Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9131690/15B41B8863F311E9A0854C47C4F9AE02/B2B24A4221D711EB9CFAC46EC4F9AE02.roa
File:                     B2B24A4221D711EB9CFAC46EC4F9AE02.roa (raw, json)
Hash identifier:          Wgl12J3aO6xtiEgwwFNRQx2lXEcg0zHav6fTzt5T3BE=
Subject key identifier:   27:3D:BE:41:5A:15:97:C7:AF:38:FE:82:72:B8:A1:7C:72:3C:E6:FB
Certificate issuer:       /CN=A9131690/serialNumber=3474C94C36E8F9A0D3A0D22E1DDA108CD340AB28
Certificate serial:       0EBB
Authority key identifier: 34:74:C9:4C:36:E8:F9:A0:D3:A0:D2:2E:1D:DA:10:8C:D3:40:AB:28
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/NHTJTDbo-aDToNIuHdoQjNNAqyg.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9131690/15B41B8863F311E9A0854C47C4F9AE02/B2B24A4221D711EB9CFAC46EC4F9AE02.roa
Signing time:             Tue 26 Mar 2024 18:36:39 +0000
ROA not before:           Tue 26 Mar 2024 18:36:39 +0000
ROA not after:            Thu 01 May 2025 00:00:00 +0000
asID:                     135386
IP address blocks:        103.133.176.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9131690/15B41B8863F311E9A0854C47C4F9AE02/NHTJTDbo-aDToNIuHdoQjNNAqyg.crl
                          rsync://rpki.apnic.net/member_repository/A9131690/15B41B8863F311E9A0854C47C4F9AE02/NHTJTDbo-aDToNIuHdoQjNNAqyg.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/NHTJTDbo-aDToNIuHdoQjNNAqyg.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 04 Apr 2024 18:18:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3771 (0xebb)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9131690/serialNumber=3474C94C36E8F9A0D3A0D22E1DDA108CD340AB28
        Validity
            Not Before: Mar 26 18:36:39 2024 GMT
            Not After : May  1 00:00:00 2025 GMT
        Subject: CN=660315b7-0446
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:c1:e6:e2:72:c7:86:8e:63:e0:ee:50:c1:3c:
                    53:5a:8f:b2:41:85:ab:36:6c:6b:cc:06:b7:b0:aa:
                    5f:09:a2:4a:45:79:9b:5d:14:8d:8f:18:30:50:0b:
                    a5:c7:28:1f:de:99:b5:e7:2b:2c:e9:56:a1:86:0e:
                    98:a6:d5:2b:5d:b8:6d:51:9b:31:04:d4:b8:16:ed:
                    f4:e0:a2:59:b2:f7:50:79:d3:fe:79:58:64:89:fe:
                    56:f3:c5:e3:26:fb:f3:ce:c3:7e:1d:27:ba:cc:18:
                    d8:83:07:9b:69:fb:26:ef:7d:fa:14:ee:d1:2b:e9:
                    60:74:a2:ba:ba:9d:82:1f:0f:d8:f4:11:78:1e:b7:
                    2e:35:8d:ad:a4:68:0e:aa:ab:00:9c:79:1b:3e:ba:
                    f2:14:cc:c3:5f:87:6b:c9:d1:7f:3a:00:0c:33:3f:
                    cc:25:14:b9:18:dd:12:2c:fa:0d:13:fe:9a:89:60:
                    55:01:9b:97:62:1a:34:8b:fb:a7:f8:82:f3:08:99:
                    7e:6e:cd:73:3f:63:1f:1e:55:02:bd:fb:43:b7:ae:
                    85:f2:4c:ee:59:ee:26:d0:51:85:9f:31:fa:d0:da:
                    9a:ca:ae:ed:c3:13:21:bf:02:dc:cd:78:4e:36:6f:
                    05:25:ab:db:fd:18:74:37:ef:ec:74:f1:8a:fb:9d:
                    61:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                27:3D:BE:41:5A:15:97:C7:AF:38:FE:82:72:B8:A1:7C:72:3C:E6:FB
            X509v3 Authority Key Identifier:
                keyid:34:74:C9:4C:36:E8:F9:A0:D3:A0:D2:2E:1D:DA:10:8C:D3:40:AB:28

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9131690/15B41B8863F311E9A0854C47C4F9AE02/NHTJTDbo-aDToNIuHdoQjNNAqyg.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/NHTJTDbo-aDToNIuHdoQjNNAqyg.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9131690/15B41B8863F311E9A0854C47C4F9AE02/B2B24A4221D711EB9CFAC46EC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.133.176.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0f:7d:f5:5c:71:3b:70:7f:4e:e6:d3:e2:fa:a6:65:e9:b2:9f:
         be:7b:88:c0:88:96:a4:a4:a2:2e:70:cb:b9:41:76:6d:fd:91:
         9a:2b:2f:3b:f1:eb:4f:70:d7:9a:b4:08:a7:a3:b0:49:c9:d2:
         c0:77:f7:77:ae:7b:3c:f7:46:f3:dc:00:97:a3:d5:be:5e:a3:
         9b:83:fd:a4:11:d3:1b:99:0c:e4:d4:6e:a8:5d:19:43:08:93:
         10:78:71:a6:31:3f:6c:ed:10:41:31:b2:83:24:26:99:3f:54:
         dd:36:8e:8b:bd:3b:ff:4e:07:0b:34:27:97:b2:b8:00:e2:0e:
         e1:b9:3c:81:b1:d8:a1:35:77:0f:25:95:a2:70:72:57:cc:ee:
         d4:96:55:f7:35:be:14:97:6c:a1:cb:27:05:b9:c7:cc:02:2a:
         05:1b:50:ad:44:e2:4a:ca:48:2a:9a:26:ee:b1:8a:f7:db:b4:
         37:8f:51:a6:88:d4:82:47:69:c7:6f:4e:a1:f3:f2:21:a6:85:
         47:03:b0:86:99:12:77:77:13:22:05:81:bf:96:ed:df:32:55:
         d9:a9:e8:4c:64:88:f8:ed:0d:9b:70:20:1a:5d:53:4a:8b:90:
         5e:f1:2d:35:99:5d:9c:3f:1d:8d:6a:b0:36:15:28:a2:ee:9b:
         0b:c8:d0:ac
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICDrswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MzE2OTAxMTAvBgNVBAUTKDM0NzRDOTRDMzZFOEY5QTBEM0EwRDIyRTFEREExMDhD
RDM0MEFCMjgwHhcNMjQwMzI2MTgzNjM5WhcNMjUwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjAzMTViNy0wNDQ2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAycHm4nLHho5j4O5QwTxTWo+yQYWrNmxrzAa3sKpfCaJKRXmbXRSNjxgwUAul
xygf3pm15yss6Vahhg6YptUrXbhtUZsxBNS4Fu304KJZsvdQedP+eVhkif5W88Xj
JvvzzsN+HSe6zBjYgwebafsm7336FO7RK+lgdKK6up2CHw/Y9BF4HrcuNY2tpGgO
qqsAnHkbPrryFMzDX4drydF/OgAMMz/MJRS5GN0SLPoNE/6aiWBVAZuXYho0i/un
+ILzCJl+bs1zP2MfHlUCvftDt66F8kzuWe4m0FGFnzH60Nqayq7twxMhvwLczXhO
Nm8FJavb/Rh0N+/sdPGK+51hwQIDAQABo4IClTCCApEwHQYDVR0OBBYEFCc9vkFa
FZfHrzj+gnK4oXxyPOb7MB8GA1UdIwQYMBaAFDR0yUw26Pmg06DSLh3aEIzTQKso
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEzMTY5MC8xNUI0MUI4ODYz
RjMxMUU5QTA4NTRDNDdDNEY5QUUwMi9OSFRKVERiby1hRFRvTkl1SGRvUWpOTkFx
eWcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL05IVEpURGJvLWFEVG9OSXVIZG9Rak5OQXF5Zy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MzE2OTAvMTVCNDFCODg2M0YzMTFFOUEwODU0QzQ3QzRGOUFFMDIvQjJCMjRBNDIy
MUQ3MTFFQjlDRkFDNDZFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAJnhbAwDQYJKoZIhvcNAQELBQADggEBAA999VxxO3B/TubT
4vqmZemyn757iMCIlqSkoi5wy7lBdm39kZorLzvx609w15q0CKejsEnJ0sB393eu
ezz3RvPcAJej1b5eo5uD/aQR0xuZDOTUbqhdGUMIkxB4caYxP2ztEEExsoMkJpk/
VN02jou9O/9OBws0J5eyuADiDuG5PIGx2KE1dw8llaJwclfM7tSWVfc1vhSXbKHL
JwW5x8wCKgUbUK1E4krKSCqaJu6xivfbtDePUaaI1IJHacdvTqHz8iGmhUcDsIaZ
End3EyIFgb+W7d8yVdmp6ExkiPjtDZtwIBpdU0qLkF7xLTWZXZw/HY1qsDYVKKLu
mwvI0Kw=
-----END CERTIFICATE-----
Generated at Thu Mar 28 19:44:09 2024 by rpki-client on console-fra.rpki-client.org