Route Origin Authorization

$ cd rpki.apnic.net/member_repository/A917CE22/12FA811A177B11EB84634C36C4F9AE02/

$ rpki-client -vvf 68C3BB46D68111EBA71D041EC4F9AE02.roa
File:                     68C3BB46D68111EBA71D041EC4F9AE02.roa (download)
Hash identifier:          /ZzJT+RDSws/gXPHpiquH6c20Blh3rLdcxFi47eDW3Y=
Subject key identifier:   BA:F0:75:57:B4:57:84:5C:22:22:43:71:F2:99:7B:FB:B6:31:AB:BF
Certificate issuer:       /CN=A917CE22/serialNumber=62C4182C003EFCFA38DDAF4EF904FB04FE5B564A
Certificate serial:       037F
Authority key identifier: 62:C4:18:2C:00:3E:FC:FA:38:DD:AF:4E:F9:04:FB:04:FE:5B:56:4A
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/YsQYLAA-_Po43a9O-QT7BP5bVko.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A917CE22/12FA811A177B11EB84634C36C4F9AE02/68C3BB46D68111EBA71D041EC4F9AE02.roa
ROA valid until:          Mar 31 00:00:00 2023 GMT
asID:                     135386
IP address blocks:
    1: 103.204.180.0/24 maxlen: 24
    2: 103.204.182.0/24 maxlen: 24
    3: 103.204.183.0/24 maxlen: 24

Validation: OK

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 895 (0x37f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A917CE22/serialNumber=62C4182C003EFCFA38DDAF4EF904FB04FE5B564A
        Validity
            Not Before: Jan  4 00:19:55 2022 GMT
            Not After : Mar 31 00:00:00 2023 GMT
        Subject: CN=61d392ab-a32a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:69:20:79:91:ac:5e:b0:c5:8a:25:25:46:3e:
                    43:2f:92:22:5b:ae:9b:17:ae:48:4e:a6:c1:57:92:
                    e4:38:8e:75:11:c6:b5:bd:4b:49:d1:29:cd:e8:aa:
                    ed:67:9c:f0:a4:88:97:7b:3f:7b:ef:f2:fb:9a:2d:
                    a9:94:b0:5d:b5:03:73:ba:1b:0d:6f:fc:a5:62:da:
                    ed:9a:4b:91:06:8c:cf:2b:cd:08:df:04:73:92:ab:
                    f3:43:92:7c:63:88:eb:7a:1e:02:5c:88:cb:a8:94:
                    f1:cc:4e:a6:ce:de:1a:1d:65:7a:1f:72:54:02:9d:
                    2c:3c:73:50:fa:fb:b4:bd:dd:22:e0:d0:11:5d:63:
                    56:84:6d:c9:6d:7c:6b:70:f4:a3:01:b4:a5:84:ca:
                    3e:5c:b6:d7:31:8a:36:ef:2b:b0:45:42:80:fb:dc:
                    17:4d:0b:e3:22:60:55:25:10:08:8d:8f:a0:8b:4a:
                    74:62:4c:41:0e:58:a2:fa:f2:44:25:f6:3f:88:67:
                    83:d8:2d:f0:35:a1:99:25:d4:75:4c:26:04:f4:4d:
                    5c:e1:11:b9:15:50:01:35:ed:29:5f:5b:93:d2:7c:
                    c5:07:ed:83:f5:76:ac:42:f0:7d:5d:a4:5f:d9:0e:
                    b1:5c:cb:6d:b5:e8:62:b6:ed:ef:a9:67:25:2e:5d:
                    c9:41
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                BA:F0:75:57:B4:57:84:5C:22:22:43:71:F2:99:7B:FB:B6:31:AB:BF
            X509v3 Authority Key Identifier: 
                keyid:62:C4:18:2C:00:3E:FC:FA:38:DD:AF:4E:F9:04:FB:04:FE:5B:56:4A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A917CE22/12FA811A177B11EB84634C36C4F9AE02/YsQYLAA-_Po43a9O-QT7BP5bVko.crl

            Authority Information Access: 
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/YsQYLAA-_Po43a9O-QT7BP5bVko.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access: 
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A917CE22/12FA811A177B11EB84634C36C4F9AE02/68C3BB46D68111EBA71D041EC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.204.180.0/24
                  103.204.182.0/23

    Signature Algorithm: sha256WithRSAEncryption
         13:15:27:13:b4:74:a9:8b:e7:e3:2b:28:db:f9:78:48:72:4f:
         cf:30:dc:04:a9:c7:5f:79:88:76:db:17:25:91:73:be:e5:29:
         5c:54:b2:bb:5f:f6:a7:c7:86:d8:ff:70:b6:5b:c1:dd:44:5c:
         47:fe:4d:c5:76:99:8f:4c:1e:4b:d2:1c:b7:b2:e0:90:ea:a6:
         56:72:60:18:02:0e:ad:02:62:eb:b5:b5:f2:20:79:48:99:41:
         72:c5:92:5b:64:24:98:1c:6b:51:25:85:0d:ac:9b:b1:8c:9a:
         bf:68:1b:0c:7a:be:52:ce:66:d9:de:2f:4f:5e:d9:1a:65:b2:
         02:9f:e6:87:94:15:62:9a:8e:ec:ed:df:fb:9f:74:dd:03:f3:
         6e:25:48:d4:7b:6b:a5:23:58:86:52:a3:ea:42:9b:b1:f1:70:
         14:37:8b:12:2b:75:0b:88:3f:59:72:df:3d:49:51:90:02:9c:
         49:81:c1:9a:af:2d:07:dc:cf:23:f1:18:2a:c2:d3:13:25:f8:
         c4:0e:c9:1e:ab:6b:16:26:72:18:32:c7:44:a9:e4:bb:c8:bc:
         80:f8:e2:e7:16:b4:b1:f5:90:ad:00:aa:e5:29:9f:2e:dc:d2:
         b5:51:05:ef:77:99:64:91:da:67:f4:47:8f:79:26:d3:01:2a:
         36:1c:29:85
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICA38wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
N0NFMjIxMTAvBgNVBAUTKDYyQzQxODJDMDAzRUZDRkEzOEREQUY0RUY5MDRGQjA0
RkU1QjU2NEEwHhcNMjIwMTA0MDAxOTU1WhcNMjMwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02MWQzOTJhYi1hMzJhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAqGkgeZGsXrDFiiUlRj5DL5IiW66bF65ITqbBV5LkOI51Eca1vUtJ0SnN6Krt
Z5zwpIiXez977/L7mi2plLBdtQNzuhsNb/ylYtrtmkuRBozPK80I3wRzkqvzQ5J8
Y4jreh4CXIjLqJTxzE6mzt4aHWV6H3JUAp0sPHNQ+vu0vd0i4NARXWNWhG3JbXxr
cPSjAbSlhMo+XLbXMYo27yuwRUKA+9wXTQvjImBVJRAIjY+gi0p0YkxBDlii+vJE
JfY/iGeD2C3wNaGZJdR1TCYE9E1c4RG5FVABNe0pX1uT0nzFB+2D9XasQvB9XaRf
2Q6xXMtttehitu3vqWclLl3JQQIDAQABo4ICmzCCApcwHQYDVR0OBBYEFLrwdVe0
V4RcIiJDcfKZe/u2Mau/MB8GA1UdIwQYMBaAFGLEGCwAPvz6ON2vTvkE+wT+W1ZK
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3Q0UyMi8xMkZBODExQTE3
N0IxMUVCODQ2MzRDMzZDNEY5QUUwMi9Zc1FZTEFBLV9QbzQzYTlPLVFUN0JQNWJW
a28uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1lzUVlMQUEtX1BvNDNhOU8tUVQ3QlA1YlZrby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
N0NFMjIvMTJGQTgxMUExNzdCMTFFQjg0NjM0QzM2QzRGOUFFMDIvNjhDM0JCNDZE
NjgxMTFFQkE3MUQwNDFFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBABnzLQDBAFnzLYwDQYJKoZIhvcNAQELBQADggEBABMVJxO0
dKmL5+MrKNv5eEhyT88w3ASpx195iHbbFyWRc77lKVxUsrtf9qfHhtj/cLZbwd1E
XEf+TcV2mY9MHkvSHLey4JDqplZyYBgCDq0CYuu1tfIgeUiZQXLFkltkJJgca1El
hQ2sm7GMmr9oGwx6vlLOZtneL09e2RplsgKf5oeUFWKajuzt3/ufdN0D824lSNR7
a6UjWIZSo+pCm7HxcBQ3ixIrdQuIP1ly3z1JUZACnEmBwZqvLQfczyPxGCrC0xMl
+MQOyR6raxYmchgyx0Sp5LvIvID44ucWtLH1kK0AquUpny7c0rVRBe93mWSR2mf0
R495JtMBKjYcKYU=
-----END CERTIFICATE-----
Generated at Sat Dec 3 19:12:14 2022 by rpki-client.