Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91AB4BA/C73E18449C9E11ED91B7161DC4F9AE02/93E8AC909CA111ED97E7FC20C4F9AE02.roa
File:                     93E8AC909CA111ED97E7FC20C4F9AE02.roa (raw, json)
Hash identifier:          zju4K/C7v4F1RhA6Xn7FNtNsJOBeW7+E9YT9HJNBEfo=
Subject key identifier:   E2:6A:F3:1B:7E:3A:79:CD:DC:E4:60:1D:7D:F4:DC:10:38:F1:BD:DF
Certificate issuer:       /CN=A91AB4BA/serialNumber=83B6E7EA23BDC3A38D60B4FFA2EFF5A18F1DCD68
Certificate serial:       DC
Authority key identifier: 83:B6:E7:EA:23:BD:C3:A3:8D:60:B4:FF:A2:EF:F5:A1:8F:1D:CD:68
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/g7bn6iO9w6ONYLT_ou_1oY8dzWg.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91AB4BA/C73E18449C9E11ED91B7161DC4F9AE02/93E8AC909CA111ED97E7FC20C4F9AE02.roa
Signing time:             Thu 21 Mar 2024 05:27:40 +0000
ROA not before:           Thu 21 Mar 2024 05:27:40 +0000
ROA not after:            Wed 28 May 2025 00:00:00 +0000
asID:                     59323
IP address blocks:        103.111.160.0/23 maxlen: 23
                          103.111.160.0/24 maxlen: 24
                          103.111.161.0/24 maxlen: 24
                          103.226.216.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91AB4BA/C73E18449C9E11ED91B7161DC4F9AE02/g7bn6iO9w6ONYLT_ou_1oY8dzWg.crl
                          rsync://rpki.apnic.net/member_repository/A91AB4BA/C73E18449C9E11ED91B7161DC4F9AE02/g7bn6iO9w6ONYLT_ou_1oY8dzWg.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/g7bn6iO9w6ONYLT_ou_1oY8dzWg.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 30 Nov 2024 02:27:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 220 (0xdc)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91AB4BA/serialNumber=83B6E7EA23BDC3A38D60B4FFA2EFF5A18F1DCD68
        Validity
            Not Before: Mar 21 05:27:40 2024 GMT
            Not After : May 28 00:00:00 2025 GMT
        Subject: CN=65fbc54c-f612
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:be:2e:2d:ee:0e:80:c6:ef:2a:89:c1:71:c1:
                    b4:f2:d0:3e:03:52:4a:6f:5a:61:52:73:d4:ce:67:
                    90:c0:a0:6a:71:92:a4:52:91:6d:a1:67:c9:5c:9e:
                    70:af:e7:01:43:95:db:6b:82:a3:31:16:67:d6:9d:
                    71:c8:dd:33:5a:60:f3:dc:cc:5e:f3:1a:29:a8:c3:
                    b4:24:ad:96:5b:1f:cb:32:c9:1e:a4:9c:de:7b:c5:
                    c6:8b:f3:a1:ae:12:ae:18:c8:f3:7c:6f:c4:2d:48:
                    fd:f3:79:99:24:21:a9:cd:fa:12:64:10:b6:56:38:
                    58:6d:ef:a7:93:7a:88:91:8a:7b:f4:1d:a2:62:86:
                    1c:39:69:1e:0b:5a:37:57:79:87:e6:e4:6d:e6:e4:
                    ae:43:d3:40:4c:5e:82:7d:0a:2b:29:d9:0d:87:2e:
                    fc:a6:b8:72:4a:46:9a:3f:2a:e0:51:54:15:08:86:
                    cf:c7:08:72:64:62:e2:5f:19:4d:13:0c:b6:48:e0:
                    7d:8f:0e:5b:5b:92:dc:55:1c:d9:ee:17:ed:86:5c:
                    c4:38:19:6b:d3:c4:2e:26:74:cc:ae:81:7c:03:e3:
                    8e:43:fe:04:e4:db:f2:e8:88:84:e8:4c:58:a6:39:
                    fc:b2:06:b1:b8:fc:c8:1b:73:1b:b5:18:68:dc:aa:
                    5e:5f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:6A:F3:1B:7E:3A:79:CD:DC:E4:60:1D:7D:F4:DC:10:38:F1:BD:DF
            X509v3 Authority Key Identifier:
                keyid:83:B6:E7:EA:23:BD:C3:A3:8D:60:B4:FF:A2:EF:F5:A1:8F:1D:CD:68

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91AB4BA/C73E18449C9E11ED91B7161DC4F9AE02/g7bn6iO9w6ONYLT_ou_1oY8dzWg.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/g7bn6iO9w6ONYLT_ou_1oY8dzWg.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91AB4BA/C73E18449C9E11ED91B7161DC4F9AE02/93E8AC909CA111ED97E7FC20C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.111.160.0/23
                  103.226.216.0/23

    Signature Algorithm: sha256WithRSAEncryption
         23:1d:c3:61:74:32:e1:77:6b:07:30:d4:62:72:7e:f9:5b:fc:
         2e:a9:6a:b1:43:ca:65:32:2d:01:85:8d:60:58:47:9e:37:d4:
         d3:b7:84:f6:c9:40:4e:6e:79:4d:32:99:47:50:7b:fe:2a:49:
         0f:c2:77:e5:ec:1e:d1:72:c6:64:3f:30:d9:d9:f6:db:39:98:
         93:7c:7f:35:d5:b7:f4:5f:55:3b:15:4c:6a:64:9f:df:be:dc:
         89:2c:72:8f:63:8f:cc:e8:25:e3:76:f1:01:8b:a6:a4:76:16:
         2e:10:60:19:72:55:13:c6:e5:2d:ed:32:62:1a:56:8c:39:16:
         63:a5:d4:c4:80:e0:43:34:0e:b8:a2:ea:74:6d:68:1f:8d:3e:
         c0:ce:ff:a0:1d:02:b0:a9:28:bd:7c:65:6a:9d:73:f6:74:a2:
         74:5c:79:08:07:22:a1:e0:70:51:86:8a:72:f5:2b:c5:28:b5:
         7a:4f:89:5a:87:32:4c:c5:28:0b:8a:b7:3a:ae:49:1b:35:80:
         87:9c:13:b7:19:e4:95:43:6c:9e:fc:84:fc:0d:f8:8c:6a:9f:
         45:3a:a4:a9:11:e8:a8:cf:63:89:1c:41:43:63:be:79:8c:d5:
         30:67:6d:1d:43:72:64:dd:ab:49:b7:11:e2:dd:7f:fc:c3:41:
         0d:6b:d0:89
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICANwwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QUI0QkExMTAvBgNVBAUTKDgzQjZFN0VBMjNCREMzQTM4RDYwQjRGRkEyRUZGNUEx
OEYxRENENjgwHhcNMjQwMzIxMDUyNzQwWhcNMjUwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02NWZiYzU0Yy1mNjEyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA0L4uLe4OgMbvKonBccG08tA+A1JKb1phUnPUzmeQwKBqcZKkUpFtoWfJXJ5w
r+cBQ5Xba4KjMRZn1p1xyN0zWmDz3Mxe8xopqMO0JK2WWx/LMskepJzee8XGi/Oh
rhKuGMjzfG/ELUj983mZJCGpzfoSZBC2VjhYbe+nk3qIkYp79B2iYoYcOWkeC1o3
V3mH5uRt5uSuQ9NATF6CfQorKdkNhy78prhySkaaPyrgUVQVCIbPxwhyZGLiXxlN
Ewy2SOB9jw5bW5LcVRzZ7hfthlzEOBlr08QuJnTMroF8A+OOQ/4E5Nvy6IiE6ExY
pjn8sgaxuPzIG3MbtRho3KpeXwIDAQABo4ICmzCCApcwHQYDVR0OBBYEFOJq8xt+
OnnN3ORgHX303BA48b3fMB8GA1UdIwQYMBaAFIO25+ojvcOjjWC0/6Lv9aGPHc1o
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBQjRCQS9DNzNFMTg0NDlD
OUUxMUVEOTFCNzE2MURDNEY5QUUwMi9nN2JuNmlPOXc2T05ZTFRfb3VfMW9ZOGR6
V2cuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2c3Ym42aU85dzZPTllMVF9vdV8xb1k4ZHpXZy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QUI0QkEvQzczRTE4NDQ5QzlFMTFFRDkxQjcxNjFEQzRGOUFFMDIvOTNFOEFDOTA5
Q0ExMTFFRDk3RTdGQzIwQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBAFnb6ADBAFn4tgwDQYJKoZIhvcNAQELBQADggEBACMdw2F0
MuF3awcw1GJyfvlb/C6parFDymUyLQGFjWBYR5431NO3hPbJQE5ueU0ymUdQe/4q
SQ/Cd+XsHtFyxmQ/MNnZ9ts5mJN8fzXVt/RfVTsVTGpkn9++3Iksco9jj8zoJeN2
8QGLpqR2Fi4QYBlyVRPG5S3tMmIaVow5FmOl1MSA4EM0Drii6nRtaB+NPsDO/6Ad
ArCpKL18ZWqdc/Z0onRceQgHIqHgcFGGinL1K8UotXpPiVqHMkzFKAuKtzquSRs1
gIecE7cZ5JVDbJ78hPwN+Ixqn0U6pKkR6KjPY4kcQUNjvnmM1TBnbR1DcmTdq0m3
EeLdf/zDQQ1r0Ik=
-----END CERTIFICATE-----
Generated at Sat Nov 23 05:02:55 2024 by rpki-client on console-fra.rpki-client.org