Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91B7C0E/EE59E7F480F911EB985F433AC4F9AE02/6C42C95C0A0411EE9FEEAB44C4F9AE02.roa
File:                     6C42C95C0A0411EE9FEEAB44C4F9AE02.roa (raw, json)
Hash identifier:          2EoXxsF3YeIcHrteSRJc8SmsPXHgCaJXfP147EXJ8V8=
Subject key identifier:   1F:3C:20:FD:57:C8:1B:53:3E:33:FC:F0:B4:16:A9:F6:AD:69:8E:1F
Certificate issuer:       /CN=A91B7C0E/serialNumber=9FD2E866B1EB82277AB6F562FE32E08359B30165
Certificate serial:       05E8
Authority key identifier: 9F:D2:E8:66:B1:EB:82:27:7A:B6:F5:62:FE:32:E0:83:59:B3:01:65
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/n9LoZrHrgid6tvVi_jLgg1mzAWU.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91B7C0E/EE59E7F480F911EB985F433AC4F9AE02/6C42C95C0A0411EE9FEEAB44C4F9AE02.roa
Signing time:             Sat 15 Jun 2024 00:55:33 +0000
ROA not before:           Sat 15 Jun 2024 00:55:33 +0000
ROA not after:            Sun 31 Aug 2025 00:00:00 +0000
asID:                     51847
IP address blocks:        103.151.40.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91B7C0E/EE59E7F480F911EB985F433AC4F9AE02/n9LoZrHrgid6tvVi_jLgg1mzAWU.crl
                          rsync://rpki.apnic.net/member_repository/A91B7C0E/EE59E7F480F911EB985F433AC4F9AE02/n9LoZrHrgid6tvVi_jLgg1mzAWU.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/n9LoZrHrgid6tvVi_jLgg1mzAWU.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 23 Jun 2024 23:55:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1512 (0x5e8)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91B7C0E/serialNumber=9FD2E866B1EB82277AB6F562FE32E08359B30165
        Validity
            Not Before: Jun 15 00:55:33 2024 GMT
            Not After : Aug 31 00:00:00 2025 GMT
        Subject: CN=666ce685-a1a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:0b:b9:22:28:e7:44:83:ac:4e:91:a2:51:37:
                    32:ae:8b:c0:f7:c3:70:de:23:ef:1e:96:7d:3f:20:
                    7e:63:c0:57:ca:e0:75:08:72:85:29:b6:1e:7a:b3:
                    75:cd:9a:a0:a4:3d:87:92:f1:33:c5:c6:c3:ac:49:
                    8a:d8:df:44:73:6a:f3:6a:8d:1f:e1:cb:a4:09:8e:
                    61:e6:53:88:20:8b:a3:1f:61:6e:1f:7d:32:a6:2a:
                    31:e8:a8:ba:6b:e3:0c:4c:1d:a4:2c:7f:5b:26:cf:
                    e7:0a:7f:e2:15:d6:82:c1:e6:f3:f5:75:38:e4:6c:
                    e4:6f:d5:17:f7:1a:c2:1a:dd:86:14:59:44:fc:1e:
                    65:b7:c5:f4:f0:cb:54:8d:ea:60:2e:9b:1d:68:54:
                    1d:da:87:c2:ca:b0:59:9e:a7:48:44:90:f0:b6:b3:
                    fa:20:06:54:4b:62:42:67:af:00:55:9d:e0:f2:4e:
                    7d:d9:e2:0e:b1:60:c6:10:d6:d8:b8:39:fb:14:cf:
                    fe:9a:6f:90:5b:22:3f:55:51:ff:92:41:bd:5c:f8:
                    ca:c7:9e:36:4c:0a:e5:91:25:ff:3a:0d:e4:01:1e:
                    09:bd:35:45:8a:96:d5:95:41:44:db:17:36:03:1f:
                    be:0b:42:50:a0:39:2b:f1:49:d6:cf:60:76:aa:6a:
                    8a:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1F:3C:20:FD:57:C8:1B:53:3E:33:FC:F0:B4:16:A9:F6:AD:69:8E:1F
            X509v3 Authority Key Identifier:
                keyid:9F:D2:E8:66:B1:EB:82:27:7A:B6:F5:62:FE:32:E0:83:59:B3:01:65

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91B7C0E/EE59E7F480F911EB985F433AC4F9AE02/n9LoZrHrgid6tvVi_jLgg1mzAWU.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/n9LoZrHrgid6tvVi_jLgg1mzAWU.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B7C0E/EE59E7F480F911EB985F433AC4F9AE02/6C42C95C0A0411EE9FEEAB44C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.151.40.0/23

    Signature Algorithm: sha256WithRSAEncryption
         95:d3:df:bf:e4:32:c8:f8:40:64:42:3e:36:a6:18:93:9e:cb:
         b8:b2:22:a8:7b:07:8a:d4:8f:fe:f8:7e:aa:19:0c:1d:51:05:
         41:f4:d6:53:b4:d4:11:57:ed:2a:f6:eb:79:4b:15:1f:c9:ea:
         9a:4d:41:b1:b2:cd:07:34:a7:91:ea:05:d3:b2:a4:cf:b5:42:
         b4:d9:fb:a1:fe:95:c8:05:30:30:df:dc:5b:5d:28:46:88:63:
         31:66:e0:a1:de:d7:70:8f:ef:6e:5e:39:75:7f:e8:d5:4d:50:
         f4:59:1d:a0:72:24:da:00:4a:d6:ae:85:d4:59:f4:34:5e:f4:
         7a:15:6f:a4:af:94:09:47:bc:8e:80:b9:7a:7b:8e:59:b5:09:
         c3:08:0a:18:84:22:79:4a:08:ef:35:5a:f6:96:85:40:54:1d:
         19:eb:be:b2:64:9f:8c:0e:11:27:46:1f:2b:a7:25:4a:10:2c:
         a8:36:96:80:0a:4f:7d:1d:97:63:fc:3d:4b:1e:0e:2a:f8:19:
         78:09:39:11:b8:fe:21:1a:a1:56:eb:40:2b:68:2d:13:b7:1a:
         34:8d:45:ed:bc:84:e8:8d:3b:dc:51:1b:13:ff:5d:59:95:02:
         7f:5b:5c:27:74:f2:b1:94:81:6c:ce:e2:f2:fb:2d:64:12:7b:
         7e:ea:2d:d9
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICBegwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QjdDMEUxMTAvBgNVBAUTKDlGRDJFODY2QjFFQjgyMjc3QUI2RjU2MkZFMzJFMDgz
NTlCMzAxNjUwHhcNMjQwNjE1MDA1NTMzWhcNMjUwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjZjZTY4NS1hMWE4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA4gu5IijnRIOsTpGiUTcyrovA98Nw3iPvHpZ9PyB+Y8BXyuB1CHKFKbYeerN1
zZqgpD2HkvEzxcbDrEmK2N9Ec2rzao0f4cukCY5h5lOIIIujH2FuH30ypiox6Ki6
a+MMTB2kLH9bJs/nCn/iFdaCwebz9XU45Gzkb9UX9xrCGt2GFFlE/B5lt8X08MtU
jepgLpsdaFQd2ofCyrBZnqdIRJDwtrP6IAZUS2JCZ68AVZ3g8k592eIOsWDGENbY
uDn7FM/+mm+QWyI/VVH/kkG9XPjKx542TArlkSX/Og3kAR4JvTVFipbVlUFE2xc2
Ax++C0JQoDkr8UnWz2B2qmqKGQIDAQABo4IClTCCApEwHQYDVR0OBBYEFB88IP1X
yBtTPjP88LQWqfataY4fMB8GA1UdIwQYMBaAFJ/S6Gax64Inerb1Yv4y4INZswFl
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCN0MwRS9FRTU5RTdGNDgw
RjkxMUVCOTg1RjQzM0FDNEY5QUUwMi9uOUxvWnJIcmdpZDZ0dlZpX2pMZ2cxbXpB
V1UuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL245TG9ackhyZ2lkNnR2VmlfakxnZzFtekFXVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QjdDMEUvRUU1OUU3RjQ4MEY5MTFFQjk4NUY0MzNBQzRGOUFFMDIvNkM0MkM5NUMw
QTA0MTFFRTlGRUVBQjQ0QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAFnlygwDQYJKoZIhvcNAQELBQADggEBAJXT37/kMsj4QGRC
PjamGJOey7iyIqh7B4rUj/74fqoZDB1RBUH01lO01BFX7Sr263lLFR/J6ppNQbGy
zQc0p5HqBdOypM+1QrTZ+6H+lcgFMDDf3FtdKEaIYzFm4KHe13CP725eOXV/6NVN
UPRZHaByJNoAStauhdRZ9DRe9HoVb6SvlAlHvI6AuXp7jlm1CcMIChiEInlKCO81
WvaWhUBUHRnrvrJkn4wOESdGHyunJUoQLKg2loAKT30dl2P8PUseDir4GXgJORG4
/iEaoVbrQCtoLRO3GjSNRe28hOiNO9xRGxP/XVmVAn9bXCd08rGUgWzO4vL7LWQS
e37qLdk=
-----END CERTIFICATE-----
Generated at Mon Jun 17 01:45:20 2024 by rpki-client on console-fra.rpki-client.org