Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A912C15B/E97DEF40746D11EE9E633C37C4F9AE02/76CF6D4C746E11EE8A2F7739C4F9AE02.roa
File:                     76CF6D4C746E11EE8A2F7739C4F9AE02.roa (raw, json)
Hash identifier:          sPgtFXkQiNpbnrX5GSASzjIh/8IU4jkwvbF5ffVha8I=
Subject key identifier:   09:F4:A9:9F:98:F7:99:6C:C8:26:70:59:83:51:69:66:11:32:9B:36
Certificate issuer:       /CN=A912C15B/serialNumber=15361347A10814A3E668B7269FE20707B18E7973
Certificate serial:       7F
Authority key identifier: 15:36:13:47:A1:08:14:A3:E6:68:B7:26:9F:E2:07:07:B1:8E:79:73
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/FTYTR6EIFKPmaLcmn-IHB7GOeXM.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A912C15B/E97DEF40746D11EE9E633C37C4F9AE02/76CF6D4C746E11EE8A2F7739C4F9AE02.roa
Signing time:             Tue 25 Jun 2024 06:23:26 +0000
ROA not before:           Tue 25 Jun 2024 06:23:26 +0000
ROA not after:            Sun 31 Aug 2025 00:00:00 +0000
asID:                     140625
IP address blocks:        103.151.62.0/24 maxlen: 24
                          103.164.234.0/24 maxlen: 24
                          2001:df3:ac80::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A912C15B/E97DEF40746D11EE9E633C37C4F9AE02/FTYTR6EIFKPmaLcmn-IHB7GOeXM.crl
                          rsync://rpki.apnic.net/member_repository/A912C15B/E97DEF40746D11EE9E633C37C4F9AE02/FTYTR6EIFKPmaLcmn-IHB7GOeXM.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/FTYTR6EIFKPmaLcmn-IHB7GOeXM.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 02 Jul 2024 06:21:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 127 (0x7f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A912C15B/serialNumber=15361347A10814A3E668B7269FE20707B18E7973
        Validity
            Not Before: Jun 25 06:23:26 2024 GMT
            Not After : Aug 31 00:00:00 2025 GMT
        Subject: CN=667a625e-6fe6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:7a:59:ee:b2:1e:4e:d9:ee:ff:1a:41:56:20:
                    3c:83:7c:22:63:bb:ff:12:a9:18:a9:12:c6:f4:c0:
                    74:ac:09:8e:83:d2:4d:67:ff:05:65:fb:c2:2d:0a:
                    48:9d:29:d1:77:16:34:97:be:a9:aa:4a:1d:37:31:
                    9c:1e:b8:04:8a:d3:c7:b6:1b:c0:50:61:bb:cf:f1:
                    07:f8:67:a9:21:9c:1e:37:a0:02:41:51:79:f5:e8:
                    b2:90:f7:45:42:0a:54:85:33:2b:ae:fb:75:48:90:
                    2c:4b:61:90:94:f6:89:ca:94:3d:05:fb:e3:f5:a2:
                    73:c1:88:4b:3d:40:aa:74:2f:7b:14:f7:64:3e:ed:
                    4e:dd:25:51:6e:fb:e5:3c:44:96:2b:4a:06:96:38:
                    b5:c5:0b:a6:65:86:8b:3c:5b:8d:53:47:36:0a:35:
                    e4:73:9e:e0:e0:81:21:d6:67:04:69:16:94:d5:bc:
                    5f:a8:62:ff:c7:2b:dd:67:88:23:95:f7:7e:72:52:
                    63:01:63:36:0f:35:c6:8a:da:c2:4e:49:b1:06:9c:
                    12:45:9e:02:c7:ec:56:43:4a:36:7c:aa:2d:d5:c2:
                    be:32:4b:fc:95:64:55:13:fd:a6:39:2a:d2:66:7e:
                    47:d0:2a:11:a0:26:87:81:3a:be:9d:93:a2:56:f4:
                    e1:cb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                09:F4:A9:9F:98:F7:99:6C:C8:26:70:59:83:51:69:66:11:32:9B:36
            X509v3 Authority Key Identifier:
                keyid:15:36:13:47:A1:08:14:A3:E6:68:B7:26:9F:E2:07:07:B1:8E:79:73

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A912C15B/E97DEF40746D11EE9E633C37C4F9AE02/FTYTR6EIFKPmaLcmn-IHB7GOeXM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/FTYTR6EIFKPmaLcmn-IHB7GOeXM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A912C15B/E97DEF40746D11EE9E633C37C4F9AE02/76CF6D4C746E11EE8A2F7739C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.151.62.0/24
                  103.164.234.0/24
                IPv6:
                  2001:df3:ac80::/48

    Signature Algorithm: sha256WithRSAEncryption
         02:01:da:c0:23:d7:47:7a:55:79:2b:72:b2:7c:3b:af:46:00:
         e4:03:e3:da:d2:3f:9b:7a:63:b2:b9:4a:d0:2e:82:b5:12:dc:
         ec:0b:1e:a6:58:21:10:e3:45:9c:62:24:60:5a:4e:2c:44:cc:
         fd:89:47:e6:ac:8a:81:22:6d:1e:93:fc:aa:52:28:4b:45:13:
         49:36:80:fa:b8:1d:35:75:fa:c9:c4:dd:eb:db:1f:48:5e:44:
         41:80:04:f0:0c:df:cf:ad:fe:62:3a:64:3a:09:0f:db:c3:1b:
         37:35:f9:6d:af:25:92:26:3a:98:f9:6f:3f:f6:da:37:d8:4f:
         97:1d:11:04:a1:8a:1f:2b:aa:a3:6c:a5:bb:17:b0:ec:45:bd:
         98:c3:93:c1:97:89:70:62:85:4a:88:5f:07:cb:38:9d:bc:64:
         be:e6:bf:06:6c:c4:73:85:e0:a9:d6:06:00:d0:01:4c:1d:77:
         f7:87:12:f9:5a:e5:7c:a2:6b:ab:7e:f3:d0:5a:3c:c7:f3:32:
         84:7b:62:10:30:44:52:a2:ad:86:97:0a:e4:fa:99:b2:f9:61:
         55:7b:6e:80:27:48:ca:de:da:e6:57:96:ea:9c:0a:86:07:ff:
         f0:a6:59:31:82:cc:f0:ec:35:6a:02:90:ea:54:e9:ce:fb:9d:
         84:50:e3:31
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgIBfzANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTEy
QzE1QjExMC8GA1UEBRMoMTUzNjEzNDdBMTA4MTRBM0U2NjhCNzI2OUZFMjA3MDdC
MThFNzk3MzAeFw0yNDA2MjUwNjIzMjZaFw0yNTA4MzEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY2N2E2MjVlLTZmZTYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDJelnush5O2e7/GkFWIDyDfCJju/8SqRipEsb0wHSsCY6D0k1n/wVl+8ItCkid
KdF3FjSXvqmqSh03MZweuASK08e2G8BQYbvP8Qf4Z6khnB43oAJBUXn16LKQ90VC
ClSFMyuu+3VIkCxLYZCU9onKlD0F++P1onPBiEs9QKp0L3sU92Q+7U7dJVFu++U8
RJYrSgaWOLXFC6Zlhos8W41TRzYKNeRznuDggSHWZwRpFpTVvF+oYv/HK91niCOV
935yUmMBYzYPNcaK2sJOSbEGnBJFngLH7FZDSjZ8qi3Vwr4yS/yVZFUT/aY5KtJm
fkfQKhGgJoeBOr6dk6JW9OHLAgMBAAGjggKsMIICqDAdBgNVHQ4EFgQUCfSpn5j3
mWzIJnBZg1FpZhEymzYwHwYDVR0jBBgwFoAUFTYTR6EIFKPmaLcmn+IHB7GOeXMw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTJDMTVCL0U5N0RFRjQwNzQ2
RDExRUU5RTYzM0MzN0M0RjlBRTAyL0ZUWVRSNkVJRktQbWFMY21uLUlIQjdHT2VY
TS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvRlRZVFI2RUlGS1BtYUxjbW4tSUhCN0dPZVhNLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEy
QzE1Qi9FOTdERUY0MDc0NkQxMUVFOUU2MzNDMzdDNEY5QUUwMi83NkNGNkQ0Qzc0
NkUxMUVFOEEyRjc3MzlDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDA2BggrBgEFBQcBBwEB/wQn
MCUwEgQCAAEwDAMEAGeXPgMEAGek6jAPBAIAAjAJAwcAIAEN86yAMA0GCSqGSIb3
DQEBCwUAA4IBAQACAdrAI9dHelV5K3KyfDuvRgDkA+Pa0j+bemOyuUrQLoK1Etzs
Cx6mWCEQ40WcYiRgWk4sRMz9iUfmrIqBIm0ek/yqUihLRRNJNoD6uB01dfrJxN3r
2x9IXkRBgATwDN/Prf5iOmQ6CQ/bwxs3NfltryWSJjqY+W8/9to32E+XHREEoYof
K6qjbKW7F7DsRb2Yw5PBl4lwYoVKiF8HyzidvGS+5r8GbMRzheCp1gYA0AFMHXf3
hxL5WuV8omurfvPQWjzH8zKEe2IQMERSoq2Glwrk+pmy+WFVe26AJ0jK3trmV5bq
nAqGB//wplkxgszw7DVqApDqVOnO+52EUOMx
-----END CERTIFICATE-----
Generated at Tue Jun 25 07:41:29 2024 by rpki-client on console-ams.rpki-client.org