Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9157450/82D9BA06253611EF9A1CEF23C4F9AE02/B71C4F80253711EFA1D2A943C4F9AE02.roa
File:                     B71C4F80253711EFA1D2A943C4F9AE02.roa (raw, json)
Hash identifier:          s2si+C+JZXQAr64DJhXNsm5gwkwO01DlVqtCowccWVI=
Subject key identifier:   AF:F8:80:00:16:0B:67:4E:AE:35:15:CB:15:79:B1:E8:35:4E:F8:34
Certificate issuer:       /CN=A9157450/serialNumber=81A0CF9CE9AAA990ED1AFE8A830A707874F9AABE
Certificate serial:       02
Authority key identifier: 81:A0:CF:9C:E9:AA:A9:90:ED:1A:FE:8A:83:0A:70:78:74:F9:AA:BE
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gaDPnOmqqZDtGv6KgwpweHT5qr4.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9157450/82D9BA06253611EF9A1CEF23C4F9AE02/B71C4F80253711EFA1D2A943C4F9AE02.roa
Signing time:             Sat 08 Jun 2024 01:37:50 +0000
ROA not before:           Sat 08 Jun 2024 01:37:50 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     45152
IP address blocks:        103.9.56.0/22 maxlen: 22
                          103.9.56.0/24 maxlen: 24
                          103.9.57.0/24 maxlen: 24
                          103.9.58.0/24 maxlen: 24
                          103.9.59.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9157450/82D9BA06253611EF9A1CEF23C4F9AE02/gaDPnOmqqZDtGv6KgwpweHT5qr4.crl
                          rsync://rpki.apnic.net/member_repository/A9157450/82D9BA06253611EF9A1CEF23C4F9AE02/gaDPnOmqqZDtGv6KgwpweHT5qr4.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gaDPnOmqqZDtGv6KgwpweHT5qr4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 30 Nov 2024 02:50:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9157450/serialNumber=81A0CF9CE9AAA990ED1AFE8A830A707874F9AABE
        Validity
            Not Before: Jun  8 01:37:50 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6663b5ed-0286
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:ac:92:6c:3b:00:ca:02:fc:50:bd:0b:ba:04:
                    f1:d9:92:11:57:f2:41:b4:ee:4d:b0:23:66:f9:a3:
                    76:e8:fa:ce:d7:8c:38:2d:a3:a5:6f:f0:95:48:b6:
                    e2:4b:3e:ef:3e:70:f5:06:e7:95:91:ec:95:6d:91:
                    b3:0a:1f:b4:a0:bf:08:a7:73:7d:8c:57:9f:20:26:
                    51:d7:a2:2d:d6:62:65:ed:28:06:7c:42:2e:d9:28:
                    dd:4e:ea:fd:f6:38:e1:7f:d1:8b:47:f0:ac:21:dc:
                    55:d6:e3:55:fb:29:78:b9:41:d3:e8:58:85:3a:0b:
                    29:56:bc:32:86:97:57:6c:d4:89:56:bb:87:69:ed:
                    c7:d0:9e:63:35:bf:40:d9:80:a3:6e:55:c0:d0:e0:
                    88:e1:34:1f:af:52:46:2c:3e:ff:e0:97:53:c2:99:
                    49:df:9c:4b:5b:f1:c2:0f:d4:4b:50:2e:77:10:3f:
                    7b:d1:15:29:59:78:a6:02:b7:ad:68:ce:6d:a1:99:
                    14:f7:56:ab:8c:75:df:7e:ac:2e:56:5c:4a:59:0a:
                    78:6c:fe:51:a9:3b:2e:ab:e9:63:46:4d:c7:38:21:
                    03:52:7a:b9:25:bd:df:98:38:79:69:f6:ad:c2:f2:
                    ee:3a:28:f6:bd:97:e0:8f:9a:e4:b7:00:c5:5b:b1:
                    dd:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AF:F8:80:00:16:0B:67:4E:AE:35:15:CB:15:79:B1:E8:35:4E:F8:34
            X509v3 Authority Key Identifier:
                keyid:81:A0:CF:9C:E9:AA:A9:90:ED:1A:FE:8A:83:0A:70:78:74:F9:AA:BE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9157450/82D9BA06253611EF9A1CEF23C4F9AE02/gaDPnOmqqZDtGv6KgwpweHT5qr4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/gaDPnOmqqZDtGv6KgwpweHT5qr4.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9157450/82D9BA06253611EF9A1CEF23C4F9AE02/B71C4F80253711EFA1D2A943C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.9.56.0/22

    Signature Algorithm: sha256WithRSAEncryption
         56:c8:05:2d:99:a1:aa:7a:88:d8:ad:03:8b:38:8e:71:06:28:
         ba:76:62:b6:99:45:70:7e:58:0b:6a:96:77:98:ca:62:ca:6c:
         ea:41:2a:31:66:37:61:9c:81:7d:de:c5:6e:7c:04:c9:65:5e:
         68:ce:a0:4d:e0:c3:02:cb:c6:3b:19:10:42:bf:e4:32:3d:d1:
         de:6d:97:f9:0e:5d:77:33:51:c3:97:bc:a9:e9:66:8a:2a:71:
         b7:46:8e:8e:ee:0e:bd:9c:72:fd:63:fc:10:04:ee:f5:16:d0:
         c6:f0:d9:96:8e:c7:6c:17:f9:da:a0:c9:86:fc:af:71:e8:69:
         31:78:65:15:2f:03:30:64:21:e9:dc:97:c8:cf:e0:10:19:3d:
         90:08:6b:4e:9b:40:ce:ae:01:b6:cf:cf:e2:e4:ae:e1:17:71:
         9f:d3:14:cc:2a:31:25:76:6f:62:39:d6:90:8f:73:76:db:2e:
         f3:cc:dd:7f:4c:f8:a9:ff:ba:b4:63:ad:88:78:f0:46:06:83:
         56:4f:e9:d3:b2:80:06:e6:79:d6:91:f5:42:b7:3a:61:83:71:
         51:22:5c:8e:7c:72:93:4f:59:c9:46:5e:a0:a5:c3:c2:c8:61:
         8c:19:80:a7:70:3e:70:99:02:4d:8a:26:a6:b2:16:df:db:4c:
         c1:b0:cd:79
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgIBAjANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTE1
NzQ1MDExMC8GA1UEBRMoODFBMENGOUNFOUFBQTk5MEVEMUFGRThBODMwQTcwNzg3
NEY5QUFCRTAeFw0yNDA2MDgwMTM3NTBaFw0yNTA3MDEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY2NjNiNWVkLTAyODYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCdrJJsOwDKAvxQvQu6BPHZkhFX8kG07k2wI2b5o3bo+s7XjDgto6Vv8JVItuJL
Pu8+cPUG55WR7JVtkbMKH7Sgvwinc32MV58gJlHXoi3WYmXtKAZ8Qi7ZKN1O6v32
OOF/0YtH8Kwh3FXW41X7KXi5QdPoWIU6CylWvDKGl1ds1IlWu4dp7cfQnmM1v0DZ
gKNuVcDQ4IjhNB+vUkYsPv/gl1PCmUnfnEtb8cIP1EtQLncQP3vRFSlZeKYCt61o
zm2hmRT3VquMdd9+rC5WXEpZCnhs/lGpOy6r6WNGTcc4IQNSerklvd+YOHlp9q3C
8u46KPa9l+CPmuS3AMVbsd11AgMBAAGjggKVMIICkTAdBgNVHQ4EFgQUr/iAABYL
Z06uNRXLFXmx6DVO+DQwHwYDVR0jBBgwFoAUgaDPnOmqqZDtGv6KgwpweHT5qr4w
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTU3NDUwLzgyRDlCQTA2MjUz
NjExRUY5QTFDRUYyM0M0RjlBRTAyL2dhRFBuT21xcVpEdEd2Nktnd3B3ZUhUNXFy
NC5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvZ2FEUG5PbXFxWkR0R3Y2S2d3cHdlSFQ1cXI0LmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1
NzQ1MC84MkQ5QkEwNjI1MzYxMUVGOUExQ0VGMjNDNEY5QUUwMi9CNzFDNEY4MDI1
MzcxMUVGQTFEMkE5NDNDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEAmcJODANBgkqhkiG9w0BAQsFAAOCAQEAVsgFLZmhqnqI2K0D
iziOcQYounZitplFcH5YC2qWd5jKYsps6kEqMWY3YZyBfd7FbnwEyWVeaM6gTeDD
AsvGOxkQQr/kMj3R3m2X+Q5ddzNRw5e8qelmiipxt0aOju4OvZxy/WP8EATu9RbQ
xvDZlo7HbBf52qDJhvyvcehpMXhlFS8DMGQh6dyXyM/gEBk9kAhrTptAzq4Bts/P
4uSu4Rdxn9MUzCoxJXZvYjnWkI9zdtsu88zdf0z4qf+6tGOtiHjwRgaDVk/p07KA
BuZ51pH1Qrc6YYNxUSJcjnxyk09ZyUZeoKXDwshhjBmAp3A+cJkCTYomprIW39tM
wbDNeQ==
-----END CERTIFICATE-----
Generated at Sat Nov 23 06:13:07 2024 by rpki-client on console-ams.rpki-client.org