Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9134858/325538B4DDB911ED8887C168C4F9AE02/C435BF20EE8E11ED8FA7F510C4F9AE02.roa
File:                     C435BF20EE8E11ED8FA7F510C4F9AE02.roa (raw, json)
Hash identifier:          7WHyHjNWLPyCNdr9Jt2Biy5nLokqFlZbQ5cyMPArM34=
Subject key identifier:   2B:E5:7D:F0:FC:87:0E:AF:43:B2:3A:9F:23:DD:58:AD:EB:DE:65:47
Certificate issuer:       /CN=A9134858/serialNumber=7841A0786A7D7846459FB5978BFBBB2D90A1EEE7
Certificate serial:       DD
Authority key identifier: 78:41:A0:78:6A:7D:78:46:45:9F:B5:97:8B:FB:BB:2D:90:A1:EE:E7
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/eEGgeGp9eEZFn7WXi_u7LZCh7uc.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9134858/325538B4DDB911ED8887C168C4F9AE02/C435BF20EE8E11ED8FA7F510C4F9AE02.roa
Signing time:             Mon 03 Jun 2024 06:56:01 +0000
ROA not before:           Mon 03 Jun 2024 06:56:01 +0000
ROA not after:            Wed 30 Jul 2025 00:00:00 +0000
asID:                     134806
IP address blocks:        103.132.43.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9134858/325538B4DDB911ED8887C168C4F9AE02/eEGgeGp9eEZFn7WXi_u7LZCh7uc.crl
                          rsync://rpki.apnic.net/member_repository/A9134858/325538B4DDB911ED8887C168C4F9AE02/eEGgeGp9eEZFn7WXi_u7LZCh7uc.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/eEGgeGp9eEZFn7WXi_u7LZCh7uc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 22 Jun 2024 02:50:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 221 (0xdd)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9134858/serialNumber=7841A0786A7D7846459FB5978BFBBB2D90A1EEE7
        Validity
            Not Before: Jun  3 06:56:01 2024 GMT
            Not After : Jul 30 00:00:00 2025 GMT
        Subject: CN=665d6901-8fae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:53:f4:f3:7d:67:b8:4e:60:f4:67:53:fd:90:
                    5a:70:90:a5:e4:1d:e9:5a:db:d2:76:ad:1d:4c:eb:
                    56:7e:c5:fd:e5:0f:c4:ee:64:50:af:86:ca:22:cb:
                    3e:a0:a0:95:8e:10:2d:a6:fe:40:49:9a:f3:70:66:
                    4e:da:dd:5b:c0:f9:36:ac:99:13:a8:c6:c3:ef:88:
                    79:88:d9:a4:90:b0:79:f2:b7:aa:47:d1:ad:bf:87:
                    a3:74:53:68:ad:c8:b5:f3:54:b9:53:0f:e3:64:b8:
                    2b:1d:fb:5d:aa:33:b7:0c:f9:0f:54:57:a1:58:46:
                    82:e4:4f:00:7a:da:19:39:16:4e:c9:76:8f:07:0d:
                    4a:29:4a:a1:e5:e2:80:01:29:aa:19:8b:0f:7a:44:
                    cc:78:05:1c:8f:8d:88:3c:98:28:ce:b2:21:43:b7:
                    77:ac:72:98:9e:34:75:80:09:5b:48:74:b1:2f:4a:
                    8d:d0:bc:b3:79:aa:a9:80:cc:22:dd:29:ec:a7:8c:
                    29:88:7f:95:54:97:50:10:9e:1d:a2:e8:85:69:e3:
                    19:e9:bc:69:f0:0a:19:0e:e5:6f:10:d8:50:ad:4a:
                    51:72:e2:64:cb:06:0d:18:a7:c2:f1:91:37:1d:7c:
                    25:58:fb:a0:7e:40:16:d3:ff:93:45:1e:62:da:0c:
                    6c:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2B:E5:7D:F0:FC:87:0E:AF:43:B2:3A:9F:23:DD:58:AD:EB:DE:65:47
            X509v3 Authority Key Identifier:
                keyid:78:41:A0:78:6A:7D:78:46:45:9F:B5:97:8B:FB:BB:2D:90:A1:EE:E7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9134858/325538B4DDB911ED8887C168C4F9AE02/eEGgeGp9eEZFn7WXi_u7LZCh7uc.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/eEGgeGp9eEZFn7WXi_u7LZCh7uc.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9134858/325538B4DDB911ED8887C168C4F9AE02/C435BF20EE8E11ED8FA7F510C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.132.43.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:5d:50:52:95:65:e2:af:c0:0e:77:f8:88:f3:1b:4a:48:cb:
         67:fd:e3:bb:28:71:7c:4d:1d:de:58:29:bc:f9:73:e0:5d:f0:
         20:9b:cc:63:fd:9c:88:33:05:c5:88:6f:19:5b:bb:0a:ff:5f:
         84:9d:ba:2d:b5:0e:25:25:b7:48:20:f8:56:63:c4:ab:9f:5d:
         06:22:5f:c6:c0:b0:31:c6:51:67:7c:41:d5:79:b6:eb:2d:b2:
         cb:67:34:c5:96:2e:cf:41:4f:71:6d:64:8a:86:a4:19:22:d6:
         ee:9c:44:b4:23:de:cc:ee:ca:0e:71:d1:1b:83:9e:5e:2f:c7:
         1f:54:6c:13:9a:97:9f:c0:c0:8c:e8:f1:11:88:de:34:88:0b:
         95:51:10:7c:58:1b:f7:18:c6:e6:91:82:a1:43:16:fd:2b:b7:
         1d:49:e2:98:d4:29:28:e5:f0:c1:e8:da:d2:64:b6:54:2b:cb:
         99:a6:c1:93:f5:0b:c7:4e:df:62:0d:08:3b:34:22:bd:ef:6e:
         dc:eb:34:3d:02:9d:18:c7:2e:33:b6:4b:65:e6:e0:8b:6b:f3:
         fb:92:b0:91:33:c7:8e:93:e1:61:ff:ce:12:b7:a1:05:4c:51:
         c8:83:d9:2b:fb:ef:66:3f:47:86:eb:fe:61:8d:4c:4d:32:1f:
         e3:17:3e:5c
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICAN0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MzQ4NTgxMTAvBgNVBAUTKDc4NDFBMDc4NkE3RDc4NDY0NTlGQjU5NzhCRkJCQjJE
OTBBMUVFRTcwHhcNMjQwNjAzMDY1NjAxWhcNMjUwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjVkNjkwMS04ZmFlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAtFP0831nuE5g9GdT/ZBacJCl5B3pWtvSdq0dTOtWfsX95Q/E7mRQr4bKIss+
oKCVjhAtpv5ASZrzcGZO2t1bwPk2rJkTqMbD74h5iNmkkLB58reqR9Gtv4ejdFNo
rci181S5Uw/jZLgrHftdqjO3DPkPVFehWEaC5E8AetoZORZOyXaPBw1KKUqh5eKA
ASmqGYsPekTMeAUcj42IPJgozrIhQ7d3rHKYnjR1gAlbSHSxL0qN0LyzeaqpgMwi
3Snsp4wpiH+VVJdQEJ4douiFaeMZ6bxp8AoZDuVvENhQrUpRcuJkywYNGKfC8ZE3
HXwlWPugfkAW0/+TRR5i2gxsdQIDAQABo4IClTCCApEwHQYDVR0OBBYEFCvlffD8
hw6vQ7I6nyPdWK3r3mVHMB8GA1UdIwQYMBaAFHhBoHhqfXhGRZ+1l4v7uy2Qoe7n
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEzNDg1OC8zMjU1MzhCNERE
QjkxMUVEODg4N0MxNjhDNEY5QUUwMi9lRUdnZUdwOWVFWkZuN1dYaV91N0xaQ2g3
dWMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2VFR2dlR3A5ZUVaRm43V1hpX3U3TFpDaDd1Yy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MzQ4NTgvMzI1NTM4QjREREI5MTFFRDg4ODdDMTY4QzRGOUFFMDIvQzQzNUJGMjBF
RThFMTFFRDhGQTdGNTEwQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBABnhCswDQYJKoZIhvcNAQELBQADggEBADFdUFKVZeKvwA53
+IjzG0pIy2f947socXxNHd5YKbz5c+Bd8CCbzGP9nIgzBcWIbxlbuwr/X4Sdui21
DiUlt0gg+FZjxKufXQYiX8bAsDHGUWd8QdV5tustsstnNMWWLs9BT3FtZIqGpBki
1u6cRLQj3szuyg5x0RuDnl4vxx9UbBOal5/AwIzo8RGI3jSIC5VREHxYG/cYxuaR
gqFDFv0rtx1J4pjUKSjl8MHo2tJktlQry5mmwZP1C8dO32INCDs0Ir3vbtzrND0C
nRjHLjO2S2Xm4Itr8/uSsJEzx46T4WH/zhK3oQVMUciD2Sv772Y/R4br/mGNTE0y
H+MXPlw=
-----END CERTIFICATE-----
Generated at Sat Jun 15 07:40:48 2024 by rpki-client on console-ams.rpki-client.org