Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A911FABE/A3F509F20C4F11EAA8C6B13CC4F9AE02/3E51F73E0C5111EAAF46A23FC4F9AE02.roa
File:                     3E51F73E0C5111EAAF46A23FC4F9AE02.roa (raw, json)
Hash identifier:          fNKHCrlloZaF6YEqwDlDZ6OwI4uUpNjeaTgxoFN7c8E=
Subject key identifier:   FC:53:2C:EA:BF:AE:35:01:51:EF:A8:D5:73:76:92:82:15:09:4B:25
Certificate issuer:       /CN=A911FABE/serialNumber=A74605CB9D5071CA1729D9087834407F14EA8570
Certificate serial:       0B6A
Authority key identifier: A7:46:05:CB:9D:50:71:CA:17:29:D9:08:78:34:40:7F:14:EA:85:70
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/p0YFy51QccoXKdkIeDRAfxTqhXA.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A911FABE/A3F509F20C4F11EAA8C6B13CC4F9AE02/3E51F73E0C5111EAAF46A23FC4F9AE02.roa
Signing time:             Wed 22 May 2024 19:58:22 +0000
ROA not before:           Wed 22 May 2024 19:58:22 +0000
ROA not after:            Wed 30 Jul 2025 00:00:00 +0000
asID:                     137815
IP address blocks:        103.114.168.0/22 maxlen: 22
                          103.114.168.0/23 maxlen: 23
                          103.114.168.0/24 maxlen: 24
                          103.114.169.0/24 maxlen: 24
                          103.114.170.0/23 maxlen: 23
                          103.114.170.0/24 maxlen: 24
                          103.114.171.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A911FABE/A3F509F20C4F11EAA8C6B13CC4F9AE02/p0YFy51QccoXKdkIeDRAfxTqhXA.crl
                          rsync://rpki.apnic.net/member_repository/A911FABE/A3F509F20C4F11EAA8C6B13CC4F9AE02/p0YFy51QccoXKdkIeDRAfxTqhXA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/p0YFy51QccoXKdkIeDRAfxTqhXA.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 29 Nov 2024 18:35:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2922 (0xb6a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A911FABE/serialNumber=A74605CB9D5071CA1729D9087834407F14EA8570
        Validity
            Not Before: May 22 19:58:22 2024 GMT
            Not After : Jul 30 00:00:00 2025 GMT
        Subject: CN=664e4e5e-309a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:a3:75:8c:99:5d:77:de:7e:ba:57:03:d4:02:
                    e3:eb:30:85:2a:e5:0d:3f:19:84:b6:40:75:08:37:
                    a7:d8:98:2d:76:35:df:8d:fe:cf:af:81:9c:af:3a:
                    27:49:fe:0c:b3:0e:e5:71:cc:9f:e7:31:ea:6d:11:
                    73:56:e3:da:63:a8:59:de:9a:e9:96:08:7e:81:21:
                    8f:41:42:e4:57:0d:db:fe:6a:eb:71:ee:a0:2d:98:
                    49:05:ed:84:de:81:86:1c:3b:a2:35:c1:84:d1:fd:
                    0c:86:a2:2c:4f:74:23:12:3c:44:ee:b7:fb:44:c3:
                    f5:5a:d1:65:a2:ea:3e:65:4d:c6:84:86:04:ee:6a:
                    33:cc:45:82:89:2c:15:e5:59:10:cf:03:bc:af:d3:
                    20:92:7f:fe:f2:a9:fc:60:d8:f7:72:a7:be:11:e6:
                    58:b0:3a:bc:3f:91:a2:8a:11:7b:1e:a4:2b:72:2e:
                    7f:db:fe:09:af:8f:3e:49:64:d6:89:b3:03:5d:2b:
                    95:5e:1e:cf:ec:11:f4:b7:d8:7b:37:84:b0:fa:a3:
                    d9:fe:59:4b:e1:6b:f3:5c:46:e1:73:c3:25:c0:8d:
                    df:fa:c8:65:85:c3:38:16:f3:b8:45:b8:84:bd:79:
                    c6:19:a7:64:7e:b9:5f:23:2e:ae:21:86:84:ac:31:
                    b8:69
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FC:53:2C:EA:BF:AE:35:01:51:EF:A8:D5:73:76:92:82:15:09:4B:25
            X509v3 Authority Key Identifier:
                keyid:A7:46:05:CB:9D:50:71:CA:17:29:D9:08:78:34:40:7F:14:EA:85:70

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A911FABE/A3F509F20C4F11EAA8C6B13CC4F9AE02/p0YFy51QccoXKdkIeDRAfxTqhXA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/p0YFy51QccoXKdkIeDRAfxTqhXA.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A911FABE/A3F509F20C4F11EAA8C6B13CC4F9AE02/3E51F73E0C5111EAAF46A23FC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.114.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         a8:53:71:4c:7d:1e:48:7e:3a:24:5b:38:ac:80:85:21:76:a2:
         e6:90:c8:97:63:3e:80:c2:4e:45:7e:35:dd:7b:46:9d:d3:19:
         98:e2:b8:bd:0c:ec:a1:60:a0:a5:b9:d0:ca:97:75:01:76:d1:
         a7:04:7f:7b:82:8b:6d:8d:fa:83:9c:ba:b5:ba:66:98:c4:62:
         6b:b7:bf:e3:2c:e5:ce:51:49:3d:03:24:e8:df:4b:5b:da:b7:
         be:52:94:55:67:66:6d:54:a5:80:95:5d:c7:69:20:96:f8:bd:
         b2:c1:a9:70:42:bc:2c:9c:a7:87:de:f3:55:84:b4:94:98:3d:
         91:06:b7:08:57:45:04:27:61:23:9c:a5:9f:2f:2f:55:67:f8:
         5f:bf:82:80:47:2c:89:0b:9e:6a:c5:d2:29:fe:0a:85:61:b6:
         51:bb:6a:70:eb:17:1a:dc:d8:69:1f:81:fa:6a:bf:c0:20:4d:
         bb:82:d6:00:cc:d2:13:4f:e2:5b:66:f4:3b:12:0a:30:25:b2:
         bf:ea:95:d7:aa:b7:6f:f3:7a:a0:e0:58:c5:fc:07:fd:09:2e:
         eb:ea:a2:2f:94:06:06:cf:c6:1a:2a:47:5a:5a:71:11:90:d0:
         ae:52:64:70:f6:4c:80:67:d6:39:63:8e:14:60:b0:b3:20:10:
         b5:59:72:c9
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICC2owDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MUZBQkUxMTAvBgNVBAUTKEE3NDYwNUNCOUQ1MDcxQ0ExNzI5RDkwODc4MzQ0MDdG
MTRFQTg1NzAwHhcNMjQwNTIyMTk1ODIyWhcNMjUwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjRlNGU1ZS0zMDlhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAzqN1jJldd95+ulcD1ALj6zCFKuUNPxmEtkB1CDen2JgtdjXfjf7Pr4Gcrzon
Sf4Msw7lccyf5zHqbRFzVuPaY6hZ3prplgh+gSGPQULkVw3b/mrrce6gLZhJBe2E
3oGGHDuiNcGE0f0MhqIsT3QjEjxE7rf7RMP1WtFlouo+ZU3GhIYE7mozzEWCiSwV
5VkQzwO8r9Mgkn/+8qn8YNj3cqe+EeZYsDq8P5GiihF7HqQrci5/2/4Jr48+SWTW
ibMDXSuVXh7P7BH0t9h7N4Sw+qPZ/llL4WvzXEbhc8MlwI3f+shlhcM4FvO4RbiE
vXnGGadkfrlfIy6uIYaErDG4aQIDAQABo4IClTCCApEwHQYDVR0OBBYEFPxTLOq/
rjUBUe+o1XN2koIVCUslMB8GA1UdIwQYMBaAFKdGBcudUHHKFynZCHg0QH8U6oVw
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTExRkFCRS9BM0Y1MDlGMjBD
NEYxMUVBQThDNkIxM0NDNEY5QUUwMi9wMFlGeTUxUWNjb1hLZGtJZURSQWZ4VHFo
WEEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3AwWUZ5NTFRY2NvWEtka0llRFJBZnhUcWhYQS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MUZBQkUvQTNGNTA5RjIwQzRGMTFFQUE4QzZCMTNDQzRGOUFFMDIvM0U1MUY3M0Uw
QzUxMTFFQUFGNDZBMjNGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAJncqgwDQYJKoZIhvcNAQELBQADggEBAKhTcUx9Hkh+OiRb
OKyAhSF2ouaQyJdjPoDCTkV+Nd17Rp3TGZjiuL0M7KFgoKW50MqXdQF20acEf3uC
i22N+oOcurW6ZpjEYmu3v+Ms5c5RST0DJOjfS1vat75SlFVnZm1UpYCVXcdpIJb4
vbLBqXBCvCycp4fe81WEtJSYPZEGtwhXRQQnYSOcpZ8vL1Vn+F+/goBHLIkLnmrF
0in+CoVhtlG7anDrFxrc2Gkfgfpqv8AgTbuC1gDM0hNP4ltm9DsSCjAlsr/qldeq
t2/zeqDgWMX8B/0JLuvqoi+UBgbPxhoqR1pacRGQ0K5SZHD2TIBn1jljjhRgsLMg
ELVZcsk=
-----END CERTIFICATE-----
Generated at Fri Nov 22 19:49:57 2024 by rpki-client on console-ams.rpki-client.org