Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A912C15B/E97DEF40746D11EE9E633C37C4F9AE02/76CF6D4C746E11EE8A2F7739C4F9AE02.roa
File:                     76CF6D4C746E11EE8A2F7739C4F9AE02.roa (raw, json)
Hash identifier:          OLewJUJr+U9U8qfvMJkh2R+kFpFEPwuOG/eViM+YX50=
Subject key identifier:   23:DA:31:D7:69:FB:38:5F:9C:C9:3C:F6:74:7E:82:D5:1C:03:EB:17
Certificate issuer:       /CN=A912C15B/serialNumber=15361347A10814A3E668B7269FE20707B18E7973
Certificate serial:       02
Authority key identifier: 15:36:13:47:A1:08:14:A3:E6:68:B7:26:9F:E2:07:07:B1:8E:79:73
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/FTYTR6EIFKPmaLcmn-IHB7GOeXM.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A912C15B/E97DEF40746D11EE9E633C37C4F9AE02/76CF6D4C746E11EE8A2F7739C4F9AE02.roa
Signing time:             Fri 27 Oct 2023 02:13:49 +0000
ROA not before:           Fri 27 Oct 2023 02:13:48 +0000
ROA not after:            Sat 31 Aug 2024 00:00:00 +0000
asID:                     140625
IP address blocks:        103.151.62.0/24 maxlen: 24
                          103.164.234.0/24 maxlen: 24
                          2001:df3:ac80::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A912C15B/E97DEF40746D11EE9E633C37C4F9AE02/FTYTR6EIFKPmaLcmn-IHB7GOeXM.crl
                          rsync://rpki.apnic.net/member_repository/A912C15B/E97DEF40746D11EE9E633C37C4F9AE02/FTYTR6EIFKPmaLcmn-IHB7GOeXM.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/FTYTR6EIFKPmaLcmn-IHB7GOeXM.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 24 Jun 2024 07:58:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A912C15B/serialNumber=15361347A10814A3E668B7269FE20707B18E7973
        Validity
            Not Before: Oct 27 02:13:48 2023 GMT
            Not After : Aug 31 00:00:00 2024 GMT
        Subject: CN=653b1cdc-cbf3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:1f:a4:db:6e:fd:20:32:4c:4f:c6:fc:65:22:
                    ec:d1:9e:86:1c:ee:52:5e:d5:ee:6b:a3:d9:16:a8:
                    f1:fa:5b:0b:e8:40:cc:f6:0a:b3:ad:ac:d6:57:cc:
                    b0:24:ae:28:7f:cd:61:d3:38:76:51:b0:fe:c4:92:
                    b8:03:3f:fd:85:67:d9:2f:57:7b:81:56:a7:15:ca:
                    c8:eb:13:46:e4:3b:b2:25:ac:a6:b3:db:48:35:32:
                    05:b2:41:ed:df:61:5d:20:3a:9c:d5:3f:21:a0:fb:
                    95:34:5c:93:a6:85:d0:2e:c7:a8:af:10:67:be:22:
                    c9:ac:5f:4b:d5:8d:dd:75:44:45:55:bb:98:24:4a:
                    38:82:ce:37:09:ba:66:88:9e:17:29:e3:1e:19:4d:
                    6f:1f:7f:c3:5d:36:b2:d4:6a:84:43:5d:7f:00:5b:
                    d6:37:c9:f5:59:da:7a:eb:8d:08:15:4e:1c:e8:63:
                    04:65:e2:d6:ca:94:d0:f8:99:17:f3:6a:c5:1a:56:
                    6c:a8:4b:61:9b:e8:d6:5d:69:af:ed:b1:2b:ac:85:
                    65:73:61:37:ac:9e:ca:20:cb:b6:dd:2f:5e:15:bd:
                    01:cf:5a:6b:d3:18:30:b6:85:b5:0d:fb:fe:96:77:
                    45:82:eb:cb:a3:e3:d8:62:76:80:4d:14:e5:3f:95:
                    6e:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                23:DA:31:D7:69:FB:38:5F:9C:C9:3C:F6:74:7E:82:D5:1C:03:EB:17
            X509v3 Authority Key Identifier:
                keyid:15:36:13:47:A1:08:14:A3:E6:68:B7:26:9F:E2:07:07:B1:8E:79:73

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A912C15B/E97DEF40746D11EE9E633C37C4F9AE02/FTYTR6EIFKPmaLcmn-IHB7GOeXM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/FTYTR6EIFKPmaLcmn-IHB7GOeXM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A912C15B/E97DEF40746D11EE9E633C37C4F9AE02/76CF6D4C746E11EE8A2F7739C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.151.62.0/24
                  103.164.234.0/24
                IPv6:
                  2001:df3:ac80::/48

    Signature Algorithm: sha256WithRSAEncryption
         87:9a:33:43:3f:aa:a3:41:5a:40:b5:22:a0:1c:d1:6d:b1:75:
         39:de:77:6b:83:1a:36:9c:29:8e:5a:13:67:ed:98:3d:62:9d:
         56:a4:cc:d5:95:bd:bf:3a:1b:91:fa:b3:d6:d6:95:f5:c2:2f:
         f4:04:29:8d:7f:4a:8d:d3:da:4e:20:c6:77:10:81:f5:b0:36:
         0f:cc:a5:cf:9f:5f:f7:2c:1e:21:86:79:ae:bb:99:a6:75:4e:
         6c:fd:55:db:4a:31:5a:c5:58:23:a8:31:c8:d4:34:70:77:b0:
         cf:2b:ab:88:0f:6e:89:4e:20:4c:13:a4:d7:f8:51:dc:c8:92:
         ab:5c:60:12:13:76:37:d1:5e:76:e1:e6:c9:88:2e:fa:5d:f2:
         f9:35:7b:2a:df:1d:88:93:f7:e3:9e:73:c0:e8:55:ae:e3:29:
         66:14:af:0c:a0:b8:22:e0:02:a9:74:b8:e7:3b:f8:a4:ed:60:
         ca:3a:9e:68:f8:49:c3:a8:c8:8b:be:85:15:a5:17:71:8b:ee:
         2a:55:ee:5a:03:d0:60:a5:72:1c:f8:74:22:26:a7:6c:11:59:
         72:61:79:a5:8a:02:2c:f2:37:e3:71:16:5f:e8:65:06:d7:97:
         f1:2f:ea:d9:f6:b9:82:81:c1:3c:9e:97:a9:de:c2:8c:98:4c:
         6f:4c:44:37
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgIBAjANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTEy
QzE1QjExMC8GA1UEBRMoMTUzNjEzNDdBMTA4MTRBM0U2NjhCNzI2OUZFMjA3MDdC
MThFNzk3MzAeFw0yMzEwMjcwMjEzNDhaFw0yNDA4MzEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY1M2IxY2RjLWNiZjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDKH6Tbbv0gMkxPxvxlIuzRnoYc7lJe1e5ro9kWqPH6WwvoQMz2CrOtrNZXzLAk
rih/zWHTOHZRsP7EkrgDP/2FZ9kvV3uBVqcVysjrE0bkO7IlrKaz20g1MgWyQe3f
YV0gOpzVPyGg+5U0XJOmhdAux6ivEGe+IsmsX0vVjd11REVVu5gkSjiCzjcJumaI
nhcp4x4ZTW8ff8NdNrLUaoRDXX8AW9Y3yfVZ2nrrjQgVThzoYwRl4tbKlND4mRfz
asUaVmyoS2Gb6NZdaa/tsSushWVzYTesnsogy7bdL14VvQHPWmvTGDC2hbUN+/6W
d0WC68uj49hidoBNFOU/lW4rAgMBAAGjggKsMIICqDAdBgNVHQ4EFgQUI9ox12n7
OF+cyTz2dH6C1RwD6xcwHwYDVR0jBBgwFoAUFTYTR6EIFKPmaLcmn+IHB7GOeXMw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTJDMTVCL0U5N0RFRjQwNzQ2
RDExRUU5RTYzM0MzN0M0RjlBRTAyL0ZUWVRSNkVJRktQbWFMY21uLUlIQjdHT2VY
TS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvRlRZVFI2RUlGS1BtYUxjbW4tSUhCN0dPZVhNLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEy
QzE1Qi9FOTdERUY0MDc0NkQxMUVFOUU2MzNDMzdDNEY5QUUwMi83NkNGNkQ0Qzc0
NkUxMUVFOEEyRjc3MzlDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDA2BggrBgEFBQcBBwEB/wQn
MCUwEgQCAAEwDAMEAGeXPgMEAGek6jAPBAIAAjAJAwcAIAEN86yAMA0GCSqGSIb3
DQEBCwUAA4IBAQCHmjNDP6qjQVpAtSKgHNFtsXU53ndrgxo2nCmOWhNn7Zg9Yp1W
pMzVlb2/OhuR+rPW1pX1wi/0BCmNf0qN09pOIMZ3EIH1sDYPzKXPn1/3LB4hhnmu
u5mmdU5s/VXbSjFaxVgjqDHI1DRwd7DPK6uID26JTiBME6TX+FHcyJKrXGASE3Y3
0V524ebJiC76XfL5NXsq3x2Ik/fjnnPA6FWu4ylmFK8MoLgi4AKpdLjnO/ik7WDK
Op5o+EnDqMiLvoUVpRdxi+4qVe5aA9BgpXIc+HQiJqdsEVlyYXmligIs8jfjcRZf
6GUG15fxL+rZ9rmCgcE8npep3sKMmExvTEQ3
-----END CERTIFICATE-----
Generated at Mon Jun 17 09:40:48 2024 by rpki-client on console-fra.rpki-client.org