c6:13:43:2e:6b:dc:81:fe:4d:
         81:b7:63:ca:98:8f:12:e4:5d:77:44:24:c1:ca:9d:2b:40:ed:
         b3:f1:08:b3:51:2c:c8:de:9b:36:8e:b9:16:3e:e1:9f:31:cb:
         93:44:f0:cc
-----BEGIN CERTIFICATE-----
MIIFgzCCBGugAwIBAgICCYcwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OTZGNzMxMTAvBgNVBAUTKDg5QTMxRDQ0RTk0RjFDQzI3ODUwQkJBQzE2QzAyQzIw
QUFCMzlDRTUwHhcNMjMwOTI2MjAxODM0WhcNMjQxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTEzM2M5YS1hNDhkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA4fSulrRS98VJhDnSdESvdWgtsKY8ao/ctDUC0flD+nmj6xvXqrlDxxTGwbVC
1oDn1/GVKaAKy6DHbKfgXTR4basKbnlc++/mh9CzbdWh/FEKcNOe7/Ax9ZcSpbMB
mofmWVhlrEDpNbGdHGGjfAmeXJRRlyOifgDRAKQJVNgm0CiRCS8geeH0bKtg1L+j
xbR8iKMCPSXfqx1dLwfWV8RozIRTfKz4jAVXVFfshJQhsah7Xnu7qx3SDMB/hsmi
hsuAugzHKT7XdEfYUDh+VRfz9qtWs0wCbjRU32xf19pzc5g2xpW2+sv8jtsQysM8
19IWbPBjyRKb/ERt4gvEU2WfXwIDAQABo4ICpzCCAqMwHQYDVR0OBBYEFFpY4hMk
RHeVdAAZ15EQTD9lnHyeMB8GA1UdIwQYMBaAFImjHUTpTxzCeFC7rBbALCCqs5zl
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5NkY3My9BMjk3MDdGNjUz
QTExMUVBQUVFRUJFMEJDNEY5QUUwMi9pYU1kUk9sUEhNSjRVTHVzRnNBc0lLcXpu
T1UuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2lhTWRST2xQSE1KNFVMdXNGc0FzSUtxem5PVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OTZGNzMvQTI5NzA3RjY1M0ExMTFFQUFFRUVCRTBCQzRGOUFFMDIvOUFFNEY3RUM1
M0EyMTFFQThEMjZCRDBDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMQYIKwYBBQUHAQcBAf8E
IjAgMB4EAgABMBgDBAFnJ1YDBABnJ3ADBABn06wDBADKCBkwDQYJKoZIhvcNAQEL
BQADggEBACcOPU8gjPN7yvRfzk8TcIgXozIFIdC8uszSLYoW5Zi0Vg1YuBlyMEuS
bCzpzom+HypqTNPv/zjd5QKxBuWTzA3A7P3unG832bliZSMlvJoWNsptz0yfEWBv
BCgXmDzDvW7dR8moYokNuU0tNeRPOL+nz2T828Iq27qgmj4ZE86J6AG65TjoJyO9
MULZ4quvoLL1g30YprdMy69nmW4jxAMICAxYCVgJ91kRNMXm9MEMZyQ7RFpMgJd8
H+iozsTSyl47ufnWupQ+AAOPQB93acYTQy5r3IH+TYG3Y8qYjxLkXXdEJMHKnStA
7bPxCLNRLMjemzaOuRY+4Z8xy5NE8Mw=
-----END CERTIFICATE-----
Generated at Thu Mar 28 21:36:27 2024 by rpki-client on console-ams.rpki-client.org