Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91AE9CC/140E527C3A8911E59E802362C4F9AE02/3A73B3A254EB11E7A50F9822C4F9AE02.roa
File:                     3A73B3A254EB11E7A50F9822C4F9AE02.roa (raw, json)
Hash identifier:          VpHAZdWeijuNJKWvKLj0k1xE9YF+5hfOXRYAI6729SM=
Subject key identifier:   7E:A0:34:38:D0:78:C5:22:4A:16:19:F0:2C:9C:D4:7D:22:27:BC:24
Certificate issuer:       /CN=A91AE9CC/serialNumber=614D88C4318754EE33C012A64C542B39EA04D4E1
Certificate serial:       2416
Authority key identifier: 61:4D:88:C4:31:87:54:EE:33:C0:12:A6:4C:54:2B:39:EA:04:D4:E1
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/YU2IxDGHVO4zwBKmTFQrOeoE1OE.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91AE9CC/140E527C3A8911E59E802362C4F9AE02/3A73B3A254EB11E7A50F9822C4F9AE02.roa
Signing time:             Fri 14 Jun 2024 16:14:59 +0000
ROA not before:           Fri 14 Jun 2024 16:14:59 +0000
ROA not after:            Sun 31 Aug 2025 00:00:00 +0000
asID:                     59370
IP address blocks:        103.233.56.0/22 maxlen: 23
                          2401:2b80::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91AE9CC/140E527C3A8911E59E802362C4F9AE02/YU2IxDGHVO4zwBKmTFQrOeoE1OE.crl
                          rsync://rpki.apnic.net/member_repository/A91AE9CC/140E527C3A8911E59E802362C4F9AE02/YU2IxDGHVO4zwBKmTFQrOeoE1OE.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/YU2IxDGHVO4zwBKmTFQrOeoE1OE.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 21 Jun 2024 14:54:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 9238 (0x2416)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91AE9CC/serialNumber=614D88C4318754EE33C012A64C542B39EA04D4E1
        Validity
            Not Before: Jun 14 16:14:59 2024 GMT
            Not After : Aug 31 00:00:00 2025 GMT
        Subject: CN=666c6c83-0871
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:c3:63:c1:bf:80:ae:bd:dd:f0:ea:0e:ad:a9:
                    7d:38:f5:4c:70:5c:84:c1:18:1a:3b:17:a6:f6:d3:
                    a0:ac:eb:a7:63:b0:56:1c:2c:7d:b6:9f:8f:ac:98:
                    80:16:1d:e5:ba:6e:35:93:b6:99:19:f5:12:fe:af:
                    c3:4a:c9:2d:8c:d6:6c:58:a2:53:98:6c:1e:5c:9b:
                    97:af:d1:dd:c9:64:4f:97:a6:01:2a:84:8a:6f:05:
                    c7:e0:35:55:9c:0e:8f:71:a0:75:c1:de:aa:33:fd:
                    c9:6f:3b:7f:26:f8:29:0e:d4:be:5d:de:2b:e6:27:
                    e3:39:f5:8a:c7:ae:d7:a6:6e:3d:4f:b6:98:a6:45:
                    64:85:8d:d8:24:d2:55:9f:6b:e3:a3:bf:9e:3f:85:
                    8a:5f:55:85:a4:ba:21:af:90:b3:f9:73:21:9d:0b:
                    c1:0f:fc:4b:02:05:a5:bb:13:5b:09:6e:dd:b7:c8:
                    f6:a6:f4:bc:0c:00:d8:fc:16:11:66:19:7e:55:b9:
                    5c:06:df:99:00:bd:11:f7:50:6e:7d:d3:af:34:cc:
                    8f:b3:dc:3f:b9:65:d7:d9:ce:4f:e4:8e:b3:4b:07:
                    ac:4f:09:a8:7d:9b:10:86:5c:59:b0:b2:cb:00:e4:
                    32:0a:63:ad:0f:55:e6:38:fd:87:3f:96:0d:d1:5b:
                    b4:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7E:A0:34:38:D0:78:C5:22:4A:16:19:F0:2C:9C:D4:7D:22:27:BC:24
            X509v3 Authority Key Identifier:
                keyid:61:4D:88:C4:31:87:54:EE:33:C0:12:A6:4C:54:2B:39:EA:04:D4:E1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91AE9CC/140E527C3A8911E59E802362C4F9AE02/YU2IxDGHVO4zwBKmTFQrOeoE1OE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/YU2IxDGHVO4zwBKmTFQrOeoE1OE.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91AE9CC/140E527C3A8911E59E802362C4F9AE02/3A73B3A254EB11E7A50F9822C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.233.56.0/22
                IPv6:
                  2401:2b80::/32

    Signature Algorithm: sha256WithRSAEncryption
         7f:c3:6f:cc:43:25:f3:24:f6:66:d1:d2:31:65:ac:07:25:a5:
         37:4f:fa:3b:b2:e9:84:88:10:19:79:ed:6c:76:c9:26:b9:81:
         51:16:80:6b:ad:ed:16:7e:c6:64:3d:36:8f:60:2d:d7:0c:61:
         eb:a9:15:42:e4:0c:d3:a3:82:6d:a3:e1:8b:22:d6:5f:01:22:
         4e:1c:9d:e6:9d:16:7f:f6:a0:35:fd:47:fc:fe:4a:43:1e:b6:
         eb:41:6e:dd:de:65:ee:18:b9:ca:dc:49:bd:d4:69:26:e8:7f:
         b1:a9:67:83:77:e1:89:1c:b4:ab:88:11:ce:e6:34:e5:d9:53:
         6c:e9:d2:e4:6f:43:60:bd:67:25:b2:86:e0:92:55:78:31:a4:
         43:8e:8c:65:fd:01:f7:11:6c:9c:17:99:ee:b9:75:af:ea:2b:
         69:73:a8:e6:bc:45:ee:63:97:34:f1:1a:82:31:4b:64:a1:9d:
         8e:70:de:68:69:56:39:82:ad:4e:a3:3e:8f:20:3e:67:57:6a:
         76:84:e4:59:4a:25:41:cc:2f:83:83:7c:d4:e9:d5:28:58:6b:
         6a:cb:3c:2d:ad:a2:4d:a5:e9:e9:7f:69:a3:34:32:83:88:3d:
         df:2b:9a:60:c6:05:89:6a:1d:6c:27:50:b0:80:ca:f9:5e:2f:
         90:f6:01:57
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICJBYwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QUU5Q0MxMTAvBgNVBAUTKDYxNEQ4OEM0MzE4NzU0RUUzM0MwMTJBNjRDNTQyQjM5
RUEwNEQ0RTEwHhcNMjQwNjE0MTYxNDU5WhcNMjUwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjZjNmM4My0wODcxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAyMNjwb+Arr3d8OoOral9OPVMcFyEwRgaOxem9tOgrOunY7BWHCx9tp+PrJiA
Fh3lum41k7aZGfUS/q/DSsktjNZsWKJTmGweXJuXr9HdyWRPl6YBKoSKbwXH4DVV
nA6PcaB1wd6qM/3Jbzt/JvgpDtS+Xd4r5ifjOfWKx67Xpm49T7aYpkVkhY3YJNJV
n2vjo7+eP4WKX1WFpLohr5Cz+XMhnQvBD/xLAgWluxNbCW7dt8j2pvS8DADY/BYR
Zhl+VblcBt+ZAL0R91BufdOvNMyPs9w/uWXX2c5P5I6zSwesTwmofZsQhlxZsLLL
AOQyCmOtD1XmOP2HP5YN0Vu02wIDAQABo4ICpDCCAqAwHQYDVR0OBBYEFH6gNDjQ
eMUiShYZ8Cyc1H0iJ7wkMB8GA1UdIwQYMBaAFGFNiMQxh1TuM8ASpkxUKznqBNTh
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBRTlDQy8xNDBFNTI3QzNB
ODkxMUU1OUU4MDIzNjJDNEY5QUUwMi9ZVTJJeERHSFZPNHp3QkttVEZRck9lb0Ux
T0UuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1lVMkl4REdIVk80endCS21URlFyT2VvRTFPRS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QUU5Q0MvMTQwRTUyN0MzQTg5MTFFNTlFODAyMzYyQzRGOUFFMDIvM0E3M0IzQTI1
NEVCMTFFN0E1MEY5ODIyQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLgYIKwYBBQUHAQcBAf8E
HzAdMAwEAgABMAYDBAJn6TgwDQQCAAIwBwMFACQBK4AwDQYJKoZIhvcNAQELBQAD
ggEBAH/Db8xDJfMk9mbR0jFlrAclpTdP+juy6YSIEBl57Wx2ySa5gVEWgGut7RZ+
xmQ9No9gLdcMYeupFULkDNOjgm2j4Ysi1l8BIk4cneadFn/2oDX9R/z+SkMetutB
bt3eZe4YucrcSb3UaSbof7GpZ4N34YkctKuIEc7mNOXZU2zp0uRvQ2C9ZyWyhuCS
VXgxpEOOjGX9AfcRbJwXme65da/qK2lzqOa8Re5jlzTxGoIxS2ShnY5w3mhpVjmC
rU6jPo8gPmdXanaE5FlKJUHML4ODfNTp1ShYa2rLPC2tok2l6el/aaM0MoOIPd8r
mmDGBYlqHWwnULCAyvleL5D2AVc=
-----END CERTIFICATE-----
Generated at Fri Jun 14 16:49:42 2024 by rpki-client on console-fra.rpki-client.org