Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91BD3D2/42C1D8F82C8611EEA9B74F43C4F9AE02/207C8A52AC7611EEB465AF75C4F9AE02.roa
File:                     207C8A52AC7611EEB465AF75C4F9AE02.roa (raw, json)
Hash identifier:          +GUMZ5o/lvCUeZO5ZgqvBFTkw2qo7eiNgyfsBcjsr/g=
Subject key identifier:   6A:B4:FA:12:D5:C7:50:BA:0A:2B:FB:18:0F:E7:1F:DB:D6:43:F8:D6
Certificate issuer:       /CN=A91BD3D2/serialNumber=B6727EDFD37D1E2C175C10811A1D38AA2AC6C89C
Certificate serial:       AB
Authority key identifier: B6:72:7E:DF:D3:7D:1E:2C:17:5C:10:81:1A:1D:38:AA:2A:C6:C8:9C
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/tnJ-39N9HiwXXBCBGh04qirGyJw.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91BD3D2/42C1D8F82C8611EEA9B74F43C4F9AE02/207C8A52AC7611EEB465AF75C4F9AE02.roa
Signing time:             Sat 01 Jun 2024 08:16:26 +0000
ROA not before:           Sat 01 Jun 2024 08:16:26 +0000
ROA not after:            Sun 31 Aug 2025 00:00:00 +0000
asID:                     151340
IP address blocks:        103.204.32.0/24 maxlen: 24
                          103.204.33.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91BD3D2/42C1D8F82C8611EEA9B74F43C4F9AE02/tnJ-39N9HiwXXBCBGh04qirGyJw.crl
                          rsync://rpki.apnic.net/member_repository/A91BD3D2/42C1D8F82C8611EEA9B74F43C4F9AE02/tnJ-39N9HiwXXBCBGh04qirGyJw.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/tnJ-39N9HiwXXBCBGh04qirGyJw.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 30 Nov 2024 02:50:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 171 (0xab)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91BD3D2/serialNumber=B6727EDFD37D1E2C175C10811A1D38AA2AC6C89C
        Validity
            Not Before: Jun  1 08:16:26 2024 GMT
            Not After : Aug 31 00:00:00 2025 GMT
        Subject: CN=665ad8da-0e91
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:34:8a:22:15:fc:12:be:1d:69:22:7b:00:dd:
                    1a:dc:77:25:c0:0c:bf:ed:25:90:27:5e:53:f3:02:
                    bf:90:bf:a0:21:36:45:85:c3:b0:c4:96:18:df:d7:
                    2d:7a:4a:a6:c8:81:b3:07:46:22:54:f9:1a:da:c3:
                    51:cb:10:7f:a5:d1:e0:50:37:18:f0:32:70:0f:2a:
                    84:b1:b9:7b:98:2c:bc:49:e0:e7:fc:e8:85:93:07:
                    69:df:c4:af:51:34:a9:65:54:bc:a7:ed:71:cb:13:
                    d9:34:16:f2:5e:7f:3b:f9:57:5a:e0:aa:e1:2d:8b:
                    f0:3b:9b:05:0f:04:4a:cd:6d:9c:94:d9:3b:7d:ad:
                    85:05:5b:04:da:18:2c:c1:3b:96:b4:31:c9:dc:84:
                    c5:c8:31:39:39:bf:3d:18:0e:cd:37:e2:3e:53:e8:
                    fc:dc:d7:75:3a:f0:da:1f:9d:d7:25:56:52:45:8e:
                    8f:01:b4:52:5c:17:23:0d:51:ef:35:d8:03:05:bd:
                    b4:0e:9c:68:42:1a:83:2e:46:ce:8d:ee:eb:5b:42:
                    29:97:69:84:9b:e5:13:83:00:78:fa:7e:5f:15:b4:
                    3d:fc:22:41:0c:3f:76:14:ae:63:7e:50:29:d1:16:
                    e1:46:d8:80:34:5b:4b:b3:77:ec:3d:e5:00:80:0e:
                    ab:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6A:B4:FA:12:D5:C7:50:BA:0A:2B:FB:18:0F:E7:1F:DB:D6:43:F8:D6
            X509v3 Authority Key Identifier:
                keyid:B6:72:7E:DF:D3:7D:1E:2C:17:5C:10:81:1A:1D:38:AA:2A:C6:C8:9C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91BD3D2/42C1D8F82C8611EEA9B74F43C4F9AE02/tnJ-39N9HiwXXBCBGh04qirGyJw.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/tnJ-39N9HiwXXBCBGh04qirGyJw.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91BD3D2/42C1D8F82C8611EEA9B74F43C4F9AE02/207C8A52AC7611EEB465AF75C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.204.32.0/23

    Signature Algorithm: sha256WithRSAEncryption
         5c:21:e0:82:aa:7a:98:18:0c:7b:02:4a:a1:54:d0:02:fd:6a:
         76:eb:0c:23:dd:64:10:54:83:e1:a5:ee:7f:ed:d4:26:0b:19:
         13:85:d9:da:04:22:42:74:7d:dc:ca:85:24:2e:61:5c:1f:88:
         8b:b1:45:b1:8b:dd:64:ba:17:a8:d8:79:7e:cc:a5:0d:9c:f4:
         03:a6:71:43:3a:fb:c1:12:5f:a9:09:11:74:01:7a:c6:24:4a:
         37:6c:17:ae:f3:b6:6a:b4:8e:7e:8b:a4:fe:ab:b1:a9:89:cf:
         53:e3:ea:4d:dd:59:27:84:ba:fa:c3:1e:b2:99:e9:70:b9:e5:
         f4:be:80:30:79:ed:4e:68:f6:46:44:6f:d4:dd:16:f7:24:bc:
         28:2c:d1:b0:22:e4:ee:22:0f:81:65:12:c0:30:b0:8c:3b:f7:
         07:e1:02:91:65:e6:ce:29:1c:8b:03:54:10:fa:0d:ac:bb:c3:
         70:ad:59:28:a7:51:6c:3f:bf:72:9a:e0:bb:20:9e:0b:c6:d7:
         80:6c:81:1f:ce:e2:90:33:8d:48:e5:38:b7:65:a8:0d:4a:e2:
         c8:8c:cf:88:4e:10:66:df:19:aa:43:9d:a5:b5:1f:16:51:a5:
         02:c0:cc:86:4a:a1:c2:3d:b8:fb:40:5a:a2:1f:49:3f:82:93:
         b4:38:4f:03
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICAKswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QkQzRDIxMTAvBgNVBAUTKEI2NzI3RURGRDM3RDFFMkMxNzVDMTA4MTFBMUQzOEFB
MkFDNkM4OUMwHhcNMjQwNjAxMDgxNjI2WhcNMjUwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjVhZDhkYS0wZTkxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAwjSKIhX8Er4daSJ7AN0a3HclwAy/7SWQJ15T8wK/kL+gITZFhcOwxJYY39ct
ekqmyIGzB0YiVPka2sNRyxB/pdHgUDcY8DJwDyqEsbl7mCy8SeDn/OiFkwdp38Sv
UTSpZVS8p+1xyxPZNBbyXn87+Vda4KrhLYvwO5sFDwRKzW2clNk7fa2FBVsE2hgs
wTuWtDHJ3ITFyDE5Ob89GA7NN+I+U+j83Nd1OvDaH53XJVZSRY6PAbRSXBcjDVHv
NdgDBb20DpxoQhqDLkbOje7rW0Ipl2mEm+UTgwB4+n5fFbQ9/CJBDD92FK5jflAp
0RbhRtiANFtLs3fsPeUAgA6riQIDAQABo4IClTCCApEwHQYDVR0OBBYEFGq0+hLV
x1C6Civ7GA/nH9vWQ/jWMB8GA1UdIwQYMBaAFLZyft/TfR4sF1wQgRodOKoqxsic
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCRDNEMi80MkMxRDhGODJD
ODYxMUVFQTlCNzRGNDNDNEY5QUUwMi90bkotMzlOOUhpd1hYQkNCR2gwNHFpckd5
SncuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3RuSi0zOU45SGl3WFhCQ0JHaDA0cWlyR3lKdy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QkQzRDIvNDJDMUQ4RjgyQzg2MTFFRUE5Qjc0RjQzQzRGOUFFMDIvMjA3QzhBNTJB
Qzc2MTFFRUI0NjVBRjc1QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAFnzCAwDQYJKoZIhvcNAQELBQADggEBAFwh4IKqepgYDHsC
SqFU0AL9anbrDCPdZBBUg+Gl7n/t1CYLGROF2doEIkJ0fdzKhSQuYVwfiIuxRbGL
3WS6F6jYeX7MpQ2c9AOmcUM6+8ESX6kJEXQBesYkSjdsF67ztmq0jn6LpP6rsamJ
z1Pj6k3dWSeEuvrDHrKZ6XC55fS+gDB57U5o9kZEb9TdFvckvCgs0bAi5O4iD4Fl
EsAwsIw79wfhApFl5s4pHIsDVBD6Day7w3CtWSinUWw/v3Ka4LsgngvG14BsgR/O
4pAzjUjlOLdlqA1K4siMz4hOEGbfGapDnaW1HxZRpQLAzIZKocI9uPtAWqIfST+C
k7Q4TwM=
-----END CERTIFICATE-----
Generated at Sat Nov 23 05:02:56 2024 by rpki-client on console-fra.rpki-client.org