Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9171A1B/DC58CC5A5C4111EB81D7C60BC4F9AE02/FDA3EFA45C6211EB91658215C4F9AE02.roa
File:                     FDA3EFA45C6211EB91658215C4F9AE02.roa (raw, json)
Hash identifier:          bN12kEkjlZla1N4j83RN6VmsHaTj7ZlEyR5tAFv0M0s=
Subject key identifier:   92:51:D7:7E:F3:F3:E2:34:64:17:C6:D5:4E:FC:D9:A3:16:7A:11:FE
Certificate issuer:       /CN=A9171A1B/serialNumber=4C349C51CA598907D5C07CB1F24851FC048DAD1A
Certificate serial:       05BA
Authority key identifier: 4C:34:9C:51:CA:59:89:07:D5:C0:7C:B1:F2:48:51:FC:04:8D:AD:1A
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/TDScUcpZiQfVwHyx8khR_ASNrRo.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9171A1B/DC58CC5A5C4111EB81D7C60BC4F9AE02/FDA3EFA45C6211EB91658215C4F9AE02.roa
Signing time:             Fri 10 Nov 2023 23:31:27 +0000
ROA not before:           Fri 10 Nov 2023 23:31:27 +0000
ROA not after:            Fri 31 Jan 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        103.124.134.0/24 maxlen: 24
                          103.124.135.0/24 maxlen: 24
                          2403:e040:8000::/34 maxlen: 34
                          2403:e040:c000::/34 maxlen: 34

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9171A1B/DC58CC5A5C4111EB81D7C60BC4F9AE02/TDScUcpZiQfVwHyx8khR_ASNrRo.crl
                          rsync://rpki.apnic.net/member_repository/A9171A1B/DC58CC5A5C4111EB81D7C60BC4F9AE02/TDScUcpZiQfVwHyx8khR_ASNrRo.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/TDScUcpZiQfVwHyx8khR_ASNrRo.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 02 Apr 2024 23:45:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1466 (0x5ba)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9171A1B/serialNumber=4C349C51CA598907D5C07CB1F24851FC048DAD1A
        Validity
            Not Before: Nov 10 23:31:27 2023 GMT
            Not After : Jan 31 00:00:00 2025 GMT
        Subject: CN=654ebd4e-f5b0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:68:32:e6:c4:fa:b4:82:ff:69:3e:25:eb:27:
                    19:0c:1f:c8:aa:2a:58:8f:5c:53:03:3a:6e:64:be:
                    92:3a:79:a0:a1:8f:e8:07:bd:79:28:2e:20:c9:c3:
                    40:37:0e:28:6a:04:61:46:66:41:fc:aa:ca:3f:fe:
                    3b:81:20:86:e5:31:24:e0:21:2f:30:ee:ba:a7:6a:
                    b3:14:5f:73:16:76:7a:0a:9c:f0:4b:08:69:c6:d8:
                    f3:21:b4:2e:aa:b6:9b:65:37:fe:2b:d1:59:ef:56:
                    ce:54:5b:2f:f6:3b:2a:69:c0:39:ae:9f:a8:a6:2e:
                    24:a1:52:1a:35:73:ed:94:42:dc:49:4a:3a:cb:85:
                    2c:83:c2:52:24:0f:98:78:e0:ca:2a:39:bd:5e:e7:
                    a4:2b:d6:37:d6:ae:6e:c6:fb:2d:45:8f:4a:99:98:
                    bf:4d:d7:38:cd:0c:f3:bf:5e:d1:ff:58:bf:e6:ca:
                    92:a2:06:a4:57:b1:7c:82:09:a9:7e:db:e6:3f:9b:
                    f4:a7:d5:28:f4:9e:eb:d4:c6:d7:fb:55:2b:79:93:
                    04:70:d0:7e:a8:2c:66:8b:6a:72:91:46:43:ec:a0:
                    9f:47:b2:cc:7f:d5:02:08:ed:a3:d9:f6:b5:04:50:
                    79:6b:75:1e:21:fa:35:a8:c2:78:4b:92:ad:a4:25:
                    50:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:51:D7:7E:F3:F3:E2:34:64:17:C6:D5:4E:FC:D9:A3:16:7A:11:FE
            X509v3 Authority Key Identifier:
                keyid:4C:34:9C:51:CA:59:89:07:D5:C0:7C:B1:F2:48:51:FC:04:8D:AD:1A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9171A1B/DC58CC5A5C4111EB81D7C60BC4F9AE02/TDScUcpZiQfVwHyx8khR_ASNrRo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/TDScUcpZiQfVwHyx8khR_ASNrRo.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9171A1B/DC58CC5A5C4111EB81D7C60BC4F9AE02/FDA3EFA45C6211EB91658215C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.124.134.0/23
                IPv6:
                  2403:e040:8000::/33

    Signature Algorithm: sha256WithRSAEncryption
         4e:8e:99:08:81:1e:1e:4e:20:7d:3b:0c:51:1e:09:e9:2e:6b:
         a6:1a:c8:9b:31:b9:38:fe:a8:30:2b:e5:63:35:9c:b7:ad:17:
         83:0d:d5:2e:19:66:44:64:d8:90:2e:48:4b:e7:d5:5b:e0:ef:
         7e:f7:de:e1:7c:0f:62:2d:d1:66:ad:f1:3d:1c:a1:50:41:fb:
         d1:f8:57:ed:8c:5e:a9:3b:0c:a4:e1:5d:4f:d5:3d:73:4c:a6:
         59:c7:99:5e:cc:0f:f1:18:55:c7:46:f3:9c:6b:b8:fc:6b:a4:
         82:90:7c:86:f0:83:90:7c:05:f2:ee:91:13:26:87:7c:5a:2e:
         45:a2:c7:a2:e3:a1:ee:05:0c:74:f9:50:44:5e:86:39:25:39:
         75:ab:9d:d6:3d:d1:38:bb:be:6b:77:3f:5c:85:a1:43:a8:6d:
         81:7f:b6:3f:2f:49:7a:be:16:5a:e1:a4:da:27:f6:e7:ab:08:
         9e:26:80:53:f5:69:a7:a6:7b:ee:b2:bb:cc:cc:04:c9:1b:37:
         ad:67:5f:88:5c:7d:7d:b1:dc:29:a4:f6:09:82:ef:5a:69:94:
         d4:27:9b:b8:e5:e6:93:96:ac:d1:08:4b:2f:ba:b0:89:b9:98:
         fb:0d:f1:a9:d8:c1:03:43:08:61:7a:a1:8d:43:03:94:43:8a:
         b7:0a:13:09
-----BEGIN CERTIFICATE-----
MIIFgTCCBGmgAwIBAgICBbowDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NzFBMUIxMTAvBgNVBAUTKDRDMzQ5QzUxQ0E1OTg5MDdENUMwN0NCMUYyNDg1MUZD
MDQ4REFEMUEwHhcNMjMxMTEwMjMzMTI3WhcNMjUwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTRlYmQ0ZS1mNWIwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAuWgy5sT6tIL/aT4l6ycZDB/IqipYj1xTAzpuZL6SOnmgoY/oB715KC4gycNA
Nw4oagRhRmZB/KrKP/47gSCG5TEk4CEvMO66p2qzFF9zFnZ6CpzwSwhpxtjzIbQu
qrabZTf+K9FZ71bOVFsv9jsqacA5rp+opi4koVIaNXPtlELcSUo6y4Usg8JSJA+Y
eODKKjm9XuekK9Y31q5uxvstRY9KmZi/Tdc4zQzzv17R/1i/5sqSogakV7F8ggmp
ftvmP5v0p9Uo9J7r1MbX+1UreZMEcNB+qCxmi2pykUZD7KCfR7LMf9UCCO2j2fa1
BFB5a3UeIfo1qMJ4S5KtpCVQoQIDAQABo4ICpTCCAqEwHQYDVR0OBBYEFJJR137z
8+I0ZBfG1U782aMWehH+MB8GA1UdIwQYMBaAFEw0nFHKWYkH1cB8sfJIUfwEja0a
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3MUExQi9EQzU4Q0M1QTVD
NDExMUVCODFEN0M2MEJDNEY5QUUwMi9URFNjVWNwWmlRZlZ3SHl4OGtoUl9BU05y
Um8uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1REU2NVY3BaaVFmVndIeXg4a2hSX0FTTnJSby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NzFBMUIvREM1OENDNUE1QzQxMTFFQjgxRDdDNjBCQzRGOUFFMDIvRkRBM0VGQTQ1
QzYyMTFFQjkxNjU4MjE1QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLwYIKwYBBQUHAQcBAf8E
IDAeMAwEAgABMAYDBAFnfIYwDgQCAAIwCAMGByQD4ECAMA0GCSqGSIb3DQEBCwUA
A4IBAQBOjpkIgR4eTiB9OwxRHgnpLmumGsibMbk4/qgwK+VjNZy3rReDDdUuGWZE
ZNiQLkhL59Vb4O9+997hfA9iLdFmrfE9HKFQQfvR+FftjF6pOwyk4V1P1T1zTKZZ
x5lezA/xGFXHRvOca7j8a6SCkHyG8IOQfAXy7pETJod8Wi5Fosei46HuBQx0+VBE
XoY5JTl1q53WPdE4u75rdz9chaFDqG2Bf7Y/L0l6vhZa4aTaJ/bnqwieJoBT9Wmn
pnvusrvMzATJGzetZ1+IXH19sdwppPYJgu9aaZTUJ5u45eaTlqzRCEsvurCJuZj7
DfGp2MEDQwhheqGNQwOUQ4q3ChMJ
-----END CERTIFICATE-----
Generated at Wed Mar 27 01:57:05 2024 by rpki-client on console-ams.rpki-client.org