Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91D53AC/03168C4E1D9711E28B6C008008B02CD2/0C9FD154619611EEADD97F70C4F9AE02.roa
File:                     0C9FD154619611EEADD97F70C4F9AE02.roa (raw, json)
Hash identifier:          5RTwQK79dFx5zdcsgItHRlxaRrTF/t48B9CGcpBmd1c=
Subject key identifier:   1B:51:6F:86:E1:05:B7:DC:C7:95:29:71:06:7D:81:DA:1D:35:9C:13
Certificate issuer:       /CN=A91D53AC/serialNumber=4B767FE304D4F27F5111864BA743B9479CE14A7B
Certificate serial:       3388
Authority key identifier: 4B:76:7F:E3:04:D4:F2:7F:51:11:86:4B:A7:43:B9:47:9C:E1:4A:7B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/S3Z_4wTU8n9REYZLp0O5R5zhSns.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91D53AC/03168C4E1D9711E28B6C008008B02CD2/0C9FD154619611EEADD97F70C4F9AE02.roa
Signing time:             Tue 16 Jan 2024 15:10:47 +0000
ROA not before:           Tue 16 Jan 2024 15:10:47 +0000
ROA not after:            Mon 31 Mar 2025 00:00:00 +0000
asID:                     38891
IP address blocks:        103.198.84.0/22 maxlen: 24
                          103.242.16.0/22 maxlen: 24
                          202.176.12.0/24 maxlen: 24
                          203.99.136.0/22 maxlen: 24
                          223.25.248.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91D53AC/03168C4E1D9711E28B6C008008B02CD2/S3Z_4wTU8n9REYZLp0O5R5zhSns.crl
                          rsync://rpki.apnic.net/member_repository/A91D53AC/03168C4E1D9711E28B6C008008B02CD2/S3Z_4wTU8n9REYZLp0O5R5zhSns.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/S3Z_4wTU8n9REYZLp0O5R5zhSns.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 21 Jun 2024 15:01:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 13192 (0x3388)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91D53AC/serialNumber=4B767FE304D4F27F5111864BA743B9479CE14A7B
        Validity
            Not Before: Jan 16 15:10:47 2024 GMT
            Not After : Mar 31 00:00:00 2025 GMT
        Subject: CN=65a69c77-e459
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:4c:10:1b:93:d6:b9:df:47:67:81:b1:7f:c0:
                    7a:da:39:96:59:2c:f8:b7:d1:3f:17:31:fb:4d:ab:
                    e9:97:69:91:be:ed:6b:95:9b:f7:eb:9d:40:3f:ff:
                    e0:2e:be:37:e5:a0:59:5a:96:c1:1e:37:8e:51:eb:
                    8e:46:6f:4d:f9:fc:01:25:51:f7:2b:0b:e9:b6:cc:
                    37:e0:7c:6c:a1:bf:d6:f6:44:95:a9:bb:dc:46:a5:
                    4e:31:a6:19:1a:cc:d9:2c:69:d5:fb:49:29:7e:67:
                    f5:ac:15:27:16:63:6a:ff:67:21:fc:1c:82:d8:e3:
                    d3:88:ad:f3:86:18:2c:7b:04:35:50:65:ba:a4:b5:
                    15:d0:6f:21:0a:ca:eb:cd:be:05:96:be:0d:67:b5:
                    93:5e:a2:86:42:9c:33:d8:02:6f:c9:02:f1:f0:54:
                    2c:8b:47:5a:43:93:99:19:8a:e1:87:a9:fe:1b:b2:
                    99:c6:94:39:01:45:99:ba:7a:b3:51:f6:86:0a:b7:
                    d3:5b:44:75:5a:eb:3c:6a:aa:c3:5a:37:1e:4b:94:
                    41:1e:fd:ce:d2:05:c6:4e:2a:e7:cc:5d:45:00:95:
                    77:72:23:d4:be:34:c8:b3:a2:c9:a7:3b:d6:b9:a8:
                    c8:de:67:00:a4:23:b7:97:ae:3f:30:85:40:3a:90:
                    c6:77
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:51:6F:86:E1:05:B7:DC:C7:95:29:71:06:7D:81:DA:1D:35:9C:13
            X509v3 Authority Key Identifier:
                keyid:4B:76:7F:E3:04:D4:F2:7F:51:11:86:4B:A7:43:B9:47:9C:E1:4A:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91D53AC/03168C4E1D9711E28B6C008008B02CD2/S3Z_4wTU8n9REYZLp0O5R5zhSns.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/S3Z_4wTU8n9REYZLp0O5R5zhSns.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91D53AC/03168C4E1D9711E28B6C008008B02CD2/0C9FD154619611EEADD97F70C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.198.84.0/22
                  103.242.16.0/22
                  202.176.12.0/24
                  203.99.136.0/22
                  223.25.248.0/22

    Signature Algorithm: sha256WithRSAEncryption
         42:ba:19:6d:1f:b5:c0:79:14:50:f5:0f:5d:d9:47:92:ec:ce:
         b5:25:f6:03:e0:9a:7f:c0:1e:8f:c6:ac:f5:ba:80:46:44:17:
         7d:8d:7f:72:84:9b:1c:34:35:44:3b:29:24:54:31:c2:ed:66:
         cb:c1:a6:84:ec:af:8d:21:e6:cd:ae:03:ce:2f:53:66:18:fd:
         4f:60:a4:3d:4c:b8:1e:33:6b:49:59:fb:ca:33:9d:98:d1:b1:
         f0:b6:d8:59:38:fb:6f:06:91:60:a6:3c:47:55:0b:e6:8b:5f:
         fc:e3:61:5b:24:7c:62:36:82:b5:bb:ca:44:d1:ff:ae:72:7c:
         0a:ec:7d:14:4e:e7:c9:36:35:85:ec:e9:5c:01:ef:d7:09:ae:
         bb:72:4d:d1:54:dc:96:6f:00:ac:cf:d8:c0:b7:d1:3b:08:06:
         2d:07:2a:a1:45:31:bf:71:ae:32:46:81:54:c3:8d:cb:05:5b:
         92:49:f8:66:c5:80:f1:6f:a2:cb:a1:8a:fe:dd:9e:82:79:32:
         92:00:4f:32:78:63:a3:1b:61:78:6f:fb:66:df:37:cd:a8:84:
         35:e8:d4:18:a8:d8:1e:be:7f:0d:b6:45:be:1c:6f:b7:8c:5a:
         49:71:c5:59:1b:6b:f2:de:d6:93:e8:88:59:0e:d7:eb:b0:26:
         57:26:70:43
-----BEGIN CERTIFICATE-----
MIIFiTCCBHGgAwIBAgICM4gwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RDUzQUMxMTAvBgNVBAUTKDRCNzY3RkUzMDRENEYyN0Y1MTExODY0QkE3NDNCOTQ3
OUNFMTRBN0IwHhcNMjQwMTE2MTUxMDQ3WhcNMjUwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWE2OWM3Ny1lNDU5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAyEwQG5PWud9HZ4Gxf8B62jmWWSz4t9E/FzH7Tavpl2mRvu1rlZv3651AP//g
Lr435aBZWpbBHjeOUeuORm9N+fwBJVH3Kwvptsw34Hxsob/W9kSVqbvcRqVOMaYZ
GszZLGnV+0kpfmf1rBUnFmNq/2ch/ByC2OPTiK3zhhgsewQ1UGW6pLUV0G8hCsrr
zb4Flr4NZ7WTXqKGQpwz2AJvyQLx8FQsi0daQ5OZGYrhh6n+G7KZxpQ5AUWZunqz
UfaGCrfTW0R1Wus8aqrDWjceS5RBHv3O0gXGTirnzF1FAJV3ciPUvjTIs6LJpzvW
uajI3mcApCO3l64/MIVAOpDGdwIDAQABo4ICrTCCAqkwHQYDVR0OBBYEFBtRb4bh
Bbfcx5UpcQZ9gdodNZwTMB8GA1UdIwQYMBaAFEt2f+ME1PJ/URGGS6dDuUec4Up7
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFENTNBQy8wMzE2OEM0RTFE
OTcxMUUyOEI2QzAwODAwOEIwMkNEMi9TM1pfNHdUVThuOVJFWVpMcDBPNVI1emhT
bnMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1MzWl80d1RVOG45UkVZWkxwME81UjV6aFNucy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RDUzQUMvMDMxNjhDNEUxRDk3MTFFMjhCNkMwMDgwMDhCMDJDRDIvMEM5RkQxNTQ2
MTk2MTFFRUFERDk3RjcwQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNwYIKwYBBQUHAQcBAf8E
KDAmMCQEAgABMB4DBAJnxlQDBAJn8hADBADKsAwDBALLY4gDBALfGfgwDQYJKoZI
hvcNAQELBQADggEBAEK6GW0ftcB5FFD1D13ZR5LszrUl9gPgmn/AHo/GrPW6gEZE
F32Nf3KEmxw0NUQ7KSRUMcLtZsvBpoTsr40h5s2uA84vU2YY/U9gpD1MuB4za0lZ
+8oznZjRsfC22Fk4+28GkWCmPEdVC+aLX/zjYVskfGI2grW7ykTR/65yfArsfRRO
58k2NYXs6VwB79cJrrtyTdFU3JZvAKzP2MC30TsIBi0HKqFFMb9xrjJGgVTDjcsF
W5JJ+GbFgPFvosuhiv7dnoJ5MpIATzJ4Y6MbYXhv+2bfN82ohDXo1Bio2B6+fw22
Rb4cb7eMWklxxVkba/Le1pPoiFkO1+uwJlcmcEM=
-----END CERTIFICATE-----
Generated at Fri Jun 14 19:10:37 2024 by rpki-client on console-ams.rpki-client.org