Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91FC42F/63E6E392313611EA8BE2612BC4F9AE02/A540A624378611EABE283384C4F9AE02.roa
File:                     A540A624378611EABE283384C4F9AE02.roa (raw, json)
Hash identifier:          8XS5neYx9p+UU07eXX8+RNfmtxbleVY94+kDi4HT678=
Subject key identifier:   CE:0C:C3:AA:F8:FE:4F:30:85:2A:40:E3:E6:00:03:86:99:EF:63:9A
Certificate issuer:       /CN=A91FC42F/serialNumber=260C68A83476430C19AC86FC13613330DE10F9B9
Certificate serial:       0A8B
Authority key identifier: 26:0C:68:A8:34:76:43:0C:19:AC:86:FC:13:61:33:30:DE:10:F9:B9
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/JgxoqDR2QwwZrIb8E2EzMN4Q-bk.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91FC42F/63E6E392313611EA8BE2612BC4F9AE02/A540A624378611EABE283384C4F9AE02.roa
Signing time:             Thu 21 Mar 2024 15:02:16 +0000
ROA not before:           Thu 21 Mar 2024 15:02:16 +0000
ROA not after:            Fri 31 Jan 2025 00:00:00 +0000
asID:                     139766
IP address blocks:        103.144.224.0/23 maxlen: 24
                          2406:1bc0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91FC42F/63E6E392313611EA8BE2612BC4F9AE02/JgxoqDR2QwwZrIb8E2EzMN4Q-bk.crl
                          rsync://rpki.apnic.net/member_repository/A91FC42F/63E6E392313611EA8BE2612BC4F9AE02/JgxoqDR2QwwZrIb8E2EzMN4Q-bk.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/JgxoqDR2QwwZrIb8E2EzMN4Q-bk.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 21 Jun 2024 20:29:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2699 (0xa8b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91FC42F/serialNumber=260C68A83476430C19AC86FC13613330DE10F9B9
        Validity
            Not Before: Mar 21 15:02:16 2024 GMT
            Not After : Jan 31 00:00:00 2025 GMT
        Subject: CN=65fc4bf8-a4cb
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:0a:4a:16:43:6e:83:6d:5e:60:bd:fc:d2:ba:
                    d7:5d:44:7c:75:b4:a0:44:4a:ca:79:22:35:d6:ff:
                    d2:c0:e1:ef:72:c2:ee:8d:83:c3:4c:fe:a1:dc:75:
                    50:da:ac:82:df:c4:cb:0b:8c:f9:70:ed:ce:5e:0d:
                    8f:28:05:28:db:04:01:29:3c:c8:17:25:e0:a8:e4:
                    6e:7e:9d:61:ad:84:96:cf:6c:fb:0c:fd:e7:60:5d:
                    b8:58:10:82:89:b3:01:ce:20:47:f3:30:35:dc:3b:
                    e6:51:64:8b:7f:dd:2a:47:ca:29:f7:b1:11:e0:a2:
                    4c:4e:71:6d:0b:ea:d6:74:25:d5:88:4f:67:66:11:
                    6c:d6:d3:d6:69:78:11:2c:9e:7d:4c:10:d7:9b:d0:
                    01:19:0a:e4:d0:ba:16:f8:e4:1d:63:9c:2e:3f:e1:
                    38:a3:65:42:9f:a1:7a:50:88:34:44:3e:46:70:3e:
                    4c:2a:e3:00:23:b6:01:a5:1b:76:a6:b5:a6:d0:8c:
                    05:8e:44:b5:28:0b:80:f6:52:3e:0b:ca:44:62:28:
                    8f:b4:60:dd:eb:da:08:29:8d:ee:c6:55:0a:29:01:
                    a5:41:24:b3:2e:70:74:78:7c:a5:ae:25:cd:5e:b3:
                    fc:13:a3:e6:03:e7:68:76:fc:eb:d3:a8:77:c5:49:
                    da:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CE:0C:C3:AA:F8:FE:4F:30:85:2A:40:E3:E6:00:03:86:99:EF:63:9A
            X509v3 Authority Key Identifier:
                keyid:26:0C:68:A8:34:76:43:0C:19:AC:86:FC:13:61:33:30:DE:10:F9:B9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91FC42F/63E6E392313611EA8BE2612BC4F9AE02/JgxoqDR2QwwZrIb8E2EzMN4Q-bk.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/JgxoqDR2QwwZrIb8E2EzMN4Q-bk.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91FC42F/63E6E392313611EA8BE2612BC4F9AE02/A540A624378611EABE283384C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.144.224.0/23
                IPv6:
                  2406:1bc0::/32

    Signature Algorithm: sha256WithRSAEncryption
         59:24:ae:48:28:43:9c:7c:28:89:bf:bd:14:5d:04:53:08:90:
         af:08:17:a4:b9:a2:22:8b:9c:fa:c2:b6:3f:73:04:6f:ae:7e:
         e1:54:d3:27:75:45:f3:84:38:95:b4:5f:f6:8e:6d:d2:62:ca:
         a4:10:ef:11:79:ad:1f:fe:b9:f4:90:8b:a2:5e:cb:da:b5:7f:
         5d:dd:a7:3b:55:29:c0:8c:ad:42:dc:8d:c0:c0:3c:b3:e2:2b:
         31:85:76:c0:c5:9f:c6:83:df:04:c1:cf:c7:5a:38:d1:21:34:
         47:2e:ff:c0:26:f6:8a:62:d5:20:3c:1f:0b:55:6e:58:1a:61:
         b2:2e:3d:d6:67:39:86:91:28:3d:ce:a4:9d:43:2b:78:5e:e8:
         95:ed:a9:2e:f8:bf:93:6b:bf:dd:cd:4b:d9:12:d5:ac:99:ba:
         13:50:3a:97:38:5b:07:bc:83:df:91:49:04:7c:c2:4f:4c:f2:
         e0:ab:ff:97:8f:77:a6:7d:a8:bf:44:87:8e:06:e7:d9:96:4c:
         af:70:ae:a3:58:a5:e0:98:ac:1d:f4:c8:c5:46:c2:5a:25:e8:
         15:78:d5:78:6e:35:22:10:e5:11:00:cf:1c:f4:65:00:52:fa:
         7d:5c:0f:51:58:74:d0:27:b2:8d:f9:19:fb:6a:54:7f:f4:73:
         b1:38:55:be
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICCoswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RkM0MkYxMTAvBgNVBAUTKDI2MEM2OEE4MzQ3NjQzMEMxOUFDODZGQzEzNjEzMzMw
REUxMEY5QjkwHhcNMjQwMzIxMTUwMjE2WhcNMjUwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWZjNGJmOC1hNGNiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEApwpKFkNug21eYL380rrXXUR8dbSgRErKeSI11v/SwOHvcsLujYPDTP6h3HVQ
2qyC38TLC4z5cO3OXg2PKAUo2wQBKTzIFyXgqORufp1hrYSWz2z7DP3nYF24WBCC
ibMBziBH8zA13DvmUWSLf90qR8op97ER4KJMTnFtC+rWdCXViE9nZhFs1tPWaXgR
LJ59TBDXm9ABGQrk0LoW+OQdY5wuP+E4o2VCn6F6UIg0RD5GcD5MKuMAI7YBpRt2
prWm0IwFjkS1KAuA9lI+C8pEYiiPtGDd69oIKY3uxlUKKQGlQSSzLnB0eHylriXN
XrP8E6PmA+dodvzr06h3xUnaxQIDAQABo4ICpDCCAqAwHQYDVR0OBBYEFM4Mw6r4
/k8whSpA4+YAA4aZ72OaMB8GA1UdIwQYMBaAFCYMaKg0dkMMGayG/BNhMzDeEPm5
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGQzQyRi82M0U2RTM5MjMx
MzYxMUVBOEJFMjYxMkJDNEY5QUUwMi9KZ3hvcURSMlF3d1pySWI4RTJFek1ONFEt
YmsuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0pneG9xRFIyUXd3WnJJYjhFMkV6TU40US1iay5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RkM0MkYvNjNFNkUzOTIzMTM2MTFFQThCRTI2MTJCQzRGOUFFMDIvQTU0MEE2MjQz
Nzg2MTFFQUJFMjgzMzg0QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLgYIKwYBBQUHAQcBAf8E
HzAdMAwEAgABMAYDBAFnkOAwDQQCAAIwBwMFACQGG8AwDQYJKoZIhvcNAQELBQAD
ggEBAFkkrkgoQ5x8KIm/vRRdBFMIkK8IF6S5oiKLnPrCtj9zBG+ufuFU0yd1RfOE
OJW0X/aObdJiyqQQ7xF5rR/+ufSQi6Jey9q1f13dpztVKcCMrULcjcDAPLPiKzGF
dsDFn8aD3wTBz8daONEhNEcu/8Am9opi1SA8HwtVblgaYbIuPdZnOYaRKD3OpJ1D
K3he6JXtqS74v5Nrv93NS9kS1ayZuhNQOpc4Wwe8g9+RSQR8wk9M8uCr/5ePd6Z9
qL9Eh44G59mWTK9wrqNYpeCYrB30yMVGwlol6BV41XhuNSIQ5REAzxz0ZQBS+n1c
D1FYdNAnso35GftqVH/0c7E4Vb4=
-----END CERTIFICATE-----
Generated at Fri Jun 14 22:02:33 2024 by rpki-client on console-ams.rpki-client.org