Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9158E8E/04FBB8F0AE0F11ECA0205666C4F9AE02/DDF31C5EC0B211EEBAD8C90CC4F9AE02.roa
File:                     DDF31C5EC0B211EEBAD8C90CC4F9AE02.roa (raw, json)
Hash identifier:          4nJdqfAbv7yNLVKtomee0puKp1DxSseTMZJCnJsI1S4=
Subject key identifier:   22:61:7E:CB:3E:CC:21:2F:9A:2F:FB:B4:B0:E9:B5:80:9F:28:64:4F
Certificate issuer:       /CN=A9158E8E/serialNumber=5F2E5E62932BB50A85FF2F9A5F31B2BADD5F34AC
Certificate serial:       02A9
Authority key identifier: 5F:2E:5E:62:93:2B:B5:0A:85:FF:2F:9A:5F:31:B2:BA:DD:5F:34:AC
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Xy5eYpMrtQqF_y-aXzGyut1fNKw.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9158E8E/04FBB8F0AE0F11ECA0205666C4F9AE02/DDF31C5EC0B211EEBAD8C90CC4F9AE02.roa
Signing time:             Thu 29 Feb 2024 03:25:55 +0000
ROA not before:           Thu 29 Feb 2024 03:25:55 +0000
ROA not after:            Sun 02 Mar 2025 00:00:00 +0000
asID:                     141431
IP address blocks:        103.159.78.0/24 maxlen: 24
                          103.159.79.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9158E8E/04FBB8F0AE0F11ECA0205666C4F9AE02/Xy5eYpMrtQqF_y-aXzGyut1fNKw.crl
                          rsync://rpki.apnic.net/member_repository/A9158E8E/04FBB8F0AE0F11ECA0205666C4F9AE02/Xy5eYpMrtQqF_y-aXzGyut1fNKw.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Xy5eYpMrtQqF_y-aXzGyut1fNKw.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 29 Nov 2024 20:43:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 681 (0x2a9)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9158E8E/serialNumber=5F2E5E62932BB50A85FF2F9A5F31B2BADD5F34AC
        Validity
            Not Before: Feb 29 03:25:55 2024 GMT
            Not After : Mar  2 00:00:00 2025 GMT
        Subject: CN=65dff943-5cad
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:3d:dc:ef:06:ca:77:68:a5:2b:04:77:c9:97:
                    b4:c8:38:69:6f:db:56:5c:80:2b:de:47:89:b7:c3:
                    fe:11:f8:eb:43:57:dd:c4:6c:79:f8:b3:5e:93:ce:
                    76:11:52:c9:7b:b2:6e:64:9a:04:73:c0:54:94:a4:
                    42:f3:10:34:c6:98:38:23:86:13:26:0a:c6:8c:6e:
                    4c:74:93:d2:3c:14:49:ca:b8:15:e0:48:67:7f:45:
                    69:df:31:6b:ce:70:48:89:3e:ed:9b:17:93:f2:34:
                    f1:23:95:d4:ef:16:49:6f:89:bf:7d:70:95:bf:63:
                    43:73:cd:a8:8b:28:93:28:cd:02:90:eb:8d:2b:03:
                    95:18:39:4e:43:5e:4e:74:6f:49:f9:29:9c:71:1c:
                    f9:0e:a1:75:9d:4a:4a:82:d3:48:09:52:09:74:3c:
                    22:72:4b:8a:13:1c:55:c6:d5:ae:49:f2:5e:e7:37:
                    2d:6e:e7:a6:90:d3:99:be:b3:98:63:04:92:5d:2d:
                    34:98:e1:96:8d:0b:52:e8:7e:4e:9e:a4:8e:c9:cb:
                    4c:c8:ce:01:f8:6f:02:37:42:39:68:f6:3f:e6:c2:
                    96:b2:00:bf:75:9d:f5:11:10:ac:e7:4d:61:1a:36:
                    2e:31:3c:6c:a8:e8:53:c3:d6:a2:b0:0f:66:c6:ca:
                    90:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:61:7E:CB:3E:CC:21:2F:9A:2F:FB:B4:B0:E9:B5:80:9F:28:64:4F
            X509v3 Authority Key Identifier:
                keyid:5F:2E:5E:62:93:2B:B5:0A:85:FF:2F:9A:5F:31:B2:BA:DD:5F:34:AC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9158E8E/04FBB8F0AE0F11ECA0205666C4F9AE02/Xy5eYpMrtQqF_y-aXzGyut1fNKw.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Xy5eYpMrtQqF_y-aXzGyut1fNKw.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9158E8E/04FBB8F0AE0F11ECA0205666C4F9AE02/DDF31C5EC0B211EEBAD8C90CC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.159.78.0/23

    Signature Algorithm: sha256WithRSAEncryption
         81:c6:e4:b9:a8:96:09:c8:5b:d7:4d:be:22:77:ca:a9:e9:b5:
         7b:a8:2c:51:c0:d4:f7:6d:30:56:1d:69:54:86:86:85:fa:b1:
         69:19:67:43:5e:a0:d0:9d:9d:3c:24:44:c3:f4:9f:64:dd:b9:
         5a:77:9f:45:c3:6f:a3:7c:53:73:3c:ba:eb:c1:43:a8:39:ef:
         41:2c:11:be:ba:d0:5f:a9:f7:86:a8:4f:ff:2b:71:35:08:ab:
         21:48:83:cd:11:ae:50:9a:86:97:fc:b6:93:51:6f:08:41:b5:
         f4:1b:a7:d5:31:ac:6a:a4:dd:a7:c1:ef:75:f4:90:10:90:13:
         82:a6:80:5a:3f:12:38:90:a6:e8:15:f1:a8:4d:f2:31:a3:21:
         13:bd:26:68:ee:d2:91:42:c1:e9:9c:2d:c6:61:e3:ed:60:5a:
         82:61:df:0d:52:d0:67:6a:82:66:d7:48:c0:0b:60:2e:47:fe:
         70:28:92:f3:29:fd:40:83:99:10:aa:a4:5f:62:31:4d:47:9a:
         74:e2:13:a6:1a:26:8b:8c:e7:05:90:fc:03:8a:31:c7:69:42:
         3e:f7:d7:d1:44:41:8f:bf:d4:5d:e2:b6:4b:e2:e4:87:4d:5e:
         57:ea:66:68:34:94:1f:40:07:03:d4:0b:ec:e2:97:4b:f9:1d:
         f3:51:59:76
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICAqkwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NThFOEUxMTAvBgNVBAUTKDVGMkU1RTYyOTMyQkI1MEE4NUZGMkY5QTVGMzFCMkJB
REQ1RjM0QUMwHhcNMjQwMjI5MDMyNTU1WhcNMjUwMzAyMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWRmZjk0My01Y2FkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA5T3c7wbKd2ilKwR3yZe0yDhpb9tWXIAr3keJt8P+EfjrQ1fdxGx5+LNek852
EVLJe7JuZJoEc8BUlKRC8xA0xpg4I4YTJgrGjG5MdJPSPBRJyrgV4Ehnf0Vp3zFr
znBIiT7tmxeT8jTxI5XU7xZJb4m/fXCVv2NDc82oiyiTKM0CkOuNKwOVGDlOQ15O
dG9J+SmccRz5DqF1nUpKgtNICVIJdDwickuKExxVxtWuSfJe5zctbuemkNOZvrOY
YwSSXS00mOGWjQtS6H5OnqSOyctMyM4B+G8CN0I5aPY/5sKWsgC/dZ31ERCs501h
GjYuMTxsqOhTw9aisA9mxsqQMQIDAQABo4IClTCCApEwHQYDVR0OBBYEFCJhfss+
zCEvmi/7tLDptYCfKGRPMB8GA1UdIwQYMBaAFF8uXmKTK7UKhf8vml8xsrrdXzSs
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1OEU4RS8wNEZCQjhGMEFF
MEYxMUVDQTAyMDU2NjZDNEY5QUUwMi9YeTVlWXBNcnRRcUZfeS1hWHpHeXV0MWZO
S3cuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1h5NWVZcE1ydFFxRl95LWFYekd5dXQxZk5Ldy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NThFOEUvMDRGQkI4RjBBRTBGMTFFQ0EwMjA1NjY2QzRGOUFFMDIvRERGMzFDNUVD
MEIyMTFFRUJBRDhDOTBDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAFnn04wDQYJKoZIhvcNAQELBQADggEBAIHG5LmolgnIW9dN
viJ3yqnptXuoLFHA1PdtMFYdaVSGhoX6sWkZZ0NeoNCdnTwkRMP0n2TduVp3n0XD
b6N8U3M8uuvBQ6g570EsEb660F+p94aoT/8rcTUIqyFIg80RrlCahpf8tpNRbwhB
tfQbp9UxrGqk3afB73X0kBCQE4KmgFo/EjiQpugV8ahN8jGjIRO9Jmju0pFCwemc
LcZh4+1gWoJh3w1S0GdqgmbXSMALYC5H/nAokvMp/UCDmRCqpF9iMU1HmnTiE6Ya
JouM5wWQ/AOKMcdpQj7319FEQY+/1F3itkvi5IdNXlfqZmg0lB9ABwPUC+zil0v5
HfNRWXY=
-----END CERTIFICATE-----
Generated at Sat Nov 23 02:33:37 2024 by rpki-client on console-fra.rpki-client.org