Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9140D69/0E177D5A058C11EDADD66011C4F9AE02/8531045E0D5411ED8208604DC4F9AE02.roa
File:                     8531045E0D5411ED8208604DC4F9AE02.roa (raw, json)
Hash identifier:          8TG2wuR4MI26GcPAPwfGrAtGwHRmhMD3YNEU3wAuQMU=
Subject key identifier:   47:75:26:E0:CE:CC:9E:ED:79:2F:52:53:D3:6B:12:3E:CF:B9:7B:5A
Certificate issuer:       /CN=A9140D69/serialNumber=103FA8BDFFFB9F0557072C47332B81A9E80EDD35
Certificate serial:       0163
Authority key identifier: 10:3F:A8:BD:FF:FB:9F:05:57:07:2C:47:33:2B:81:A9:E8:0E:DD:35
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ED-ovf_7nwVXByxHMyuBqegO3TU.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9140D69/0E177D5A058C11EDADD66011C4F9AE02/8531045E0D5411ED8208604DC4F9AE02.roa
Signing time:             Sat 30 Sep 2023 14:39:14 +0000
ROA not before:           Sat 30 Sep 2023 14:39:14 +0000
ROA not after:            Thu 31 Oct 2024 00:00:00 +0000
asID:                     132422
IP address blocks:        103.237.100.0/24 maxlen: 24
                          103.237.101.0/24 maxlen: 24
                          103.237.103.0/24 maxlen: 24
                          163.53.244.0/24 maxlen: 24
                          163.53.245.0/24 maxlen: 24
                          163.53.247.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9140D69/0E177D5A058C11EDADD66011C4F9AE02/ED-ovf_7nwVXByxHMyuBqegO3TU.crl
                          rsync://rpki.apnic.net/member_repository/A9140D69/0E177D5A058C11EDADD66011C4F9AE02/ED-ovf_7nwVXByxHMyuBqegO3TU.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ED-ovf_7nwVXByxHMyuBqegO3TU.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 03 Apr 2024 03:29:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 355 (0x163)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9140D69/serialNumber=103FA8BDFFFB9F0557072C47332B81A9E80EDD35
        Validity
            Not Before: Sep 30 14:39:14 2023 GMT
            Not After : Oct 31 00:00:00 2024 GMT
        Subject: CN=65183312-d5ba
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:e5:7b:fc:78:9b:df:80:c4:70:16:6f:7a:aa:
                    b7:62:46:ee:58:29:3d:2b:6c:b7:c2:09:09:c2:5c:
                    c0:45:9a:a6:07:87:cc:dd:25:1f:0e:3c:56:fb:69:
                    01:3e:34:64:35:07:4d:26:ec:2b:ca:b9:3e:df:b5:
                    3f:4a:6c:e2:b9:95:9e:d4:4c:23:63:7a:03:22:22:
                    a7:80:9d:18:02:3b:a0:0a:a3:96:f3:0e:f7:d3:45:
                    2f:69:d1:7d:12:e1:04:78:dd:b5:24:9e:c4:c8:38:
                    56:2a:91:13:f6:ef:c5:d1:83:80:ad:eb:e8:c7:62:
                    98:5a:2a:5f:d7:a4:8d:78:96:22:cb:f7:6a:2e:83:
                    0c:f0:2e:10:a3:a5:01:8f:69:43:4d:7b:f7:cb:81:
                    5d:89:21:25:c8:4f:37:b4:f4:83:4a:a0:22:b5:11:
                    2e:b5:5c:7a:6d:ed:5e:38:a5:fc:e9:e3:b2:12:83:
                    02:30:58:27:27:cf:db:e1:1d:7d:74:4e:ac:66:42:
                    23:9e:fa:d2:6e:e6:f3:98:9d:34:51:f3:34:fa:3c:
                    62:7b:97:c8:97:15:8e:46:4a:e1:a3:ea:be:5b:0e:
                    5b:a6:9a:59:8d:ea:d7:30:fa:ba:68:70:5d:7f:cf:
                    92:0f:29:d9:c4:e9:eb:69:f6:03:ea:05:f1:83:71:
                    46:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:75:26:E0:CE:CC:9E:ED:79:2F:52:53:D3:6B:12:3E:CF:B9:7B:5A
            X509v3 Authority Key Identifier:
                keyid:10:3F:A8:BD:FF:FB:9F:05:57:07:2C:47:33:2B:81:A9:E8:0E:DD:35

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9140D69/0E177D5A058C11EDADD66011C4F9AE02/ED-ovf_7nwVXByxHMyuBqegO3TU.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ED-ovf_7nwVXByxHMyuBqegO3TU.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9140D69/0E177D5A058C11EDADD66011C4F9AE02/8531045E0D5411ED8208604DC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.237.100.0/23
                  103.237.103.0/24
                  163.53.244.0/23
                  163.53.247.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6c:cf:a1:69:50:e7:88:fd:59:01:15:33:81:d3:81:a8:10:49:
         4e:f8:11:40:6c:72:1b:6d:f3:84:96:25:10:27:1c:ac:f7:92:
         ff:42:19:f8:a8:9b:ca:a3:41:15:75:fe:cb:d0:dd:0f:96:a3:
         e1:ae:91:22:5d:47:8d:e1:69:c4:0a:79:b5:2a:ed:1a:cf:c6:
         bc:29:cd:72:49:ed:1e:53:4e:cc:9e:de:07:22:f4:70:c0:e6:
         29:71:9d:8a:e4:72:aa:ef:e1:de:b6:e9:a9:4a:cc:0f:d4:df:
         8f:8f:7e:17:45:55:b3:fa:f5:d7:4d:f2:08:1d:d8:44:1f:0b:
         a9:3f:85:3f:b0:19:65:34:66:ca:32:54:5a:ec:aa:ff:54:b5:
         1c:9c:71:20:22:c2:46:68:c5:c6:6f:fd:ed:a2:24:33:31:80:
         13:59:f7:e2:4b:d4:27:36:9b:d8:61:9b:cd:21:25:db:81:4d:
         f7:99:71:de:11:aa:09:67:00:01:cf:dd:89:b5:d6:73:30:c8:
         4a:ef:f5:af:24:3e:fb:c3:4d:34:3f:c8:80:78:56:d4:76:75:
         0a:1d:ac:1c:17:7e:86:94:02:62:fd:f4:bc:ca:2a:72:86:9d:
         81:e8:78:bd:11:6c:de:d0:d8:8b:e7:5f:39:81:15:7d:b2:c8:
         c8:68:d5:21
-----BEGIN CERTIFICATE-----
MIIFgzCCBGugAwIBAgICAWMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDBENjkxMTAvBgNVBAUTKDEwM0ZBOEJERkZGQjlGMDU1NzA3MkM0NzMzMkI4MUE5
RTgwRUREMzUwHhcNMjMwOTMwMTQzOTE0WhcNMjQxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTE4MzMxMi1kNWJhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAr+V7/Hib34DEcBZveqq3YkbuWCk9K2y3wgkJwlzARZqmB4fM3SUfDjxW+2kB
PjRkNQdNJuwryrk+37U/SmziuZWe1EwjY3oDIiKngJ0YAjugCqOW8w7300UvadF9
EuEEeN21JJ7EyDhWKpET9u/F0YOArevox2KYWipf16SNeJYiy/dqLoMM8C4Qo6UB
j2lDTXv3y4FdiSElyE83tPSDSqAitREutVx6be1eOKX86eOyEoMCMFgnJ8/b4R19
dE6sZkIjnvrSbubzmJ00UfM0+jxie5fIlxWORkrho+q+Ww5bpppZjerXMPq6aHBd
f8+SDynZxOnrafYD6gXxg3FGGQIDAQABo4ICpzCCAqMwHQYDVR0OBBYEFEd1JuDO
zJ7teS9SU9NrEj7PuXtaMB8GA1UdIwQYMBaAFBA/qL3/+58FVwcsRzMrganoDt01
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0MEQ2OS8wRTE3N0Q1QTA1
OEMxMUVEQURENjYwMTFDNEY5QUUwMi9FRC1vdmZfN253VlhCeXhITXl1QnFlZ08z
VFUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0VELW92Zl83bndWWEJ5eEhNeXVCcWVnTzNUVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDBENjkvMEUxNzdENUEwNThDMTFFREFERDY2MDExQzRGOUFFMDIvODUzMTA0NUUw
RDU0MTFFRDgyMDg2MDREQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMQYIKwYBBQUHAQcBAf8E
IjAgMB4EAgABMBgDBAFn7WQDBABn7WcDBAGjNfQDBACjNfcwDQYJKoZIhvcNAQEL
BQADggEBAGzPoWlQ54j9WQEVM4HTgagQSU74EUBschtt84SWJRAnHKz3kv9CGfio
m8qjQRV1/svQ3Q+Wo+GukSJdR43hacQKebUq7RrPxrwpzXJJ7R5TTsye3gci9HDA
5ilxnYrkcqrv4d626alKzA/U34+PfhdFVbP69ddN8ggd2EQfC6k/hT+wGWU0Zsoy
VFrsqv9UtRyccSAiwkZoxcZv/e2iJDMxgBNZ9+JL1Cc2m9hhm80hJduBTfeZcd4R
qglnAAHP3Ym11nMwyErv9a8kPvvDTTQ/yIB4VtR2dQodrBwXfoaUAmL99LzKKnKG
nYHoeL0RbN7Q2IvnXzmBFX2yyMho1SE=
-----END CERTIFICATE-----
Generated at Wed Mar 27 05:24:16 2024 by rpki-client on console-fra.rpki-client.org