Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9121D73/5CC66BD4262611EA8524E83BC4F9AE02/01A8B084262811EA8269E33EC4F9AE02.roa
File:                     01A8B084262811EA8269E33EC4F9AE02.roa (raw, json)
Hash identifier:          j7UjuVCTVv/7mfOqRurAg480j9GWmLg6ExID4Lwvt4w=
Subject key identifier:   B2:BE:EB:D6:30:3D:C2:45:2E:CD:EE:85:F4:1D:6E:B3:04:57:72:66
Certificate issuer:       /CN=A9121D73/serialNumber=F9B975161FE2EA37E0E462AD5F5B8A74280134E6
Certificate serial:       0ACB
Authority key identifier: F9:B9:75:16:1F:E2:EA:37:E0:E4:62:AD:5F:5B:8A:74:28:01:34:E6
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/-bl1Fh_i6jfg5GKtX1uKdCgBNOY.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9121D73/5CC66BD4262611EA8524E83BC4F9AE02/01A8B084262811EA8269E33EC4F9AE02.roa
Signing time:             Sun 24 Mar 2024 19:58:58 +0000
ROA not before:           Sun 24 Mar 2024 19:58:58 +0000
ROA not after:            Wed 28 May 2025 00:00:00 +0000
asID:                     138634
IP address blocks:        103.135.37.0/24 maxlen: 24
                          103.150.58.0/24 maxlen: 24
                          2001:df7:e500::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9121D73/5CC66BD4262611EA8524E83BC4F9AE02/-bl1Fh_i6jfg5GKtX1uKdCgBNOY.crl
                          rsync://rpki.apnic.net/member_repository/A9121D73/5CC66BD4262611EA8524E83BC4F9AE02/-bl1Fh_i6jfg5GKtX1uKdCgBNOY.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/-bl1Fh_i6jfg5GKtX1uKdCgBNOY.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 29 Nov 2024 18:50:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2763 (0xacb)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9121D73/serialNumber=F9B975161FE2EA37E0E462AD5F5B8A74280134E6
        Validity
            Not Before: Mar 24 19:58:58 2024 GMT
            Not After : May 28 00:00:00 2025 GMT
        Subject: CN=66008602-4eaa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:be:da:dd:d0:3f:1d:b1:2b:52:39:02:91:20:
                    c6:ed:83:f6:ee:d0:38:47:5e:b5:9d:f7:99:0c:4e:
                    60:33:a8:b9:54:d0:12:38:c3:fc:8b:6f:31:c2:93:
                    94:a1:3b:c1:cd:5e:43:1d:21:2d:3b:ca:02:71:7c:
                    66:ff:1e:2a:59:7a:f9:05:1a:27:c3:b7:ce:93:97:
                    de:2e:4a:e2:52:86:94:b5:80:7c:c6:4b:15:03:70:
                    20:d6:98:84:bb:a2:ae:04:3c:09:7f:8d:35:0f:2d:
                    a6:60:a9:c7:b9:90:c1:c1:cc:31:a1:0c:d4:d0:4e:
                    a9:03:98:61:ec:0c:56:14:77:85:e8:d3:1e:b4:c7:
                    e7:39:b2:4c:a9:0e:a1:71:f5:7b:ba:ef:65:4f:2d:
                    55:26:37:f1:d3:1c:63:bb:17:ea:86:13:1f:4e:8f:
                    40:fb:1f:3b:a2:b1:63:d6:cb:2d:9c:13:78:82:9f:
                    fe:b9:2f:0c:79:21:a6:6f:45:70:5e:38:d7:3d:e6:
                    d0:91:96:5a:98:38:9f:23:25:fc:6d:67:9a:b7:94:
                    86:8b:a5:06:6d:ac:4b:29:5f:35:71:bd:77:5a:c9:
                    49:75:1f:a8:28:06:36:eb:43:97:4c:5c:3c:8b:f3:
                    6d:4c:c0:ca:26:b1:d6:16:06:31:d7:e5:e5:73:2f:
                    71:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B2:BE:EB:D6:30:3D:C2:45:2E:CD:EE:85:F4:1D:6E:B3:04:57:72:66
            X509v3 Authority Key Identifier:
                keyid:F9:B9:75:16:1F:E2:EA:37:E0:E4:62:AD:5F:5B:8A:74:28:01:34:E6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9121D73/5CC66BD4262611EA8524E83BC4F9AE02/-bl1Fh_i6jfg5GKtX1uKdCgBNOY.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/-bl1Fh_i6jfg5GKtX1uKdCgBNOY.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9121D73/5CC66BD4262611EA8524E83BC4F9AE02/01A8B084262811EA8269E33EC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.135.37.0/24
                  103.150.58.0/24
                IPv6:
                  2001:df7:e500::/48

    Signature Algorithm: sha256WithRSAEncryption
         8b:3b:55:99:71:15:b7:aa:79:38:6c:67:7e:24:31:a0:4d:87:
         32:66:9c:27:5a:91:e3:91:5e:89:4d:4d:42:d8:bc:57:bf:7c:
         80:f8:b3:9b:56:c1:83:99:08:8a:a4:c5:e3:b1:e5:31:37:4c:
         67:7e:24:86:09:ee:53:24:8e:3c:23:27:a8:51:12:5a:71:97:
         6e:c9:13:f5:01:ac:81:9d:c4:56:6a:06:0b:a5:b6:83:2f:94:
         b4:9c:36:cd:2f:fa:13:34:21:5c:11:47:73:2d:ed:27:30:81:
         82:27:1a:bd:53:72:a4:c2:f6:47:8e:9f:73:6f:a5:c2:dc:e5:
         39:94:43:70:5c:96:ef:89:56:b6:30:e2:85:94:19:39:38:86:
         64:eb:f2:b9:ae:19:9b:50:0f:98:de:95:c9:e9:42:42:d8:a3:
         d3:2d:16:87:4b:fc:08:f5:0d:b0:39:c4:57:1e:03:d8:4f:0e:
         51:85:48:40:53:96:5d:35:b3:fd:c1:70:b8:03:c1:88:ba:68:
         b5:cf:e1:0e:a3:42:65:29:b5:ee:04:ad:e6:12:e7:cc:05:f2:
         41:b1:4e:61:30:d5:fa:d2:0b:1a:a3:af:0d:54:a8:e3:47:7e:
         1f:54:e7:04:8b:f3:6b:68:94:22:aa:f5:f4:e9:75:82:dc:f8:
         f6:3a:54:e0
-----BEGIN CERTIFICATE-----
MIIFiDCCBHCgAwIBAgICCsswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MjFENzMxMTAvBgNVBAUTKEY5Qjk3NTE2MUZFMkVBMzdFMEU0NjJBRDVGNUI4QTc0
MjgwMTM0RTYwHhcNMjQwMzI0MTk1ODU4WhcNMjUwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02NjAwODYwMi00ZWFhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAnb7a3dA/HbErUjkCkSDG7YP27tA4R161nfeZDE5gM6i5VNASOMP8i28xwpOU
oTvBzV5DHSEtO8oCcXxm/x4qWXr5BRonw7fOk5feLkriUoaUtYB8xksVA3Ag1piE
u6KuBDwJf401Dy2mYKnHuZDBwcwxoQzU0E6pA5hh7AxWFHeF6NMetMfnObJMqQ6h
cfV7uu9lTy1VJjfx0xxjuxfqhhMfTo9A+x87orFj1sstnBN4gp/+uS8MeSGmb0Vw
XjjXPebQkZZamDifIyX8bWeat5SGi6UGbaxLKV81cb13WslJdR+oKAY260OXTFw8
i/NtTMDKJrHWFgYx1+Xlcy9xxwIDAQABo4ICrDCCAqgwHQYDVR0OBBYEFLK+69Yw
PcJFLs3uhfQdbrMEV3JmMB8GA1UdIwQYMBaAFPm5dRYf4uo34ORirV9binQoATTm
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEyMUQ3My81Q0M2NkJENDI2
MjYxMUVBODUyNEU4M0JDNEY5QUUwMi8tYmwxRmhfaTZqZmc1R0t0WDF1S2RDZ0JO
T1kuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLy1ibDFGaF9pNmpmZzVHS3RYMXVLZENnQk5PWS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MjFENzMvNUNDNjZCRDQyNjI2MTFFQTg1MjRFODNCQzRGOUFFMDIvMDFBOEIwODQy
NjI4MTFFQTgyNjlFMzNFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNgYIKwYBBQUHAQcBAf8E
JzAlMBIEAgABMAwDBABnhyUDBABnljowDwQCAAIwCQMHACABDfflADANBgkqhkiG
9w0BAQsFAAOCAQEAiztVmXEVt6p5OGxnfiQxoE2HMmacJ1qR45FeiU1NQti8V798
gPizm1bBg5kIiqTF47HlMTdMZ34khgnuUySOPCMnqFESWnGXbskT9QGsgZ3EVmoG
C6W2gy+UtJw2zS/6EzQhXBFHcy3tJzCBgicavVNypML2R46fc2+lwtzlOZRDcFyW
74lWtjDihZQZOTiGZOvyua4Zm1APmN6VyelCQtij0y0Wh0v8CPUNsDnEVx4D2E8O
UYVIQFOWXTWz/cFwuAPBiLpotc/hDqNCZSm17gSt5hLnzAXyQbFOYTDV+tILGqOv
DVSo40d+H1TnBIvza2iUIqr19Ol1gtz49jpU4A==
-----END CERTIFICATE-----
Generated at Fri Nov 22 19:44:56 2024 by rpki-client on console-fra.rpki-client.org