Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A911F55D/40E43B80B7AB11EC9E55317DC4F9AE02/96C26F3EB7AD11ECA2E94A7EC4F9AE02.roa
File:                     96C26F3EB7AD11ECA2E94A7EC4F9AE02.roa (raw, json)
Hash identifier:          ik38AQLiv3Zthjln90fSJzGCXI0K0ZwqhaT5K0xW4CA=
Subject key identifier:   91:35:9B:DD:4E:78:9F:5C:1E:30:B8:CD:60:49:F6:E5:87:34:DD:DA
Certificate issuer:       /CN=A911F55D/serialNumber=1A23986843565DFFC800F80FF296BAB1AD3714EC
Certificate serial:       0221
Authority key identifier: 1A:23:98:68:43:56:5D:FF:C8:00:F8:0F:F2:96:BA:B1:AD:37:14:EC
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/GiOYaENWXf_IAPgP8pa6sa03FOw.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A911F55D/40E43B80B7AB11EC9E55317DC4F9AE02/96C26F3EB7AD11ECA2E94A7EC4F9AE02.roa
Signing time:             Tue 03 Oct 2023 02:43:54 +0000
ROA not before:           Tue 03 Oct 2023 02:43:54 +0000
ROA not after:            Sun 01 Dec 2024 00:00:00 +0000
asID:                     14618
IP address blocks:        103.195.60.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A911F55D/40E43B80B7AB11EC9E55317DC4F9AE02/GiOYaENWXf_IAPgP8pa6sa03FOw.crl
                          rsync://rpki.apnic.net/member_repository/A911F55D/40E43B80B7AB11EC9E55317DC4F9AE02/GiOYaENWXf_IAPgP8pa6sa03FOw.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/GiOYaENWXf_IAPgP8pa6sa03FOw.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 03 Apr 2024 03:22:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 545 (0x221)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A911F55D/serialNumber=1A23986843565DFFC800F80FF296BAB1AD3714EC
        Validity
            Not Before: Oct  3 02:43:54 2023 GMT
            Not After : Dec  1 00:00:00 2024 GMT
        Subject: CN=651b7fea-2f09
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:3f:12:6a:56:2a:de:d8:27:2b:87:69:0f:3a:
                    91:ca:75:e8:6f:58:5d:13:4f:d8:e3:ad:60:57:c7:
                    dd:5c:07:53:8c:b4:84:97:49:1d:e8:0f:eb:b9:9c:
                    96:30:4c:7d:bf:03:7f:80:1a:23:13:6f:0a:f6:91:
                    35:4a:b6:20:55:4e:cb:cb:bb:cd:1f:c9:53:23:d9:
                    13:26:f8:d6:dc:cd:79:f4:56:3f:e7:1b:08:30:5d:
                    99:1a:62:52:8d:c9:29:58:66:6f:00:a1:0d:dc:57:
                    cd:c3:a1:73:76:87:76:1f:d1:59:f7:48:6a:65:db:
                    f9:35:8e:8d:d2:30:72:ae:aa:24:a0:75:59:e7:5b:
                    18:68:70:d6:5c:8e:2a:d6:ae:f8:2e:2f:be:f7:b1:
                    fc:3d:6f:25:a1:cc:84:fd:46:e9:f0:48:63:27:52:
                    4f:fb:20:3e:4f:50:3f:00:4b:9b:6f:a6:5c:8c:78:
                    41:a9:fc:6c:93:fd:bd:a4:fa:6f:56:6b:d1:f8:38:
                    c8:11:f3:7a:38:10:25:cb:a3:b3:0a:57:70:a1:bc:
                    b8:9b:a7:31:72:ce:58:c7:c1:26:45:10:bd:27:90:
                    84:9e:6f:67:1f:85:99:e5:6e:83:b1:28:d9:f1:f3:
                    e4:bd:e3:c5:50:0e:d2:75:79:ad:8b:ef:4a:3d:e0:
                    a4:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:35:9B:DD:4E:78:9F:5C:1E:30:B8:CD:60:49:F6:E5:87:34:DD:DA
            X509v3 Authority Key Identifier:
                keyid:1A:23:98:68:43:56:5D:FF:C8:00:F8:0F:F2:96:BA:B1:AD:37:14:EC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A911F55D/40E43B80B7AB11EC9E55317DC4F9AE02/GiOYaENWXf_IAPgP8pa6sa03FOw.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/GiOYaENWXf_IAPgP8pa6sa03FOw.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A911F55D/40E43B80B7AB11EC9E55317DC4F9AE02/96C26F3EB7AD11ECA2E94A7EC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.195.60.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b6:22:70:b7:13:b7:f1:38:50:ba:4b:8a:7a:02:1f:c2:9e:09:
         24:f4:70:c5:85:86:cc:d7:30:b3:5a:4d:f4:10:6f:ed:83:c2:
         b4:6a:63:f3:3e:60:c1:09:ec:48:34:75:98:3f:f5:20:b6:6e:
         7e:49:c8:c6:6f:ac:80:db:77:50:77:f9:a0:20:6a:25:5d:01:
         f4:26:71:f5:ac:16:85:8b:e0:37:66:cc:d5:15:7f:34:23:dd:
         50:69:80:0d:04:72:53:05:f7:8d:c7:8b:a1:96:a4:88:9b:cd:
         da:56:44:5b:17:6e:0e:3e:e3:e9:30:fd:29:51:1a:62:71:dd:
         41:1e:8b:2a:75:a2:e0:89:c9:e0:b6:6e:eb:9a:31:26:b5:c3:
         50:57:35:10:34:96:5d:20:a2:d3:36:44:36:e0:e3:70:36:9e:
         db:d7:5e:32:29:3a:9c:da:cc:51:62:42:53:d1:a6:ca:9e:2f:
         97:20:99:c2:53:d7:77:34:04:2c:4b:b1:12:19:84:ea:ff:3f:
         6c:a8:af:6f:e5:24:bc:4c:c2:6e:42:15:9b:54:ac:d5:b5:6f:
         78:09:e1:3f:31:a0:db:29:47:c9:d3:83:d0:f7:92:53:87:a7:
         6a:84:c6:2e:06:bf:54:f9:06:29:bd:ae:e0:37:1d:89:d8:9c:
         db:20:e7:09
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICAiEwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MUY1NUQxMTAvBgNVBAUTKDFBMjM5ODY4NDM1NjVERkZDODAwRjgwRkYyOTZCQUIx
QUQzNzE0RUMwHhcNMjMxMDAzMDI0MzU0WhcNMjQxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTFiN2ZlYS0yZjA5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAvD8SalYq3tgnK4dpDzqRynXob1hdE0/Y461gV8fdXAdTjLSEl0kd6A/ruZyW
MEx9vwN/gBojE28K9pE1SrYgVU7Ly7vNH8lTI9kTJvjW3M159FY/5xsIMF2ZGmJS
jckpWGZvAKEN3FfNw6Fzdod2H9FZ90hqZdv5NY6N0jByrqokoHVZ51sYaHDWXI4q
1q74Li++97H8PW8locyE/Ubp8EhjJ1JP+yA+T1A/AEubb6ZcjHhBqfxsk/29pPpv
VmvR+DjIEfN6OBAly6OzCldwoby4m6cxcs5Yx8EmRRC9J5CEnm9nH4WZ5W6DsSjZ
8fPkvePFUA7SdXmti+9KPeCkIwIDAQABo4IClTCCApEwHQYDVR0OBBYEFJE1m91O
eJ9cHjC4zWBJ9uWHNN3aMB8GA1UdIwQYMBaAFBojmGhDVl3/yAD4D/KWurGtNxTs
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTExRjU1RC80MEU0M0I4MEI3
QUIxMUVDOUU1NTMxN0RDNEY5QUUwMi9HaU9ZYUVOV1hmX0lBUGdQOHBhNnNhMDNG
T3cuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0dpT1lhRU5XWGZfSUFQZ1A4cGE2c2EwM0ZPdy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MUY1NUQvNDBFNDNCODBCN0FCMTFFQzlFNTUzMTdEQzRGOUFFMDIvOTZDMjZGM0VC
N0FEMTFFQ0EyRTk0QTdFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAJnwzwwDQYJKoZIhvcNAQELBQADggEBALYicLcTt/E4ULpL
inoCH8KeCST0cMWFhszXMLNaTfQQb+2DwrRqY/M+YMEJ7Eg0dZg/9SC2bn5JyMZv
rIDbd1B3+aAgaiVdAfQmcfWsFoWL4DdmzNUVfzQj3VBpgA0EclMF943Hi6GWpIib
zdpWRFsXbg4+4+kw/SlRGmJx3UEeiyp1ouCJyeC2buuaMSa1w1BXNRA0ll0gotM2
RDbg43A2ntvXXjIpOpzazFFiQlPRpsqeL5cgmcJT13c0BCxLsRIZhOr/P2yor2/l
JLxMwm5CFZtUrNW1b3gJ4T8xoNspR8nTg9D3klOHp2qExi4Gv1T5Bim9ruA3HYnY
nNsg5wk=
-----END CERTIFICATE-----
Generated at Wed Mar 27 05:24:11 2024 by rpki-client on console-fra.rpki-client.org