Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91A236D/22E692AADCB211ECABDE3E6EC4F9AE02/DC072950DCB911EC8AAB8710C4F9AE02.roa
File:                     DC072950DCB911EC8AAB8710C4F9AE02.roa (raw, json)
Hash identifier:          6lKO86uUpzf/XstQn1lxWS6kyKi4kzxncYrwutyfQ2g=
Subject key identifier:   63:46:2B:A5:90:B7:27:58:CE:8A:EC:25:D3:3A:8F:EC:14:AB:0A:66
Certificate issuer:       /CN=A91A236D/serialNumber=0041EFABFF343CC2E83FCE96CED89059E8F4E2C1
Certificate serial:       022A
Authority key identifier: 00:41:EF:AB:FF:34:3C:C2:E8:3F:CE:96:CE:D8:90:59:E8:F4:E2:C1
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/AEHvq_80PMLoP86WztiQWej04sE.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91A236D/22E692AADCB211ECABDE3E6EC4F9AE02/DC072950DCB911EC8AAB8710C4F9AE02.roa
Signing time:             Thu 25 Apr 2024 04:06:47 +0000
ROA not before:           Thu 25 Apr 2024 04:06:47 +0000
ROA not after:            Wed 30 Jul 2025 00:00:00 +0000
asID:                     137424
IP address blocks:        103.186.122.0/23 maxlen: 23
                          103.186.122.0/24 maxlen: 24
                          103.186.123.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91A236D/22E692AADCB211ECABDE3E6EC4F9AE02/AEHvq_80PMLoP86WztiQWej04sE.crl
                          rsync://rpki.apnic.net/member_repository/A91A236D/22E692AADCB211ECABDE3E6EC4F9AE02/AEHvq_80PMLoP86WztiQWej04sE.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/AEHvq_80PMLoP86WztiQWej04sE.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 22 Jun 2024 02:50:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 554 (0x22a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91A236D/serialNumber=0041EFABFF343CC2E83FCE96CED89059E8F4E2C1
        Validity
            Not Before: Apr 25 04:06:47 2024 GMT
            Not After : Jul 30 00:00:00 2025 GMT
        Subject: CN=6629d6d7-1127
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:a6:ec:34:e9:b4:81:ca:56:70:1b:30:12:15:
                    39:03:d9:90:d0:1e:67:48:50:f9:ae:ce:53:81:a3:
                    47:aa:3f:15:22:96:0b:1e:1e:d0:dd:45:7d:99:ff:
                    7e:12:67:a7:e8:92:41:0f:62:6f:0e:67:f9:13:a9:
                    2e:67:b6:d3:bc:13:4d:64:2c:d6:fc:b1:bd:4f:4e:
                    77:15:c0:10:bf:4e:60:d1:fa:84:c6:01:43:49:80:
                    2e:ce:e1:00:63:7c:bf:5e:00:58:a0:de:d0:2f:a4:
                    5d:11:01:59:8e:13:db:6a:26:ec:2e:2b:f6:a0:02:
                    c8:03:3b:fc:77:aa:e4:51:e4:f4:ca:ef:9a:16:bc:
                    ca:4d:a4:77:b0:24:1f:e7:7c:9d:9f:0c:b4:e7:41:
                    a8:a7:65:0a:56:e2:a2:29:c1:34:e7:0f:88:21:12:
                    82:ff:f5:0d:6c:7f:82:c8:b6:df:92:a5:a7:72:f1:
                    a8:c1:20:ee:de:6d:fc:9c:7e:ec:7c:b1:dc:82:bb:
                    35:bd:26:5e:f7:36:1c:7b:88:2e:78:4f:08:cf:59:
                    20:e1:fe:61:b8:ea:dc:a7:46:f0:c0:47:80:d9:91:
                    a1:a8:96:1e:fe:80:2a:12:10:13:00:41:c0:21:5a:
                    34:54:90:8d:cb:c8:a4:9b:7a:ba:4e:b5:b7:3c:9d:
                    33:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:46:2B:A5:90:B7:27:58:CE:8A:EC:25:D3:3A:8F:EC:14:AB:0A:66
            X509v3 Authority Key Identifier:
                keyid:00:41:EF:AB:FF:34:3C:C2:E8:3F:CE:96:CE:D8:90:59:E8:F4:E2:C1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91A236D/22E692AADCB211ECABDE3E6EC4F9AE02/AEHvq_80PMLoP86WztiQWej04sE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/AEHvq_80PMLoP86WztiQWej04sE.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A236D/22E692AADCB211ECABDE3E6EC4F9AE02/DC072950DCB911EC8AAB8710C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.186.122.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9c:7b:a7:cf:b2:f7:60:bb:37:7e:5a:4c:02:52:60:9b:2b:b6:
         ab:78:db:b5:8c:33:99:7b:e6:32:15:f3:2b:47:cf:f8:79:7e:
         7e:54:5b:32:e3:83:d2:0c:ba:38:33:66:e7:8a:e2:ec:ef:43:
         fd:7b:d7:d3:a1:e6:b7:20:49:5f:07:fc:bb:e4:a4:a2:9c:52:
         bb:a8:36:8e:1f:0a:ad:73:11:58:f8:34:27:83:cd:89:e8:e9:
         f3:e5:61:8b:40:6b:58:27:58:bb:88:ce:46:ab:b6:c6:ad:bd:
         d6:58:ba:6a:01:52:30:fc:c0:d2:be:95:2c:5b:12:74:27:7f:
         c8:73:7f:ff:83:ca:6c:a4:49:dd:58:92:d5:80:b2:15:94:e0:
         c0:c4:c0:d9:58:66:20:c4:0e:6f:05:5f:52:39:18:fe:71:36:
         d9:32:69:08:72:00:b7:d1:16:4c:cd:7a:07:6f:b1:82:4b:0c:
         ed:74:43:08:75:26:8e:38:9b:79:58:ca:a0:25:4f:8d:69:a2:
         42:13:0c:64:5f:af:0a:97:64:9f:a5:0d:b4:4e:8a:e8:34:70:
         55:28:01:48:48:51:46:79:16:ba:fc:b4:ec:4d:bc:35:3c:68:
         36:8d:22:98:3b:00:50:c2:bd:d5:af:8f:57:c6:5b:e4:c1:1e:
         62:32:2e:cd
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICAiowDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTIzNkQxMTAvBgNVBAUTKDAwNDFFRkFCRkYzNDNDQzJFODNGQ0U5NkNFRDg5MDU5
RThGNEUyQzEwHhcNMjQwNDI1MDQwNjQ3WhcNMjUwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjI5ZDZkNy0xMTI3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAoqbsNOm0gcpWcBswEhU5A9mQ0B5nSFD5rs5TgaNHqj8VIpYLHh7Q3UV9mf9+
Emen6JJBD2JvDmf5E6kuZ7bTvBNNZCzW/LG9T053FcAQv05g0fqExgFDSYAuzuEA
Y3y/XgBYoN7QL6RdEQFZjhPbaibsLiv2oALIAzv8d6rkUeT0yu+aFrzKTaR3sCQf
53ydnwy050Gop2UKVuKiKcE05w+IIRKC//UNbH+CyLbfkqWncvGowSDu3m38nH7s
fLHcgrs1vSZe9zYce4gueE8Iz1kg4f5huOrcp0bwwEeA2ZGhqJYe/oAqEhATAEHA
IVo0VJCNy8ikm3q6TrW3PJ0zVwIDAQABo4IClTCCApEwHQYDVR0OBBYEFGNGK6WQ
tydYzorsJdM6j+wUqwpmMB8GA1UdIwQYMBaAFABB76v/NDzC6D/Ols7YkFno9OLB
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBMjM2RC8yMkU2OTJBQURD
QjIxMUVDQUJERTNFNkVDNEY5QUUwMi9BRUh2cV84MFBNTG9QODZXenRpUVdlajA0
c0UuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0FFSHZxXzgwUE1Mb1A4Nld6dGlRV2VqMDRzRS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTIzNkQvMjJFNjkyQUFEQ0IyMTFFQ0FCREUzRTZFQzRGOUFFMDIvREMwNzI5NTBE
Q0I5MTFFQzhBQUI4NzEwQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAFnunowDQYJKoZIhvcNAQELBQADggEBAJx7p8+y92C7N35a
TAJSYJsrtqt427WMM5l75jIV8ytHz/h5fn5UWzLjg9IMujgzZueK4uzvQ/1719Oh
5rcgSV8H/LvkpKKcUruoNo4fCq1zEVj4NCeDzYno6fPlYYtAa1gnWLuIzkartsat
vdZYumoBUjD8wNK+lSxbEnQnf8hzf/+DymykSd1YktWAshWU4MDEwNlYZiDEDm8F
X1I5GP5xNtkyaQhyALfRFkzNegdvsYJLDO10Qwh1Jo44m3lYyqAlT41pokITDGRf
rwqXZJ+lDbROiug0cFUoAUhIUUZ5Frr8tOxNvDU8aDaNIpg7AFDCvdWvj1fGW+TB
HmIyLs0=
-----END CERTIFICATE-----
Generated at Sat Jun 15 05:33:24 2024 by rpki-client on console-fra.rpki-client.org