Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9119508/00020272ACC211EBABE1955EC4F9AE02/6DD1144AACC311EBA28FAD5FC4F9AE02.roa
File:                     6DD1144AACC311EBA28FAD5FC4F9AE02.roa (raw, json)
Hash identifier:          pMCjO+dEpym8WZT6FFXX0BN+eJ9YjqXuqC09C9kAxVs=
Subject key identifier:   CD:A9:EE:80:AF:50:7C:A6:9A:8D:3A:F1:5A:3F:6E:FC:46:D8:5F:89
Certificate issuer:       /CN=A9119508/serialNumber=1D725C91C0D4722F340088D1374DD2DAF37D8312
Certificate serial:       0599
Authority key identifier: 1D:72:5C:91:C0:D4:72:2F:34:00:88:D1:37:4D:D2:DA:F3:7D:83:12
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/HXJckcDUci80AIjRN03S2vN9gxI.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9119508/00020272ACC211EBABE1955EC4F9AE02/6DD1144AACC311EBA28FAD5FC4F9AE02.roa
Signing time:             Sat 28 Sep 2024 23:13:03 +0000
ROA not before:           Sat 28 Sep 2024 23:13:03 +0000
ROA not after:            Mon 01 Dec 2025 00:00:00 +0000
asID:                     137969
IP address blocks:        103.155.110.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9119508/00020272ACC211EBABE1955EC4F9AE02/HXJckcDUci80AIjRN03S2vN9gxI.crl
                          rsync://rpki.apnic.net/member_repository/A9119508/00020272ACC211EBABE1955EC4F9AE02/HXJckcDUci80AIjRN03S2vN9gxI.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/HXJckcDUci80AIjRN03S2vN9gxI.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 16 Oct 2024 01:47:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1433 (0x599)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9119508/serialNumber=1D725C91C0D4722F340088D1374DD2DAF37D8312
        Validity
            Not Before: Sep 28 23:13:03 2024 GMT
            Not After : Dec  1 00:00:00 2025 GMT
        Subject: CN=66f88d7f-642d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:11:69:8b:37:2b:8f:7f:aa:bd:05:61:ab:c4:
                    ec:22:12:d8:f6:93:16:57:34:f5:5f:8d:a5:45:d8:
                    1e:f0:a9:14:d0:8a:a9:f9:a0:50:ee:69:12:3b:49:
                    ea:ce:9e:4b:37:b5:c0:a6:71:c3:85:ef:26:c4:ec:
                    5a:3a:76:95:2d:6d:cc:30:03:f8:86:d8:93:42:dd:
                    04:71:8a:fd:ad:28:79:79:7a:bc:b8:39:19:3a:59:
                    b0:16:8a:86:a6:b1:e3:e8:b7:44:70:b6:a3:2f:78:
                    b4:6a:ac:19:fd:b7:a1:0d:60:0e:43:17:cb:d1:7b:
                    e7:4f:98:76:e3:16:d7:66:01:36:0a:ae:98:2a:ef:
                    9e:05:75:db:7d:26:a7:1a:fb:a6:b8:00:47:09:3d:
                    d9:6f:3f:54:ab:53:17:7a:5b:1a:77:5a:07:dc:fe:
                    82:25:34:46:fd:d9:df:e3:13:c6:0e:b2:55:c6:0c:
                    43:f7:8f:12:3a:2c:a7:76:97:6d:fb:23:c1:d5:91:
                    ee:44:59:c1:2e:29:d9:9f:b8:28:b9:46:63:3a:01:
                    69:2f:03:46:01:34:ca:93:e6:c1:e8:05:4f:4e:6a:
                    91:96:0a:c6:be:36:60:42:7f:22:d6:9c:49:5e:44:
                    f2:d8:cc:25:b1:8e:f4:d5:76:44:03:cc:ff:44:1e:
                    ae:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:A9:EE:80:AF:50:7C:A6:9A:8D:3A:F1:5A:3F:6E:FC:46:D8:5F:89
            X509v3 Authority Key Identifier:
                keyid:1D:72:5C:91:C0:D4:72:2F:34:00:88:D1:37:4D:D2:DA:F3:7D:83:12

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9119508/00020272ACC211EBABE1955EC4F9AE02/HXJckcDUci80AIjRN03S2vN9gxI.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/HXJckcDUci80AIjRN03S2vN9gxI.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9119508/00020272ACC211EBABE1955EC4F9AE02/6DD1144AACC311EBA28FAD5FC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.155.110.0/23

    Signature Algorithm: sha256WithRSAEncryption
         57:4f:61:0a:bb:56:f6:47:d2:35:fd:91:7b:8b:22:f1:0d:69:
         c0:9e:fa:15:bb:b2:36:9e:81:a9:e6:6a:3e:a1:28:4e:8e:cf:
         c7:79:71:01:17:f1:47:f7:9c:1a:10:d6:5b:48:8a:08:7d:1a:
         5f:5a:5b:22:d2:ac:fc:2c:22:fe:de:02:9b:70:39:3a:06:c1:
         ca:1c:e7:b4:ff:96:f3:8a:49:1d:f8:48:75:89:62:83:1f:26:
         ab:8d:63:76:cf:03:9c:3f:a3:6a:23:ab:2a:1c:67:45:2d:12:
         c6:83:ad:5e:af:0a:39:65:67:a2:88:1b:03:25:3a:b7:94:2f:
         a1:97:47:9b:4a:0f:b2:26:01:48:1c:c0:90:e0:aa:6e:65:af:
         c1:4b:bb:4c:d0:ee:c7:0d:93:e8:4e:f4:fe:c1:79:62:7c:73:
         8a:d2:c4:01:e7:96:e6:06:5c:f6:56:25:66:08:4b:e4:ff:9f:
         7d:35:c7:8e:bc:c1:98:c0:9e:fb:7e:f1:c2:4b:25:34:9c:78:
         2b:21:20:e0:1b:94:eb:f3:03:f7:a1:3e:a5:fe:0f:e1:ad:54:
         be:5a:ea:3b:3e:1a:3e:fa:e2:2f:49:d1:e9:10:b9:c9:6e:ef:
         a9:94:f3:39:9a:58:d3:ca:03:f9:6d:eb:39:bc:62:00:3e:a6:
         8d:9b:0f:01
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICBZkwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MTk1MDgxMTAvBgNVBAUTKDFENzI1QzkxQzBENDcyMkYzNDAwODhEMTM3NEREMkRB
RjM3RDgzMTIwHhcNMjQwOTI4MjMxMzAzWhcNMjUxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NmY4OGQ3Zi02NDJkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAsxFpizcrj3+qvQVhq8TsIhLY9pMWVzT1X42lRdge8KkU0Iqp+aBQ7mkSO0nq
zp5LN7XApnHDhe8mxOxaOnaVLW3MMAP4htiTQt0EcYr9rSh5eXq8uDkZOlmwFoqG
prHj6LdEcLajL3i0aqwZ/behDWAOQxfL0XvnT5h24xbXZgE2Cq6YKu+eBXXbfSan
GvumuABHCT3Zbz9Uq1MXelsad1oH3P6CJTRG/dnf4xPGDrJVxgxD948SOiyndpdt
+yPB1ZHuRFnBLinZn7gouUZjOgFpLwNGATTKk+bB6AVPTmqRlgrGvjZgQn8i1pxJ
XkTy2MwlsY701XZEA8z/RB6ucwIDAQABo4IClTCCApEwHQYDVR0OBBYEFM2p7oCv
UHymmo068Vo/bvxG2F+JMB8GA1UdIwQYMBaAFB1yXJHA1HIvNACI0TdN0trzfYMS
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTExOTUwOC8wMDAyMDI3MkFD
QzIxMUVCQUJFMTk1NUVDNEY5QUUwMi9IWEpja2NEVWNpODBBSWpSTjAzUzJ2Tjln
eEkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0hYSmNrY0RVY2k4MEFJalJOMDNTMnZOOWd4SS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MTk1MDgvMDAwMjAyNzJBQ0MyMTFFQkFCRTE5NTVFQzRGOUFFMDIvNkREMTE0NEFB
Q0MzMTFFQkEyOEZBRDVGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAFnm24wDQYJKoZIhvcNAQELBQADggEBAFdPYQq7VvZH0jX9
kXuLIvENacCe+hW7sjaeganmaj6hKE6Oz8d5cQEX8Uf3nBoQ1ltIigh9Gl9aWyLS
rPwsIv7eAptwOToGwcoc57T/lvOKSR34SHWJYoMfJquNY3bPA5w/o2ojqyocZ0Ut
EsaDrV6vCjllZ6KIGwMlOreUL6GXR5tKD7ImAUgcwJDgqm5lr8FLu0zQ7scNk+hO
9P7BeWJ8c4rSxAHnluYGXPZWJWYIS+T/n301x468wZjAnvt+8cJLJTSceCshIOAb
lOvzA/ehPqX+D+GtVL5a6js+Gj764i9J0ekQuclu76mU8zmaWNPKA/lt6zm8YgA+
po2bDwE=
-----END CERTIFICATE-----
Generated at Fri Oct 11 01:05:09 2024 by rpki-client on console-fra.rpki-client.org