Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91F6E7D/1E9A11C2838111EAACB9BC30C4F9AE02/4AEB32A2D2F911EA93B2C659C4F9AE02.roa
File:                     4AEB32A2D2F911EA93B2C659C4F9AE02.roa (raw, json)
Hash identifier:          3rWkl0W3crfARyeJEWHkC4Z5dwQIq9F1gZTXeYw8MYM=
Subject key identifier:   EB:37:78:11:2D:E9:D6:7C:09:F6:CF:3E:60:0E:FD:27:EC:FD:BA:89
Certificate issuer:       /CN=A91F6E7D/serialNumber=1613D6EBFCD849CFCC0A888DB97E6BBF5207ADB3
Certificate serial:       08B8
Authority key identifier: 16:13:D6:EB:FC:D8:49:CF:CC:0A:88:8D:B9:7E:6B:BF:52:07:AD:B3
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/FhPW6_zYSc_MCoiNuX5rv1IHrbM.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91F6E7D/1E9A11C2838111EAACB9BC30C4F9AE02/4AEB32A2D2F911EA93B2C659C4F9AE02.roa
Signing time:             Thu 28 Dec 2023 20:58:31 +0000
ROA not before:           Thu 28 Dec 2023 20:58:31 +0000
ROA not after:            Sun 02 Mar 2025 00:00:00 +0000
asID:                     14061
IP address blocks:        103.253.144.0/22 maxlen: 22
                          163.47.8.0/22 maxlen: 22
                          2400:6180::/32 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91F6E7D/1E9A11C2838111EAACB9BC30C4F9AE02/FhPW6_zYSc_MCoiNuX5rv1IHrbM.crl
                          rsync://rpki.apnic.net/member_repository/A91F6E7D/1E9A11C2838111EAACB9BC30C4F9AE02/FhPW6_zYSc_MCoiNuX5rv1IHrbM.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/FhPW6_zYSc_MCoiNuX5rv1IHrbM.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 21 Jun 2024 21:37:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2232 (0x8b8)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F6E7D/serialNumber=1613D6EBFCD849CFCC0A888DB97E6BBF5207ADB3
        Validity
            Not Before: Dec 28 20:58:31 2023 GMT
            Not After : Mar  2 00:00:00 2025 GMT
        Subject: CN=658de176-0635
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:6d:1f:b2:65:a3:d7:47:2f:ba:43:59:86:1f:
                    8f:fd:6e:89:82:18:9c:53:44:fd:e3:19:d6:59:df:
                    83:a5:d1:77:0f:0b:5c:b8:cd:65:a8:06:9e:bb:ed:
                    ad:21:48:d7:1d:48:45:27:71:9e:14:21:97:1a:ba:
                    56:e6:80:f3:72:b4:4f:12:34:b7:b6:e1:c8:5c:6c:
                    25:5b:bd:c5:99:ce:5c:4e:36:ea:f9:e5:2d:aa:cf:
                    4c:68:fd:a9:f0:91:73:e3:8b:5c:20:85:0c:ce:a5:
                    14:3e:cb:7c:a0:1b:9d:75:aa:0e:94:b3:c8:d6:0a:
                    09:2a:fb:27:8b:d4:83:04:f3:29:62:fe:cb:e1:b6:
                    b0:44:ca:dd:05:1d:76:f3:0a:7f:43:87:94:dd:d7:
                    3a:04:27:4e:eb:2b:47:f1:00:48:78:c5:bd:0f:59:
                    9b:38:63:ab:2a:23:f7:db:06:8d:79:92:26:5b:53:
                    29:cb:7b:6b:18:ad:9f:7e:3c:fd:51:69:83:c5:c0:
                    bf:af:e3:b6:07:b7:40:5c:94:2f:a3:42:17:62:75:
                    9e:e5:a4:88:40:96:28:5c:fc:ae:14:4d:b9:8f:85:
                    f7:73:86:8d:18:44:67:32:2b:8a:22:29:f1:d3:dc:
                    0b:99:11:c2:ba:92:ed:55:6b:ea:2f:9a:0d:4e:e6:
                    45:51
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EB:37:78:11:2D:E9:D6:7C:09:F6:CF:3E:60:0E:FD:27:EC:FD:BA:89
            X509v3 Authority Key Identifier:
                keyid:16:13:D6:EB:FC:D8:49:CF:CC:0A:88:8D:B9:7E:6B:BF:52:07:AD:B3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91F6E7D/1E9A11C2838111EAACB9BC30C4F9AE02/FhPW6_zYSc_MCoiNuX5rv1IHrbM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/FhPW6_zYSc_MCoiNuX5rv1IHrbM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91F6E7D/1E9A11C2838111EAACB9BC30C4F9AE02/4AEB32A2D2F911EA93B2C659C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.253.144.0/22
                  163.47.8.0/22
                IPv6:
                  2400:6180::/32

    Signature Algorithm: sha256WithRSAEncryption
         5c:d3:c8:45:99:3b:80:4b:c1:9c:6a:60:f2:92:2b:6a:56:90:
         f1:c6:e2:d6:4c:5a:11:0c:4c:fa:15:13:94:13:9e:ca:b9:b1:
         e1:e6:01:fb:49:7a:56:f4:d5:2d:fb:75:cd:1b:23:9c:b9:14:
         d5:95:e9:8e:56:e3:99:07:ab:0c:5e:fa:65:70:72:42:3f:e9:
         64:df:6d:2e:19:7a:19:83:75:d3:58:62:d5:c7:32:10:00:55:
         26:e5:11:0e:0e:33:21:11:f1:b8:39:46:ec:3b:55:ea:68:c2:
         a2:f3:25:6a:dd:2d:af:0f:be:a0:94:e4:18:c7:dd:3f:c1:33:
         79:2b:b7:58:e7:dd:ef:a7:55:8f:52:42:d0:fd:af:f7:9e:b4:
         7a:11:e7:16:7d:c9:32:92:a3:ef:e5:06:d5:e5:26:c6:3d:da:
         c6:c9:44:32:34:06:ba:04:3b:d6:dd:63:0c:77:3f:ac:b1:9d:
         89:69:16:47:be:f0:ce:23:8d:32:4e:74:8d:b1:5c:ca:51:cd:
         5e:1c:89:45:c2:27:41:d0:ec:8a:1e:32:4c:ee:2b:3d:02:31:
         52:79:cd:ad:3a:c8:63:31:3e:de:8a:df:3b:63:1b:11:eb:be:
         3f:96:47:42:0f:b7:40:c6:69:25:12:43:5c:0e:ac:07:04:51:
         d6:37:b4:96
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgICCLgwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RjZFN0QxMTAvBgNVBAUTKDE2MTNENkVCRkNEODQ5Q0ZDQzBBODg4REI5N0U2QkJG
NTIwN0FEQjMwHhcNMjMxMjI4MjA1ODMxWhcNMjUwMzAyMDAwMDAwWjAYMRYwFAYD
VQQDEw02NThkZTE3Ni0wNjM1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAxm0fsmWj10cvukNZhh+P/W6JghicU0T94xnWWd+DpdF3DwtcuM1lqAaeu+2t
IUjXHUhFJ3GeFCGXGrpW5oDzcrRPEjS3tuHIXGwlW73Fmc5cTjbq+eUtqs9MaP2p
8JFz44tcIIUMzqUUPst8oBuddaoOlLPI1goJKvsni9SDBPMpYv7L4bawRMrdBR12
8wp/Q4eU3dc6BCdO6ytH8QBIeMW9D1mbOGOrKiP32waNeZImW1Mpy3trGK2ffjz9
UWmDxcC/r+O2B7dAXJQvo0IXYnWe5aSIQJYoXPyuFE25j4X3c4aNGERnMiuKIinx
09wLmRHCupLtVWvqL5oNTuZFUQIDAQABo4ICqjCCAqYwHQYDVR0OBBYEFOs3eBEt
6dZ8CfbPPmAO/Sfs/bqJMB8GA1UdIwQYMBaAFBYT1uv82EnPzAqIjbl+a79SB62z
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGNkU3RC8xRTlBMTFDMjgz
ODExMUVBQUNCOUJDMzBDNEY5QUUwMi9GaFBXNl96WVNjX01Db2lOdVg1cnYxSUhy
Yk0uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0ZoUFc2X3pZU2NfTUNvaU51WDVydjFJSHJiTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RjZFN0QvMUU5QTExQzI4MzgxMTFFQUFDQjlCQzMwQzRGOUFFMDIvNEFFQjMyQTJE
MkY5MTFFQTkzQjJDNjU5QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNAYIKwYBBQUHAQcBAf8E
JTAjMBIEAgABMAwDBAJn/ZADBAKjLwgwDQQCAAIwBwMFACQAYYAwDQYJKoZIhvcN
AQELBQADggEBAFzTyEWZO4BLwZxqYPKSK2pWkPHG4tZMWhEMTPoVE5QTnsq5seHm
AftJelb01S37dc0bI5y5FNWV6Y5W45kHqwxe+mVwckI/6WTfbS4ZehmDddNYYtXH
MhAAVSblEQ4OMyER8bg5Ruw7VepowqLzJWrdLa8PvqCU5BjH3T/BM3krt1jn3e+n
VY9SQtD9r/eetHoR5xZ9yTKSo+/lBtXlJsY92sbJRDI0BroEO9bdYwx3P6yxnYlp
Fke+8M4jjTJOdI2xXMpRzV4ciUXCJ0HQ7IoeMkzuKz0CMVJ5za06yGMxPt6K3ztj
GxHrvj+WR0IPt0DGaSUSQ1wOrAcEUdY3tJY=
-----END CERTIFICATE-----
Generated at Fri Jun 14 22:57:55 2024 by rpki-client on console-ams.rpki-client.org