Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A911ABF4/EA87185C721B11E9BB748150C4F9AE02/4CEAFBC829C311ED8D2F0870C4F9AE02.roa
File:                     4CEAFBC829C311ED8D2F0870C4F9AE02.roa (raw, json)
Hash identifier:          q+MWEX+1cJt9pJnPiuZX8cO5YjBUuZhMGaFqJEiXMLo=
Subject key identifier:   56:68:2E:10:27:12:73:49:05:BF:4A:DF:A0:5D:9F:63:D9:0E:0D:24
Certificate issuer:       /CN=A911ABF4/serialNumber=BBE233560EFD409B38CDB80A00575A37BA896435
Certificate serial:       075D
Authority key identifier: BB:E2:33:56:0E:FD:40:9B:38:CD:B8:0A:00:57:5A:37:BA:89:64:35
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/u-IzVg79QJs4zbgKAFdaN7qJZDU.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A911ABF4/EA87185C721B11E9BB748150C4F9AE02/4CEAFBC829C311ED8D2F0870C4F9AE02.roa
Signing time:             Fri 31 May 2024 19:11:54 +0000
ROA not before:           Fri 31 May 2024 19:11:54 +0000
ROA not after:            Tue 01 Oct 2024 00:00:00 +0000
asID:                     137542
IP address blocks:        103.112.128.0/22 maxlen: 22
                          103.112.128.0/24 maxlen: 24
                          103.112.129.0/24 maxlen: 24
                          103.112.130.0/24 maxlen: 24
                          103.112.131.0/24 maxlen: 24
                          2402:a940::/32 maxlen: 32
                          2402:a940::/36 maxlen: 36
                          2402:a940:1000::/36 maxlen: 36
                          2402:a940:2000::/36 maxlen: 36
                          2402:a940:3000::/36 maxlen: 36
                          2402:a940:4000::/36 maxlen: 36
                          2402:a940:5000::/36 maxlen: 36
                          2402:a940:6000::/36 maxlen: 36
                          2402:a940:7000::/36 maxlen: 36
                          2402:a940:8000::/36 maxlen: 36
                          2402:a940:9000::/36 maxlen: 36
                          2402:a940:a000::/36 maxlen: 36
                          2402:a940:b000::/36 maxlen: 36
                          2402:a940:c000::/36 maxlen: 36
                          2402:a940:d000::/36 maxlen: 36
                          2402:a940:e000::/36 maxlen: 36
                          2402:a940:f000::/36 maxlen: 36
                          2402:a940:f000::/48 maxlen: 48
                          2402:a940:f001::/48 maxlen: 48
                          2402:a940:f002::/48 maxlen: 48
                          2402:a940:f003::/48 maxlen: 48
                          2402:a940:f004::/48 maxlen: 48
                          2402:a940:f005::/48 maxlen: 48
                          2402:a940:f006::/48 maxlen: 48
                          2402:a940:f007::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A911ABF4/EA87185C721B11E9BB748150C4F9AE02/u-IzVg79QJs4zbgKAFdaN7qJZDU.crl
                          rsync://rpki.apnic.net/member_repository/A911ABF4/EA87185C721B11E9BB748150C4F9AE02/u-IzVg79QJs4zbgKAFdaN7qJZDU.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/u-IzVg79QJs4zbgKAFdaN7qJZDU.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 30 Jul 2024 02:36:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1885 (0x75d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A911ABF4/serialNumber=BBE233560EFD409B38CDB80A00575A37BA896435
        Validity
            Not Before: May 31 19:11:54 2024 GMT
            Not After : Oct  1 00:00:00 2024 GMT
        Subject: CN=665a20fa-c3f3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c7:6d:3e:2a:14:23:1d:fd:f7:51:68:26:6d:51:
                    71:3f:c1:82:14:6b:ea:c3:cd:ef:86:b1:3e:6c:50:
                    17:77:3f:6f:41:eb:15:67:4c:52:fb:04:1a:f7:d2:
                    1f:3a:c7:31:25:c1:70:51:c3:71:e7:95:26:b3:35:
                    d9:02:2a:63:e8:63:fd:0b:e7:44:11:44:b8:67:67:
                    97:9b:6c:7b:04:c0:67:7a:92:1c:db:47:bd:ad:71:
                    f2:13:d0:f4:af:88:e5:79:cf:99:b0:69:7e:51:6a:
                    bf:21:65:42:55:5e:3d:ec:7f:ba:ec:b3:8f:4c:8a:
                    69:07:78:b6:39:a7:c9:f0:2d:78:0f:a2:31:df:1b:
                    f8:e2:a8:8e:3e:d8:33:04:21:83:0c:5c:fb:04:a8:
                    f7:d9:11:15:b4:04:40:11:88:66:ae:ca:65:58:cb:
                    0e:6d:db:75:20:12:fb:ae:f1:39:2e:3f:e0:dc:63:
                    ec:c3:80:50:06:da:64:e6:ad:bc:bd:da:72:09:21:
                    29:27:46:a5:ee:1a:1d:c1:07:f4:a1:84:e6:de:69:
                    78:ff:7f:6b:25:d0:33:3a:70:63:f7:c1:ee:f0:19:
                    21:6c:5a:c2:32:c1:d3:57:bb:13:55:e7:41:a0:17:
                    a9:49:1e:bf:1c:0b:46:6f:72:76:aa:8a:ae:ac:29:
                    3f:cf
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:68:2E:10:27:12:73:49:05:BF:4A:DF:A0:5D:9F:63:D9:0E:0D:24
            X509v3 Authority Key Identifier:
                keyid:BB:E2:33:56:0E:FD:40:9B:38:CD:B8:0A:00:57:5A:37:BA:89:64:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A911ABF4/EA87185C721B11E9BB748150C4F9AE02/u-IzVg79QJs4zbgKAFdaN7qJZDU.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/u-IzVg79QJs4zbgKAFdaN7qJZDU.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A911ABF4/EA87185C721B11E9BB748150C4F9AE02/4CEAFBC829C311ED8D2F0870C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.112.128.0/22
                IPv6:
                  2402:a940::/32

    Signature Algorithm: sha256WithRSAEncryption
         15:3d:a9:d7:a5:97:68:c1:89:75:dd:d5:88:01:f5:d4:27:98:
         6d:5b:ff:8a:a6:c9:d8:37:2f:d6:cb:04:17:34:e7:23:ff:64:
         66:9f:52:8a:a7:6d:9f:59:a8:68:c0:aa:ca:de:78:27:c7:47:
         5b:95:81:56:65:b8:20:92:fb:27:c9:a3:e1:66:43:85:4c:20:
         66:56:d9:3d:a3:ba:cf:1c:36:b3:ec:8c:d7:90:6a:7c:56:02:
         09:a1:02:7c:16:4c:dc:7a:70:48:6f:c0:3f:21:5a:e9:32:df:
         8c:dc:49:b0:53:98:2e:ec:28:4b:d8:a3:8a:a7:04:8d:1b:a8:
         f5:7f:db:8e:64:e1:8f:04:5b:23:30:ae:8b:5a:df:4a:90:2f:
         01:cb:1c:70:2d:b9:b6:b0:58:c0:6b:5f:34:c9:96:0e:ba:e4:
         88:2b:f5:53:55:56:ef:c7:ff:f0:9e:30:2f:b7:f2:89:d4:06:
         17:6e:65:5b:7b:c7:66:cf:82:86:34:87:c9:0a:53:33:0e:ef:
         3f:81:ce:f1:30:a8:51:8c:1e:01:18:d2:eb:68:c8:0a:93:a1:
         2b:51:23:3b:96:f1:28:03:5a:2f:79:c2:f4:6e:90:da:c4:71:
         67:d1:94:ff:5e:c5:44:85:db:52:6d:6e:da:8b:60:6d:67:ec:
         b1:19:18:a6
-----BEGIN CERTIFICATE-----
MIIFgDCCBGigAwIBAgICB10wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MUFCRjQxMTAvBgNVBAUTKEJCRTIzMzU2MEVGRDQwOUIzOENEQjgwQTAwNTc1QTM3
QkE4OTY0MzUwHhcNMjQwNTMxMTkxMTU0WhcNMjQxMDAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjVhMjBmYS1jM2YzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAx20+KhQjHf33UWgmbVFxP8GCFGvqw83vhrE+bFAXdz9vQesVZ0xS+wQa99If
OscxJcFwUcNx55UmszXZAipj6GP9C+dEEUS4Z2eXm2x7BMBnepIc20e9rXHyE9D0
r4jlec+ZsGl+UWq/IWVCVV497H+67LOPTIppB3i2OafJ8C14D6Ix3xv44qiOPtgz
BCGDDFz7BKj32REVtARAEYhmrsplWMsObdt1IBL7rvE5Lj/g3GPsw4BQBtpk5q28
vdpyCSEpJ0al7hodwQf0oYTm3ml4/39rJdAzOnBj98Hu8BkhbFrCMsHTV7sTVedB
oBepSR6/HAtGb3J2qoqurCk/zwIDAQABo4ICpDCCAqAwHQYDVR0OBBYEFFZoLhAn
EnNJBb9K36Bdn2PZDg0kMB8GA1UdIwQYMBaAFLviM1YO/UCbOM24CgBXWje6iWQ1
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTExQUJGNC9FQTg3MTg1Qzcy
MUIxMUU5QkI3NDgxNTBDNEY5QUUwMi91LUl6Vmc3OVFKczR6YmdLQUZkYU43cUpa
RFUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3UtSXpWZzc5UUpzNHpiZ0tBRmRhTjdxSlpEVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MUFCRjQvRUE4NzE4NUM3MjFCMTFFOUJCNzQ4MTUwQzRGOUFFMDIvNENFQUZCQzgy
OUMzMTFFRDhEMkYwODcwQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLgYIKwYBBQUHAQcBAf8E
HzAdMAwEAgABMAYDBAJncIAwDQQCAAIwBwMFACQCqUAwDQYJKoZIhvcNAQELBQAD
ggEBABU9qdell2jBiXXd1YgB9dQnmG1b/4qmydg3L9bLBBc05yP/ZGafUoqnbZ9Z
qGjAqsreeCfHR1uVgVZluCCS+yfJo+FmQ4VMIGZW2T2jus8cNrPsjNeQanxWAgmh
AnwWTNx6cEhvwD8hWuky34zcSbBTmC7sKEvYo4qnBI0bqPV/245k4Y8EWyMwrota
30qQLwHLHHAtubawWMBrXzTJlg665Igr9VNVVu/H//CeMC+38onUBhduZVt7x2bP
goY0h8kKUzMO7z+BzvEwqFGMHgEY0utoyAqToStRIzuW8SgDWi95wvRukNrEcWfR
lP9exUSF21JtbtqLYG1n7LEZGKY=
-----END CERTIFICATE-----
Generated at Tue Jul 23 04:36:19 2024 by rpki-client on console-fra.rpki-client.org