Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A915DAF1/0B2B90A42D7511EB936E3458C4F9AE02/84F992E67BB911EFA4CC334CC4F9AE02.roa
File:                     84F992E67BB911EFA4CC334CC4F9AE02.roa (raw, json)
Hash identifier:          T0OC8vypxp+M/dpkk0NI0MWGhyVp/WAt7EuiDP3XP6E=
Subject key identifier:   D9:25:57:25:81:F0:F4:3E:C2:1F:13:8D:5A:A8:04:F4:80:60:90:A4
Certificate issuer:       /CN=A915DAF1/serialNumber=BB9F42CFCE388EDC4B29EA65DEB6162B256D2102
Certificate serial:       06C8
Authority key identifier: BB:9F:42:CF:CE:38:8E:DC:4B:29:EA:65:DE:B6:16:2B:25:6D:21:02
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/u59Cz844jtxLKepl3rYWKyVtIQI.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A915DAF1/0B2B90A42D7511EB936E3458C4F9AE02/84F992E67BB911EFA4CC334CC4F9AE02.roa
Signing time:             Thu 26 Sep 2024 03:44:25 +0000
ROA not before:           Thu 26 Sep 2024 03:44:25 +0000
ROA not after:            Wed 28 May 2025 00:00:00 +0000
asID:                     18186
IP address blocks:        103.148.186.0/24 maxlen: 24
                          103.148.187.0/24 maxlen: 24
                          2001:df2:e380::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A915DAF1/0B2B90A42D7511EB936E3458C4F9AE02/u59Cz844jtxLKepl3rYWKyVtIQI.crl
                          rsync://rpki.apnic.net/member_repository/A915DAF1/0B2B90A42D7511EB936E3458C4F9AE02/u59Cz844jtxLKepl3rYWKyVtIQI.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/u59Cz844jtxLKepl3rYWKyVtIQI.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 27 Nov 2024 20:33:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1736 (0x6c8)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A915DAF1/serialNumber=BB9F42CFCE388EDC4B29EA65DEB6162B256D2102
        Validity
            Not Before: Sep 26 03:44:25 2024 GMT
            Not After : May 28 00:00:00 2025 GMT
        Subject: CN=66f4d898-103b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:d3:37:ed:94:31:e1:91:23:a1:25:fe:38:d2:
                    2e:53:cb:f3:4c:03:cb:db:60:56:4c:48:dc:a8:53:
                    09:63:65:61:f0:e8:15:bb:e4:4f:a4:e2:40:49:83:
                    56:56:9c:2b:13:8e:12:db:71:af:4b:be:76:bd:36:
                    5f:0b:70:6a:dc:ad:a8:c8:64:96:0c:3d:e3:f0:00:
                    b5:db:7f:01:56:a0:c1:52:7e:ff:d1:52:3f:41:d2:
                    41:0a:04:06:40:ae:75:a3:92:7a:8a:d5:bf:ac:18:
                    9b:2d:e5:40:c3:af:1c:55:1a:eb:30:20:c7:a7:76:
                    1f:f1:9a:b2:d6:6f:1a:e7:cb:0b:73:a0:69:e7:25:
                    dd:71:dd:6a:3d:e9:6f:70:ab:a9:4d:68:b9:4f:b8:
                    fe:98:e4:d4:a6:4e:13:c4:8f:19:dd:85:3d:16:30:
                    2f:e3:27:7f:2e:b6:bb:58:f8:bd:85:53:4e:d6:9d:
                    ae:52:f6:2b:1e:46:fd:44:92:9a:b4:d4:18:7d:af:
                    0f:09:f9:58:15:f5:50:fb:73:fc:f8:86:11:ac:8f:
                    89:5d:a1:30:2e:a4:42:e2:0d:1f:28:88:8b:cf:18:
                    9c:58:a3:33:1d:3c:9f:76:85:87:25:b5:31:53:1d:
                    86:dd:e6:d5:14:d6:f4:ce:48:7d:07:46:52:dd:73:
                    78:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:25:57:25:81:F0:F4:3E:C2:1F:13:8D:5A:A8:04:F4:80:60:90:A4
            X509v3 Authority Key Identifier:
                keyid:BB:9F:42:CF:CE:38:8E:DC:4B:29:EA:65:DE:B6:16:2B:25:6D:21:02

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A915DAF1/0B2B90A42D7511EB936E3458C4F9AE02/u59Cz844jtxLKepl3rYWKyVtIQI.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/u59Cz844jtxLKepl3rYWKyVtIQI.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A915DAF1/0B2B90A42D7511EB936E3458C4F9AE02/84F992E67BB911EFA4CC334CC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.148.186.0/23
                IPv6:
                  2001:df2:e380::/48

    Signature Algorithm: sha256WithRSAEncryption
         1f:f7:c1:4a:4d:8e:a0:49:08:08:19:2f:bf:ad:be:fa:cf:d9:
         1d:aa:28:6d:14:c9:bf:e7:c1:ff:0e:76:0e:23:99:c6:d9:90:
         52:17:6d:01:f7:ba:9a:c9:9b:51:aa:d8:71:46:d6:13:90:4b:
         aa:23:a4:5f:68:a2:cd:11:9e:23:85:eb:64:ea:0e:ca:33:78:
         2c:79:8b:3b:7d:8e:49:21:65:54:f4:66:aa:7b:fa:b0:6d:df:
         a0:71:b1:77:74:e2:fb:e1:fe:ac:f4:e7:9e:c0:f2:f1:a2:25:
         88:04:89:4f:fa:e3:e0:9d:4e:a0:1a:0f:ec:af:85:3b:d2:4f:
         dc:6b:1d:47:e3:51:90:c8:15:25:2f:d3:05:44:1c:96:93:8b:
         d7:99:9a:c5:02:7b:43:a6:5b:d8:b5:09:3e:cd:15:a9:4e:0b:
         9f:6c:c7:41:23:d1:9d:03:72:3c:07:1a:9f:96:9b:10:ca:64:
         3e:5f:23:0d:ca:75:59:15:96:f7:bd:d7:21:a9:b1:3c:76:dc:
         e5:75:4e:03:f5:f1:8e:e0:ca:4a:d6:3d:21:41:09:02:51:f6:
         b9:e6:6b:58:65:c4:f3:be:3e:b4:54:30:1e:e4:aa:62:0e:a0:
         ee:64:24:9a:74:88:88:3a:66:8d:d8:01:ba:83:27:69:69:d8:
         96:3c:5f:81
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICBsgwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NURBRjExMTAvBgNVBAUTKEJCOUY0MkNGQ0UzODhFREM0QjI5RUE2NURFQjYxNjJC
MjU2RDIxMDIwHhcNMjQwOTI2MDM0NDI1WhcNMjUwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02NmY0ZDg5OC0xMDNiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA39M37ZQx4ZEjoSX+ONIuU8vzTAPL22BWTEjcqFMJY2Vh8OgVu+RPpOJASYNW
VpwrE44S23GvS752vTZfC3Bq3K2oyGSWDD3j8AC1238BVqDBUn7/0VI/QdJBCgQG
QK51o5J6itW/rBibLeVAw68cVRrrMCDHp3Yf8Zqy1m8a58sLc6Bp5yXdcd1qPelv
cKupTWi5T7j+mOTUpk4TxI8Z3YU9FjAv4yd/Lra7WPi9hVNO1p2uUvYrHkb9RJKa
tNQYfa8PCflYFfVQ+3P8+IYRrI+JXaEwLqRC4g0fKIiLzxicWKMzHTyfdoWHJbUx
Ux2G3ebVFNb0zkh9B0ZS3XN4DwIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFNklVyWB
8PQ+wh8TjVqoBPSAYJCkMB8GA1UdIwQYMBaAFLufQs/OOI7cSynqZd62FislbSEC
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1REFGMS8wQjJCOTBBNDJE
NzUxMUVCOTM2RTM0NThDNEY5QUUwMi91NTlDejg0NGp0eExLZXBsM3JZV0t5VnRJ
UUkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3U1OUN6ODQ0anR4TEtlcGwzcllXS3lWdElRSS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NURBRjEvMEIyQjkwQTQyRDc1MTFFQjkzNkUzNDU4QzRGOUFFMDIvODRGOTkyRTY3
QkI5MTFFRkE0Q0MzMzRDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBAFnlLowDwQCAAIwCQMHACABDfLjgDANBgkqhkiG9w0BAQsF
AAOCAQEAH/fBSk2OoEkICBkvv62++s/ZHaoobRTJv+fB/w52DiOZxtmQUhdtAfe6
msmbUarYcUbWE5BLqiOkX2iizRGeI4XrZOoOyjN4LHmLO32OSSFlVPRmqnv6sG3f
oHGxd3Ti++H+rPTnnsDy8aIliASJT/rj4J1OoBoP7K+FO9JP3GsdR+NRkMgVJS/T
BUQclpOL15maxQJ7Q6Zb2LUJPs0VqU4Ln2zHQSPRnQNyPAcan5abEMpkPl8jDcp1
WRWW973XIamxPHbc5XVOA/XxjuDKStY9IUEJAlH2ueZrWGXE874+tFQwHuSqYg6g
7mQkmnSIiDpmjdgBuoMnaWnYljxfgQ==
-----END CERTIFICATE-----
Generated at Wed Nov 20 23:11:45 2024 by rpki-client on console-fra.rpki-client.org