Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/3B43C7FCF36511EE833F807DC4F9AE02.roa
File:                     3B43C7FCF36511EE833F807DC4F9AE02.roa (raw, json)
Hash identifier:          hc21Qglr8dmiyWuzmZhyIRyHPNKCSqQrUobvI8mP5qE=
Subject key identifier:   A7:41:D1:2E:A9:A4:99:84:08:55:D5:5B:62:01:C2:DF:F7:D7:A8:28
Certificate issuer:       /CN=A91A560A/serialNumber=167C3B221775FEC05039468150CE814756AC6F0A
Certificate serial:       42D7
Authority key identifier: 16:7C:3B:22:17:75:FE:C0:50:39:46:81:50:CE:81:47:56:AC:6F:0A
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/3B43C7FCF36511EE833F807DC4F9AE02.roa
Signing time:             Fri 05 Apr 2024 19:12:45 +0000
ROA not before:           Fri 05 Apr 2024 19:12:45 +0000
ROA not after:            Thu 31 Oct 2024 00:00:00 +0000
asID:                     24086
IP address blocks:        103.84.77.0/24 maxlen: 24
                          103.84.78.0/23 maxlen: 24
                          116.96.0.0/16 maxlen: 24
                          116.97.0.0/17 maxlen: 24
                          116.97.128.0/19 maxlen: 24
                          116.97.160.0/20 maxlen: 24
                          116.97.176.0/21 maxlen: 24
                          116.97.192.0/18 maxlen: 24
                          116.98.0.0/16 maxlen: 24
                          116.99.0.0/16 maxlen: 24
                          116.100.0.0/16 maxlen: 24
                          116.101.0.0/16 maxlen: 24
                          116.102.0.0/16 maxlen: 24
                          116.103.0.0/18 maxlen: 24
                          116.103.64.0/19 maxlen: 24
                          116.103.96.0/21 maxlen: 24
                          116.103.112.0/20 maxlen: 24
                          116.103.128.0/17 maxlen: 24
                          116.104.0.0/16 maxlen: 24
                          116.105.0.0/16 maxlen: 24
                          116.106.0.0/16 maxlen: 24
                          116.107.0.0/16 maxlen: 24
                          116.108.0.0/16 maxlen: 24
                          116.109.0.0/16 maxlen: 24
                          116.110.0.0/16 maxlen: 24
                          116.111.0.0/17 maxlen: 24
                          116.111.128.0/19 maxlen: 24
                          116.111.160.0/20 maxlen: 24
                          116.111.184.0/21 maxlen: 24
                          125.214.32.0/23 maxlen: 24
                          125.214.34.0/24 maxlen: 24
                          125.214.36.0/22 maxlen: 24
                          125.214.40.0/23 maxlen: 24
                          125.214.42.0/24 maxlen: 24
                          125.214.44.0/23 maxlen: 24
                          125.214.46.0/24 maxlen: 24
                          203.190.166.0/23 maxlen: 24
                          203.190.168.0/23 maxlen: 24
                          203.190.174.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.crl
                          rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 21 Jun 2024 14:37:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 17111 (0x42d7)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91A560A/serialNumber=167C3B221775FEC05039468150CE814756AC6F0A
        Validity
            Not Before: Apr  5 19:12:45 2024 GMT
            Not After : Oct 31 00:00:00 2024 GMT
        Subject: CN=66104d2d-1052
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:c4:2e:56:d9:f4:e6:92:67:29:6e:af:86:76:
                    50:89:bb:28:4e:a8:ae:c2:e9:71:e2:fc:88:7d:ac:
                    66:4c:67:27:f9:91:5a:1b:3f:ed:0b:b8:98:f9:c8:
                    c9:bc:b4:93:86:68:fc:5a:0e:a1:ef:8b:34:10:a0:
                    4d:c2:2d:8f:9e:24:c5:67:66:0b:d7:0f:e4:84:c4:
                    f1:3b:8d:e2:46:0e:a0:06:28:fc:a1:36:29:ea:8d:
                    7b:bc:6d:fd:eb:7a:76:7b:3e:9c:b9:f4:3b:2d:dc:
                    83:84:56:a3:e5:77:57:ab:fe:3d:98:ff:83:6d:4f:
                    8a:3b:a7:26:14:50:35:d1:82:ce:18:8d:c6:f4:29:
                    0c:07:4b:54:71:2d:9e:8a:e0:11:93:00:b3:2d:96:
                    87:35:a5:0b:96:81:28:0a:12:3b:c6:aa:5a:64:37:
                    d1:ec:3b:dd:89:8b:c3:57:f3:46:10:69:04:cc:0f:
                    8a:62:77:d6:e5:48:21:f4:88:f7:c7:b8:2e:29:f6:
                    a1:bb:0a:e6:fe:0f:ff:ef:2d:33:7c:73:d1:a7:f4:
                    2c:2b:ff:8c:3b:32:66:b4:a2:7a:c3:d2:62:9c:8c:
                    8a:5a:57:b8:6d:80:56:82:3a:b6:b7:3a:c3:28:72:
                    1f:db:ce:49:25:d1:32:90:39:26:42:9b:57:d4:ac:
                    40:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A7:41:D1:2E:A9:A4:99:84:08:55:D5:5B:62:01:C2:DF:F7:D7:A8:28
            X509v3 Authority Key Identifier:
                keyid:16:7C:3B:22:17:75:FE:C0:50:39:46:81:50:CE:81:47:56:AC:6F:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/3B43C7FCF36511EE833F807DC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.84.77.0-103.84.79.255
                  116.96.0.0-116.97.183.255
                  116.97.192.0-116.103.103.255
                  116.103.112.0-116.111.175.255
                  116.111.184.0/21
                  125.214.32.0-125.214.34.255
                  125.214.36.0-125.214.42.255
                  125.214.44.0-125.214.46.255
                  203.190.166.0-203.190.169.255
                  203.190.174.0/24

    Signature Algorithm: sha256WithRSAEncryption
         42:5a:60:a9:c4:fd:ef:ce:96:ec:c0:e8:c9:6b:9c:67:33:78:
         dc:04:3d:ae:67:8d:a2:7b:ee:7b:7f:3a:08:f5:23:1f:4b:e5:
         43:af:8e:2b:54:ab:da:2b:c3:4e:95:6f:38:7b:5e:2a:d7:72:
         07:69:6e:4b:fa:d8:df:d0:5a:4b:e4:03:27:18:9b:ba:6c:52:
         d9:0b:34:0b:b0:bf:f8:3c:53:bf:84:20:4c:6e:52:cb:79:07:
         17:a7:34:af:05:ac:32:ec:ce:85:75:c6:3b:57:a5:f5:e9:15:
         22:ae:19:8b:d0:88:8c:db:76:6e:84:5c:4b:f9:d9:f9:92:e7:
         c5:c8:be:8b:b2:53:6f:bb:37:c4:9a:f2:99:a3:9d:80:ee:ad:
         c0:18:9d:09:ee:d0:34:bf:da:34:f3:97:1f:8c:4c:69:3d:d5:
         54:c7:bc:ef:2d:22:da:1d:ec:84:8c:ca:ab:53:ad:a8:8f:f9:
         99:ac:17:d7:b6:4c:fa:7d:4b:be:97:74:6e:98:29:94:a6:0c:
         a4:b8:1d:0e:61:4d:b8:37:a1:bb:f0:38:2c:8d:cc:d1:fa:ef:
         77:33:6f:91:d1:c6:b4:1a:a7:34:19:50:21:39:75:d6:7f:b4:
         06:6a:1b:4a:45:61:30:d7:a2:65:2c:90:c6:bf:a4:bf:74:1e:
         f0:81:43:3e
-----BEGIN CERTIFICATE-----
MIIF6jCCBNKgAwIBAgICQtcwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTU2MEExMTAvBgNVBAUTKDE2N0MzQjIyMTc3NUZFQzA1MDM5NDY4MTUwQ0U4MTQ3
NTZBQzZGMEEwHhcNMjQwNDA1MTkxMjQ1WhcNMjQxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjEwNGQyZC0xMDUyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAx8QuVtn05pJnKW6vhnZQibsoTqiuwulx4vyIfaxmTGcn+ZFaGz/tC7iY+cjJ
vLSThmj8Wg6h74s0EKBNwi2PniTFZ2YL1w/khMTxO43iRg6gBij8oTYp6o17vG39
63p2ez6cufQ7LdyDhFaj5XdXq/49mP+DbU+KO6cmFFA10YLOGI3G9CkMB0tUcS2e
iuARkwCzLZaHNaULloEoChI7xqpaZDfR7DvdiYvDV/NGEGkEzA+KYnfW5Ugh9Ij3
x7guKfahuwrm/g//7y0zfHPRp/QsK/+MOzJmtKJ6w9JinIyKWle4bYBWgjq2tzrD
KHIf285JJdEykDkmQptX1KxARwIDAQABo4IDDjCCAwowHQYDVR0OBBYEFKdB0S6p
pJmECFXVW2IBwt/316goMB8GA1UdIwQYMBaAFBZ8OyIXdf7AUDlGgVDOgUdWrG8K
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBNTYwQS9BQUVCMTkxQTFE
OEExMUUyQTM4N0QwRTQwOEIwMkNEMi9Gbnc3SWhkMV9zQlFPVWFCVU02QlIxYXNi
d28uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0ZudzdJaGQxX3NCUU9VYUJVTTZCUjFhc2J3by5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTU2MEEvQUFFQjE5MUExRDhBMTFFMkEzODdEMEU0MDhCMDJDRDIvM0I0M0M3RkNG
MzY1MTFFRTgzM0Y4MDdEQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgZcGCCsGAQUFBwEHAQH/
BIGHMIGEMIGBBAIAATB7MAwDBABnVE0DBARnVEAwCwMDBXRgAwQDdGGwMAwDBAZ0
YcADBAN0Z2AwDAMEBHRncAMEBHRvoAMEA3RvuDAMAwQFfdYgAwQAfdYiMAwDBAJ9
1iQDBAB91iowDAMEAn3WLAMEAH3WLjAMAwQBy76mAwQBy76oAwQAy76uMA0GCSqG
SIb3DQEBCwUAA4IBAQBCWmCpxP3vzpbswOjJa5xnM3jcBD2uZ42ie+57fzoI9SMf
S+VDr44rVKvaK8NOlW84e14q13IHaW5L+tjf0FpL5AMnGJu6bFLZCzQLsL/4PFO/
hCBMblLLeQcXpzSvBawy7M6FdcY7V6X16RUirhmL0IiM23ZuhFxL+dn5kufFyL6L
slNvuzfEmvKZo52A7q3AGJ0J7tA0v9o085cfjExpPdVUx7zvLSLaHeyEjMqrU62o
j/mZrBfXtkz6fUu+l3RumCmUpgykuB0OYU24N6G78DgsjczR+u93M2+R0ca0Gqc0
GVAhOXXWf7QGahtKRWEw16JlLJDGv6S/dB7wgUM+
-----END CERTIFICATE-----
Generated at Fri Jun 14 16:49:41 2024 by rpki-client on console-fra.rpki-client.org