Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A917ADD1/D006C0DE37EE11EE98DF3666C4F9AE02/8D0C1E0E37EF11EE82AF270BC4F9AE02.roa
File:                     8D0C1E0E37EF11EE82AF270BC4F9AE02.roa (raw, json)
Hash identifier:          YBS7N1V85GEsKAdkA8SgTeGUq7xGqu6t+13xBrFpNlo=
Subject key identifier:   43:39:03:32:37:C2:27:CA:5A:81:C2:73:5F:CA:76:1B:0B:2D:FF:C5
Certificate issuer:       /CN=A917ADD1/serialNumber=7652A22FC250FAAAE3AB2C0C2AFDD04E3047E507
Certificate serial:       AC
Authority key identifier: 76:52:A2:2F:C2:50:FA:AA:E3:AB:2C:0C:2A:FD:D0:4E:30:47:E5:07
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/dlKiL8JQ-qrjqywMKv3QTjBH5Qc.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A917ADD1/D006C0DE37EE11EE98DF3666C4F9AE02/8D0C1E0E37EF11EE82AF270BC4F9AE02.roa
Signing time:             Fri 05 Jul 2024 06:07:27 +0000
ROA not before:           Fri 05 Jul 2024 06:07:27 +0000
ROA not after:            Tue 30 Sep 2025 00:00:00 +0000
asID:                     151470
IP address blocks:        103.229.234.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A917ADD1/D006C0DE37EE11EE98DF3666C4F9AE02/dlKiL8JQ-qrjqywMKv3QTjBH5Qc.crl
                          rsync://rpki.apnic.net/member_repository/A917ADD1/D006C0DE37EE11EE98DF3666C4F9AE02/dlKiL8JQ-qrjqywMKv3QTjBH5Qc.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/dlKiL8JQ-qrjqywMKv3QTjBH5Qc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 30 Nov 2024 02:50:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 172 (0xac)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A917ADD1/serialNumber=7652A22FC250FAAAE3AB2C0C2AFDD04E3047E507
        Validity
            Not Before: Jul  5 06:07:27 2024 GMT
            Not After : Sep 30 00:00:00 2025 GMT
        Subject: CN=66878d9e-7667
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d1:55:38:4b:c7:f6:f6:4c:aa:87:bc:3a:ff:aa:
                    74:7e:04:f3:87:cf:dc:02:6c:ad:63:f1:ef:cd:88:
                    3c:a3:70:14:0e:bb:8f:9b:a9:c3:95:32:9b:02:77:
                    ff:78:a2:fd:e8:8e:15:be:c9:3b:67:38:1b:0e:7b:
                    1c:9e:16:4d:c4:89:3e:9e:6a:36:17:bd:85:aa:1c:
                    df:97:3c:04:48:ee:45:ff:cc:fe:1d:7d:e1:99:36:
                    73:40:2c:c0:30:2f:9d:09:66:de:75:80:ee:8d:14:
                    40:eb:3a:05:e6:b3:09:81:16:5d:90:82:80:33:a1:
                    86:a0:1d:d7:b7:4d:07:f1:6f:68:96:9f:22:ea:45:
                    f0:2d:f6:94:a6:05:cb:22:1d:41:8a:ed:25:e7:90:
                    8f:fa:ec:37:d6:52:83:d7:2c:46:90:c1:fe:84:e8:
                    c5:81:3b:36:00:75:ea:bf:a1:42:0b:da:8b:4b:6c:
                    16:d3:42:48:e7:95:64:76:ed:61:d1:c6:f3:b2:b8:
                    4b:eb:32:86:66:3b:62:2b:22:86:5b:f0:6a:98:aa:
                    a8:6d:20:87:9c:62:d7:65:79:58:14:7c:1d:fd:5b:
                    d5:01:8c:a5:55:f0:d5:89:cc:24:73:0a:cf:ad:fa:
                    2a:02:43:71:f9:f3:9b:83:79:18:60:be:b0:1f:20:
                    47:73
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                43:39:03:32:37:C2:27:CA:5A:81:C2:73:5F:CA:76:1B:0B:2D:FF:C5
            X509v3 Authority Key Identifier:
                keyid:76:52:A2:2F:C2:50:FA:AA:E3:AB:2C:0C:2A:FD:D0:4E:30:47:E5:07

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A917ADD1/D006C0DE37EE11EE98DF3666C4F9AE02/dlKiL8JQ-qrjqywMKv3QTjBH5Qc.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/dlKiL8JQ-qrjqywMKv3QTjBH5Qc.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A917ADD1/D006C0DE37EE11EE98DF3666C4F9AE02/8D0C1E0E37EF11EE82AF270BC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.229.234.0/23

    Signature Algorithm: sha256WithRSAEncryption
         19:05:86:0b:eb:cf:0b:c4:a5:eb:7d:14:a2:1b:7b:51:e8:5e:
         3d:c8:88:a0:42:e9:cc:39:31:de:e5:e0:d9:23:ab:90:25:eb:
         a7:51:76:93:45:ff:a5:91:f0:d1:8d:92:b6:b7:54:1d:9b:d1:
         53:96:bb:2b:67:64:7e:92:a2:c8:a8:bd:e3:df:78:3c:b3:22:
         22:77:11:35:9c:bd:09:fc:05:a9:54:f2:c6:53:f6:b5:55:0c:
         6b:a4:68:7f:5e:ea:b9:80:cf:33:f4:cd:37:4b:82:41:b0:b7:
         36:ea:a9:1c:56:3c:4a:6b:10:d6:38:e3:68:7f:0e:e3:91:2a:
         68:79:5a:0d:c8:17:b7:fe:35:ab:c7:34:af:67:4d:3b:44:55:
         56:f1:b5:36:1d:f4:e7:1e:d1:1e:a8:d9:41:33:1e:70:8b:14:
         8e:ea:6d:ad:ff:c6:49:0f:e8:93:e4:83:94:92:54:18:67:e2:
         f7:35:f0:24:bb:58:4e:15:bb:f9:4c:5b:ef:58:3c:41:cc:56:
         d6:a7:b0:5b:81:dc:9f:6c:fb:2a:9d:93:84:cc:05:d3:2c:c4:
         0c:8e:de:39:09:fc:dd:d4:2c:78:79:1c:e7:e2:80:3f:f5:a6:
         49:7d:96:0d:c2:ce:e4:27:28:95:fa:db:8b:40:f0:d5:23:49:
         9c:23:37:ad
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICAKwwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
N0FERDExMTAvBgNVBAUTKDc2NTJBMjJGQzI1MEZBQUFFM0FCMkMwQzJBRkREMDRF
MzA0N0U1MDcwHhcNMjQwNzA1MDYwNzI3WhcNMjUwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02Njg3OGQ5ZS03NjY3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA0VU4S8f29kyqh7w6/6p0fgTzh8/cAmytY/HvzYg8o3AUDruPm6nDlTKbAnf/
eKL96I4Vvsk7ZzgbDnscnhZNxIk+nmo2F72FqhzflzwESO5F/8z+HX3hmTZzQCzA
MC+dCWbedYDujRRA6zoF5rMJgRZdkIKAM6GGoB3Xt00H8W9olp8i6kXwLfaUpgXL
Ih1Biu0l55CP+uw31lKD1yxGkMH+hOjFgTs2AHXqv6FCC9qLS2wW00JI55Vkdu1h
0cbzsrhL6zKGZjtiKyKGW/BqmKqobSCHnGLXZXlYFHwd/VvVAYylVfDVicwkcwrP
rfoqAkNx+fObg3kYYL6wHyBHcwIDAQABo4IClTCCApEwHQYDVR0OBBYEFEM5AzI3
wifKWoHCc1/KdhsLLf/FMB8GA1UdIwQYMBaAFHZSoi/CUPqq46ssDCr90E4wR+UH
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3QUREMS9EMDA2QzBERTM3
RUUxMUVFOThERjM2NjZDNEY5QUUwMi9kbEtpTDhKUS1xcmpxeXdNS3YzUVRqQkg1
UWMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2RsS2lMOEpRLXFyanF5d01LdjNRVGpCSDVRYy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
N0FERDEvRDAwNkMwREUzN0VFMTFFRTk4REYzNjY2QzRGOUFFMDIvOEQwQzFFMEUz
N0VGMTFFRTgyQUYyNzBCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAFn5eowDQYJKoZIhvcNAQELBQADggEBABkFhgvrzwvEpet9
FKIbe1HoXj3IiKBC6cw5Md7l4Nkjq5Al66dRdpNF/6WR8NGNkra3VB2b0VOWuytn
ZH6SosiovePfeDyzIiJ3ETWcvQn8BalU8sZT9rVVDGukaH9e6rmAzzP0zTdLgkGw
tzbqqRxWPEprENY442h/DuORKmh5Wg3IF7f+NavHNK9nTTtEVVbxtTYd9Oce0R6o
2UEzHnCLFI7qba3/xkkP6JPkg5SSVBhn4vc18CS7WE4Vu/lMW+9YPEHMVtansFuB
3J9s+yqdk4TMBdMsxAyO3jkJ/N3ULHh5HOfigD/1pkl9lg3CzuQnKJX624tA8NUj
SZwjN60=
-----END CERTIFICATE-----
Generated at Sat Nov 23 06:13:10 2024 by rpki-client on console-ams.rpki-client.org