Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91A8666/623CD6E484F311EAB1FBBB18C4F9AE02/CE7DA91A8C0911EAAFF6CD27C4F9AE02.roa
File:                     CE7DA91A8C0911EAAFF6CD27C4F9AE02.roa (raw, json)
Hash identifier:          Q5obTQjwhx08MlU24mGh4MlMfXOpa3C7cJfd8GFAt6k=
Subject key identifier:   B7:16:BC:22:12:CE:42:A4:CD:04:DF:5F:8D:9F:DD:81:23:96:C9:13
Certificate issuer:       /CN=A91A8666/serialNumber=32843384FAE6AF6C3176E1DF74E90881D6D97592
Certificate serial:       0893
Authority key identifier: 32:84:33:84:FA:E6:AF:6C:31:76:E1:DF:74:E9:08:81:D6:D9:75:92
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/MoQzhPrmr2wxduHfdOkIgdbZdZI.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91A8666/623CD6E484F311EAB1FBBB18C4F9AE02/CE7DA91A8C0911EAAFF6CD27C4F9AE02.roa
Signing time:             Fri 20 Oct 2023 20:49:24 +0000
ROA not before:           Fri 20 Oct 2023 20:49:23 +0000
ROA not after:            Mon 30 Dec 2024 00:00:00 +0000
asID:                     14618
IP address blocks:        203.210.75.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91A8666/623CD6E484F311EAB1FBBB18C4F9AE02/MoQzhPrmr2wxduHfdOkIgdbZdZI.crl
                          rsync://rpki.apnic.net/member_repository/A91A8666/623CD6E484F311EAB1FBBB18C4F9AE02/MoQzhPrmr2wxduHfdOkIgdbZdZI.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/MoQzhPrmr2wxduHfdOkIgdbZdZI.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 02 Apr 2024 21:14:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2195 (0x893)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91A8666/serialNumber=32843384FAE6AF6C3176E1DF74E90881D6D97592
        Validity
            Not Before: Oct 20 20:49:23 2023 GMT
            Not After : Dec 30 00:00:00 2024 GMT
        Subject: CN=6532e7d3-2cea
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:7e:4a:e6:f7:51:ff:17:43:fd:5c:99:b6:af:
                    7f:b1:0a:ff:c1:2e:99:fe:ea:68:58:56:9d:31:67:
                    08:e8:46:3c:3c:ac:cb:cf:9a:7a:e1:f1:2e:ec:dc:
                    eb:7a:3d:c4:91:72:25:43:c5:b5:01:bd:36:e3:15:
                    b6:30:d2:79:b5:bd:f7:41:4f:2d:07:3d:06:a1:a1:
                    6b:88:f3:5b:cf:76:67:1d:4f:3e:92:3b:35:ee:d0:
                    8d:ee:d4:bc:31:61:27:37:58:10:d7:5f:62:77:b8:
                    34:3f:4d:50:35:d7:dc:ca:32:b0:7a:5f:20:24:08:
                    b6:47:3e:0d:ab:07:5c:12:69:8e:b1:ee:26:d2:4e:
                    fa:60:83:70:22:32:fe:be:61:f9:f7:22:1e:44:f4:
                    30:49:ab:16:20:e1:0a:c6:cb:c6:cd:6a:e3:07:2e:
                    87:d8:aa:72:f6:1f:76:f4:8c:71:30:0c:b3:f3:ff:
                    d1:a8:65:67:9e:3c:8f:07:e4:39:e2:1e:9d:47:ec:
                    fc:df:da:bd:ab:1f:64:9c:40:46:24:f9:2c:66:9f:
                    31:4c:89:b0:e0:5a:da:c1:42:9f:41:e0:c2:c1:b5:
                    75:cc:38:0a:01:1b:d6:3b:b6:cb:f2:30:37:25:0e:
                    a5:8f:a8:ce:2f:1e:16:6e:ed:7d:c3:ee:90:f0:ff:
                    a6:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:16:BC:22:12:CE:42:A4:CD:04:DF:5F:8D:9F:DD:81:23:96:C9:13
            X509v3 Authority Key Identifier:
                keyid:32:84:33:84:FA:E6:AF:6C:31:76:E1:DF:74:E9:08:81:D6:D9:75:92

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91A8666/623CD6E484F311EAB1FBBB18C4F9AE02/MoQzhPrmr2wxduHfdOkIgdbZdZI.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/MoQzhPrmr2wxduHfdOkIgdbZdZI.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A8666/623CD6E484F311EAB1FBBB18C4F9AE02/CE7DA91A8C0911EAAFF6CD27C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.210.75.0/24

    Signature Algorithm: sha256WithRSAEncryption
         69:a2:d8:22:54:fd:dc:92:70:3c:25:30:41:d5:7a:23:b7:19:
         a9:af:09:71:d2:36:fe:1f:6b:88:30:eb:46:fe:58:32:bd:1a:
         3e:3d:af:72:81:98:2e:ae:51:a0:64:a0:50:bf:f7:ad:64:98:
         ab:6e:6f:db:9b:17:81:7e:88:8f:f2:f4:a9:1f:b9:60:45:b6:
         c7:f0:12:72:a4:59:26:38:f0:4a:51:52:30:70:53:24:13:c5:
         12:92:6e:dd:09:94:1b:0e:91:83:c0:48:5b:e6:a1:64:08:1a:
         35:d5:98:a9:1c:f4:67:a5:2d:10:4c:d5:2a:dc:04:5e:de:d1:
         5b:4c:02:3a:41:c9:0b:71:51:bc:32:fc:3f:1d:e0:d3:1e:5b:
         2d:65:6c:4c:82:21:4a:7c:1d:d3:1b:de:d1:ba:cf:31:b9:28:
         80:9c:d6:21:0a:c4:34:af:2e:9a:97:49:d9:6c:8c:b9:93:3e:
         04:f7:dc:69:fe:69:c1:bb:cd:da:f3:b6:2d:7d:51:1a:db:79:
         e5:72:c2:9e:9b:5a:c5:cb:40:33:47:61:21:bc:55:a2:ec:f3:
         f2:63:0a:c5:55:96:89:6c:b1:09:f8:cc:63:29:9a:bf:ca:4a:
         29:9e:2d:3a:b1:69:a1:eb:df:c4:b7:6e:21:f7:f9:5c:00:a1:
         d6:35:e6:51
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICCJMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTg2NjYxMTAvBgNVBAUTKDMyODQzMzg0RkFFNkFGNkMzMTc2RTFERjc0RTkwODgx
RDZEOTc1OTIwHhcNMjMxMDIwMjA0OTIzWhcNMjQxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTMyZTdkMy0yY2VhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAyH5K5vdR/xdD/VyZtq9/sQr/wS6Z/upoWFadMWcI6EY8PKzLz5p64fEu7Nzr
ej3EkXIlQ8W1Ab024xW2MNJ5tb33QU8tBz0GoaFriPNbz3ZnHU8+kjs17tCN7tS8
MWEnN1gQ119id7g0P01QNdfcyjKwel8gJAi2Rz4NqwdcEmmOse4m0k76YINwIjL+
vmH59yIeRPQwSasWIOEKxsvGzWrjBy6H2Kpy9h929IxxMAyz8//RqGVnnjyPB+Q5
4h6dR+z839q9qx9knEBGJPksZp8xTImw4FrawUKfQeDCwbV1zDgKARvWO7bL8jA3
JQ6lj6jOLx4Wbu19w+6Q8P+m2wIDAQABo4IClTCCApEwHQYDVR0OBBYEFLcWvCIS
zkKkzQTfX42f3YEjlskTMB8GA1UdIwQYMBaAFDKEM4T65q9sMXbh33TpCIHW2XWS
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBODY2Ni82MjNDRDZFNDg0
RjMxMUVBQjFGQkJCMThDNEY5QUUwMi9Nb1F6aFBybXIyd3hkdUhmZE9rSWdkYlpk
WkkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL01vUXpoUHJtcjJ3eGR1SGZkT2tJZ2RiWmRaSS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTg2NjYvNjIzQ0Q2RTQ4NEYzMTFFQUIxRkJCQjE4QzRGOUFFMDIvQ0U3REE5MUE4
QzA5MTFFQUFGRjZDRDI3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADL0kswDQYJKoZIhvcNAQELBQADggEBAGmi2CJU/dyScDwl
MEHVeiO3GamvCXHSNv4fa4gw60b+WDK9Gj49r3KBmC6uUaBkoFC/961kmKtub9ub
F4F+iI/y9KkfuWBFtsfwEnKkWSY48EpRUjBwUyQTxRKSbt0JlBsOkYPASFvmoWQI
GjXVmKkc9GelLRBM1SrcBF7e0VtMAjpByQtxUbwy/D8d4NMeWy1lbEyCIUp8HdMb
3tG6zzG5KICc1iEKxDSvLpqXSdlsjLmTPgT33Gn+acG7zdrzti19URrbeeVywp6b
WsXLQDNHYSG8VaLs8/JjCsVVlolssQn4zGMpmr/KSimeLTqxaaHr38S3biH3+VwA
odY15lE=
-----END CERTIFICATE-----
Generated at Tue Mar 26 23:22:18 2024 by rpki-client on console-ams.rpki-client.org