Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91C1814/F3C8539EBA3111EB9C69C178C4F9AE02/38378A3EBA3411EBB94A527CC4F9AE02.roa
File:                     38378A3EBA3411EBB94A527CC4F9AE02.roa (raw, json)
Hash identifier:          Qq4r6tfxWlCBFxRmTUBo8YQTZX8r+LS9wYAcWz832T4=
Subject key identifier:   86:B7:84:02:FD:0E:6D:CF:63:B1:67:C9:CB:43:C2:25:8C:E4:A2:CB
Certificate issuer:       /CN=A91C1814/serialNumber=EF27E3C9F15B583B15CA9CCC3C905D229CE2F0D0
Certificate serial:       04D2
Authority key identifier: EF:27:E3:C9:F1:5B:58:3B:15:CA:9C:CC:3C:90:5D:22:9C:E2:F0:D0
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/7yfjyfFbWDsVypzMPJBdIpzi8NA.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91C1814/F3C8539EBA3111EB9C69C178C4F9AE02/38378A3EBA3411EBB94A527CC4F9AE02.roa
Signing time:             Wed 03 Jan 2024 01:03:14 +0000
ROA not before:           Wed 03 Jan 2024 01:03:14 +0000
ROA not after:            Sun 02 Mar 2025 00:00:00 +0000
asID:                     137197
IP address blocks:        103.104.184.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91C1814/F3C8539EBA3111EB9C69C178C4F9AE02/7yfjyfFbWDsVypzMPJBdIpzi8NA.crl
                          rsync://rpki.apnic.net/member_repository/A91C1814/F3C8539EBA3111EB9C69C178C4F9AE02/7yfjyfFbWDsVypzMPJBdIpzi8NA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/7yfjyfFbWDsVypzMPJBdIpzi8NA.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 29 Nov 2024 20:43:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1234 (0x4d2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91C1814/serialNumber=EF27E3C9F15B583B15CA9CCC3C905D229CE2F0D0
        Validity
            Not Before: Jan  3 01:03:14 2024 GMT
            Not After : Mar  2 00:00:00 2025 GMT
        Subject: CN=6594b252-b4a2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:c1:ec:53:29:f2:7e:e7:05:c1:25:28:c4:49:
                    1c:fb:56:e6:13:4d:d8:c6:40:29:04:cd:62:ce:eb:
                    db:77:d7:ff:e3:a2:f2:a2:55:e0:39:cf:a1:c7:2c:
                    f3:8a:7a:41:fd:fa:ee:6b:af:ea:39:00:3f:5c:9d:
                    7d:ff:07:67:00:02:78:de:9e:f0:94:53:9e:ab:3b:
                    99:ea:1b:26:ca:f4:aa:27:f7:2d:77:e5:fe:5f:89:
                    15:70:27:d1:ea:cf:64:30:d8:d7:1f:ba:19:21:be:
                    9e:58:39:dc:94:4c:cc:d7:47:cd:08:2c:11:73:0b:
                    ef:63:d5:61:4e:00:bc:06:3b:46:82:bb:f6:f0:ce:
                    9e:37:97:11:84:ca:6b:bb:89:19:9d:f4:fb:f6:c3:
                    ef:50:c1:b9:1b:88:5f:d9:e6:cb:7f:b3:df:c4:8b:
                    a8:e6:48:c2:05:c0:51:5e:e4:8d:15:90:e7:0d:86:
                    77:be:f1:c2:44:ce:0f:97:83:67:ba:9a:6e:4a:93:
                    0e:dc:6d:0a:60:a9:86:92:53:fe:25:d5:57:f0:d3:
                    5a:41:c6:b6:b6:79:26:18:51:a1:a6:f0:2d:62:ed:
                    b8:3b:77:c7:ff:95:0a:20:03:bf:97:9e:51:1e:43:
                    f9:52:5c:a3:79:0d:87:9f:a7:2d:19:94:b0:c8:e3:
                    5a:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:B7:84:02:FD:0E:6D:CF:63:B1:67:C9:CB:43:C2:25:8C:E4:A2:CB
            X509v3 Authority Key Identifier:
                keyid:EF:27:E3:C9:F1:5B:58:3B:15:CA:9C:CC:3C:90:5D:22:9C:E2:F0:D0

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91C1814/F3C8539EBA3111EB9C69C178C4F9AE02/7yfjyfFbWDsVypzMPJBdIpzi8NA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/7yfjyfFbWDsVypzMPJBdIpzi8NA.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91C1814/F3C8539EBA3111EB9C69C178C4F9AE02/38378A3EBA3411EBB94A527CC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.104.184.0/22

    Signature Algorithm: sha256WithRSAEncryption
         5a:dd:7e:ed:e3:20:a8:86:a0:02:b2:93:3a:38:80:e9:7c:70:
         c1:bb:51:2c:43:d8:bd:a9:42:21:ad:64:4c:8e:4a:66:a3:03:
         27:c1:19:45:79:7e:69:ae:a1:1f:57:fb:b7:ba:ad:73:ad:55:
         97:88:75:1f:e7:03:6f:b1:2d:d7:3d:b8:75:77:39:37:71:5c:
         05:e5:b7:7b:f3:01:bf:06:e6:56:9b:e2:b1:ec:93:0b:8a:82:
         a8:5c:e5:31:4e:21:75:61:9c:78:e4:1f:2f:3f:fd:42:32:7c:
         e2:9b:c6:7d:92:2e:cf:29:82:54:58:f6:98:05:75:b4:4d:18:
         8b:57:c3:4a:ac:3b:c8:1f:08:5e:52:6e:c1:06:2f:d1:be:33:
         38:e9:b4:cd:27:79:6b:3f:ff:44:34:3d:46:24:3b:d0:28:72:
         06:80:40:b8:a9:5e:c0:20:88:37:27:9a:16:82:d9:28:01:c1:
         71:74:fe:8b:bd:b6:df:7b:59:7e:14:a9:a7:c6:4c:bf:ee:d7:
         7d:b0:4f:cb:e1:ad:10:36:cc:55:23:d7:87:f3:71:47:30:a9:
         7a:6c:22:39:2a:fb:1e:49:6d:87:0d:8c:b1:a6:33:ed:92:49:
         a9:b0:ee:1b:e2:f0:d1:b9:d1:8d:5e:a1:94:37:c1:b9:36:48:
         6a:9a:c1:78
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICBNIwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QzE4MTQxMTAvBgNVBAUTKEVGMjdFM0M5RjE1QjU4M0IxNUNBOUNDQzNDOTA1RDIy
OUNFMkYwRDAwHhcNMjQwMTAzMDEwMzE0WhcNMjUwMzAyMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTk0YjI1Mi1iNGEyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAncHsUynyfucFwSUoxEkc+1bmE03YxkApBM1izuvbd9f/46LyolXgOc+hxyzz
inpB/frua6/qOQA/XJ19/wdnAAJ43p7wlFOeqzuZ6hsmyvSqJ/ctd+X+X4kVcCfR
6s9kMNjXH7oZIb6eWDnclEzM10fNCCwRcwvvY9VhTgC8BjtGgrv28M6eN5cRhMpr
u4kZnfT79sPvUMG5G4hf2ebLf7PfxIuo5kjCBcBRXuSNFZDnDYZ3vvHCRM4Pl4Nn
uppuSpMO3G0KYKmGklP+JdVX8NNaQca2tnkmGFGhpvAtYu24O3fH/5UKIAO/l55R
HkP5UlyjeQ2Hn6ctGZSwyONa8wIDAQABo4IClTCCApEwHQYDVR0OBBYEFIa3hAL9
Dm3PY7FnyctDwiWM5KLLMB8GA1UdIwQYMBaAFO8n48nxW1g7FcqczDyQXSKc4vDQ
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDMTgxNC9GM0M4NTM5RUJB
MzExMUVCOUM2OUMxNzhDNEY5QUUwMi83eWZqeWZGYldEc1Z5cHpNUEpCZElwemk4
TkEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzd5Zmp5ZkZiV0RzVnlwek1QSkJkSXB6aThOQS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QzE4MTQvRjNDODUzOUVCQTMxMTFFQjlDNjlDMTc4QzRGOUFFMDIvMzgzNzhBM0VC
QTM0MTFFQkI5NEE1MjdDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAJnaLgwDQYJKoZIhvcNAQELBQADggEBAFrdfu3jIKiGoAKy
kzo4gOl8cMG7USxD2L2pQiGtZEyOSmajAyfBGUV5fmmuoR9X+7e6rXOtVZeIdR/n
A2+xLdc9uHV3OTdxXAXlt3vzAb8G5lab4rHskwuKgqhc5TFOIXVhnHjkHy8//UIy
fOKbxn2SLs8pglRY9pgFdbRNGItXw0qsO8gfCF5SbsEGL9G+MzjptM0neWs//0Q0
PUYkO9AocgaAQLipXsAgiDcnmhaC2SgBwXF0/ou9tt97WX4UqafGTL/u132wT8vh
rRA2zFUj14fzcUcwqXpsIjkq+x5JbYcNjLGmM+2SSamw7hvi8NG50Y1eoZQ3wbk2
SGqawXg=
-----END CERTIFICATE-----
Generated at Sat Nov 23 00:08:49 2024 by rpki-client on console-ams.rpki-client.org