Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91772FA/D7244562CD7311ECA0AA8061C4F9AE02/EF8CB49CD78F11EC91680D49C4F9AE02.roa
File:                     EF8CB49CD78F11EC91680D49C4F9AE02.roa (raw, json)
Hash identifier:          Bf+UprQbki3IQSr2awYhLsQzJMrHFu5rni0qNSgkpr4=
Subject key identifier:   5A:E9:98:34:1A:6C:94:75:64:03:59:03:96:52:19:23:C7:55:12:D2
Certificate issuer:       /CN=A91772FA/serialNumber=3B1688A5F7B724AAFBE7820A2C63D97B2EA8E522
Certificate serial:       0199
Authority key identifier: 3B:16:88:A5:F7:B7:24:AA:FB:E7:82:0A:2C:63:D9:7B:2E:A8:E5:22
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/OxaIpfe3JKr754IKLGPZey6o5SI.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91772FA/D7244562CD7311ECA0AA8061C4F9AE02/EF8CB49CD78F11EC91680D49C4F9AE02.roa
Signing time:             Wed 03 May 2023 06:05:39 +0000
ROA not before:           Wed 03 May 2023 06:05:39 +0000
ROA not after:            Tue 30 Jul 2024 00:00:00 +0000
asID:                     14618
IP address blocks:        103.186.205.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91772FA/D7244562CD7311ECA0AA8061C4F9AE02/OxaIpfe3JKr754IKLGPZey6o5SI.crl
                          rsync://rpki.apnic.net/member_repository/A91772FA/D7244562CD7311ECA0AA8061C4F9AE02/OxaIpfe3JKr754IKLGPZey6o5SI.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/OxaIpfe3JKr754IKLGPZey6o5SI.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 05 Apr 2024 02:50:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 409 (0x199)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91772FA/serialNumber=3B1688A5F7B724AAFBE7820A2C63D97B2EA8E522
        Validity
            Not Before: May  3 06:05:39 2023 GMT
            Not After : Jul 30 00:00:00 2024 GMT
        Subject: CN=6451f9b2-ad5c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:2d:dd:62:5d:02:cc:3a:20:8c:f6:8a:70:5b:
                    47:03:a1:2e:d1:4e:25:fd:f6:25:bf:1b:89:c0:de:
                    98:f4:89:86:f5:a3:ce:26:33:bc:23:ed:15:c2:33:
                    c3:91:9a:fb:8d:5e:7d:ab:63:f6:ab:50:f3:48:57:
                    10:a4:c5:60:77:14:11:b0:84:76:35:a7:18:73:b0:
                    80:aa:ad:40:14:3b:2a:be:7a:30:89:3d:89:89:b3:
                    53:77:34:bd:39:00:f0:46:63:9e:8c:af:9a:3f:e0:
                    4e:e7:0d:59:d3:e9:38:28:e0:df:39:70:e2:e7:1c:
                    c8:ba:9e:56:13:74:6d:67:0c:d0:c1:fe:8c:7a:26:
                    5a:4f:5d:17:ee:ff:21:7f:27:3f:b5:3c:40:ce:18:
                    39:a4:4b:bd:22:46:e4:60:95:44:6d:2d:d2:bd:a4:
                    0f:b6:89:e3:08:62:9f:cb:53:af:b0:c0:58:78:09:
                    b7:27:f1:dc:78:94:59:fd:7d:22:86:9a:08:0b:eb:
                    a0:f6:d9:a3:4d:4c:f2:4d:56:64:36:72:c0:f7:82:
                    9c:5c:6c:f9:c6:d2:e8:db:22:bf:28:8c:8c:03:98:
                    59:1d:6f:67:a5:31:5c:50:5e:63:40:7f:8f:6b:6f:
                    e7:91:9b:61:11:7d:75:0e:31:97:1a:2d:59:77:77:
                    e7:47
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5A:E9:98:34:1A:6C:94:75:64:03:59:03:96:52:19:23:C7:55:12:D2
            X509v3 Authority Key Identifier:
                keyid:3B:16:88:A5:F7:B7:24:AA:FB:E7:82:0A:2C:63:D9:7B:2E:A8:E5:22

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91772FA/D7244562CD7311ECA0AA8061C4F9AE02/OxaIpfe3JKr754IKLGPZey6o5SI.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/OxaIpfe3JKr754IKLGPZey6o5SI.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91772FA/D7244562CD7311ECA0AA8061C4F9AE02/EF8CB49CD78F11EC91680D49C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.186.205.0/24

    Signature Algorithm: sha256WithRSAEncryption
         72:fe:f4:1a:4a:0f:5f:bb:f6:2f:e1:d4:99:80:a3:f6:95:2f:
         9c:31:83:fc:d9:13:59:21:f3:a1:df:86:c1:be:1c:54:1f:2d:
         f5:91:18:90:0d:78:fa:f1:a6:97:75:5c:e8:8e:f5:d3:f5:a8:
         ff:4e:e8:07:5d:cf:cc:23:e4:40:61:8f:d8:66:72:36:d5:56:
         78:bf:d0:ef:60:bd:9e:62:9c:49:41:4c:45:da:d4:8a:f1:99:
         b9:9d:24:0f:a1:9f:fd:21:81:38:16:1f:93:62:ed:74:e7:d7:
         5f:78:17:15:92:87:ed:f8:df:b7:aa:ca:3d:b9:e7:cd:39:09:
         f2:67:07:a6:64:32:81:ad:04:5b:8d:52:de:a9:1b:df:d6:e3:
         c0:87:6e:cd:ad:49:d1:d0:04:39:ac:dc:af:1d:5e:20:41:6d:
         12:b0:35:a7:50:6a:aa:56:d4:8d:4e:38:f4:38:41:b5:cb:55:
         0f:86:9b:ee:ab:1e:ab:65:f8:8e:bd:00:44:81:82:c5:26:2d:
         ff:6a:e8:5a:0f:13:3a:93:2a:d3:25:56:f9:0f:b1:af:a0:37:
         e3:a5:ea:aa:38:26:88:d4:af:c0:6f:9f:03:ac:ef:df:ca:92:
         7d:02:3b:1b:85:f8:10:b2:02:f5:71:87:f7:4f:e0:01:8c:93:
         91:23:57:9c
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICAZkwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NzcyRkExMTAvBgNVBAUTKDNCMTY4OEE1RjdCNzI0QUFGQkU3ODIwQTJDNjNEOTdC
MkVBOEU1MjIwHhcNMjMwNTAzMDYwNTM5WhcNMjQwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDUxZjliMi1hZDVjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA4C3dYl0CzDogjPaKcFtHA6Eu0U4l/fYlvxuJwN6Y9ImG9aPOJjO8I+0VwjPD
kZr7jV59q2P2q1DzSFcQpMVgdxQRsIR2NacYc7CAqq1AFDsqvnowiT2JibNTdzS9
OQDwRmOejK+aP+BO5w1Z0+k4KODfOXDi5xzIup5WE3RtZwzQwf6MeiZaT10X7v8h
fyc/tTxAzhg5pEu9IkbkYJVEbS3SvaQPtonjCGKfy1OvsMBYeAm3J/HceJRZ/X0i
hpoIC+ug9tmjTUzyTVZkNnLA94KcXGz5xtLo2yK/KIyMA5hZHW9npTFcUF5jQH+P
a2/nkZthEX11DjGXGi1Zd3fnRwIDAQABo4IClTCCApEwHQYDVR0OBBYEFFrpmDQa
bJR1ZANZA5ZSGSPHVRLSMB8GA1UdIwQYMBaAFDsWiKX3tySq++eCCixj2XsuqOUi
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3NzJGQS9ENzI0NDU2MkNE
NzMxMUVDQTBBQTgwNjFDNEY5QUUwMi9PeGFJcGZlM0pLcjc1NElLTEdQWmV5Nm81
U0kuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL094YUlwZmUzSktyNzU0SUtMR1BaZXk2bzVTSS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NzcyRkEvRDcyNDQ1NjJDRDczMTFFQ0EwQUE4MDYxQzRGOUFFMDIvRUY4Q0I0OUNE
NzhGMTFFQzkxNjgwRDQ5QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBABnus0wDQYJKoZIhvcNAQELBQADggEBAHL+9BpKD1+79i/h
1JmAo/aVL5wxg/zZE1kh86HfhsG+HFQfLfWRGJANePrxppd1XOiO9dP1qP9O6Add
z8wj5EBhj9hmcjbVVni/0O9gvZ5inElBTEXa1IrxmbmdJA+hn/0hgTgWH5Ni7XTn
1194FxWSh+3437eqyj255805CfJnB6ZkMoGtBFuNUt6pG9/W48CHbs2tSdHQBDms
3K8dXiBBbRKwNadQaqpW1I1OOPQ4QbXLVQ+Gm+6rHqtl+I69AESBgsUmLf9q6FoP
EzqTKtMlVvkPsa+gN+Ol6qo4JojUr8BvnwOs79/Kkn0COxuF+BCyAvVxh/dP4AGM
k5EjV5w=
-----END CERTIFICATE-----
Generated at Fri Mar 29 04:21:38 2024 by rpki-client on console-fra.rpki-client.org