Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9171A1B/DC58CC5A5C4111EB81D7C60BC4F9AE02/9F00C9325C6111EB9FAD600FC4F9AE02.roa
File:                     9F00C9325C6111EB9FAD600FC4F9AE02.roa (raw, json)
Hash identifier:          4a2Znm17VSWHd8khdAf4BuKRqz28wksMetktUiXFduo=
Subject key identifier:   53:01:E5:C9:74:8D:0B:A2:2A:BA:E9:20:7D:2A:B4:6F:30:B8:72:A5
Certificate issuer:       /CN=A9171A1B/serialNumber=4C349C51CA598907D5C07CB1F24851FC048DAD1A
Certificate serial:       05BB
Authority key identifier: 4C:34:9C:51:CA:59:89:07:D5:C0:7C:B1:F2:48:51:FC:04:8D:AD:1A
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/TDScUcpZiQfVwHyx8khR_ASNrRo.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9171A1B/DC58CC5A5C4111EB81D7C60BC4F9AE02/9F00C9325C6111EB9FAD600FC4F9AE02.roa
Signing time:             Fri 10 Nov 2023 23:31:28 +0000
ROA not before:           Fri 10 Nov 2023 23:31:28 +0000
ROA not after:            Fri 31 Jan 2025 00:00:00 +0000
asID:                     16509
IP address blocks:        103.124.134.0/24 maxlen: 24
                          103.124.135.0/24 maxlen: 24
                          2403:e040:8000::/34 maxlen: 34
                          2403:e040:c000::/34 maxlen: 34

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9171A1B/DC58CC5A5C4111EB81D7C60BC4F9AE02/TDScUcpZiQfVwHyx8khR_ASNrRo.crl
                          rsync://rpki.apnic.net/member_repository/A9171A1B/DC58CC5A5C4111EB81D7C60BC4F9AE02/TDScUcpZiQfVwHyx8khR_ASNrRo.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/TDScUcpZiQfVwHyx8khR_ASNrRo.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 02 Apr 2024 23:45:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1467 (0x5bb)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9171A1B/serialNumber=4C349C51CA598907D5C07CB1F24851FC048DAD1A
        Validity
            Not Before: Nov 10 23:31:28 2023 GMT
            Not After : Jan 31 00:00:00 2025 GMT
        Subject: CN=654ebd50-064f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:f5:f4:a5:e7:19:5e:17:d2:81:dd:6d:74:42:
                    c2:90:fb:72:ce:7d:93:03:a9:1a:57:d8:62:6e:f6:
                    50:b3:56:45:19:c4:d1:bd:76:10:b0:67:94:3e:2b:
                    83:82:e5:ee:e6:dc:a9:64:8a:bd:cd:0e:a9:a5:95:
                    74:29:d5:63:16:64:40:43:03:63:ce:97:1b:b6:00:
                    44:22:d7:fb:78:7c:b5:aa:92:db:36:8f:a2:cd:49:
                    70:07:61:8b:83:ea:56:9e:2b:1f:5a:7a:fb:4c:2a:
                    27:2c:6f:ec:d4:f0:e3:ab:1c:7b:85:87:2f:05:42:
                    61:7e:80:5a:95:2e:d4:36:be:91:6c:bf:ae:08:14:
                    16:a5:21:76:87:8d:da:9b:e3:12:c8:c0:1d:30:73:
                    d7:fd:81:44:c5:80:47:57:1f:fe:0b:f7:6f:f2:47:
                    be:a8:18:b9:b1:6e:4a:35:af:7f:eb:38:02:43:57:
                    b8:f3:f4:82:19:76:c6:32:bd:d8:58:39:48:70:95:
                    12:9b:8b:d5:6a:7b:71:56:2d:85:6e:6f:58:0d:c1:
                    ba:19:08:b7:4d:6a:6e:00:a6:2e:99:8a:56:cb:a9:
                    c8:73:0e:6e:d4:3d:36:f4:c4:8a:d2:fd:87:08:51:
                    fa:63:6f:79:22:2f:6b:3b:c7:cf:59:96:13:04:ec:
                    e2:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                53:01:E5:C9:74:8D:0B:A2:2A:BA:E9:20:7D:2A:B4:6F:30:B8:72:A5
            X509v3 Authority Key Identifier:
                keyid:4C:34:9C:51:CA:59:89:07:D5:C0:7C:B1:F2:48:51:FC:04:8D:AD:1A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9171A1B/DC58CC5A5C4111EB81D7C60BC4F9AE02/TDScUcpZiQfVwHyx8khR_ASNrRo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/TDScUcpZiQfVwHyx8khR_ASNrRo.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9171A1B/DC58CC5A5C4111EB81D7C60BC4F9AE02/9F00C9325C6111EB9FAD600FC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.124.134.0/23
                IPv6:
                  2403:e040:8000::/33

    Signature Algorithm: sha256WithRSAEncryption
         a1:cc:69:2a:02:21:e3:15:71:43:ab:c1:9a:f1:36:e7:a0:a4:
         4e:8a:69:c6:3f:a6:f8:8d:7a:4d:61:50:a7:f3:3b:7a:ed:62:
         a4:3a:a4:ff:b2:33:a1:bb:96:98:84:fd:ba:6b:50:bd:d9:53:
         16:cc:8b:c6:f4:94:40:b5:1d:13:cb:88:06:ce:23:bc:16:8c:
         2a:bf:96:c2:61:2f:51:39:55:d3:2b:b6:67:a5:f4:41:20:43:
         eb:21:66:ac:49:89:ff:1a:d3:40:ea:f6:ab:e9:c9:27:51:53:
         7a:b1:8f:7c:d4:d3:19:86:8d:b8:5f:c7:da:4c:db:1b:6e:7d:
         98:eb:fd:b7:84:a6:f9:9b:c5:d4:85:4c:31:49:86:7b:b0:4e:
         68:65:7e:1f:23:62:f7:f6:bb:8b:ba:04:c3:0b:47:0e:b1:3b:
         0d:88:61:60:04:2e:4c:2c:a8:64:07:27:de:98:e2:84:57:a4:
         2b:05:38:2e:8a:f1:7c:bd:87:db:2c:c3:07:9a:a7:1e:6c:0c:
         2b:96:f2:5d:81:f3:78:94:d5:0a:d7:df:96:c5:08:dc:be:bf:
         6b:1a:70:b0:40:fa:0d:95:3e:e1:0b:1f:51:52:aa:e9:01:19:
         31:27:8d:53:79:79:80:d7:87:0d:f0:b9:eb:79:52:10:c5:cf:
         22:78:fc:c3
-----BEGIN CERTIFICATE-----
MIIFgTCCBGmgAwIBAgICBbswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NzFBMUIxMTAvBgNVBAUTKDRDMzQ5QzUxQ0E1OTg5MDdENUMwN0NCMUYyNDg1MUZD
MDQ4REFEMUEwHhcNMjMxMTEwMjMzMTI4WhcNMjUwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTRlYmQ1MC0wNjRmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA4/X0pecZXhfSgd1tdELCkPtyzn2TA6kaV9hibvZQs1ZFGcTRvXYQsGeUPiuD
guXu5typZIq9zQ6ppZV0KdVjFmRAQwNjzpcbtgBEItf7eHy1qpLbNo+izUlwB2GL
g+pWnisfWnr7TConLG/s1PDjqxx7hYcvBUJhfoBalS7UNr6RbL+uCBQWpSF2h43a
m+MSyMAdMHPX/YFExYBHVx/+C/dv8ke+qBi5sW5KNa9/6zgCQ1e48/SCGXbGMr3Y
WDlIcJUSm4vVantxVi2Fbm9YDcG6GQi3TWpuAKYumYpWy6nIcw5u1D029MSK0v2H
CFH6Y295Ii9rO8fPWZYTBOzi0wIDAQABo4ICpTCCAqEwHQYDVR0OBBYEFFMB5cl0
jQuiKrrpIH0qtG8wuHKlMB8GA1UdIwQYMBaAFEw0nFHKWYkH1cB8sfJIUfwEja0a
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3MUExQi9EQzU4Q0M1QTVD
NDExMUVCODFEN0M2MEJDNEY5QUUwMi9URFNjVWNwWmlRZlZ3SHl4OGtoUl9BU05y
Um8uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1REU2NVY3BaaVFmVndIeXg4a2hSX0FTTnJSby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NzFBMUIvREM1OENDNUE1QzQxMTFFQjgxRDdDNjBCQzRGOUFFMDIvOUYwMEM5MzI1
QzYxMTFFQjlGQUQ2MDBGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLwYIKwYBBQUHAQcBAf8E
IDAeMAwEAgABMAYDBAFnfIYwDgQCAAIwCAMGByQD4ECAMA0GCSqGSIb3DQEBCwUA
A4IBAQChzGkqAiHjFXFDq8Ga8TbnoKROimnGP6b4jXpNYVCn8zt67WKkOqT/sjOh
u5aYhP26a1C92VMWzIvG9JRAtR0Ty4gGziO8Fowqv5bCYS9ROVXTK7ZnpfRBIEPr
IWasSYn/GtNA6var6cknUVN6sY981NMZho24X8faTNsbbn2Y6/23hKb5m8XUhUwx
SYZ7sE5oZX4fI2L39ruLugTDC0cOsTsNiGFgBC5MLKhkByfemOKEV6QrBTguivF8
vYfbLMMHmqcebAwrlvJdgfN4lNUK19+WxQjcvr9rGnCwQPoNlT7hCx9RUqrpARkx
J41TeXmA14cN8LnreVIQxc8iePzD
-----END CERTIFICATE-----
Generated at Wed Mar 27 01:57:05 2024 by rpki-client on console-ams.rpki-client.org