Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A914BAE3/2AEB073E674211EAB01EAC69C4F9AE02/986F1F9AD64711ECA2924B5FC4F9AE02.roa
File:                     986F1F9AD64711ECA2924B5FC4F9AE02.roa (raw, json)
Hash identifier:          Wyd164MPhU473t/AoUISBoO4Aw8E8UOj0zKD275MPkw=
Subject key identifier:   7D:8A:5A:99:03:38:77:33:A7:04:94:73:A4:CF:73:D4:CF:09:09:86
Certificate issuer:       /CN=A914BAE3/serialNumber=8F2BEFD558130824E01EBA15AF89ED5DDC9EB61A
Certificate serial:       0999
Authority key identifier: 8F:2B:EF:D5:58:13:08:24:E0:1E:BA:15:AF:89:ED:5D:DC:9E:B6:1A
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/jyvv1VgTCCTgHroVr4ntXdyetho.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A914BAE3/2AEB073E674211EAB01EAC69C4F9AE02/986F1F9AD64711ECA2924B5FC4F9AE02.roa
Signing time:             Tue 28 May 2024 21:31:08 +0000
ROA not before:           Tue 28 May 2024 21:31:08 +0000
ROA not after:            Wed 30 Jul 2025 00:00:00 +0000
asID:                     58713
IP address blocks:        103.114.145.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A914BAE3/2AEB073E674211EAB01EAC69C4F9AE02/jyvv1VgTCCTgHroVr4ntXdyetho.crl
                          rsync://rpki.apnic.net/member_repository/A914BAE3/2AEB073E674211EAB01EAC69C4F9AE02/jyvv1VgTCCTgHroVr4ntXdyetho.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/jyvv1VgTCCTgHroVr4ntXdyetho.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 29 Nov 2024 19:39:39 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2457 (0x999)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A914BAE3/serialNumber=8F2BEFD558130824E01EBA15AF89ED5DDC9EB61A
        Validity
            Not Before: May 28 21:31:08 2024 GMT
            Not After : Jul 30 00:00:00 2025 GMT
        Subject: CN=66564d1b-ea0e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:fe:7a:69:c4:9d:27:d7:fa:78:83:24:03:bf:
                    02:c3:f2:69:0c:3f:1e:9a:e1:82:a5:2f:09:32:03:
                    8e:fc:12:73:bc:ef:e1:95:43:6c:71:d6:b1:b0:a2:
                    42:6b:d6:91:8a:f3:8c:4e:bc:b7:cb:91:da:44:72:
                    60:de:ad:95:e7:2a:6d:26:af:26:49:e2:a5:3b:e7:
                    b1:1c:fb:02:56:da:9b:98:c9:19:cd:ab:21:2d:77:
                    0a:6f:cf:91:92:e3:4b:35:2e:11:01:a8:e1:54:8e:
                    60:c5:cd:c9:fd:01:5e:fe:c5:10:61:9a:6f:06:08:
                    d4:b0:d0:b8:d1:54:d7:25:b8:42:5d:ab:92:83:49:
                    cb:5a:26:68:1d:79:10:eb:e9:80:d3:45:09:2d:e0:
                    a4:09:ae:85:a7:2d:4f:32:79:1b:c8:30:a5:37:4a:
                    59:dc:eb:92:d9:a7:66:e2:18:69:f3:4a:4a:9c:fd:
                    74:4f:34:0a:1c:a7:fe:84:b8:ef:d4:b4:c8:f1:e8:
                    62:ec:bf:c9:d9:c6:11:09:0f:35:a1:63:3a:8f:cc:
                    e9:b5:4a:d2:bf:c4:35:89:16:06:a3:b2:53:40:8c:
                    62:e3:55:c3:fa:74:5a:77:44:cb:55:4f:93:9d:59:
                    f8:b4:d9:85:76:6b:37:16:b6:3d:9e:50:8c:34:bf:
                    f6:19
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7D:8A:5A:99:03:38:77:33:A7:04:94:73:A4:CF:73:D4:CF:09:09:86
            X509v3 Authority Key Identifier:
                keyid:8F:2B:EF:D5:58:13:08:24:E0:1E:BA:15:AF:89:ED:5D:DC:9E:B6:1A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A914BAE3/2AEB073E674211EAB01EAC69C4F9AE02/jyvv1VgTCCTgHroVr4ntXdyetho.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/jyvv1VgTCCTgHroVr4ntXdyetho.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A914BAE3/2AEB073E674211EAB01EAC69C4F9AE02/986F1F9AD64711ECA2924B5FC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.114.145.0/24

    Signature Algorithm: sha256WithRSAEncryption
         78:06:96:ea:05:a6:5c:28:b5:66:08:78:a2:fa:d2:86:c9:db:
         ac:d1:64:b6:ae:a5:d9:6d:6b:bd:f9:f4:71:c5:d5:a9:1e:2c:
         0b:d8:bd:dc:fc:7e:a2:4e:43:7a:da:4f:9d:b7:aa:6b:0e:6d:
         ec:fa:ef:ad:bb:92:ee:9c:b8:0e:5c:76:cc:2d:0d:23:c8:ac:
         16:65:de:a0:a6:51:f2:5f:7a:08:d5:9f:de:ea:fd:d8:83:bb:
         cc:0a:83:f1:55:7b:7f:48:8d:8e:e1:48:2a:24:ab:c7:13:4b:
         a9:ee:79:37:1a:b9:22:3d:f5:17:2e:f5:43:7a:f9:60:87:98:
         af:e4:8f:02:58:38:07:cc:40:bc:04:77:20:d6:94:f0:02:31:
         42:69:ba:e4:76:0a:6d:e5:d4:3e:37:95:52:d2:3c:fc:90:36:
         1e:b2:e1:36:0d:16:0e:4e:5d:0b:c4:d2:9f:f3:67:a2:40:5c:
         cb:9f:9d:31:65:da:01:eb:04:6b:3a:40:c2:d2:ad:fd:8e:cf:
         7e:c4:1c:70:7e:b5:4c:47:49:74:eb:fd:20:33:83:cc:9b:7f:
         8b:2b:4b:ee:00:04:ed:c6:ff:89:47:71:06:86:d4:c6:40:3d:
         b0:6d:92:fc:54:3e:38:a7:9e:a8:2f:9b:8e:be:b8:ba:cb:fe:
         56:8d:4b:fa
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICCZkwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NEJBRTMxMTAvBgNVBAUTKDhGMkJFRkQ1NTgxMzA4MjRFMDFFQkExNUFGODlFRDVE
REM5RUI2MUEwHhcNMjQwNTI4MjEzMTA4WhcNMjUwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjU2NGQxYi1lYTBlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEArv56acSdJ9f6eIMkA78Cw/JpDD8emuGCpS8JMgOO/BJzvO/hlUNscdaxsKJC
a9aRivOMTry3y5HaRHJg3q2V5yptJq8mSeKlO+exHPsCVtqbmMkZzashLXcKb8+R
kuNLNS4RAajhVI5gxc3J/QFe/sUQYZpvBgjUsNC40VTXJbhCXauSg0nLWiZoHXkQ
6+mA00UJLeCkCa6Fpy1PMnkbyDClN0pZ3OuS2adm4hhp80pKnP10TzQKHKf+hLjv
1LTI8ehi7L/J2cYRCQ81oWM6j8zptUrSv8Q1iRYGo7JTQIxi41XD+nRad0TLVU+T
nVn4tNmFdms3FrY9nlCMNL/2GQIDAQABo4IClTCCApEwHQYDVR0OBBYEFH2KWpkD
OHczpwSUc6TPc9TPCQmGMB8GA1UdIwQYMBaAFI8r79VYEwgk4B66Fa+J7V3cnrYa
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0QkFFMy8yQUVCMDczRTY3
NDIxMUVBQjAxRUFDNjlDNEY5QUUwMi9qeXZ2MVZnVENDVGdIcm9WcjRudFhkeWV0
aG8uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2p5dnYxVmdUQ0NUZ0hyb1ZyNG50WGR5ZXRoby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NEJBRTMvMkFFQjA3M0U2NzQyMTFFQUIwMUVBQzY5QzRGOUFFMDIvOTg2RjFGOUFE
NjQ3MTFFQ0EyOTI0QjVGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBABncpEwDQYJKoZIhvcNAQELBQADggEBAHgGluoFplwotWYI
eKL60obJ26zRZLaupdlta7359HHF1akeLAvYvdz8fqJOQ3raT523qmsObez67627
ku6cuA5cdswtDSPIrBZl3qCmUfJfegjVn97q/diDu8wKg/FVe39IjY7hSCokq8cT
S6nueTcauSI99Rcu9UN6+WCHmK/kjwJYOAfMQLwEdyDWlPACMUJpuuR2Cm3l1D43
lVLSPPyQNh6y4TYNFg5OXQvE0p/zZ6JAXMufnTFl2gHrBGs6QMLSrf2Oz37EHHB+
tUxHSXTr/SAzg8ybf4srS+4ABO3G/4lHcQaG1MZAPbBtkvxUPjinnqgvm46+uLrL
/laNS/o=
-----END CERTIFICATE-----
Generated at Fri Nov 22 21:05:28 2024 by rpki-client on console-fra.rpki-client.org