Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9147CEA/75B59FA49CC311EDBE6D1F70C4F9AE02/D920BF0E9CC511ED9AA6B670C4F9AE02.roa
File:                     D920BF0E9CC511ED9AA6B670C4F9AE02.roa (raw, json)
Hash identifier:          5IPsTSMuG2sWUaETc3jX0CtOu+qbGR9kx8SYM5WqM1s=
Subject key identifier:   54:8B:1E:CF:DA:87:61:6C:45:CE:58:1B:B8:55:1A:EC:22:4D:1B:A4
Certificate issuer:       /CN=A9147CEA/serialNumber=4C66A666783681CA16D8EB540982039933E1D653
Certificate serial:       E2
Authority key identifier: 4C:66:A6:66:78:36:81:CA:16:D8:EB:54:09:82:03:99:33:E1:D6:53
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/TGamZng2gcoW2OtUCYIDmTPh1lM.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9147CEA/75B59FA49CC311EDBE6D1F70C4F9AE02/D920BF0E9CC511ED9AA6B670C4F9AE02.roa
Signing time:             Wed 03 Apr 2024 06:08:42 +0000
ROA not before:           Wed 03 Apr 2024 06:08:42 +0000
ROA not after:            Thu 01 Aug 2024 00:00:00 +0000
asID:                     134824
IP address blocks:        103.71.102.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9147CEA/75B59FA49CC311EDBE6D1F70C4F9AE02/TGamZng2gcoW2OtUCYIDmTPh1lM.crl
                          rsync://rpki.apnic.net/member_repository/A9147CEA/75B59FA49CC311EDBE6D1F70C4F9AE02/TGamZng2gcoW2OtUCYIDmTPh1lM.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/TGamZng2gcoW2OtUCYIDmTPh1lM.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 24 Jun 2024 06:03:16 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 226 (0xe2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9147CEA/serialNumber=4C66A666783681CA16D8EB540982039933E1D653
        Validity
            Not Before: Apr  3 06:08:42 2024 GMT
            Not After : Aug  1 00:00:00 2024 GMT
        Subject: CN=660cf269-7593
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f8:96:56:c1:1d:dc:d6:95:74:c3:c0:5f:d6:60:
                    4e:35:8b:e9:7e:4e:37:ec:2a:0d:d0:35:27:a2:31:
                    00:16:e7:e3:27:fc:2f:66:b1:72:c8:99:96:5a:f7:
                    28:bf:b1:c3:19:01:17:8f:36:a0:d6:95:45:64:23:
                    16:7a:12:e4:19:a7:d2:de:33:76:a0:90:8c:8d:08:
                    0f:a9:b2:c7:88:82:d0:ab:48:f0:68:3a:7b:8b:f2:
                    3f:57:2e:4d:6e:8e:01:bb:30:59:56:69:13:38:3f:
                    44:41:8a:9a:ad:6d:5e:b9:06:f8:63:57:cc:32:d9:
                    83:8f:61:7c:fe:6b:b6:ea:6f:c6:7b:10:39:77:b5:
                    e6:50:fb:28:f2:47:0c:b1:cc:4c:42:b7:dd:86:d7:
                    75:60:3e:d6:ff:10:3b:83:57:d8:c4:57:58:5c:09:
                    d6:57:0b:80:0f:f1:d6:15:25:c8:67:c7:fd:1c:47:
                    de:07:a8:50:0b:8d:ac:4a:2b:35:fc:22:58:c1:c0:
                    84:a7:e4:5a:61:27:0b:d8:46:85:27:10:32:6d:a6:
                    f2:1a:72:3c:78:46:5b:3f:e3:7e:4c:0e:07:ed:03:
                    ad:18:bf:41:3d:34:c3:e8:f7:1f:c9:a7:f1:e5:7f:
                    5c:98:53:db:f7:a6:d3:8f:ae:0d:e9:a9:e8:6c:f1:
                    82:71
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:8B:1E:CF:DA:87:61:6C:45:CE:58:1B:B8:55:1A:EC:22:4D:1B:A4
            X509v3 Authority Key Identifier:
                keyid:4C:66:A6:66:78:36:81:CA:16:D8:EB:54:09:82:03:99:33:E1:D6:53

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9147CEA/75B59FA49CC311EDBE6D1F70C4F9AE02/TGamZng2gcoW2OtUCYIDmTPh1lM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/TGamZng2gcoW2OtUCYIDmTPh1lM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9147CEA/75B59FA49CC311EDBE6D1F70C4F9AE02/D920BF0E9CC511ED9AA6B670C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.71.102.0/23

    Signature Algorithm: sha256WithRSAEncryption
         57:03:f1:09:13:d6:d1:55:15:e8:db:33:76:ee:ed:f9:4d:51:
         b4:23:4c:e5:37:81:e6:52:12:64:bd:19:ce:26:23:cc:27:a7:
         eb:75:7f:e3:6b:00:9c:e5:7d:db:60:85:c3:e1:69:ec:0a:d5:
         72:23:98:4f:09:0f:2b:8a:58:cc:af:3c:12:9e:0c:3d:81:d2:
         30:85:94:c8:7d:73:c0:23:70:0f:f2:e4:4e:0f:4e:48:69:81:
         a5:68:23:20:bd:9d:f4:bf:41:82:d1:16:8f:56:4f:ff:c5:25:
         63:9e:b8:2a:09:96:f4:60:7d:6d:85:ff:cc:4f:51:39:1c:17:
         3c:04:7f:1e:41:95:b4:22:d9:db:1b:e7:1f:5e:c9:c2:a5:dc:
         43:df:46:f7:fa:80:26:a1:e7:ce:cb:92:69:2e:b8:7f:96:30:
         a0:04:fa:b0:a4:77:f6:ae:3d:6a:e2:d1:56:b1:a6:09:01:c9:
         90:d7:86:ad:93:f6:59:10:2f:61:38:72:92:0e:10:2d:49:31:
         6a:cd:4e:b0:7c:ea:9f:dd:3c:80:ca:f3:34:29:23:ff:95:97:
         10:6b:04:12:51:64:ef:67:89:a1:3d:2e:c0:05:16:e8:66:26:
         43:6d:02:d9:f3:f1:19:34:39:10:b4:d8:38:3b:b5:52:9b:c0:
         49:2f:87:b8
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICAOIwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDdDRUExMTAvBgNVBAUTKDRDNjZBNjY2NzgzNjgxQ0ExNkQ4RUI1NDA5ODIwMzk5
MzNFMUQ2NTMwHhcNMjQwNDAzMDYwODQyWhcNMjQwODAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjBjZjI2OS03NTkzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA+JZWwR3c1pV0w8Bf1mBONYvpfk437CoN0DUnojEAFufjJ/wvZrFyyJmWWvco
v7HDGQEXjzag1pVFZCMWehLkGafS3jN2oJCMjQgPqbLHiILQq0jwaDp7i/I/Vy5N
bo4BuzBZVmkTOD9EQYqarW1euQb4Y1fMMtmDj2F8/mu26m/GexA5d7XmUPso8kcM
scxMQrfdhtd1YD7W/xA7g1fYxFdYXAnWVwuAD/HWFSXIZ8f9HEfeB6hQC42sSis1
/CJYwcCEp+RaYScL2EaFJxAybabyGnI8eEZbP+N+TA4H7QOtGL9BPTTD6Pcfyafx
5X9cmFPb96bTj64N6anobPGCcQIDAQABo4IClTCCApEwHQYDVR0OBBYEFFSLHs/a
h2FsRc5YG7hVGuwiTRukMB8GA1UdIwQYMBaAFExmpmZ4NoHKFtjrVAmCA5kz4dZT
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0N0NFQS83NUI1OUZBNDlD
QzMxMUVEQkU2RDFGNzBDNEY5QUUwMi9UR2FtWm5nMmdjb1cyT3RVQ1lJRG1UUGgx
bE0uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1RHYW1abmcyZ2NvVzJPdFVDWUlEbVRQaDFsTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDdDRUEvNzVCNTlGQTQ5Q0MzMTFFREJFNkQxRjcwQzRGOUFFMDIvRDkyMEJGMEU5
Q0M1MTFFRDlBQTZCNjcwQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAFnR2YwDQYJKoZIhvcNAQELBQADggEBAFcD8QkT1tFVFejb
M3bu7flNUbQjTOU3geZSEmS9Gc4mI8wnp+t1f+NrAJzlfdtghcPhaewK1XIjmE8J
DyuKWMyvPBKeDD2B0jCFlMh9c8AjcA/y5E4PTkhpgaVoIyC9nfS/QYLRFo9WT//F
JWOeuCoJlvRgfW2F/8xPUTkcFzwEfx5BlbQi2dsb5x9eycKl3EPfRvf6gCah587L
kmkuuH+WMKAE+rCkd/auPWri0VaxpgkByZDXhq2T9lkQL2E4cpIOEC1JMWrNTrB8
6p/dPIDK8zQpI/+VlxBrBBJRZO9niaE9LsAFFuhmJkNtAtnz8Rk0ORC02Dg7tVKb
wEkvh7g=
-----END CERTIFICATE-----
Generated at Mon Jun 17 07:36:35 2024 by rpki-client on console-fra.rpki-client.org