Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91DE1A3/8B9DBBCE689F11EDAD177667C4F9AE02/F396DA1468A211ED9525A86CC4F9AE02.roa
File:                     F396DA1468A211ED9525A86CC4F9AE02.roa (raw, json)
Hash identifier:          QiIvaonXjb3wzdaFfwl43VesH9Nn271EvkL3jzfou5Q=
Subject key identifier:   71:16:AA:BF:39:5D:B7:CC:A9:3C:D6:DC:96:71:58:05:17:C0:0B:51
Certificate issuer:       /CN=A91DE1A3/serialNumber=FB9C3A90D0CD6B92BE3160325DA7C26C7F4E5900
Certificate serial:       B1
Authority key identifier: FB:9C:3A:90:D0:CD:6B:92:BE:31:60:32:5D:A7:C2:6C:7F:4E:59:00
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/-5w6kNDNa5K-MWAyXafCbH9OWQA.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91DE1A3/8B9DBBCE689F11EDAD177667C4F9AE02/F396DA1468A211ED9525A86CC4F9AE02.roa
Signing time:             Fri 27 Oct 2023 04:15:55 +0000
ROA not before:           Fri 27 Oct 2023 04:15:55 +0000
ROA not after:            Mon 30 Dec 2024 00:00:00 +0000
asID:                     150330
IP address blocks:        103.6.250.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91DE1A3/8B9DBBCE689F11EDAD177667C4F9AE02/-5w6kNDNa5K-MWAyXafCbH9OWQA.crl
                          rsync://rpki.apnic.net/member_repository/A91DE1A3/8B9DBBCE689F11EDAD177667C4F9AE02/-5w6kNDNa5K-MWAyXafCbH9OWQA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/-5w6kNDNa5K-MWAyXafCbH9OWQA.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 22 Jun 2024 02:50:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 177 (0xb1)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91DE1A3/serialNumber=FB9C3A90D0CD6B92BE3160325DA7C26C7F4E5900
        Validity
            Not Before: Oct 27 04:15:55 2023 GMT
            Not After : Dec 30 00:00:00 2024 GMT
        Subject: CN=653b397b-6022
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:df:3f:22:5b:da:67:12:f6:08:cc:1e:bb:75:
                    31:8e:fb:50:f1:7d:ff:71:f4:44:75:0f:61:f4:48:
                    f3:cc:c3:91:48:82:c7:9b:94:f8:21:39:33:97:4f:
                    da:4c:75:f8:4e:08:7d:9e:60:23:4b:86:a2:03:af:
                    5d:01:cc:04:dc:62:ab:a6:e1:cf:18:2f:42:2b:dd:
                    cf:de:76:1c:d6:37:08:6e:31:d6:59:3c:9d:61:56:
                    3e:35:67:49:17:d0:88:21:8b:53:b8:49:5f:9e:19:
                    ca:8d:35:ab:2d:7d:d7:54:91:f2:88:b9:b2:f1:97:
                    57:7f:52:9e:bb:32:6e:3a:c5:b4:6a:db:62:8a:06:
                    21:ff:9f:30:0b:fa:5c:a7:7d:ef:9f:e0:19:73:13:
                    dd:1e:38:fc:6a:6a:f3:d9:f5:65:78:53:9c:ff:67:
                    a5:9f:46:59:21:d9:17:d0:4e:9a:ff:b4:2c:b9:bf:
                    75:a1:07:7e:82:99:f5:cd:14:0b:f6:86:0b:d2:89:
                    60:6a:33:21:08:71:b6:a3:75:39:14:2e:d1:35:ab:
                    33:46:1c:ac:d5:60:f4:66:a1:59:a5:ce:3f:fd:ca:
                    1f:16:b5:2a:aa:f9:c5:ab:e4:51:0b:20:0b:d8:6b:
                    4f:4d:92:d8:ab:e8:83:c7:b8:1e:b0:b7:53:59:a4:
                    50:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                71:16:AA:BF:39:5D:B7:CC:A9:3C:D6:DC:96:71:58:05:17:C0:0B:51
            X509v3 Authority Key Identifier:
                keyid:FB:9C:3A:90:D0:CD:6B:92:BE:31:60:32:5D:A7:C2:6C:7F:4E:59:00

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91DE1A3/8B9DBBCE689F11EDAD177667C4F9AE02/-5w6kNDNa5K-MWAyXafCbH9OWQA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/-5w6kNDNa5K-MWAyXafCbH9OWQA.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91DE1A3/8B9DBBCE689F11EDAD177667C4F9AE02/F396DA1468A211ED9525A86CC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.6.250.0/23

    Signature Algorithm: sha256WithRSAEncryption
         96:48:8c:89:c8:9d:2a:87:3b:8e:5a:5f:d0:d1:06:3b:6f:8f:
         25:5f:98:8d:7f:5a:6e:46:70:63:9a:34:c5:c1:f7:cf:7c:73:
         45:86:4f:61:44:2d:a5:37:0d:aa:64:25:07:17:fb:26:0d:55:
         d6:45:d0:18:fe:95:5e:92:8b:1a:90:fe:ae:0a:24:0a:d1:53:
         5f:2a:fb:38:05:61:09:e3:bb:2e:07:81:89:d2:2b:1d:03:31:
         91:37:9a:a3:58:2b:fb:a5:ec:c1:fc:b5:46:ff:27:dc:6d:8b:
         97:ac:72:41:00:ea:84:12:8e:d8:0a:3f:fb:d3:04:58:db:22:
         04:a8:9c:2e:67:69:f9:33:5c:66:29:5c:fe:be:b3:4d:9f:4c:
         7d:8e:fc:f5:f3:1a:0e:ae:d6:ff:99:04:f0:c8:2b:2a:a5:dd:
         a0:ab:cd:00:2a:0e:64:f6:21:63:32:8e:dd:ed:47:43:3e:fa:
         d4:41:de:40:be:b6:c6:ce:bc:aa:c1:69:0b:3e:b6:6e:36:f7:
         cb:19:df:67:3d:e0:21:8d:76:29:3b:5f:c4:6c:5e:02:dc:fe:
         51:1c:89:04:d9:c7:39:7e:26:cb:ad:ec:d1:4f:65:da:60:db:
         3a:80:db:15:41:96:a1:de:13:f2:06:4b:be:93:b1:87:2a:c7:
         96:06:c4:21
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICALEwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
REUxQTMxMTAvBgNVBAUTKEZCOUMzQTkwRDBDRDZCOTJCRTMxNjAzMjVEQTdDMjZD
N0Y0RTU5MDAwHhcNMjMxMDI3MDQxNTU1WhcNMjQxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTNiMzk3Yi02MDIyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAq98/IlvaZxL2CMweu3UxjvtQ8X3/cfREdQ9h9EjzzMORSILHm5T4ITkzl0/a
THX4Tgh9nmAjS4aiA69dAcwE3GKrpuHPGC9CK93P3nYc1jcIbjHWWTydYVY+NWdJ
F9CIIYtTuElfnhnKjTWrLX3XVJHyiLmy8ZdXf1KeuzJuOsW0attiigYh/58wC/pc
p33vn+AZcxPdHjj8amrz2fVleFOc/2eln0ZZIdkX0E6a/7Qsub91oQd+gpn1zRQL
9oYL0olgajMhCHG2o3U5FC7RNaszRhys1WD0ZqFZpc4//cofFrUqqvnFq+RRCyAL
2GtPTZLYq+iDx7gesLdTWaRQ3wIDAQABo4IClTCCApEwHQYDVR0OBBYEFHEWqr85
XbfMqTzW3JZxWAUXwAtRMB8GA1UdIwQYMBaAFPucOpDQzWuSvjFgMl2nwmx/TlkA
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFERTFBMy84QjlEQkJDRTY4
OUYxMUVEQUQxNzc2NjdDNEY5QUUwMi8tNXc2a05ETmE1Sy1NV0F5WGFmQ2JIOU9X
UUEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLy01dzZrTkROYTVLLU1XQXlYYWZDYkg5T1dRQS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
REUxQTMvOEI5REJCQ0U2ODlGMTFFREFEMTc3NjY3QzRGOUFFMDIvRjM5NkRBMTQ2
OEEyMTFFRDk1MjVBODZDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAFnBvowDQYJKoZIhvcNAQELBQADggEBAJZIjInInSqHO45a
X9DRBjtvjyVfmI1/Wm5GcGOaNMXB9898c0WGT2FELaU3DapkJQcX+yYNVdZF0Bj+
lV6SixqQ/q4KJArRU18q+zgFYQnjuy4HgYnSKx0DMZE3mqNYK/ul7MH8tUb/J9xt
i5esckEA6oQSjtgKP/vTBFjbIgSonC5nafkzXGYpXP6+s02fTH2O/PXzGg6u1v+Z
BPDIKyql3aCrzQAqDmT2IWMyjt3tR0M++tRB3kC+tsbOvKrBaQs+tm4298sZ32c9
4CGNdik7X8RsXgLc/lEciQTZxzl+Jsut7NFPZdpg2zqA2xVBlqHeE/IGS76TsYcq
x5YGxCE=
-----END CERTIFICATE-----
Generated at Sat Jun 15 06:48:51 2024 by rpki-client on console-fra.rpki-client.org