Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91EE1DD/F15003C8F11211EC91965444C4F9AE02/7D857A30F11811EC86D3AD4BC4F9AE02.roa
File:                     7D857A30F11811EC86D3AD4BC4F9AE02.roa (raw, json)
Hash identifier:          DTeUoGILmpR1cuWk4EONESxHDKOdUfVBGiNOOrF79fw=
Subject key identifier:   25:65:85:13:C2:DA:B9:38:97:EA:68:4D:55:F0:67:C7:96:D4:D4:11
Certificate issuer:       /CN=A91EE1DD/serialNumber=3282380F57D6170F45CF520E7B2C1A3CDA2FCAAD
Certificate serial:       01AD
Authority key identifier: 32:82:38:0F:57:D6:17:0F:45:CF:52:0E:7B:2C:1A:3C:DA:2F:CA:AD
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/MoI4D1fWFw9Fz1IOeywaPNovyq0.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91EE1DD/F15003C8F11211EC91965444C4F9AE02/7D857A30F11811EC86D3AD4BC4F9AE02.roa
Signing time:             Tue 05 Dec 2023 03:34:17 +0000
ROA not before:           Tue 05 Dec 2023 03:34:17 +0000
ROA not after:            Sun 02 Mar 2025 00:00:00 +0000
asID:                     132409
IP address blocks:        103.80.208.0/24 maxlen: 25

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91EE1DD/F15003C8F11211EC91965444C4F9AE02/MoI4D1fWFw9Fz1IOeywaPNovyq0.crl
                          rsync://rpki.apnic.net/member_repository/A91EE1DD/F15003C8F11211EC91965444C4F9AE02/MoI4D1fWFw9Fz1IOeywaPNovyq0.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/MoI4D1fWFw9Fz1IOeywaPNovyq0.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 22 Jun 2024 02:50:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 429 (0x1ad)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91EE1DD/serialNumber=3282380F57D6170F45CF520E7B2C1A3CDA2FCAAD
        Validity
            Not Before: Dec  5 03:34:17 2023 GMT
            Not After : Mar  2 00:00:00 2025 GMT
        Subject: CN=656e9a38-f6ca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c4:da:a3:54:a9:e4:22:63:d9:fc:ae:9d:de:37:
                    26:b9:6f:2b:53:6b:29:75:0a:19:b7:29:44:a6:60:
                    20:3f:63:47:11:af:39:a4:4a:00:c0:2d:4f:5c:38:
                    4e:97:57:32:82:fb:ef:19:b5:00:33:03:87:b9:bb:
                    2e:87:d5:9c:4d:3b:b8:40:2b:d3:62:71:af:14:b5:
                    29:20:f9:3a:41:a2:8a:b0:3a:e2:84:bb:29:e1:b9:
                    ff:77:7e:17:21:f4:0f:e6:75:71:1c:30:20:ac:7d:
                    cd:62:a0:bc:4e:bf:5c:fe:01:d5:e2:c9:ed:bc:35:
                    d5:ab:b9:18:6d:10:0f:91:d4:0c:91:f4:00:73:5a:
                    e4:46:65:59:9c:ac:8c:6d:bb:ee:34:62:54:9d:32:
                    68:cc:8b:a3:0d:e2:01:6e:50:98:2e:55:9d:b4:88:
                    5c:e0:16:cc:e6:ad:c2:b8:b3:0d:65:2d:b3:f6:81:
                    14:68:bc:a8:37:9f:4f:5b:d0:b5:9b:e4:01:f2:f1:
                    76:99:42:7b:a9:8c:1c:d3:a4:64:ce:d4:27:51:0a:
                    9b:e9:ef:a9:ce:0c:79:2d:68:67:66:63:33:1e:5d:
                    3e:45:db:c3:7e:7f:65:d2:dd:92:a2:03:63:a9:0e:
                    ff:0d:1f:d8:46:5d:d8:89:ef:50:d2:26:2e:20:ba:
                    81:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                25:65:85:13:C2:DA:B9:38:97:EA:68:4D:55:F0:67:C7:96:D4:D4:11
            X509v3 Authority Key Identifier:
                keyid:32:82:38:0F:57:D6:17:0F:45:CF:52:0E:7B:2C:1A:3C:DA:2F:CA:AD

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91EE1DD/F15003C8F11211EC91965444C4F9AE02/MoI4D1fWFw9Fz1IOeywaPNovyq0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/MoI4D1fWFw9Fz1IOeywaPNovyq0.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91EE1DD/F15003C8F11211EC91965444C4F9AE02/7D857A30F11811EC86D3AD4BC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.80.208.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:3c:7c:63:09:a8:4f:93:0f:95:f8:f4:c2:8e:05:99:5b:3b:
         90:cd:31:0e:6d:96:1f:3e:75:f2:ad:f9:06:97:97:68:12:a2:
         08:ed:14:00:f7:3c:17:61:d7:1f:21:a0:f8:3f:1b:d4:0d:6d:
         89:57:16:60:44:57:82:bd:cf:6e:34:a3:54:89:5c:66:96:ea:
         d1:3d:d4:86:79:29:cc:78:83:1a:95:f9:d5:31:c4:af:30:c8:
         64:f0:98:84:c9:21:ee:d5:72:fe:5a:54:c6:31:85:7d:ea:aa:
         09:22:f0:4d:59:ac:e0:03:4b:34:ff:47:a5:70:8a:20:2f:62:
         a8:0d:4e:22:bc:59:a9:5b:ec:2b:b4:17:79:24:2d:e7:d8:0f:
         70:05:57:75:3d:b5:76:69:37:67:fe:20:e4:8c:c0:33:1e:19:
         f8:92:65:ee:1a:5f:4a:83:72:cb:95:a2:7c:d7:bd:12:a1:ff:
         10:7d:ae:69:cb:31:39:0c:f8:2d:59:0c:ff:10:95:66:8e:1d:
         82:6c:e8:0d:75:bb:8b:7e:07:94:b7:c7:6b:85:18:2a:83:70:
         f2:f3:b6:40:9b:7d:db:8e:90:4b:82:c5:e3:d5:55:bd:48:d6:
         79:c5:46:43:08:af:3d:ee:9d:50:15:20:d2:9c:c6:db:db:c1:
         6a:e9:15:15
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICAa0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RUUxREQxMTAvBgNVBAUTKDMyODIzODBGNTdENjE3MEY0NUNGNTIwRTdCMkMxQTND
REEyRkNBQUQwHhcNMjMxMjA1MDMzNDE3WhcNMjUwMzAyMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTZlOWEzOC1mNmNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAxNqjVKnkImPZ/K6d3jcmuW8rU2spdQoZtylEpmAgP2NHEa85pEoAwC1PXDhO
l1cygvvvGbUAMwOHubsuh9WcTTu4QCvTYnGvFLUpIPk6QaKKsDrihLsp4bn/d34X
IfQP5nVxHDAgrH3NYqC8Tr9c/gHV4sntvDXVq7kYbRAPkdQMkfQAc1rkRmVZnKyM
bbvuNGJUnTJozIujDeIBblCYLlWdtIhc4BbM5q3CuLMNZS2z9oEUaLyoN59PW9C1
m+QB8vF2mUJ7qYwc06RkztQnUQqb6e+pzgx5LWhnZmMzHl0+RdvDfn9l0t2SogNj
qQ7/DR/YRl3Yie9Q0iYuILqBhQIDAQABo4IClTCCApEwHQYDVR0OBBYEFCVlhRPC
2rk4l+poTVXwZ8eW1NQRMB8GA1UdIwQYMBaAFDKCOA9X1hcPRc9SDnssGjzaL8qt
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFRTFERC9GMTUwMDNDOEYx
MTIxMUVDOTE5NjU0NDRDNEY5QUUwMi9Nb0k0RDFmV0Z3OUZ6MUlPZXl3YVBOb3Z5
cTAuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL01vSTREMWZXRnc5RnoxSU9leXdhUE5vdnlxMC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RUUxREQvRjE1MDAzQzhGMTEyMTFFQzkxOTY1NDQ0QzRGOUFFMDIvN0Q4NTdBMzBG
MTE4MTFFQzg2RDNBRDRCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBABnUNAwDQYJKoZIhvcNAQELBQADggEBAH88fGMJqE+TD5X4
9MKOBZlbO5DNMQ5tlh8+dfKt+QaXl2gSogjtFAD3PBdh1x8hoPg/G9QNbYlXFmBE
V4K9z240o1SJXGaW6tE91IZ5Kcx4gxqV+dUxxK8wyGTwmITJIe7Vcv5aVMYxhX3q
qgki8E1ZrOADSzT/R6VwiiAvYqgNTiK8Walb7Cu0F3kkLefYD3AFV3U9tXZpN2f+
IOSMwDMeGfiSZe4aX0qDcsuVonzXvRKh/xB9rmnLMTkM+C1ZDP8QlWaOHYJs6A11
u4t+B5S3x2uFGCqDcPLztkCbfduOkEuCxePVVb1I1nnFRkMIrz3unVAVINKcxtvb
wWrpFRU=
-----END CERTIFICATE-----
Generated at Sat Jun 15 05:33:26 2024 by rpki-client on console-fra.rpki-client.org