Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91D3F8E/6C4089BA216C11EEB28BF24CC4F9AE02/34E5737CF1B411EE93C5E46CC4F9AE02.roa
File:                     34E5737CF1B411EE93C5E46CC4F9AE02.roa (raw, json)
Hash identifier:          DtJBXWW8MvqoUfrEjdfLST64f5XLqfxQMOvQrPHs1W8=
Subject key identifier:   07:69:A2:2E:96:9B:78:DD:16:30:C4:76:9B:95:8A:39:0C:8C:D5:DA
Certificate issuer:       /CN=A91D3F8E/serialNumber=D40051BC8DDA60C932EE07769AB867BEFA8D42F6
Certificate serial:       8E
Authority key identifier: D4:00:51:BC:8D:DA:60:C9:32:EE:07:76:9A:B8:67:BE:FA:8D:42:F6
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/1ABRvI3aYMky7gd2mrhnvvqNQvY.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91D3F8E/6C4089BA216C11EEB28BF24CC4F9AE02/34E5737CF1B411EE93C5E46CC4F9AE02.roa
Signing time:             Wed 03 Apr 2024 12:17:58 +0000
ROA not before:           Wed 03 Apr 2024 12:17:58 +0000
ROA not after:            Mon 30 Sep 2024 00:00:00 +0000
asID:                     134505
IP address blocks:        103.238.115.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91D3F8E/6C4089BA216C11EEB28BF24CC4F9AE02/1ABRvI3aYMky7gd2mrhnvvqNQvY.crl
                          rsync://rpki.apnic.net/member_repository/A91D3F8E/6C4089BA216C11EEB28BF24CC4F9AE02/1ABRvI3aYMky7gd2mrhnvvqNQvY.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/1ABRvI3aYMky7gd2mrhnvvqNQvY.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 22 Jun 2024 02:50:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 142 (0x8e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91D3F8E/serialNumber=D40051BC8DDA60C932EE07769AB867BEFA8D42F6
        Validity
            Not Before: Apr  3 12:17:58 2024 GMT
            Not After : Sep 30 00:00:00 2024 GMT
        Subject: CN=660d48f6-9413
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:bf:a9:7b:44:4c:27:2b:e6:94:b1:82:c5:4e:
                    dd:26:0d:52:fe:da:54:94:b5:8f:f3:af:ec:ef:e2:
                    4a:9c:dd:bd:e1:ff:87:83:99:02:d6:36:c4:11:f3:
                    ef:10:b3:b8:03:27:ac:db:87:43:3c:fe:cb:27:24:
                    33:6d:f8:a4:57:f8:15:ed:80:17:1b:1d:ae:c1:a9:
                    e6:a7:4f:12:ce:ea:9b:84:88:12:e5:6e:39:00:63:
                    5f:7b:74:15:46:90:d3:a8:a6:65:78:23:1f:ab:9a:
                    d6:c4:e0:08:2a:c0:a0:ac:07:31:0b:1f:98:65:fc:
                    0c:78:56:98:31:50:01:4b:60:17:90:cc:a0:a8:b2:
                    97:e5:00:f7:8f:d2:ee:dc:5f:1b:ba:98:64:9e:37:
                    8b:96:24:84:e0:bb:73:7e:c3:22:9e:df:03:2d:aa:
                    67:0d:94:45:c5:e9:81:98:3a:a1:db:96:9c:69:fe:
                    da:23:8c:ca:81:08:89:2b:81:bd:b6:ec:fc:f7:0a:
                    cf:20:38:f2:50:67:8b:63:22:be:8a:74:f4:84:10:
                    c9:8c:4b:fe:fd:e4:8c:27:11:ef:9e:48:d8:9f:0e:
                    50:62:6e:41:56:9f:33:7f:cc:ac:66:98:07:89:e5:
                    2a:3b:f8:51:47:14:dc:bd:9a:b2:ae:c5:3f:ff:bc:
                    37:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                07:69:A2:2E:96:9B:78:DD:16:30:C4:76:9B:95:8A:39:0C:8C:D5:DA
            X509v3 Authority Key Identifier:
                keyid:D4:00:51:BC:8D:DA:60:C9:32:EE:07:76:9A:B8:67:BE:FA:8D:42:F6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91D3F8E/6C4089BA216C11EEB28BF24CC4F9AE02/1ABRvI3aYMky7gd2mrhnvvqNQvY.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/1ABRvI3aYMky7gd2mrhnvvqNQvY.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91D3F8E/6C4089BA216C11EEB28BF24CC4F9AE02/34E5737CF1B411EE93C5E46CC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.238.115.0/24

    Signature Algorithm: sha256WithRSAEncryption
         aa:1b:d7:fa:cd:17:55:1a:c5:bc:0e:25:b2:c0:1a:b1:25:2d:
         8b:65:c3:1f:10:4b:37:01:05:95:bb:d4:85:b7:48:72:ac:07:
         6a:54:26:a8:9e:d1:3f:e5:1c:cd:cd:0c:70:9c:67:65:b5:55:
         87:f4:38:04:88:ee:61:05:83:62:d3:40:04:21:96:63:80:8e:
         83:cf:b7:8c:f5:0f:c8:a5:66:11:af:a6:78:3d:60:2b:7e:6d:
         96:31:58:dc:84:d3:b5:1e:05:65:be:61:c7:e0:37:4e:16:29:
         df:e5:6c:27:82:ab:3d:a9:2d:d7:d5:8a:e7:1c:5d:e0:b7:5d:
         a8:b0:4a:20:bc:61:7d:e1:ce:c3:8a:78:e9:80:68:b3:bc:11:
         8b:58:be:3d:5d:a0:0e:5b:b6:47:8b:ef:ec:2b:77:22:cc:ff:
         d0:1f:8a:69:78:11:0f:c0:19:d2:14:49:c5:3e:ae:5e:51:d9:
         21:8a:25:9f:36:b4:e1:ef:0a:a9:81:62:aa:ad:0c:32:77:08:
         2a:68:d3:36:c7:c5:9a:9b:b9:3a:be:4a:fd:74:90:b4:a6:55:
         33:47:3e:57:fb:79:6f:ed:04:07:e1:ec:6e:cb:36:51:d4:ab:
         8d:ee:72:b9:06:66:c8:a5:eb:05:e0:77:3d:53:9b:ed:84:fb:
         ea:94:81:0c
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICAI4wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RDNGOEUxMTAvBgNVBAUTKEQ0MDA1MUJDOEREQTYwQzkzMkVFMDc3NjlBQjg2N0JF
RkE4RDQyRjYwHhcNMjQwNDAzMTIxNzU4WhcNMjQwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjBkNDhmNi05NDEzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAs7+pe0RMJyvmlLGCxU7dJg1S/tpUlLWP86/s7+JKnN294f+Hg5kC1jbEEfPv
ELO4Ayes24dDPP7LJyQzbfikV/gV7YAXGx2uwanmp08SzuqbhIgS5W45AGNfe3QV
RpDTqKZleCMfq5rWxOAIKsCgrAcxCx+YZfwMeFaYMVABS2AXkMygqLKX5QD3j9Lu
3F8buphknjeLliSE4LtzfsMint8DLapnDZRFxemBmDqh25acaf7aI4zKgQiJK4G9
tuz89wrPIDjyUGeLYyK+inT0hBDJjEv+/eSMJxHvnkjYnw5QYm5BVp8zf8ysZpgH
ieUqO/hRRxTcvZqyrsU//7w3JQIDAQABo4IClTCCApEwHQYDVR0OBBYEFAdpoi6W
m3jdFjDEdpuVijkMjNXaMB8GA1UdIwQYMBaAFNQAUbyN2mDJMu4Hdpq4Z776jUL2
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFEM0Y4RS82QzQwODlCQTIx
NkMxMUVFQjI4QkYyNENDNEY5QUUwMi8xQUJSdkkzYVlNa3k3Z2QybXJobnZ2cU5R
dlkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzFBQlJ2STNhWU1reTdnZDJtcmhudnZxTlF2WS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RDNGOEUvNkM0MDg5QkEyMTZDMTFFRUIyOEJGMjRDQzRGOUFFMDIvMzRFNTczN0NG
MUI0MTFFRTkzQzVFNDZDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBABn7nMwDQYJKoZIhvcNAQELBQADggEBAKob1/rNF1UaxbwO
JbLAGrElLYtlwx8QSzcBBZW71IW3SHKsB2pUJqie0T/lHM3NDHCcZ2W1VYf0OASI
7mEFg2LTQAQhlmOAjoPPt4z1D8ilZhGvpng9YCt+bZYxWNyE07UeBWW+YcfgN04W
Kd/lbCeCqz2pLdfViuccXeC3XaiwSiC8YX3hzsOKeOmAaLO8EYtYvj1doA5btkeL
7+wrdyLM/9Afiml4EQ/AGdIUScU+rl5R2SGKJZ82tOHvCqmBYqqtDDJ3CCpo0zbH
xZqbuTq+Sv10kLSmVTNHPlf7eW/tBAfh7G7LNlHUq43ucrkGZsil6wXgdz1Tm+2E
++qUgQw=
-----END CERTIFICATE-----
Generated at Sat Jun 15 08:17:50 2024 by rpki-client on console-fra.rpki-client.org