Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9117E49/CBEEAE48D5D511E797CBC37DC4F9AE02/1DA0BF7C7C5911EDB5D8DA67C4F9AE02.roa
File:                     1DA0BF7C7C5911EDB5D8DA67C4F9AE02.roa (raw, json)
Hash identifier:          HaGuDMDdtzMMm3o6+XeqS8/R5NYbXvco+c9bwnRUeLE=
Subject key identifier:   5C:80:87:54:B2:54:AB:7C:6F:B6:96:11:F5:F7:BE:B6:C6:E7:7D:A6
Certificate issuer:       /CN=A9117E49/serialNumber=FC9CC38035DF0FD8B2455E36767E130227F4E87B
Certificate serial:       16B4
Authority key identifier: FC:9C:C3:80:35:DF:0F:D8:B2:45:5E:36:76:7E:13:02:27:F4:E8:7B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_JzDgDXfD9iyRV42dn4TAif06Hs.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9117E49/CBEEAE48D5D511E797CBC37DC4F9AE02/1DA0BF7C7C5911EDB5D8DA67C4F9AE02.roa
Signing time:             Fri 10 May 2024 17:25:20 +0000
ROA not before:           Fri 10 May 2024 17:25:19 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     58826
IP address blocks:        103.17.180.0/23 maxlen: 24
                          103.56.208.0/23 maxlen: 24
                          192.144.80.0/22 maxlen: 22
                          192.144.80.0/24 maxlen: 24
                          192.144.81.0/24 maxlen: 24
                          192.144.82.0/24 maxlen: 24
                          192.144.83.0/24 maxlen: 24
                          2402:1d40::/48 maxlen: 48
                          2402:1d40:1::/48 maxlen: 48
                          2402:1d40:2::/48 maxlen: 48
                          2402:1d40:1000::/48 maxlen: 48
                          2402:1d40:1001::/48 maxlen: 48
                          2402:1d40:2000::/48 maxlen: 48
                          2402:1d40:2001::/48 maxlen: 48
                          2402:1d40:3000::/48 maxlen: 48
                          2402:1d40:3001::/48 maxlen: 48
                          2402:1d40:3002::/48 maxlen: 48
                          2402:1d40:3003::/48 maxlen: 48
                          2402:1d40:4000::/48 maxlen: 48
                          2402:1d40:4001::/48 maxlen: 48
                          2402:1d40:4002::/48 maxlen: 48
                          2402:1d40:4003::/48 maxlen: 48
                          2402:1d40:5000::/48 maxlen: 48
                          2402:1d40:5001::/48 maxlen: 48
                          2402:1d40:5002::/48 maxlen: 48
                          2402:1d40:5003::/48 maxlen: 48
                          2402:1d40:5004::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9117E49/CBEEAE48D5D511E797CBC37DC4F9AE02/_JzDgDXfD9iyRV42dn4TAif06Hs.crl
                          rsync://rpki.apnic.net/member_repository/A9117E49/CBEEAE48D5D511E797CBC37DC4F9AE02/_JzDgDXfD9iyRV42dn4TAif06Hs.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_JzDgDXfD9iyRV42dn4TAif06Hs.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 29 Nov 2024 16:30:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 5812 (0x16b4)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9117E49/serialNumber=FC9CC38035DF0FD8B2455E36767E130227F4E87B
        Validity
            Not Before: May 10 17:25:19 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=663e587f-37f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ad:f0:9d:a5:14:9c:4a:da:9b:bf:a6:ea:00:95:
                    31:d5:01:d7:49:55:f2:94:74:d6:26:c1:b5:a0:0d:
                    6a:b7:11:2a:28:c4:8c:f1:0e:fe:0f:ad:85:95:d0:
                    ab:7d:1a:a3:86:9d:bf:89:f1:af:f1:d2:1c:46:7d:
                    b6:fc:ee:41:af:24:6e:3e:00:bb:e6:29:54:9a:20:
                    a2:e9:3f:87:e6:6c:0e:2f:b3:4a:34:ad:6f:a6:51:
                    af:d0:ad:6a:ef:39:0b:9a:75:39:7c:fb:43:2f:66:
                    f8:6d:be:b4:2a:6c:bd:3a:3f:2b:b3:07:f2:a8:f5:
                    ee:41:35:f9:c1:2f:82:42:82:e0:40:64:6f:b1:2f:
                    82:4e:dc:85:3b:72:68:9d:f8:e4:18:85:97:b7:6d:
                    29:62:0b:13:a3:e0:a5:d2:8a:e6:37:31:5e:61:7f:
                    5a:65:d0:c4:72:22:a4:9d:ae:64:52:ac:41:ab:b1:
                    c4:32:fc:cd:e2:81:10:07:a4:7f:9a:7c:b7:27:ee:
                    26:3d:80:88:cb:f3:d0:16:3c:b0:7e:87:1c:1f:4f:
                    29:23:91:c8:df:a7:b5:31:35:34:f4:5f:e2:4f:0b:
                    da:23:e3:20:89:b3:0d:f1:5d:34:cc:ac:85:57:11:
                    4e:99:9c:4d:61:ba:9a:f1:c3:aa:c7:b4:97:90:ad:
                    83:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5C:80:87:54:B2:54:AB:7C:6F:B6:96:11:F5:F7:BE:B6:C6:E7:7D:A6
            X509v3 Authority Key Identifier:
                keyid:FC:9C:C3:80:35:DF:0F:D8:B2:45:5E:36:76:7E:13:02:27:F4:E8:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9117E49/CBEEAE48D5D511E797CBC37DC4F9AE02/_JzDgDXfD9iyRV42dn4TAif06Hs.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_JzDgDXfD9iyRV42dn4TAif06Hs.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9117E49/CBEEAE48D5D511E797CBC37DC4F9AE02/1DA0BF7C7C5911EDB5D8DA67C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.17.180.0/23
                  103.56.208.0/23
                  192.144.80.0/22
                IPv6:
                  2402:1d40::-2402:1d40:2:ffff:ffff:ffff:ffff:ffff
                  2402:1d40:1000::/47
                  2402:1d40:2000::/47
                  2402:1d40:3000::/46
                  2402:1d40:4000::/46
                  2402:1d40:5000::-2402:1d40:5004:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         25:22:4e:87:81:72:66:f7:b9:e5:6b:18:0e:4e:f6:fa:3b:6f:
         79:9b:02:9e:ae:5f:8c:93:71:83:69:20:c9:74:f8:e0:37:1d:
         8f:90:5e:b2:bf:ac:6f:78:81:e3:1d:d7:c4:11:6d:28:4f:81:
         7b:d7:d0:39:bf:e0:44:13:b8:2e:f7:78:ed:96:a3:85:5a:ce:
         32:7c:0c:87:f2:fe:4f:4a:bd:6a:a2:b3:a6:41:e7:27:90:9c:
         dc:08:66:1b:34:27:66:e5:93:1c:bf:a4:94:1a:12:07:b7:8c:
         7e:4e:32:86:f3:b1:dd:83:63:bc:7e:6f:03:86:19:d5:0c:2b:
         59:68:7b:f1:d6:ae:ed:c3:cb:f8:d4:0b:3c:5e:31:3e:08:3f:
         ea:7e:2d:9d:b7:79:e4:2d:41:5c:31:06:c9:de:75:98:d9:6d:
         64:28:13:90:3c:fc:65:56:47:8b:52:ff:aa:94:dd:07:d6:35:
         01:ae:f5:25:9e:43:67:f6:90:7b:2c:90:a7:12:e5:09:a0:03:
         9a:a1:a5:4c:ba:f1:07:47:d1:00:c3:96:98:08:73:1a:50:dc:
         fb:4d:f9:9f:75:fe:0d:3c:66:bb:a9:6c:5f:58:d2:91:96:6d:
         3e:d4:44:71:15:d6:8e:0c:74:d1:f0:29:09:86:83:d7:40:27:
         a2:0e:e4:39
-----BEGIN CERTIFICATE-----
MIIFzjCCBLagAwIBAgICFrQwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MTdFNDkxMTAvBgNVBAUTKEZDOUNDMzgwMzVERjBGRDhCMjQ1NUUzNjc2N0UxMzAy
MjdGNEU4N0IwHhcNMjQwNTEwMTcyNTE5WhcNMjUwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjNlNTg3Zi0zN2Y5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEArfCdpRScStqbv6bqAJUx1QHXSVXylHTWJsG1oA1qtxEqKMSM8Q7+D62FldCr
fRqjhp2/ifGv8dIcRn22/O5BryRuPgC75ilUmiCi6T+H5mwOL7NKNK1vplGv0K1q
7zkLmnU5fPtDL2b4bb60Kmy9Oj8rswfyqPXuQTX5wS+CQoLgQGRvsS+CTtyFO3Jo
nfjkGIWXt20pYgsTo+Cl0ormNzFeYX9aZdDEciKkna5kUqxBq7HEMvzN4oEQB6R/
mny3J+4mPYCIy/PQFjywfoccH08pI5HI36e1MTU09F/iTwvaI+MgibMN8V00zKyF
VxFOmZxNYbqa8cOqx7SXkK2DrQIDAQABo4IC8jCCAu4wHQYDVR0OBBYEFFyAh1Sy
VKt8b7aWEfX3vrbG532mMB8GA1UdIwQYMBaAFPycw4A13w/YskVeNnZ+EwIn9Oh7
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTExN0U0OS9DQkVFQUU0OEQ1
RDUxMUU3OTdDQkMzN0RDNEY5QUUwMi9fSnpEZ0RYZkQ5aXlSVjQyZG40VEFpZjA2
SHMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL19KekRnRFhmRDlpeVJWNDJkbjRUQWlmMDZIcy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MTdFNDkvQ0JFRUFFNDhENUQ1MTFFNzk3Q0JDMzdEQzRGOUFFMDIvMURBMEJGN0M3
QzU5MTFFREI1RDhEQTY3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwfAYIKwYBBQUHAQcBAf8E
bTBrMBgEAgABMBIDBAFnEbQDBAFnONADBALAkFAwTwQCAAIwSTAQAwUGJAIdQAMH
ACQCHUAAAgMHASQCHUAQAAMHASQCHUAgAAMHAiQCHUAwAAMHAiQCHUBAADARAwYE
JAIdQFADBwAkAh1AUAQwDQYJKoZIhvcNAQELBQADggEBACUiToeBcmb3ueVrGA5O
9vo7b3mbAp6uX4yTcYNpIMl0+OA3HY+QXrK/rG94geMd18QRbShPgXvX0Dm/4EQT
uC73eO2Wo4VazjJ8DIfy/k9KvWqis6ZB5yeQnNwIZhs0J2blkxy/pJQaEge3jH5O
Mobzsd2DY7x+bwOGGdUMK1loe/HWru3Dy/jUCzxeMT4IP+p+LZ23eeQtQVwxBsne
dZjZbWQoE5A8/GVWR4tS/6qU3QfWNQGu9SWeQ2f2kHsskKcS5QmgA5qhpUy68QdH
0QDDlpgIcxpQ3PtN+Z91/g08ZrupbF9Y0pGWbT7URHEV1o4MdNHwKQmGg9dAJ6IO
5Dk=
-----END CERTIFICATE-----
Generated at Fri Nov 22 17:55:37 2024 by rpki-client on console-fra.rpki-client.org