Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91ECD98/7802048A66A411EA8FCB2B6FC4F9AE02/F760C48ACE0111EB980FBD53C4F9AE02.roa
File:                     F760C48ACE0111EB980FBD53C4F9AE02.roa (raw, json)
Hash identifier:          4mBRRFSurq9u1qc6yu0dB3QyOtQ0PVX6IwMZPoAkvaI=
Subject key identifier:   D8:9A:33:00:36:82:0B:24:12:A3:2F:FC:0A:DF:FD:DB:5D:A2:66:C4
Certificate issuer:       /CN=A91ECD98/serialNumber=41C65C00F0A6B07D3C0F6B1290564FBF8382DA73
Certificate serial:       0977
Authority key identifier: 41:C6:5C:00:F0:A6:B0:7D:3C:0F:6B:12:90:56:4F:BF:83:82:DA:73
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QcZcAPCmsH08D2sSkFZPv4OC2nM.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91ECD98/7802048A66A411EA8FCB2B6FC4F9AE02/F760C48ACE0111EB980FBD53C4F9AE02.roa
Signing time:             Mon 18 Mar 2024 21:19:05 +0000
ROA not before:           Mon 18 Mar 2024 21:19:05 +0000
ROA not after:            Wed 28 May 2025 00:00:00 +0000
asID:                     135125
IP address blocks:        45.250.20.0/22 maxlen: 22
                          45.250.20.0/23 maxlen: 23
                          45.250.20.0/24 maxlen: 24
                          45.250.21.0/24 maxlen: 24
                          45.250.22.0/23 maxlen: 23
                          45.250.22.0/24 maxlen: 24
                          45.250.23.0/24 maxlen: 24
                          103.210.16.0/22 maxlen: 22
                          103.210.16.0/23 maxlen: 23
                          103.210.16.0/24 maxlen: 24
                          103.210.17.0/24 maxlen: 24
                          103.210.18.0/23 maxlen: 23
                          103.210.18.0/24 maxlen: 24
                          103.210.19.0/24 maxlen: 24
                          2401:940::/32 maxlen: 36

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91ECD98/7802048A66A411EA8FCB2B6FC4F9AE02/QcZcAPCmsH08D2sSkFZPv4OC2nM.crl
                          rsync://rpki.apnic.net/member_repository/A91ECD98/7802048A66A411EA8FCB2B6FC4F9AE02/QcZcAPCmsH08D2sSkFZPv4OC2nM.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QcZcAPCmsH08D2sSkFZPv4OC2nM.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 29 Nov 2024 19:39:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2423 (0x977)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91ECD98/serialNumber=41C65C00F0A6B07D3C0F6B1290564FBF8382DA73
        Validity
            Not Before: Mar 18 21:19:05 2024 GMT
            Not After : May 28 00:00:00 2025 GMT
        Subject: CN=65f8afc9-0b77
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:32:2d:12:fa:ea:d8:1f:06:a4:f4:41:72:7a:
                    34:81:ad:34:c4:49:8a:07:25:7e:a1:18:45:de:13:
                    17:24:63:36:54:48:95:c3:d5:1f:ba:04:2c:d8:f8:
                    80:8f:7c:a3:7d:cf:84:6b:d4:b5:5e:66:f3:56:1f:
                    6e:29:b9:fa:22:23:c7:93:49:12:5d:97:75:6a:c0:
                    c5:e9:d0:43:8d:f9:75:9a:49:0f:a7:1f:06:97:56:
                    fd:31:27:02:fa:dd:94:e8:de:29:38:b0:1a:62:bc:
                    d4:a2:12:88:ed:ed:ed:02:8b:ff:e0:9c:1b:2c:f0:
                    72:88:10:7c:bb:b4:81:96:2a:7a:84:e3:b4:e3:10:
                    6f:cf:55:0d:5e:6e:99:1b:7e:fc:58:29:a3:f2:5f:
                    ee:09:9f:31:ba:4b:ab:da:b9:38:98:db:c3:2a:05:
                    31:6e:e4:f5:54:e5:68:69:ad:f7:75:c6:90:52:e0:
                    b4:82:28:ed:cf:1b:a2:9f:4b:1a:a4:89:ea:70:ea:
                    fc:3d:e7:8b:e0:6f:06:b8:9a:d8:d3:be:fb:1b:94:
                    4a:86:88:c2:b9:21:fe:53:84:26:dd:f3:d6:f6:58:
                    08:af:22:7a:17:87:85:7b:aa:b6:44:65:ed:8d:b3:
                    83:1f:f2:db:4e:43:32:4c:28:28:f4:67:98:3a:dd:
                    bb:b9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D8:9A:33:00:36:82:0B:24:12:A3:2F:FC:0A:DF:FD:DB:5D:A2:66:C4
            X509v3 Authority Key Identifier:
                keyid:41:C6:5C:00:F0:A6:B0:7D:3C:0F:6B:12:90:56:4F:BF:83:82:DA:73

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91ECD98/7802048A66A411EA8FCB2B6FC4F9AE02/QcZcAPCmsH08D2sSkFZPv4OC2nM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QcZcAPCmsH08D2sSkFZPv4OC2nM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91ECD98/7802048A66A411EA8FCB2B6FC4F9AE02/F760C48ACE0111EB980FBD53C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.250.20.0/22
                  103.210.16.0/22
                IPv6:
                  2401:940::/32

    Signature Algorithm: sha256WithRSAEncryption
         89:18:7c:a8:d8:07:41:87:e2:bf:40:f5:7d:5b:1e:aa:6e:25:
         c3:0e:5c:3a:92:8e:54:0d:8d:6c:5d:29:de:59:44:33:b5:7f:
         1c:7c:8c:78:6d:72:48:24:d5:db:cb:d3:4c:dc:b3:f9:0f:58:
         93:09:df:5d:01:4d:e6:d1:77:73:18:70:a5:1e:a1:d7:2c:33:
         df:ed:d2:16:f8:87:5a:04:27:65:66:05:ef:05:fb:68:0c:ae:
         5c:c8:1f:54:1a:96:5d:34:e2:9c:0d:96:9b:d1:5d:08:de:08:
         53:37:dc:52:03:91:bc:e2:64:75:36:5d:ba:00:aa:31:df:09:
         50:6b:27:d2:5d:c5:d8:83:d5:14:b1:bc:70:aa:4b:eb:f5:49:
         31:c8:b8:b8:f1:9d:06:21:79:77:15:8b:b5:02:72:ef:d3:4d:
         6f:2e:c9:c0:3b:84:be:43:65:e9:e9:8b:82:5e:66:1b:f0:0d:
         70:8c:1c:30:fb:8e:86:84:e1:88:53:de:50:17:40:66:25:57:
         c1:4c:d6:b6:ba:b6:62:ab:50:ad:fe:c0:a0:a2:7f:f5:c3:25:
         66:aa:1c:09:91:c0:07:f7:f6:62:6d:be:2b:50:c6:2a:be:2b:
         93:de:b6:a7:8a:a5:d7:06:a5:4f:da:8d:46:bd:e3:db:c4:11:
         bc:b8:63:2c
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgICCXcwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RUNEOTgxMTAvBgNVBAUTKDQxQzY1QzAwRjBBNkIwN0QzQzBGNkIxMjkwNTY0RkJG
ODM4MkRBNzMwHhcNMjQwMzE4MjExOTA1WhcNMjUwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02NWY4YWZjOS0wYjc3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAwTItEvrq2B8GpPRBcno0ga00xEmKByV+oRhF3hMXJGM2VEiVw9UfugQs2PiA
j3yjfc+Ea9S1XmbzVh9uKbn6IiPHk0kSXZd1asDF6dBDjfl1mkkPpx8Gl1b9MScC
+t2U6N4pOLAaYrzUohKI7e3tAov/4JwbLPByiBB8u7SBlip6hOO04xBvz1UNXm6Z
G378WCmj8l/uCZ8xukur2rk4mNvDKgUxbuT1VOVoaa33dcaQUuC0gijtzxuin0sa
pInqcOr8PeeL4G8GuJrY0777G5RKhojCuSH+U4Qm3fPW9lgIryJ6F4eFe6q2RGXt
jbODH/LbTkMyTCgo9GeYOt27uQIDAQABo4ICqjCCAqYwHQYDVR0OBBYEFNiaMwA2
ggskEqMv/Arf/dtdombEMB8GA1UdIwQYMBaAFEHGXADwprB9PA9rEpBWT7+Dgtpz
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFQ0Q5OC83ODAyMDQ4QTY2
QTQxMUVBOEZDQjJCNkZDNEY5QUUwMi9RY1pjQVBDbXNIMDhEMnNTa0ZaUHY0T0My
bk0uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1FjWmNBUENtc0gwOEQyc1NrRlpQdjRPQzJuTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RUNEOTgvNzgwMjA0OEE2NkE0MTFFQThGQ0IyQjZGQzRGOUFFMDIvRjc2MEM0OEFD
RTAxMTFFQjk4MEZCRDUzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNAYIKwYBBQUHAQcBAf8E
JTAjMBIEAgABMAwDBAIt+hQDBAJn0hAwDQQCAAIwBwMFACQBCUAwDQYJKoZIhvcN
AQELBQADggEBAIkYfKjYB0GH4r9A9X1bHqpuJcMOXDqSjlQNjWxdKd5ZRDO1fxx8
jHhtckgk1dvL00zcs/kPWJMJ310BTebRd3MYcKUeodcsM9/t0hb4h1oEJ2VmBe8F
+2gMrlzIH1Qall004pwNlpvRXQjeCFM33FIDkbziZHU2XboAqjHfCVBrJ9JdxdiD
1RSxvHCqS+v1STHIuLjxnQYheXcVi7UCcu/TTW8uycA7hL5DZenpi4JeZhvwDXCM
HDD7joaE4YhT3lAXQGYlV8FM1ra6tmKrUK3+wKCif/XDJWaqHAmRwAf39mJtvitQ
xiq+K5PetqeKpdcGpU/ajUa949vEEby4Yyw=
-----END CERTIFICATE-----
Generated at Fri Nov 22 21:05:34 2024 by rpki-client on console-fra.rpki-client.org