Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91CF77D/11E259D0D22D11EA8AE73D27C4F9AE02/D24575B2D22E11EA9D4DDE29C4F9AE02.roa
File:                     D24575B2D22E11EA9D4DDE29C4F9AE02.roa (raw, json)
Hash identifier:          OISPqX+sjE+FviBwbW316CZ6fba2RRqY67rA1yB66hs=
Subject key identifier:   C2:2C:E8:C8:53:56:25:B5:62:7E:F5:39:81:AF:01:1F:45:31:16:9E
Certificate issuer:       /CN=A91CF77D/serialNumber=983D783002C54DA8F8A6E295838B9CAF01364358
Certificate serial:       0779
Authority key identifier: 98:3D:78:30:02:C5:4D:A8:F8:A6:E2:95:83:8B:9C:AF:01:36:43:58
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/mD14MALFTaj4puKVg4ucrwE2Q1g.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91CF77D/11E259D0D22D11EA8AE73D27C4F9AE02/D24575B2D22E11EA9D4DDE29C4F9AE02.roa
Signing time:             Thu 06 Jun 2024 23:00:48 +0000
ROA not before:           Thu 06 Jun 2024 23:00:48 +0000
ROA not after:            Wed 30 Jul 2025 00:00:00 +0000
asID:                     139067
IP address blocks:        103.139.62.0/24 maxlen: 24
                          103.210.224.0/24 maxlen: 24
                          2001:df0:6c80::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91CF77D/11E259D0D22D11EA8AE73D27C4F9AE02/mD14MALFTaj4puKVg4ucrwE2Q1g.crl
                          rsync://rpki.apnic.net/member_repository/A91CF77D/11E259D0D22D11EA8AE73D27C4F9AE02/mD14MALFTaj4puKVg4ucrwE2Q1g.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/mD14MALFTaj4puKVg4ucrwE2Q1g.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 23 Jun 2024 20:06:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1913 (0x779)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91CF77D/serialNumber=983D783002C54DA8F8A6E295838B9CAF01364358
        Validity
            Not Before: Jun  6 23:00:48 2024 GMT
            Not After : Jul 30 00:00:00 2025 GMT
        Subject: CN=66623fa0-43b3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:f6:db:56:7f:17:71:84:64:9c:b6:ab:6d:cd:
                    f7:9e:8c:fe:e7:80:34:36:76:94:fb:05:da:9a:53:
                    2b:62:c1:88:94:2d:9a:bc:9d:5e:43:37:88:b9:47:
                    1d:13:e7:04:0c:11:7b:ce:e6:24:be:b1:8e:bc:13:
                    c2:74:c6:5f:4d:d1:b4:3e:c7:b1:4d:aa:d5:8a:78:
                    29:c1:82:7c:96:1d:d7:f9:58:08:07:dc:76:a7:3d:
                    8c:c8:f1:15:83:8a:3e:7d:cc:ee:15:16:11:08:6c:
                    25:db:2c:b7:85:ff:0f:e4:c5:46:24:0b:de:e7:53:
                    5e:2d:1f:dd:48:17:9f:1d:b9:4a:1b:15:51:fc:3e:
                    c4:2e:41:2f:02:6a:ad:a0:87:78:eb:55:51:e3:a0:
                    ef:ac:b9:80:ce:65:7f:f1:b0:f8:b3:ce:dd:a9:3e:
                    e6:db:6c:a7:8a:d3:ee:e3:da:65:f6:31:28:3b:0c:
                    53:1e:fa:61:71:b4:d3:ca:80:52:bd:24:01:49:6f:
                    51:c4:0c:52:a2:60:c8:78:4c:8c:d4:f9:b0:57:d3:
                    f8:c1:f5:1d:fa:c1:0e:45:38:bc:a7:aa:ba:ad:a4:
                    ce:92:d6:65:00:b4:12:15:ac:ba:c3:59:69:39:61:
                    a4:68:7e:8f:fb:fe:9a:d9:d7:88:ab:fa:29:6e:85:
                    2d:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C2:2C:E8:C8:53:56:25:B5:62:7E:F5:39:81:AF:01:1F:45:31:16:9E
            X509v3 Authority Key Identifier:
                keyid:98:3D:78:30:02:C5:4D:A8:F8:A6:E2:95:83:8B:9C:AF:01:36:43:58

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91CF77D/11E259D0D22D11EA8AE73D27C4F9AE02/mD14MALFTaj4puKVg4ucrwE2Q1g.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/mD14MALFTaj4puKVg4ucrwE2Q1g.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91CF77D/11E259D0D22D11EA8AE73D27C4F9AE02/D24575B2D22E11EA9D4DDE29C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.139.62.0/24
                  103.210.224.0/24
                IPv6:
                  2001:df0:6c80::/48

    Signature Algorithm: sha256WithRSAEncryption
         5e:11:46:6a:b2:1e:a1:1b:ff:1a:2e:15:67:a4:63:fe:03:f7:
         cf:37:ff:53:5b:dc:7e:8a:8d:c2:8e:e8:d4:f6:2f:6d:97:9d:
         8b:e2:6e:b3:d4:63:20:f0:6a:8f:11:1b:27:d6:ff:cd:52:8a:
         06:31:eb:bd:67:30:c9:c8:1b:f5:a4:f2:25:96:2e:77:e9:d0:
         2d:4c:49:53:bc:aa:e2:39:52:34:c5:65:f5:ce:44:f3:3b:80:
         f7:70:0a:86:9c:8e:7d:b0:77:06:38:69:b5:cd:b2:89:84:14:
         3e:bb:73:4d:55:61:95:c0:c3:63:f3:56:a3:63:0d:75:29:35:
         44:97:d4:4d:ae:3f:43:5d:f4:03:de:9a:05:f9:4c:fd:30:2c:
         cf:23:b5:0e:54:11:b7:3d:c3:df:49:a3:bf:df:e3:30:83:d5:
         72:d0:86:e8:77:2f:3d:52:92:4b:aa:18:97:c6:7e:56:e6:f9:
         e1:54:9c:3d:d3:46:99:fa:40:c3:c8:74:4a:ff:5b:6b:6c:a4:
         e9:f0:d6:8a:1c:1c:3a:05:c6:c5:9a:de:6d:70:62:02:67:f5:
         f2:a2:aa:0a:ab:67:3c:e8:e0:86:9b:fb:ef:43:c9:9c:e8:2e:
         b0:7c:6a:ce:7c:3d:4a:ee:23:a6:6e:97:ec:69:fd:36:d6:bd:
         41:14:f2:49
-----BEGIN CERTIFICATE-----
MIIFiDCCBHCgAwIBAgICB3kwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Q0Y3N0QxMTAvBgNVBAUTKDk4M0Q3ODMwMDJDNTREQThGOEE2RTI5NTgzOEI5Q0FG
MDEzNjQzNTgwHhcNMjQwNjA2MjMwMDQ4WhcNMjUwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjYyM2ZhMC00M2IzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA0vbbVn8XcYRknLarbc33noz+54A0NnaU+wXamlMrYsGIlC2avJ1eQzeIuUcd
E+cEDBF7zuYkvrGOvBPCdMZfTdG0PsexTarVingpwYJ8lh3X+VgIB9x2pz2MyPEV
g4o+fczuFRYRCGwl2yy3hf8P5MVGJAve51NeLR/dSBefHblKGxVR/D7ELkEvAmqt
oId461VR46DvrLmAzmV/8bD4s87dqT7m22ynitPu49pl9jEoOwxTHvphcbTTyoBS
vSQBSW9RxAxSomDIeEyM1PmwV9P4wfUd+sEORTi8p6q6raTOktZlALQSFay6w1lp
OWGkaH6P+/6a2deIq/opboUt5QIDAQABo4ICrDCCAqgwHQYDVR0OBBYEFMIs6MhT
ViW1Yn71OYGvAR9FMRaeMB8GA1UdIwQYMBaAFJg9eDACxU2o+KbilYOLnK8BNkNY
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDRjc3RC8xMUUyNTlEMEQy
MkQxMUVBOEFFNzNEMjdDNEY5QUUwMi9tRDE0TUFMRlRhajRwdUtWZzR1Y3J3RTJR
MWcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL21EMTRNQUxGVGFqNHB1S1ZnNHVjcndFMlExZy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Q0Y3N0QvMTFFMjU5RDBEMjJEMTFFQThBRTczRDI3QzRGOUFFMDIvRDI0NTc1QjJE
MjJFMTFFQTlENERERTI5QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNgYIKwYBBQUHAQcBAf8E
JzAlMBIEAgABMAwDBABniz4DBABn0uAwDwQCAAIwCQMHACABDfBsgDANBgkqhkiG
9w0BAQsFAAOCAQEAXhFGarIeoRv/Gi4VZ6Rj/gP3zzf/U1vcfoqNwo7o1PYvbZed
i+Jus9RjIPBqjxEbJ9b/zVKKBjHrvWcwycgb9aTyJZYud+nQLUxJU7yq4jlSNMVl
9c5E8zuA93AKhpyOfbB3Bjhptc2yiYQUPrtzTVVhlcDDY/NWo2MNdSk1RJfUTa4/
Q130A96aBflM/TAszyO1DlQRtz3D30mjv9/jMIPVctCG6HcvPVKSS6oYl8Z+Vub5
4VScPdNGmfpAw8h0Sv9ba2yk6fDWihwcOgXGxZrebXBiAmf18qKqCqtnPOjghpv7
70PJnOgusHxqznw9Su4jpm6X7Gn9Nta9QRTySQ==
-----END CERTIFICATE-----
Generated at Sun Jun 16 23:13:12 2024 by rpki-client on console-ams.rpki-client.org