Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91380B5/69463D04CA3D11EC91AC426DC4F9AE02/245B417CADD411EE95FF6C6DC4F9AE02.roa
File:                     245B417CADD411EE95FF6C6DC4F9AE02.roa (raw, json)
Hash identifier:          JxVIrPzje3ndpgNBS21Rr8xAqUVVYBLNUXJ3KjdSxWc=
Subject key identifier:   E4:B2:1F:27:10:05:05:7C:33:E5:6F:99:0D:3A:08:92:1D:E6:D3:5C
Certificate issuer:       /CN=A91380B5/serialNumber=7E65C58FA343A10C534350AB497FD090CEEFBFBB
Certificate serial:       023F
Authority key identifier: 7E:65:C5:8F:A3:43:A1:0C:53:43:50:AB:49:7F:D0:90:CE:EF:BF:BB
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/fmXFj6NDoQxTQ1CrSX_QkM7vv7s.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91380B5/69463D04CA3D11EC91AC426DC4F9AE02/245B417CADD411EE95FF6C6DC4F9AE02.roa
Signing time:             Sat 03 Feb 2024 03:34:59 +0000
ROA not before:           Sat 03 Feb 2024 03:34:59 +0000
ROA not after:            Thu 01 May 2025 00:00:00 +0000
asID:                     62390
IP address blocks:        103.180.25.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91380B5/69463D04CA3D11EC91AC426DC4F9AE02/fmXFj6NDoQxTQ1CrSX_QkM7vv7s.crl
                          rsync://rpki.apnic.net/member_repository/A91380B5/69463D04CA3D11EC91AC426DC4F9AE02/fmXFj6NDoQxTQ1CrSX_QkM7vv7s.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/fmXFj6NDoQxTQ1CrSX_QkM7vv7s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 27 Nov 2024 20:33:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 575 (0x23f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91380B5/serialNumber=7E65C58FA343A10C534350AB497FD090CEEFBFBB
        Validity
            Not Before: Feb  3 03:34:59 2024 GMT
            Not After : May  1 00:00:00 2025 GMT
        Subject: CN=65bdb463-7ff1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9a:6d:50:b6:d1:6f:9b:f1:c2:36:f5:e0:21:9e:
                    91:82:52:21:db:01:8b:8e:c2:88:88:56:de:e4:ad:
                    3a:38:5c:00:b2:53:d9:4a:19:e8:cd:fc:37:61:13:
                    30:a2:99:3d:28:f9:72:de:1a:69:66:82:e5:fe:37:
                    6c:e5:b0:c0:bd:71:f2:db:a8:5e:bf:63:94:b7:ff:
                    3c:ce:b1:94:30:40:35:cb:c5:a6:12:68:b9:b2:22:
                    79:0b:45:7d:a3:ca:7b:d3:04:ac:2c:89:c7:8a:8d:
                    8a:41:04:b4:ca:80:32:3f:7d:e3:f3:d6:66:14:29:
                    98:da:36:b3:cb:f3:34:46:27:c0:10:0d:04:17:3f:
                    b0:f3:08:fb:07:67:aa:64:96:6a:a8:97:a9:e8:47:
                    21:5b:0f:d6:9a:17:38:9c:fb:eb:3b:33:be:d4:7c:
                    d5:12:05:45:a6:b7:af:f9:89:65:d9:17:6f:87:f4:
                    27:d5:21:6f:03:96:30:bc:0c:62:66:b9:79:53:29:
                    65:22:4c:25:91:74:af:00:3b:b1:a3:cb:fa:9b:25:
                    ee:46:6b:c9:c9:74:8e:f3:aa:d2:6b:bf:0b:29:ef:
                    cd:c3:6a:70:fa:9f:8a:cf:3b:f2:55:19:30:78:e2:
                    28:91:a0:0f:bf:5f:69:34:8d:d8:59:e0:3e:79:b5:
                    4a:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E4:B2:1F:27:10:05:05:7C:33:E5:6F:99:0D:3A:08:92:1D:E6:D3:5C
            X509v3 Authority Key Identifier:
                keyid:7E:65:C5:8F:A3:43:A1:0C:53:43:50:AB:49:7F:D0:90:CE:EF:BF:BB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91380B5/69463D04CA3D11EC91AC426DC4F9AE02/fmXFj6NDoQxTQ1CrSX_QkM7vv7s.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/fmXFj6NDoQxTQ1CrSX_QkM7vv7s.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91380B5/69463D04CA3D11EC91AC426DC4F9AE02/245B417CADD411EE95FF6C6DC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.180.25.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a2:21:b1:ad:e2:05:7e:b5:3a:66:bb:50:d6:52:29:ae:4c:1e:
         af:e0:20:c9:4a:ae:8b:5e:94:48:59:56:ed:3b:a9:33:45:49:
         15:c7:48:89:f3:77:5e:81:85:5e:e0:b9:84:9d:17:f2:c6:08:
         83:79:49:f5:1d:cd:35:0f:1b:08:b5:e6:dd:e0:3c:70:8e:44:
         7c:ef:0b:e6:65:d3:19:bf:f1:f5:16:77:4b:9a:c2:d3:e4:15:
         4f:e2:3b:57:6f:37:49:11:4e:17:fb:b3:11:1a:71:cc:bc:bc:
         cc:de:b4:43:cb:e8:fe:80:36:73:c8:9f:84:b8:d0:bb:ff:4c:
         e3:9c:42:16:bd:5d:44:33:f4:95:b3:e4:ee:35:0d:f1:ca:6d:
         d3:75:4e:37:35:d2:92:cf:af:63:4d:94:6e:fa:d8:81:cc:d3:
         00:a3:b4:5f:d7:87:08:1e:b2:be:1e:82:68:95:13:51:a1:c5:
         44:fa:00:3f:9b:1d:9e:30:5a:3d:fb:ae:f3:e0:9c:4f:4a:90:
         1e:ce:95:b8:1b:32:06:ea:25:6a:92:da:8b:bf:67:92:e5:a8:
         24:51:57:ee:c7:aa:cc:df:23:d7:a1:8a:3a:fb:87:20:e3:bf:
         50:7f:66:96:e7:70:d8:94:d5:aa:2d:1b:56:ac:45:4c:12:13:
         48:f7:30:ba
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICAj8wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MzgwQjUxMTAvBgNVBAUTKDdFNjVDNThGQTM0M0ExMEM1MzQzNTBBQjQ5N0ZEMDkw
Q0VFRkJGQkIwHhcNMjQwMjAzMDMzNDU5WhcNMjUwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWJkYjQ2My03ZmYxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAmm1QttFvm/HCNvXgIZ6RglIh2wGLjsKIiFbe5K06OFwAslPZShnozfw3YRMw
opk9KPly3hppZoLl/jds5bDAvXHy26hev2OUt/88zrGUMEA1y8WmEmi5siJ5C0V9
o8p70wSsLInHio2KQQS0yoAyP33j89ZmFCmY2jazy/M0RifAEA0EFz+w8wj7B2eq
ZJZqqJep6EchWw/Wmhc4nPvrOzO+1HzVEgVFprev+Yll2Rdvh/Qn1SFvA5YwvAxi
Zrl5UyllIkwlkXSvADuxo8v6myXuRmvJyXSO86rSa78LKe/Nw2pw+p+KzzvyVRkw
eOIokaAPv19pNI3YWeA+ebVKewIDAQABo4IClTCCApEwHQYDVR0OBBYEFOSyHycQ
BQV8M+VvmQ06CJId5tNcMB8GA1UdIwQYMBaAFH5lxY+jQ6EMU0NQq0l/0JDO77+7
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEzODBCNS82OTQ2M0QwNENB
M0QxMUVDOTFBQzQyNkRDNEY5QUUwMi9mbVhGajZORG9ReFRRMUNyU1hfUWtNN3Z2
N3MuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2ZtWEZqNk5Eb1F4VFExQ3JTWF9Ra003dnY3cy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MzgwQjUvNjk0NjNEMDRDQTNEMTFFQzkxQUM0MjZEQzRGOUFFMDIvMjQ1QjQxN0NB
REQ0MTFFRTk1RkY2QzZEQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBABntBkwDQYJKoZIhvcNAQELBQADggEBAKIhsa3iBX61Oma7
UNZSKa5MHq/gIMlKrotelEhZVu07qTNFSRXHSInzd16BhV7guYSdF/LGCIN5SfUd
zTUPGwi15t3gPHCORHzvC+Zl0xm/8fUWd0uawtPkFU/iO1dvN0kRThf7sxEaccy8
vMzetEPL6P6ANnPIn4S40Lv/TOOcQha9XUQz9JWz5O41DfHKbdN1Tjc10pLPr2NN
lG762IHM0wCjtF/Xhwgesr4egmiVE1GhxUT6AD+bHZ4wWj37rvPgnE9KkB7Olbgb
MgbqJWqS2ou/Z5LlqCRRV+7HqszfI9ehijr7hyDjv1B/ZpbncNiU1aotG1asRUwS
E0j3MLo=
-----END CERTIFICATE-----
Generated at Thu Nov 21 03:11:53 2024 by rpki-client on console-fra.rpki-client.org