Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9148D53/D586F8F0307111EE8546A32FC4F9AE02/208652BA35F911EEB45F8B44C4F9AE02.roa
File:                     208652BA35F911EEB45F8B44C4F9AE02.roa (raw, json)
Hash identifier:          Cr/J89DX0J/gYkR2aXLSBOBKL9tdNAhOwy/XWxTdqKI=
Subject key identifier:   6E:CE:CF:01:86:A4:AB:99:0A:74:FB:37:EE:81:72:BE:52:40:5A:4F
Certificate issuer:       /CN=A9148D53/serialNumber=FDBD4C0D34492F5CEAE4879E4762796E527007EB
Certificate serial:       DF
Authority key identifier: FD:BD:4C:0D:34:49:2F:5C:EA:E4:87:9E:47:62:79:6E:52:70:07:EB
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_b1MDTRJL1zq5IeeR2J5blJwB-s.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9148D53/D586F8F0307111EE8546A32FC4F9AE02/208652BA35F911EEB45F8B44C4F9AE02.roa
Signing time:             Tue 27 Feb 2024 06:39:43 +0000
ROA not before:           Tue 27 Feb 2024 06:39:43 +0000
ROA not after:            Thu 01 May 2025 00:00:00 +0000
asID:                     43519
IP address blocks:        43.230.48.0/24 maxlen: 24
                          43.230.49.0/24 maxlen: 24
                          43.230.50.0/24 maxlen: 24
                          43.230.51.0/24 maxlen: 24
                          103.49.80.0/24 maxlen: 24
                          103.49.81.0/24 maxlen: 24
                          103.49.82.0/24 maxlen: 24
                          103.49.83.0/24 maxlen: 24
                          2401:fd80:101::/48 maxlen: 48
                          2401:fd80:102::/48 maxlen: 48
                          2401:fd80:103::/48 maxlen: 48
                          2401:fd80:104::/48 maxlen: 48
                          2401:fd80:105::/48 maxlen: 48
                          2401:fd80:106::/48 maxlen: 48
                          2401:fd80:107::/48 maxlen: 48
                          2401:fd80:108::/48 maxlen: 48
                          2401:fd80:1fd::/48 maxlen: 48
                          2401:fd80:200::/48 maxlen: 48
                          2401:fd80:2ff::/48 maxlen: 48
                          2401:fd80:400::/48 maxlen: 48
                          2401:fd80:401::/48 maxlen: 48
                          2401:fd80:402::/48 maxlen: 48
                          2401:fd80:403::/48 maxlen: 48
                          2401:fd80:404::/48 maxlen: 48
                          2401:fd80:405::/48 maxlen: 48
                          2401:fd80:406::/48 maxlen: 48
                          2401:fd80:407::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9148D53/D586F8F0307111EE8546A32FC4F9AE02/_b1MDTRJL1zq5IeeR2J5blJwB-s.crl
                          rsync://rpki.apnic.net/member_repository/A9148D53/D586F8F0307111EE8546A32FC4F9AE02/_b1MDTRJL1zq5IeeR2J5blJwB-s.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_b1MDTRJL1zq5IeeR2J5blJwB-s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 16 Jun 2024 02:50:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 223 (0xdf)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9148D53/serialNumber=FDBD4C0D34492F5CEAE4879E4762796E527007EB
        Validity
            Not Before: Feb 27 06:39:43 2024 GMT
            Not After : May  1 00:00:00 2025 GMT
        Subject: CN=65dd83ae-b292
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:db:d8:0a:d4:ef:73:22:3e:3b:ea:1d:e3:2b:69:
                    a7:50:12:e6:58:59:1f:bd:7e:27:e3:78:88:7a:01:
                    03:98:69:21:f2:c3:05:fd:3e:4a:4b:d2:64:fa:ac:
                    4b:86:a9:bf:2c:c9:99:5f:0c:5d:cb:6e:43:a5:1c:
                    5a:23:9e:fb:f7:ea:6f:e0:92:98:71:0f:a6:c1:6a:
                    22:d0:bb:f3:bf:4d:df:cd:37:0c:01:af:6c:2f:fc:
                    e7:85:eb:92:73:c1:6f:96:f7:1f:ff:99:15:2a:f9:
                    33:34:a1:7d:19:59:ca:ab:69:71:63:17:44:60:a7:
                    b6:75:a4:24:24:3b:af:08:08:4b:30:b5:f3:db:a3:
                    ee:ac:ca:e7:72:8c:2d:49:49:ea:50:ef:bf:dd:26:
                    b5:51:f8:3f:fe:5e:df:14:1e:a2:0c:c0:1d:14:e5:
                    52:6e:75:01:9a:a5:8f:1f:30:4d:cf:79:a4:ce:d7:
                    46:87:66:97:91:c8:76:e6:c7:fe:ed:ca:1e:6f:ff:
                    fc:82:a4:87:d7:80:fe:34:60:4e:67:68:58:6e:01:
                    34:64:25:13:9b:77:23:7e:c4:bf:7e:6c:9e:1a:74:
                    03:7e:19:02:d1:ed:16:40:d2:3f:e5:2e:af:10:9f:
                    28:70:35:a0:9a:47:0b:33:7a:d6:26:b5:4a:89:cc:
                    8f:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6E:CE:CF:01:86:A4:AB:99:0A:74:FB:37:EE:81:72:BE:52:40:5A:4F
            X509v3 Authority Key Identifier:
                keyid:FD:BD:4C:0D:34:49:2F:5C:EA:E4:87:9E:47:62:79:6E:52:70:07:EB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9148D53/D586F8F0307111EE8546A32FC4F9AE02/_b1MDTRJL1zq5IeeR2J5blJwB-s.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_b1MDTRJL1zq5IeeR2J5blJwB-s.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9148D53/D586F8F0307111EE8546A32FC4F9AE02/208652BA35F911EEB45F8B44C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.230.48.0/22
                  103.49.80.0/22
                IPv6:
                  2401:fd80:101::-2401:fd80:108:ffff:ffff:ffff:ffff:ffff
                  2401:fd80:1fd::/48
                  2401:fd80:200::/48
                  2401:fd80:2ff::/48
                  2401:fd80:400::/45

    Signature Algorithm: sha256WithRSAEncryption
         7c:ea:78:be:03:9f:06:28:e2:3a:9c:ae:d7:d1:ef:c6:c1:f4:
         55:98:95:f8:35:eb:40:4a:af:04:78:94:ac:23:28:a6:49:0c:
         99:80:ee:cd:01:a0:1c:f8:9e:cb:23:11:4e:fe:73:d7:64:0a:
         f5:5f:77:bb:8c:55:63:6e:ae:2a:72:0e:fa:27:db:89:de:18:
         93:90:3a:d1:52:92:0c:67:78:24:15:1f:b1:27:48:0d:ca:15:
         41:69:85:24:84:6c:c9:86:2e:e8:fc:3f:28:74:50:94:81:fb:
         eb:a9:04:48:a3:4d:f0:fb:4c:bf:2f:f5:fb:78:2a:99:6d:31:
         9f:2e:f9:19:b9:21:36:90:84:93:b1:bb:68:e8:6f:48:b7:15:
         24:f9:3f:c6:0b:39:57:cc:cf:83:f0:3f:6c:03:e1:00:a5:e7:
         03:00:78:20:7c:32:f2:d5:bd:36:62:a3:da:d3:a1:e6:e3:ad:
         d2:e6:70:c9:09:b7:c3:1b:e3:e9:24:cf:90:45:40:70:c0:c5:
         a0:34:d0:af:42:df:62:a6:c8:bf:8e:4f:3f:5e:8e:cc:ed:37:
         bb:47:2f:e0:36:31:f4:c4:55:dd:32:0b:76:96:25:f5:3e:63:
         cf:04:73:4d:32:e7:15:cd:5e:5d:54:35:06:48:f8:ae:a1:81:
         4e:d5:c2:53
-----BEGIN CERTIFICATE-----
MIIFtzCCBJ+gAwIBAgICAN8wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDhENTMxMTAvBgNVBAUTKEZEQkQ0QzBEMzQ0OTJGNUNFQUU0ODc5RTQ3NjI3OTZF
NTI3MDA3RUIwHhcNMjQwMjI3MDYzOTQzWhcNMjUwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWRkODNhZS1iMjkyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA29gK1O9zIj476h3jK2mnUBLmWFkfvX4n43iIegEDmGkh8sMF/T5KS9Jk+qxL
hqm/LMmZXwxdy25DpRxaI5779+pv4JKYcQ+mwWoi0Lvzv03fzTcMAa9sL/znheuS
c8Fvlvcf/5kVKvkzNKF9GVnKq2lxYxdEYKe2daQkJDuvCAhLMLXz26PurMrncowt
SUnqUO+/3Sa1Ufg//l7fFB6iDMAdFOVSbnUBmqWPHzBNz3mkztdGh2aXkch25sf+
7coeb//8gqSH14D+NGBOZ2hYbgE0ZCUTm3cjfsS/fmyeGnQDfhkC0e0WQNI/5S6v
EJ8ocDWgmkcLM3rWJrVKicyPFwIDAQABo4IC2zCCAtcwHQYDVR0OBBYEFG7OzwGG
pKuZCnT7N+6Bcr5SQFpPMB8GA1UdIwQYMBaAFP29TA00SS9c6uSHnkdieW5ScAfr
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0OEQ1My9ENTg2RjhGMDMw
NzExMUVFODU0NkEzMkZDNEY5QUUwMi9fYjFNRFRSSkwxenE1SWVlUjJKNWJsSndC
LXMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL19iMU1EVFJKTDF6cTVJZWVSMko1YmxKd0Itcy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDhENTMvRDU4NkY4RjAzMDcxMTFFRTg1NDZBMzJGQzRGOUFFMDIvMjA4NjUyQkEz
NUY5MTFFRUI0NUY4QjQ0QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwZQYIKwYBBQUHAQcBAf8E
VjBUMBIEAgABMAwDBAIr5jADBAJnMVAwPgQCAAIwODASAwcAJAH9gAEBAwcAJAH9
gAEIAwcAJAH9gAH9AwcAJAH9gAIAAwcAJAH9gAL/AwcDJAH9gAQAMA0GCSqGSIb3
DQEBCwUAA4IBAQB86ni+A58GKOI6nK7X0e/GwfRVmJX4NetASq8EeJSsIyimSQyZ
gO7NAaAc+J7LIxFO/nPXZAr1X3e7jFVjbq4qcg76J9uJ3hiTkDrRUpIMZ3gkFR+x
J0gNyhVBaYUkhGzJhi7o/D8odFCUgfvrqQRIo03w+0y/L/X7eCqZbTGfLvkZuSE2
kISTsbto6G9ItxUk+T/GCzlXzM+D8D9sA+EApecDAHggfDLy1b02YqPa06Hm463S
5nDJCbfDG+PpJM+QRUBwwMWgNNCvQt9ipsi/jk8/Xo7M7Te7Ry/gNjH0xFXdMgt2
liX1PmPPBHNNMucVzV5dVDUGSPiuoYFO1cJT
-----END CERTIFICATE-----
Generated at Sun Jun 9 08:55:04 2024 by rpki-client on console-ams.rpki-client.org