Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A911F5B7/71E7A222519511EA8464BA78C4F9AE02/542FFB900AF511EEA1DD143EC4F9AE02.roa
File:                     542FFB900AF511EEA1DD143EC4F9AE02.roa (raw, json)
Hash identifier:          v8b5gIDYMr/mxUmoE1WG6bs8RGPx8egxgRGtaO/YZ90=
Subject key identifier:   CC:62:69:4A:67:31:88:16:AC:10:7D:04:32:F7:35:DA:25:5B:41:06
Certificate issuer:       /CN=A911F5B7/serialNumber=D72E92435CE7DBB7789B2438A48F211C431C5802
Certificate serial:       A3
Authority key identifier: D7:2E:92:43:5C:E7:DB:B7:78:9B:24:38:A4:8F:21:1C:43:1C:58:02
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/1y6SQ1zn27d4myQ4pI8hHEMcWAI.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A911F5B7/71E7A222519511EA8464BA78C4F9AE02/542FFB900AF511EEA1DD143EC4F9AE02.roa
Signing time:             Thu 04 Apr 2024 20:59:54 +0000
ROA not before:           Thu 04 Apr 2024 20:59:54 +0000
ROA not after:            Wed 28 May 2025 00:00:00 +0000
asID:                     135817
IP address blocks:        103.78.46.0/24 maxlen: 24
                          103.97.46.0/23 maxlen: 24
                          103.97.84.0/24 maxlen: 24
                          103.148.152.0/23 maxlen: 23
                          103.148.152.0/24 maxlen: 24
                          103.148.153.0/24 maxlen: 24
                          2001:df2:da80::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A911F5B7/71E7A222519511EA8464BA78C4F9AE02/1y6SQ1zn27d4myQ4pI8hHEMcWAI.crl
                          rsync://rpki.apnic.net/member_repository/A911F5B7/71E7A222519511EA8464BA78C4F9AE02/1y6SQ1zn27d4myQ4pI8hHEMcWAI.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/1y6SQ1zn27d4myQ4pI8hHEMcWAI.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 23 Aug 2024 07:28:04 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 163 (0xa3)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A911F5B7/serialNumber=D72E92435CE7DBB7789B2438A48F211C431C5802
        Validity
            Not Before: Apr  4 20:59:54 2024 GMT
            Not After : May 28 00:00:00 2025 GMT
        Subject: CN=660f14c9-f330
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e7:8d:af:9f:7d:aa:d8:a0:96:64:dc:71:5d:22:
                    3a:87:bf:84:42:90:2f:ab:50:68:7f:ed:fa:85:67:
                    31:91:ed:c5:5e:eb:fe:5c:0d:bd:35:96:27:4a:41:
                    99:63:60:21:38:b5:d4:c5:e7:d7:0a:17:85:1b:44:
                    c1:86:61:86:00:b2:4d:5f:14:f7:c0:88:09:fe:87:
                    33:c3:ff:ca:fa:d2:45:c4:b2:27:af:eb:20:b0:14:
                    a9:c1:04:51:6f:dd:4d:1e:f2:06:89:a3:df:82:f2:
                    3a:d6:13:49:b5:8f:94:5a:62:2d:b0:19:d8:0c:fa:
                    4a:e3:39:ef:e4:a2:d1:fb:15:c7:3d:d7:78:9a:dd:
                    23:25:55:a3:15:30:ac:55:1a:7c:c7:7d:15:cd:74:
                    94:08:59:7b:04:88:63:c7:36:41:6c:0d:0d:91:34:
                    21:4f:5f:9c:bd:d7:6f:0a:93:b7:a3:1d:39:af:e6:
                    e2:ec:9a:0e:d9:34:85:ec:a8:35:15:f4:8d:72:66:
                    2c:18:08:c0:1b:6a:36:55:d7:4c:d6:d8:e7:99:2d:
                    f1:d3:db:ae:9f:27:74:eb:4c:f1:1a:34:c3:4c:4f:
                    09:b6:84:18:39:e4:a8:22:e2:d9:ad:94:b7:ad:bf:
                    be:f0:f2:51:d9:9d:7a:6a:08:fb:86:5c:2f:a4:f8:
                    e0:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CC:62:69:4A:67:31:88:16:AC:10:7D:04:32:F7:35:DA:25:5B:41:06
            X509v3 Authority Key Identifier:
                keyid:D7:2E:92:43:5C:E7:DB:B7:78:9B:24:38:A4:8F:21:1C:43:1C:58:02

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A911F5B7/71E7A222519511EA8464BA78C4F9AE02/1y6SQ1zn27d4myQ4pI8hHEMcWAI.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/1y6SQ1zn27d4myQ4pI8hHEMcWAI.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A911F5B7/71E7A222519511EA8464BA78C4F9AE02/542FFB900AF511EEA1DD143EC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.78.46.0/24
                  103.97.46.0/23
                  103.97.84.0/24
                  103.148.152.0/23
                IPv6:
                  2001:df2:da80::/48

    Signature Algorithm: sha256WithRSAEncryption
         19:a8:31:ae:d8:0f:70:25:20:f3:35:b7:5a:27:9b:a2:ff:97:
         7e:03:c2:99:67:da:e0:2d:9c:b3:07:46:f0:7b:34:be:9f:87:
         ef:d0:87:4c:e3:d2:0f:6f:68:43:16:5f:b8:b2:64:bd:f9:35:
         09:f0:18:ff:2a:cf:aa:eb:cc:ea:17:29:3b:05:f7:be:88:cd:
         86:43:43:74:38:5f:bc:ce:50:47:bb:08:30:18:54:fa:cd:9b:
         71:65:75:5d:1e:58:59:ef:30:47:aa:9f:1b:87:3e:cb:53:01:
         cf:59:62:55:3c:7c:5a:81:06:fe:32:a5:21:a7:5b:84:43:23:
         6e:1c:91:bf:2b:90:3f:21:4d:2b:27:35:94:de:82:53:6a:1f:
         11:13:42:65:fb:1d:a8:40:2f:8b:5f:b4:77:17:3a:80:e6:0e:
         5e:89:3f:23:6d:90:ec:a5:30:44:c1:5e:9f:31:00:49:5d:6a:
         62:60:78:31:f1:10:9a:98:61:72:a7:3d:d1:23:22:ed:19:a5:
         ec:71:6a:4f:76:95:e8:8c:95:b8:f0:f1:3b:a2:f5:88:fa:50:
         ec:6a:78:bd:e6:c9:28:c3:2f:68:e5:15:bc:48:55:2b:a8:3f:
         7e:dc:3c:d5:64:32:00:98:8a:4b:36:cf:9a:5a:3b:48:a2:a0:
         5c:da:95:bf
-----BEGIN CERTIFICATE-----
MIIFlDCCBHygAwIBAgICAKMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MUY1QjcxMTAvBgNVBAUTKEQ3MkU5MjQzNUNFN0RCQjc3ODlCMjQzOEE0OEYyMTFD
NDMxQzU4MDIwHhcNMjQwNDA0MjA1OTU0WhcNMjUwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02NjBmMTRjOS1mMzMwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA542vn32q2KCWZNxxXSI6h7+EQpAvq1Bof+36hWcxke3FXuv+XA29NZYnSkGZ
Y2AhOLXUxefXCheFG0TBhmGGALJNXxT3wIgJ/oczw//K+tJFxLInr+sgsBSpwQRR
b91NHvIGiaPfgvI61hNJtY+UWmItsBnYDPpK4znv5KLR+xXHPdd4mt0jJVWjFTCs
VRp8x30VzXSUCFl7BIhjxzZBbA0NkTQhT1+cvddvCpO3ox05r+bi7JoO2TSF7Kg1
FfSNcmYsGAjAG2o2VddM1tjnmS3x09uunyd060zxGjTDTE8JtoQYOeSoIuLZrZS3
rb++8PJR2Z16agj7hlwvpPjgzQIDAQABo4ICuDCCArQwHQYDVR0OBBYEFMxiaUpn
MYgWrBB9BDL3NdolW0EGMB8GA1UdIwQYMBaAFNcukkNc59u3eJskOKSPIRxDHFgC
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTExRjVCNy83MUU3QTIyMjUx
OTUxMUVBODQ2NEJBNzhDNEY5QUUwMi8xeTZTUTF6bjI3ZDRteVE0cEk4aEhFTWNX
QUkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzF5NlNRMXpuMjdkNG15UTRwSThoSEVNY1dBSS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MUY1QjcvNzFFN0EyMjI1MTk1MTFFQTg0NjRCQTc4QzRGOUFFMDIvNTQyRkZCOTAw
QUY1MTFFRUExREQxNDNFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwQgYIKwYBBQUHAQcBAf8E
MzAxMB4EAgABMBgDBABnTi4DBAFnYS4DBABnYVQDBAFnlJgwDwQCAAIwCQMHACAB
DfLagDANBgkqhkiG9w0BAQsFAAOCAQEAGagxrtgPcCUg8zW3Wiebov+XfgPCmWfa
4C2cswdG8Hs0vp+H79CHTOPSD29oQxZfuLJkvfk1CfAY/yrPquvM6hcpOwX3vojN
hkNDdDhfvM5QR7sIMBhU+s2bcWV1XR5YWe8wR6qfG4c+y1MBz1liVTx8WoEG/jKl
IadbhEMjbhyRvyuQPyFNKyc1lN6CU2ofERNCZfsdqEAvi1+0dxc6gOYOXok/I22Q
7KUwRMFenzEASV1qYmB4MfEQmphhcqc90SMi7Rml7HFqT3aV6IyVuPDxO6L1iPpQ
7Gp4vebJKMMvaOUVvEhVK6g/ftw81WQyAJiKSzbPmlo7SKKgXNqVvw==
-----END CERTIFICATE-----
Generated at Fri Aug 16 10:13:44 2024 by rpki-client on console-fra.rpki-client.org