Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/505FA2389AEC11EC9C828D20C4F9AE02.roa
File:                     505FA2389AEC11EC9C828D20C4F9AE02.roa (raw, json)
Hash identifier:          MzcAHz1ZKnmzOCtvzsvffb7UYshuMO9XnSZX1QKFp9s=
Subject key identifier:   D6:BF:2F:88:4C:79:44:A3:4A:CD:D2:6E:39:AF:DA:F8:27:14:3C:30
Certificate issuer:       /CN=A91A560A/serialNumber=167C3B221775FEC05039468150CE814756AC6F0A
Certificate serial:       3EFB
Authority key identifier: 16:7C:3B:22:17:75:FE:C0:50:39:46:81:50:CE:81:47:56:AC:6F:0A
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/505FA2389AEC11EC9C828D20C4F9AE02.roa
Signing time:             Tue 12 Sep 2023 02:43:31 +0000
ROA not before:           Tue 12 Sep 2023 02:43:31 +0000
ROA not after:            Thu 31 Oct 2024 00:00:00 +0000
asID:                     38247
IP address blocks:        59.153.212.0/22 maxlen: 24
                          103.19.96.0/22 maxlen: 24
                          103.23.156.0/22 maxlen: 24
                          103.249.20.0/22 maxlen: 24
                          202.79.232.0/21 maxlen: 24
                          203.160.96.0/21 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.crl
                          rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 21 Jun 2024 14:37:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 16123 (0x3efb)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91A560A/serialNumber=167C3B221775FEC05039468150CE814756AC6F0A
        Validity
            Not Before: Sep 12 02:43:31 2023 GMT
            Not After : Oct 31 00:00:00 2024 GMT
        Subject: CN=64ffd052-92da
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:06:3c:68:06:2c:3d:0f:22:10:43:19:00:41:
                    f1:d1:26:07:1c:f1:b3:20:bd:af:a9:df:cf:54:99:
                    3d:55:da:73:88:ef:59:80:83:af:1d:ec:d9:d3:8f:
                    05:2b:d1:aa:ee:88:fc:67:64:24:16:ad:51:a0:c6:
                    91:6a:aa:5c:52:b6:2f:2c:75:02:47:ee:4b:23:dd:
                    93:85:cd:fc:dd:19:04:69:7a:71:d9:c9:95:6a:dc:
                    49:d2:e8:c9:46:07:41:c0:11:33:e0:be:bd:bb:e7:
                    1f:a6:d2:ab:9f:de:ac:ad:cb:00:5e:bc:f4:8a:9f:
                    e3:c9:a2:1f:9f:c3:25:26:09:9d:c2:7e:5e:47:0a:
                    94:13:1e:ab:b4:c2:66:35:36:54:b1:96:36:d4:e9:
                    a6:29:bf:49:c1:ce:30:29:e1:44:da:1e:49:89:db:
                    1d:70:c0:3b:95:40:d6:c2:a7:07:64:2f:f1:10:23:
                    d3:3b:57:ca:46:19:8b:b2:ed:4e:c8:51:e3:ba:64:
                    3d:79:93:73:bf:df:f3:9a:94:94:ca:d1:c4:e0:bd:
                    23:ef:6d:28:c7:34:4c:19:a4:57:b8:80:6f:b3:81:
                    3a:f9:a4:c5:78:d6:46:a2:ba:5b:b1:67:e7:68:35:
                    19:24:87:30:7a:ca:3e:ec:77:67:c5:ca:3a:e3:0d:
                    ed:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:BF:2F:88:4C:79:44:A3:4A:CD:D2:6E:39:AF:DA:F8:27:14:3C:30
            X509v3 Authority Key Identifier:
                keyid:16:7C:3B:22:17:75:FE:C0:50:39:46:81:50:CE:81:47:56:AC:6F:0A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Fnw7Ihd1_sBQOUaBUM6BR1asbwo.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A560A/AAEB191A1D8A11E2A387D0E408B02CD2/505FA2389AEC11EC9C828D20C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  59.153.212.0/22
                  103.19.96.0/22
                  103.23.156.0/22
                  103.249.20.0/22
                  202.79.232.0/21
                  203.160.96.0/21

    Signature Algorithm: sha256WithRSAEncryption
         af:77:2b:d9:e3:0c:eb:a6:b5:69:45:e6:1a:11:1c:d9:fc:b9:
         d2:23:4c:fd:78:27:3c:5a:09:9b:ab:7f:6e:a9:70:fc:05:fa:
         72:cb:ee:b7:e5:fd:3b:36:40:a3:bc:e5:db:93:d2:e1:da:e6:
         24:f6:10:6e:e4:e1:35:5e:d6:81:ec:e6:a2:d3:3c:64:f0:27:
         9a:8d:5b:f0:37:75:cc:df:ef:b5:b3:df:af:41:db:f7:4d:79:
         27:51:63:9f:5c:0a:7e:71:98:74:68:50:ba:00:51:8e:b6:03:
         68:8a:a1:0c:e8:28:91:f8:51:46:dc:98:50:b0:c9:1b:70:f9:
         0e:7d:24:81:8d:41:3e:6b:0f:ba:e9:32:13:a6:6f:0a:ed:21:
         c2:ff:3d:97:68:cb:fe:e9:cc:9d:53:03:41:9b:c0:7f:29:90:
         37:06:1f:dc:aa:95:76:a8:05:00:1b:c9:c4:42:5c:a2:6e:2f:
         cf:d0:e9:ca:3b:97:1c:33:1b:fd:38:52:8f:45:de:99:2e:3c:
         00:f0:35:36:58:67:7f:e2:60:0f:ca:c4:d6:5d:ab:32:c9:96:
         31:5f:18:4b:34:8c:5b:e5:1e:87:0c:60:87:6f:4e:b6:50:c0:
         ca:8d:2c:14:32:75:c7:7d:d0:56:13:ee:a3:4d:f6:b1:7e:c8:
         cc:7f:09:1f
-----BEGIN CERTIFICATE-----
MIIFjzCCBHegAwIBAgICPvswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTU2MEExMTAvBgNVBAUTKDE2N0MzQjIyMTc3NUZFQzA1MDM5NDY4MTUwQ0U4MTQ3
NTZBQzZGMEEwHhcNMjMwOTEyMDI0MzMxWhcNMjQxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NGZmZDA1Mi05MmRhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAtQY8aAYsPQ8iEEMZAEHx0SYHHPGzIL2vqd/PVJk9VdpziO9ZgIOvHezZ048F
K9Gq7oj8Z2QkFq1RoMaRaqpcUrYvLHUCR+5LI92Thc383RkEaXpx2cmVatxJ0ujJ
RgdBwBEz4L69u+cfptKrn96srcsAXrz0ip/jyaIfn8MlJgmdwn5eRwqUEx6rtMJm
NTZUsZY21OmmKb9Jwc4wKeFE2h5JidsdcMA7lUDWwqcHZC/xECPTO1fKRhmLsu1O
yFHjumQ9eZNzv9/zmpSUytHE4L0j720oxzRMGaRXuIBvs4E6+aTFeNZGorpbsWfn
aDUZJIcweso+7Hdnxco64w3t3QIDAQABo4ICszCCAq8wHQYDVR0OBBYEFNa/L4hM
eUSjSs3Sbjmv2vgnFDwwMB8GA1UdIwQYMBaAFBZ8OyIXdf7AUDlGgVDOgUdWrG8K
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBNTYwQS9BQUVCMTkxQTFE
OEExMUUyQTM4N0QwRTQwOEIwMkNEMi9Gbnc3SWhkMV9zQlFPVWFCVU02QlIxYXNi
d28uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0ZudzdJaGQxX3NCUU9VYUJVTTZCUjFhc2J3by5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTU2MEEvQUFFQjE5MUExRDhBMTFFMkEzODdEMEU0MDhCMDJDRDIvNTA1RkEyMzg5
QUVDMTFFQzlDODI4RDIwQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwPQYIKwYBBQUHAQcBAf8E
LjAsMCoEAgABMCQDBAI7mdQDBAJnE2ADBAJnF5wDBAJn+RQDBAPKT+gDBAPLoGAw
DQYJKoZIhvcNAQELBQADggEBAK93K9njDOumtWlF5hoRHNn8udIjTP14JzxaCZur
f26pcPwF+nLL7rfl/Ts2QKO85duT0uHa5iT2EG7k4TVe1oHs5qLTPGTwJ5qNW/A3
dczf77Wz369B2/dNeSdRY59cCn5xmHRoULoAUY62A2iKoQzoKJH4UUbcmFCwyRtw
+Q59JIGNQT5rD7rpMhOmbwrtIcL/PZdoy/7pzJ1TA0GbwH8pkDcGH9yqlXaoBQAb
ycRCXKJuL8/Q6co7lxwzG/04Uo9F3pkuPADwNTZYZ3/iYA/KxNZdqzLJljFfGEs0
jFvlHocMYIdvTrZQwMqNLBQydcd90FYT7qNN9rF+yMx/CR8=
-----END CERTIFICATE-----
Generated at Fri Jun 14 16:49:41 2024 by rpki-client on console-fra.rpki-client.org