Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91240E6/660742C8FD2111E488AB0C34C4F9AE02/8A721F4EB10C11E5BB6B2A16C4F9AE02.roa
File:                     8A721F4EB10C11E5BB6B2A16C4F9AE02.roa (raw, json)
Hash identifier:          zjFPN9IlvbUvgrK4TiEnI3P674oOFqbeO/VgwKwjEUk=
Subject key identifier:   EE:EA:42:62:6C:28:8E:85:78:06:6C:05:A9:D8:35:9A:E7:C1:8F:68
Certificate issuer:       /CN=A91240E6/serialNumber=6DCE52F9A228CBF6F30CD55D43384D1268487B65
Certificate serial:       24C7
Authority key identifier: 6D:CE:52:F9:A2:28:CB:F6:F3:0C:D5:5D:43:38:4D:12:68:48:7B:65
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/bc5S-aIoy_bzDNVdQzhNEmhIe2U.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91240E6/660742C8FD2111E488AB0C34C4F9AE02/8A721F4EB10C11E5BB6B2A16C4F9AE02.roa
Signing time:             Tue 22 Aug 2023 16:12:21 +0000
ROA not before:           Tue 22 Aug 2023 16:12:21 +0000
ROA not after:            Thu 31 Oct 2024 00:00:00 +0000
asID:                     38203
IP address blocks:        103.4.116.0/22 maxlen: 22
                          103.4.116.0/22 maxlen: 24
                          103.4.116.0/24 maxlen: 24
                          103.4.117.0/24 maxlen: 24
                          103.4.118.0/24 maxlen: 24
                          103.4.119.0/24 maxlen: 24
                          103.234.200.0/22 maxlen: 22
                          103.234.200.0/24 maxlen: 24
                          103.234.201.0/24 maxlen: 24
                          103.234.202.0/24 maxlen: 24
                          103.234.203.0/24 maxlen: 24
                          103.251.120.0/22 maxlen: 22
                          103.251.120.0/22 maxlen: 24
                          103.251.120.0/24 maxlen: 24
                          103.251.121.0/24 maxlen: 24
                          103.251.122.0/24 maxlen: 24
                          103.251.123.0/24 maxlen: 24
                          163.47.144.0/22 maxlen: 22
                          163.47.144.0/22 maxlen: 24
                          163.47.144.0/24 maxlen: 24
                          163.47.145.0/24 maxlen: 24
                          163.47.146.0/24 maxlen: 24
                          163.47.147.0/24 maxlen: 24
                          202.51.176.0/20 maxlen: 20
                          202.51.176.0/20 maxlen: 24
                          202.51.176.0/24 maxlen: 24
                          202.51.177.0/24 maxlen: 24
                          202.51.178.0/24 maxlen: 24
                          202.51.179.0/24 maxlen: 24
                          202.51.180.0/24 maxlen: 24
                          202.51.181.0/24 maxlen: 24
                          202.51.182.0/24 maxlen: 24
                          202.51.183.0/24 maxlen: 24
                          202.51.184.0/24 maxlen: 24
                          202.51.185.0/24 maxlen: 24
                          202.51.186.0/24 maxlen: 24
                          202.51.187.0/24 maxlen: 24
                          202.51.188.0/24 maxlen: 24
                          202.51.189.0/24 maxlen: 24
                          202.51.190.0/24 maxlen: 24
                          202.51.191.0/24 maxlen: 24
                          2402:b500::/32 maxlen: 48
                          2402:b500:1::/48 maxlen: 48
                          2402:b500:2::/48 maxlen: 48
                          2402:b500:3::/48 maxlen: 48
                          2402:b500:4::/48 maxlen: 48
                          2402:b500:5::/48 maxlen: 48
                          2402:b500:31::/48 maxlen: 48
                          2402:b500:1000::/48 maxlen: 48
                          2402:b500:1001::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91240E6/660742C8FD2111E488AB0C34C4F9AE02/bc5S-aIoy_bzDNVdQzhNEmhIe2U.crl
                          rsync://rpki.apnic.net/member_repository/A91240E6/660742C8FD2111E488AB0C34C4F9AE02/bc5S-aIoy_bzDNVdQzhNEmhIe2U.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/bc5S-aIoy_bzDNVdQzhNEmhIe2U.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 25 Apr 2024 16:02:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 9415 (0x24c7)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91240E6/serialNumber=6DCE52F9A228CBF6F30CD55D43384D1268487B65
        Validity
            Not Before: Aug 22 16:12:21 2023 GMT
            Not After : Oct 31 00:00:00 2024 GMT
        Subject: CN=64e4de65-08be
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:bf:02:85:8e:12:c7:2a:00:49:1d:29:06:a7:
                    c5:72:e1:e6:4d:26:07:1c:ba:4f:7b:13:fc:39:e9:
                    0b:50:26:bb:4c:63:64:a9:7f:0b:7e:83:6d:fa:19:
                    fe:fb:51:9b:9a:c3:bb:9a:34:50:4e:df:d1:07:93:
                    ae:17:51:fe:aa:35:5e:75:60:57:15:2f:7a:a9:c0:
                    93:dd:0d:2c:b7:2c:27:6e:40:a5:e9:46:5f:34:20:
                    9a:a5:0c:ed:3a:22:82:41:2f:db:04:3c:61:b9:cb:
                    d0:e8:40:46:54:2e:ed:52:e2:ed:72:1c:e4:0b:f4:
                    b0:6a:2d:85:47:9e:71:cf:f5:7d:96:fc:29:d4:6a:
                    ab:82:4b:1f:b3:2f:b8:d5:ed:22:30:c2:7c:bf:aa:
                    cc:cd:7d:54:f9:21:3a:cc:74:82:71:25:43:18:0e:
                    c9:ed:cd:cd:b5:8e:2d:77:b8:be:1c:87:b3:0e:c1:
                    f1:47:0e:80:4e:09:7b:97:b2:2e:62:dc:be:d2:81:
                    a3:74:f2:b6:f0:39:b0:76:7b:c3:68:ac:78:2d:d5:
                    d4:1c:d6:55:08:75:bf:4e:78:ea:c4:27:61:bc:de:
                    54:c7:cc:c3:c0:4e:b7:b3:fc:7e:ac:0a:dc:c0:d3:
                    90:9c:07:62:8e:7c:07:3d:1c:51:90:9a:b2:80:c4:
                    54:3b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:EA:42:62:6C:28:8E:85:78:06:6C:05:A9:D8:35:9A:E7:C1:8F:68
            X509v3 Authority Key Identifier:
                keyid:6D:CE:52:F9:A2:28:CB:F6:F3:0C:D5:5D:43:38:4D:12:68:48:7B:65

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91240E6/660742C8FD2111E488AB0C34C4F9AE02/bc5S-aIoy_bzDNVdQzhNEmhIe2U.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/bc5S-aIoy_bzDNVdQzhNEmhIe2U.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91240E6/660742C8FD2111E488AB0C34C4F9AE02/8A721F4EB10C11E5BB6B2A16C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.4.116.0/22
                  103.234.200.0/22
                  103.251.120.0/22
                  163.47.144.0/22
                  202.51.176.0/20
                IPv6:
                  2402:b500::/32

    Signature Algorithm: sha256WithRSAEncryption
         7c:d5:54:7c:df:60:b7:4d:57:a3:69:91:4d:67:b8:b6:04:e4:
         c8:a7:1b:64:3b:d4:47:c9:92:f4:69:ea:a8:88:3f:59:bf:70:
         a9:4f:27:49:15:e5:c6:93:89:4a:7a:b8:f7:4e:ce:93:2d:95:
         ec:57:eb:59:4b:01:84:03:f9:61:70:e9:d7:89:30:c1:77:03:
         04:ce:31:af:56:84:8a:eb:a6:37:43:9a:9d:34:d9:3b:a4:aa:
         72:a7:93:2d:eb:46:9c:95:4a:47:72:6e:a3:5f:a0:21:51:32:
         5a:b5:20:5c:6e:f4:fe:01:6f:a7:5d:c2:bb:63:b7:c7:8d:0f:
         b2:3b:a6:ce:98:b5:94:86:f0:a7:ea:a5:88:38:3f:4c:01:22:
         1a:c4:44:c2:bd:50:78:e3:4a:57:32:8d:c8:aa:a6:6e:04:3d:
         8c:30:9b:00:27:8c:9c:c0:cf:18:89:2f:74:6b:d4:e4:4e:f7:
         6c:32:87:5b:77:6b:90:f6:c7:b6:f6:cb:1f:ca:f4:01:77:8d:
         94:eb:51:2c:46:4e:c7:2e:4c:f6:b1:30:55:8e:8b:13:f3:02:
         eb:46:99:0e:fe:34:d7:d3:18:97:f3:dd:9d:74:72:61:6c:92:
         fc:90:e7:9f:88:18:fa:82:2f:f0:2e:07:f4:ea:db:fb:8b:97:
         78:69:37:8c
-----BEGIN CERTIFICATE-----
MIIFmDCCBICgAwIBAgICJMcwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MjQwRTYxMTAvBgNVBAUTKDZEQ0U1MkY5QTIyOENCRjZGMzBDRDU1RDQzMzg0RDEy
Njg0ODdCNjUwHhcNMjMwODIyMTYxMjIxWhcNMjQxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NGU0ZGU2NS0wOGJlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAv78ChY4SxyoASR0pBqfFcuHmTSYHHLpPexP8OekLUCa7TGNkqX8LfoNt+hn+
+1GbmsO7mjRQTt/RB5OuF1H+qjVedWBXFS96qcCT3Q0stywnbkCl6UZfNCCapQzt
OiKCQS/bBDxhucvQ6EBGVC7tUuLtchzkC/Swai2FR55xz/V9lvwp1Gqrgksfsy+4
1e0iMMJ8v6rMzX1U+SE6zHSCcSVDGA7J7c3NtY4td7i+HIezDsHxRw6ATgl7l7Iu
Yty+0oGjdPK28DmwdnvDaKx4LdXUHNZVCHW/TnjqxCdhvN5Ux8zDwE63s/x+rArc
wNOQnAdijnwHPRxRkJqygMRUOwIDAQABo4ICvDCCArgwHQYDVR0OBBYEFO7qQmJs
KI6FeAZsBanYNZrnwY9oMB8GA1UdIwQYMBaAFG3OUvmiKMv28wzVXUM4TRJoSHtl
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEyNDBFNi82NjA3NDJDOEZE
MjExMUU0ODhBQjBDMzRDNEY5QUUwMi9iYzVTLWFJb3lfYnpETlZkUXpoTkVtaEll
MlUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2JjNVMtYUlveV9iekROVmRRemhORW1oSWUyVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MjQwRTYvNjYwNzQyQzhGRDIxMTFFNDg4QUIwQzM0QzRGOUFFMDIvOEE3MjFGNEVC
MTBDMTFFNUJCNkIyQTE2QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwRgYIKwYBBQUHAQcBAf8E
NzA1MCQEAgABMB4DBAJnBHQDBAJn6sgDBAJn+3gDBAKjL5ADBATKM7AwDQQCAAIw
BwMFACQCtQAwDQYJKoZIhvcNAQELBQADggEBAHzVVHzfYLdNV6NpkU1nuLYE5Min
G2Q71EfJkvRp6qiIP1m/cKlPJ0kV5caTiUp6uPdOzpMtlexX61lLAYQD+WFw6deJ
MMF3AwTOMa9WhIrrpjdDmp002TukqnKnky3rRpyVSkdybqNfoCFRMlq1IFxu9P4B
b6ddwrtjt8eND7I7ps6YtZSG8KfqpYg4P0wBIhrERMK9UHjjSlcyjciqpm4EPYww
mwAnjJzAzxiJL3Rr1ORO92wyh1t3a5D2x7b2yx/K9AF3jZTrUSxGTscuTPaxMFWO
ixPzAutGmQ7+NNfTGJfz3Z10cmFskvyQ55+IGPqCL/AuB/Tq2/uLl3hpN4w=
-----END CERTIFICATE-----
Generated at Thu Apr 18 18:16:01 2024 by rpki-client on console-fra.rpki-client.org