Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/41C7DA1E037411EEB6D5D751C4F9AE02.roa
File:                     41C7DA1E037411EEB6D5D751C4F9AE02.roa (raw, json)
Hash identifier:          a26lnwkwEtzFUNc4yi+jrg/j6VzlMVJRG//Pc8YVb1M=
Subject key identifier:   06:C7:9F:8A:6E:29:B8:A7:AE:F7:C0:4F:4D:08:A9:C8:B6:21:14:83
Certificate issuer:       /CN=A91A560A/serialNumber=167C3B221775FEC05039468150CE814756AC6F0A
Certificate serial:       42E0
Authority key identifier: 16:7C:3B:22:17:75:FE:C0:50:39:46:81:50:CE:81:47:56:AC:6F:0A
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/41C7DA1E037411EEB6D5D751C4F9AE02.roa
Signing time:             Mon 08 Apr 2024 07:51:29 +0000
ROA not before:           Mon 08 Apr 2024 07:51:29 +0000
ROA not after:            Thu 31 Oct 2024 00:00:00 +0000
asID:                     149089
IP address blocks:        103.82.36.0/22 maxlen: 24
                          103.82.132.0/22 maxlen: 24
                          103.82.192.0/22 maxlen: 24
                          2407:5b40::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.crl
                          rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 22 Jun 2024 02:50:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 17120 (0x42e0)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91A560A/serialNumber=167C3B221775FEC05039468150CE814756AC6F0A
        Validity
            Not Before: Apr  8 07:51:29 2024 GMT
            Not After : Oct 31 00:00:00 2024 GMT
        Subject: CN=6613a201-6cb3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:44:e4:6f:0c:a7:84:5f:90:6a:19:d8:0e:ee:
                    a7:b2:ea:2c:ff:d8:38:eb:2c:92:cb:d2:bd:ae:b5:
                    e9:4a:1c:e8:68:86:92:51:fa:7a:21:32:94:05:4f:
                    95:c5:ac:1c:cb:25:bc:f7:78:b8:4c:0f:36:24:08:
                    b8:7d:65:b1:52:7f:92:0c:4b:5c:6a:92:9e:54:2c:
                    48:92:d2:8c:9f:40:8a:93:27:b1:4e:92:1e:f6:b5:
                    c1:17:cf:2a:33:53:8a:5a:e0:54:75:18:57:d8:e1:
                    ab:8c:9c:67:a7:d8:05:ab:36:31:2a:a5:7b:4f:6d:
                    31:54:4d:3b:9a:91:ee:8d:a2:fc:e8:1e:1f:e0:87:
                    5e:dd:fd:14:42:be:dd:32:b4:76:42:e3:9a:8d:ff:
                    5b:47:82:e7:3d:ec:d2:4f:44:40:b7:7d:c9:9a:d9:
                    a8:8a:c7:c7:ee:51:d6:8a:2a:37:43:54:19:ae:74:
                    47:12:6f:f5:45:9b:f5:c2:5b:21:2e:22:c5:49:5a:
                    0f:92:0b:62:84:c8:95:57:72:30:3a:2c:c9:c6:7f:
                    51:3a:c0:c0:0c:34:81:d6:d9:13:ca:49:59:74:66:
                    ee:c0:13:47:a1:4a:ec:6d:7b:f9:f6:77:02:13:77:
                    ff:72:96:ac:95:6b:ae:8b:15:3b:8d:8c:6c:5d:d2:
                    73:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                06:C7:9F:8A:6E:29:B8:A7:AE:F7:C0:4F:4D:08:A9:C8:B6:21:14:83
            X509v3 Authority Key Identifier:
                keyid:16:7C:3B:22:17:75:FE:C0:50:39:46:81:50:CE:81:47:56:AC:6F:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/41C7DA1E037411EEB6D5D751C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.82.36.0/22
                  103.82.132.0/22
                  103.82.192.0/22
                IPv6:
                  2407:5b40::/48

    Signature Algorithm: sha256WithRSAEncryption
         57:2e:02:93:31:5c:0c:33:9c:a5:76:53:fd:57:07:9e:51:c3:
         98:39:69:4a:ca:2c:80:75:cf:8f:97:91:bf:fe:3a:ff:62:cd:
         49:99:2a:c8:07:be:9e:15:6d:10:80:62:c9:96:dd:d6:47:02:
         3b:a0:d1:9a:5a:6c:80:1d:70:c4:b3:b3:9f:37:4d:11:54:de:
         ad:72:62:47:58:ca:9b:e7:cf:97:fa:39:cb:fa:2f:fb:b4:43:
         54:7f:8b:fd:5e:70:a4:88:18:78:37:41:98:6a:66:e8:81:73:
         9e:6d:92:9e:18:47:9d:7f:e1:d9:6a:ee:24:23:00:62:df:8e:
         62:d8:7f:0b:b2:04:a6:f4:d2:2a:4c:2a:6f:c0:bc:2b:c7:71:
         2d:96:7e:4c:52:6c:8c:94:9c:5a:ca:f6:41:9d:86:01:55:87:
         d3:a3:38:b1:ba:ea:d5:08:53:ef:fb:4e:8b:b6:ec:10:37:fd:
         00:82:0f:26:ec:51:51:9b:98:ad:60:95:0d:73:77:3a:26:67:
         9d:6b:c5:2d:84:a2:c5:ed:01:87:23:82:51:27:e5:ba:5a:fa:
         2e:1d:60:d8:56:54:5c:a2:72:32:ed:ad:2f:e3:b6:15:98:c8:
         67:5b:aa:33:c1:12:28:db:a0:11:82:08:f9:7c:21:db:05:a4:
         df:9a:fd:ff
-----BEGIN CERTIFICATE-----
MIIFjjCCBHagAwIBAgICQuAwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTU2MEExMTAvBgNVBAUTKDE2N0MzQjIyMTc3NUZFQzA1MDM5NDY4MTUwQ0U4MTQ3
NTZBQzZGMEEwHhcNMjQwNDA4MDc1MTI5WhcNMjQxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjEzYTIwMS02Y2IzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAsUTkbwynhF+QahnYDu6nsuos/9g46yySy9K9rrXpShzoaIaSUfp6ITKUBU+V
xawcyyW893i4TA82JAi4fWWxUn+SDEtcapKeVCxIktKMn0CKkyexTpIe9rXBF88q
M1OKWuBUdRhX2OGrjJxnp9gFqzYxKqV7T20xVE07mpHujaL86B4f4Ide3f0UQr7d
MrR2QuOajf9bR4LnPezST0RAt33JmtmoisfH7lHWiio3Q1QZrnRHEm/1RZv1wlsh
LiLFSVoPkgtihMiVV3IwOizJxn9ROsDADDSB1tkTyklZdGbuwBNHoUrsbXv59ncC
E3f/cpaslWuuixU7jYxsXdJzXwIDAQABo4ICsjCCAq4wHQYDVR0OBBYEFAbHn4pu
KbinrvfAT00Iqci2IRSDMB8GA1UdIwQYMBaAFBZ8OyIXdf7AUDlGgVDOgUdWrG8K
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBNTYwQS9BQUVCMTkxQTFE
OEExMUUyQTM4N0QwRTQwOEIwMkNEMi9Gbnc3SWhkMV9zQlFPVWFCVU02QlIxYXNi
d28uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0ZudzdJaGQxX3NCUU9VYUJVTTZCUjFhc2J3by5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTU2MEEvQUFFQjE5MUExRDhBMTFFMkEzODdEMEU0MDhCMDJDRDIvNDFDN0RBMUUw
Mzc0MTFFRUI2RDVENzUxQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwPAYIKwYBBQUHAQcBAf8E
LTArMBgEAgABMBIDBAJnUiQDBAJnUoQDBAJnUsAwDwQCAAIwCQMHACQHW0AAADAN
BgkqhkiG9w0BAQsFAAOCAQEAVy4CkzFcDDOcpXZT/VcHnlHDmDlpSsosgHXPj5eR
v/46/2LNSZkqyAe+nhVtEIBiyZbd1kcCO6DRmlpsgB1wxLOznzdNEVTerXJiR1jK
m+fPl/o5y/ov+7RDVH+L/V5wpIgYeDdBmGpm6IFznm2SnhhHnX/h2WruJCMAYt+O
Yth/C7IEpvTSKkwqb8C8K8dxLZZ+TFJsjJScWsr2QZ2GAVWH06M4sbrq1QhT7/tO
i7bsEDf9AIIPJuxRUZuYrWCVDXN3OiZnnWvFLYSixe0BhyOCUSflulr6Lh1g2FZU
XKJyMu2tL+O2FZjIZ1uqM8ESKNugEYII+Xwh2wWk35r9/w==
-----END CERTIFICATE-----
Generated at Sat Jun 15 06:34:16 2024 by rpki-client on console-ams.rpki-client.org