Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9118022/C61C256AADCC11E9AC672F4BC4F9AE02/1BBE249C21D911EB85DAFE71C4F9AE02.roa
File:                     1BBE249C21D911EB85DAFE71C4F9AE02.roa (raw, json)
Hash identifier:          tbuo5XmVwKJlY6wNAj+sEi0Y8m8muC9NuM2llp4KX5E=
Subject key identifier:   7F:D9:D3:B0:07:43:B9:A2:9C:2A:66:95:46:99:49:1A:A9:65:79:6D
Certificate issuer:       /CN=A9118022/serialNumber=C768761BC81AB4FE7FD4401548261CBA87207BEA
Certificate serial:       0CD6
Authority key identifier: C7:68:76:1B:C8:1A:B4:FE:7F:D4:40:15:48:26:1C:BA:87:20:7B:EA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/x2h2G8gatP5_1EAVSCYcuocge-o.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9118022/C61C256AADCC11E9AC672F4BC4F9AE02/1BBE249C21D911EB85DAFE71C4F9AE02.roa
Signing time:             Wed 06 Sep 2023 18:26:09 +0000
ROA not before:           Wed 06 Sep 2023 18:26:09 +0000
ROA not after:            Thu 31 Oct 2024 00:00:00 +0000
asID:                     135386
IP address blocks:        103.140.228.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9118022/C61C256AADCC11E9AC672F4BC4F9AE02/x2h2G8gatP5_1EAVSCYcuocge-o.crl
                          rsync://rpki.apnic.net/member_repository/A9118022/C61C256AADCC11E9AC672F4BC4F9AE02/x2h2G8gatP5_1EAVSCYcuocge-o.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/x2h2G8gatP5_1EAVSCYcuocge-o.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 25 Mar 2024 18:41:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3286 (0xcd6)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9118022/serialNumber=C768761BC81AB4FE7FD4401548261CBA87207BEA
        Validity
            Not Before: Sep  6 18:26:09 2023 GMT
            Not After : Oct 31 00:00:00 2024 GMT
        Subject: CN=64f8c441-915f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:23:d8:12:8a:63:2f:c5:0d:29:6d:da:6c:df:
                    50:d2:b9:65:02:5b:d3:de:71:0e:3e:ce:4d:41:64:
                    7b:4d:95:0d:bb:69:20:89:d9:9e:03:39:39:57:8c:
                    94:57:15:cf:18:69:2c:85:33:d5:18:c2:ea:7c:97:
                    21:f5:ca:49:0a:84:c7:14:6a:a0:64:1a:5e:37:0e:
                    ed:e9:e2:c9:6c:a0:5f:5f:8d:3d:4d:89:29:60:bc:
                    97:fe:e1:04:aa:3e:3b:b9:92:ea:69:7e:bd:f8:2c:
                    65:d6:6d:ff:27:d5:7f:b5:7e:8b:ec:11:f4:bf:1d:
                    3f:ca:ca:2e:0e:e6:60:99:db:e9:81:e4:da:54:41:
                    87:5f:75:2c:89:60:0f:2b:c7:da:b7:03:8d:ea:5e:
                    85:44:57:f8:ab:62:79:54:80:8b:ce:2f:a0:9b:58:
                    9f:73:45:6c:8e:51:51:88:11:f6:f0:65:a0:04:59:
                    43:cd:c6:86:cd:c1:96:b5:9a:d4:79:02:65:d0:c7:
                    c2:db:a4:c0:3a:aa:a8:13:14:b2:4d:cb:e3:f0:90:
                    5f:5b:f6:b6:1c:bb:20:d4:f8:83:f2:5b:d2:e6:58:
                    0f:a1:82:5a:64:a9:e9:92:05:49:53:5b:e0:88:3a:
                    5e:ae:1e:6e:ce:fe:03:01:33:21:ab:d4:ea:87:f6:
                    81:b5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:D9:D3:B0:07:43:B9:A2:9C:2A:66:95:46:99:49:1A:A9:65:79:6D
            X509v3 Authority Key Identifier:
                keyid:C7:68:76:1B:C8:1A:B4:FE:7F:D4:40:15:48:26:1C:BA:87:20:7B:EA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9118022/C61C256AADCC11E9AC672F4BC4F9AE02/x2h2G8gatP5_1EAVSCYcuocge-o.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/x2h2G8gatP5_1EAVSCYcuocge-o.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9118022/C61C256AADCC11E9AC672F4BC4F9AE02/1BBE249C21D911EB85DAFE71C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.140.228.0/23

    Signature Algorithm: sha256WithRSAEncryption
         87:d9:96:03:d5:9c:96:c8:3b:3f:44:71:7e:f9:12:bf:bd:b1:
         32:7c:78:e2:54:f4:61:b4:58:98:16:5b:8c:a1:ef:89:9c:08:
         16:89:ec:2f:80:26:34:f1:01:fc:ab:df:fe:e4:97:1f:80:d8:
         46:db:73:b7:81:6b:d7:13:bc:35:92:2a:f6:e7:17:80:b0:6b:
         b4:17:a4:0d:44:75:cf:26:ba:77:96:52:34:2c:97:f6:15:39:
         02:80:62:d2:68:10:0c:40:a4:b7:4a:ef:48:08:a3:48:6a:46:
         f1:19:f7:33:f2:9d:06:c2:d4:57:51:c8:43:3d:b3:88:76:ee:
         38:3d:a5:83:04:4d:6e:81:9f:8c:ef:0e:12:62:e1:af:af:7c:
         db:f4:90:a2:b0:12:94:b9:3c:f1:95:da:85:06:52:d6:17:b6:
         09:2a:7f:eb:46:57:ba:ec:a3:6c:57:f4:a9:34:fc:f1:e3:a4:
         b7:55:cf:b9:ef:f3:7b:3d:2d:a9:ea:5d:43:bb:6c:f6:b6:c3:
         95:70:d1:b7:61:c5:ba:50:35:80:e0:23:13:b9:a9:69:ed:14:
         52:e2:99:0e:20:68:a1:ca:49:fa:38:f7:aa:8c:3c:ec:8d:ff:
         81:b7:a9:cc:df:4a:51:c9:12:0d:0f:ca:4b:7d:e0:1b:03:f7:
         43:6d:e3:5a
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICDNYwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MTgwMjIxMTAvBgNVBAUTKEM3Njg3NjFCQzgxQUI0RkU3RkQ0NDAxNTQ4MjYxQ0JB
ODcyMDdCRUEwHhcNMjMwOTA2MTgyNjA5WhcNMjQxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NGY4YzQ0MS05MTVmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAyCPYEopjL8UNKW3abN9Q0rllAlvT3nEOPs5NQWR7TZUNu2kgidmeAzk5V4yU
VxXPGGkshTPVGMLqfJch9cpJCoTHFGqgZBpeNw7t6eLJbKBfX409TYkpYLyX/uEE
qj47uZLqaX69+Cxl1m3/J9V/tX6L7BH0vx0/ysouDuZgmdvpgeTaVEGHX3UsiWAP
K8fatwON6l6FRFf4q2J5VICLzi+gm1ifc0VsjlFRiBH28GWgBFlDzcaGzcGWtZrU
eQJl0MfC26TAOqqoExSyTcvj8JBfW/a2HLsg1PiD8lvS5lgPoYJaZKnpkgVJU1vg
iDperh5uzv4DATMhq9Tqh/aBtQIDAQABo4IClTCCApEwHQYDVR0OBBYEFH/Z07AH
Q7minCpmlUaZSRqpZXltMB8GA1UdIwQYMBaAFMdodhvIGrT+f9RAFUgmHLqHIHvq
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTExODAyMi9DNjFDMjU2QUFE
Q0MxMUU5QUM2NzJGNEJDNEY5QUUwMi94MmgyRzhnYXRQNV8xRUFWU0NZY3VvY2dl
LW8uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3gyaDJHOGdhdFA1XzFFQVZTQ1ljdW9jZ2Utby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MTgwMjIvQzYxQzI1NkFBRENDMTFFOUFDNjcyRjRCQzRGOUFFMDIvMUJCRTI0OUMy
MUQ5MTFFQjg1REFGRTcxQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAFnjOQwDQYJKoZIhvcNAQELBQADggEBAIfZlgPVnJbIOz9E
cX75Er+9sTJ8eOJU9GG0WJgWW4yh74mcCBaJ7C+AJjTxAfyr3/7klx+A2Ebbc7eB
a9cTvDWSKvbnF4Cwa7QXpA1Edc8muneWUjQsl/YVOQKAYtJoEAxApLdK70gIo0hq
RvEZ9zPynQbC1FdRyEM9s4h27jg9pYMETW6Bn4zvDhJi4a+vfNv0kKKwEpS5PPGV
2oUGUtYXtgkqf+tGV7rso2xX9Kk0/PHjpLdVz7nv83s9LanqXUO7bPa2w5Vw0bdh
xbpQNYDgIxO5qWntFFLimQ4gaKHKSfo496qMPOyN/4G3qczfSlHJEg0Pykt94BsD
90Nt41o=
-----END CERTIFICATE-----
Generated at Mon Mar 18 20:12:12 2024 by rpki-client on console-fra.rpki-client.org