Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A917F8A9/2AA0433094F011EA83EF1E7DC4F9AE02/83DC30E0D0DB11EA9336962FC4F9AE02.roa
File:                     83DC30E0D0DB11EA9336962FC4F9AE02.roa (raw, json)
Hash identifier:          bUYUEG9rlvWLeJULxYTOt+yyfrQInR4t1BBt7mMKyis=
Subject key identifier:   BC:1E:47:F7:CA:C4:F3:E4:12:7F:EA:4E:26:84:D7:78:6E:21:66:F3
Certificate issuer:       /CN=A917F8A9/serialNumber=5C0AB425F2B4235E1C815683BD6C8E8B7B80B727
Certificate serial:       08A9
Authority key identifier: 5C:0A:B4:25:F2:B4:23:5E:1C:81:56:83:BD:6C:8E:8B:7B:80:B7:27
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XAq0JfK0I14cgVaDvWyOi3uAtyc.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A917F8A9/2AA0433094F011EA83EF1E7DC4F9AE02/83DC30E0D0DB11EA9336962FC4F9AE02.roa
Signing time:             Thu 04 Apr 2024 22:00:13 +0000
ROA not before:           Thu 04 Apr 2024 22:00:13 +0000
ROA not after:            Wed 28 May 2025 00:00:00 +0000
asID:                     9260
IP address blocks:        103.86.52.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A917F8A9/2AA0433094F011EA83EF1E7DC4F9AE02/XAq0JfK0I14cgVaDvWyOi3uAtyc.crl
                          rsync://rpki.apnic.net/member_repository/A917F8A9/2AA0433094F011EA83EF1E7DC4F9AE02/XAq0JfK0I14cgVaDvWyOi3uAtyc.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XAq0JfK0I14cgVaDvWyOi3uAtyc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 29 Nov 2024 20:08:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2217 (0x8a9)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A917F8A9/serialNumber=5C0AB425F2B4235E1C815683BD6C8E8B7B80B727
        Validity
            Not Before: Apr  4 22:00:13 2024 GMT
            Not After : May 28 00:00:00 2025 GMT
        Subject: CN=660f22ed-5543
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bc:16:d4:85:5c:5a:ec:00:fd:12:7b:c5:d0:82:
                    f6:f6:28:34:2b:e8:e0:39:d9:75:29:e1:bc:3b:12:
                    41:5e:e4:0a:c8:05:ed:68:18:48:3b:a4:03:a2:e3:
                    11:c5:dd:53:60:3f:a9:37:5f:c9:42:f6:95:29:8f:
                    a0:4e:b5:ec:a8:3f:89:5a:12:69:f5:b9:da:4b:65:
                    29:03:37:12:19:31:06:cb:5d:20:f0:8c:94:63:c4:
                    1e:ec:4e:7f:55:bd:fa:de:dd:9b:65:9b:ea:ba:ca:
                    40:26:9e:9e:2b:65:21:0f:53:97:86:77:bc:03:de:
                    3d:0d:97:47:18:0c:1c:03:53:f2:e9:dc:d5:6b:42:
                    a5:21:48:9f:58:be:69:39:e4:fc:ed:f5:f6:c6:76:
                    3a:df:ee:5e:a4:bb:07:96:6c:44:1a:bb:5d:04:3d:
                    9d:80:6a:7e:1e:a6:7d:69:7e:04:17:06:e2:d4:a2:
                    c5:28:27:f1:e2:61:21:d8:af:40:b6:23:60:dd:51:
                    d6:a6:5c:07:6c:0a:6c:b3:5b:f5:f7:8c:65:dc:73:
                    22:c5:c5:14:a9:89:04:f4:77:62:f7:93:80:b6:e4:
                    db:4e:0e:b1:a4:6e:8e:02:98:8a:a7:fd:fd:bf:3d:
                    56:73:da:f2:fa:c3:39:65:6a:fe:d2:ee:61:2b:c8:
                    0d:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BC:1E:47:F7:CA:C4:F3:E4:12:7F:EA:4E:26:84:D7:78:6E:21:66:F3
            X509v3 Authority Key Identifier:
                keyid:5C:0A:B4:25:F2:B4:23:5E:1C:81:56:83:BD:6C:8E:8B:7B:80:B7:27

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A917F8A9/2AA0433094F011EA83EF1E7DC4F9AE02/XAq0JfK0I14cgVaDvWyOi3uAtyc.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/XAq0JfK0I14cgVaDvWyOi3uAtyc.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A917F8A9/2AA0433094F011EA83EF1E7DC4F9AE02/83DC30E0D0DB11EA9336962FC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.86.52.0/22

    Signature Algorithm: sha256WithRSAEncryption
         d7:89:d6:64:0e:b0:da:8e:1c:d8:8f:a7:1b:62:05:5a:b7:22:
         a4:5d:66:eb:bd:07:59:be:d9:a6:a4:0c:b0:76:4c:a5:99:8a:
         1c:60:42:b0:ac:41:48:de:95:40:8a:73:23:06:7a:53:0a:24:
         03:a9:5c:7d:a2:dc:fa:c7:3f:b8:65:51:31:cb:a6:37:46:db:
         f4:88:df:4a:5c:21:a9:6b:7b:29:22:77:91:95:e2:39:36:3c:
         8d:4a:84:df:64:c4:31:cd:c7:c5:76:e8:c1:41:52:8d:cd:cd:
         40:08:47:bc:2e:03:d4:2d:23:19:db:d0:96:57:04:60:a2:01:
         c1:41:4d:00:5d:c6:8c:a1:d2:9d:2c:df:7d:98:dd:98:a3:9d:
         f8:2e:69:45:62:7e:c4:9b:fb:c7:60:d4:9e:63:3b:0f:4a:f8:
         7c:1e:fb:10:ed:6e:ed:91:ea:f2:d0:1e:01:2c:c3:bb:41:46:
         91:32:cd:4a:ec:2e:28:66:a6:cb:3f:59:2c:42:ed:cd:3d:74:
         48:df:19:7b:95:9c:5a:e2:19:d2:ba:5c:91:26:32:8b:c7:9d:
         44:55:3f:d2:af:8a:8e:e3:44:61:2d:6e:6d:fa:1d:8d:b8:43:
         54:fc:f2:ee:9b:aa:dd:f5:8a:d9:6d:40:f0:81:3a:c7:ad:76:
         f4:07:29:1e
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICCKkwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
N0Y4QTkxMTAvBgNVBAUTKDVDMEFCNDI1RjJCNDIzNUUxQzgxNTY4M0JENkM4RThC
N0I4MEI3MjcwHhcNMjQwNDA0MjIwMDEzWhcNMjUwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02NjBmMjJlZC01NTQzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAvBbUhVxa7AD9EnvF0IL29ig0K+jgOdl1KeG8OxJBXuQKyAXtaBhIO6QDouMR
xd1TYD+pN1/JQvaVKY+gTrXsqD+JWhJp9bnaS2UpAzcSGTEGy10g8IyUY8Qe7E5/
Vb363t2bZZvquspAJp6eK2UhD1OXhne8A949DZdHGAwcA1Py6dzVa0KlIUifWL5p
OeT87fX2xnY63+5epLsHlmxEGrtdBD2dgGp+HqZ9aX4EFwbi1KLFKCfx4mEh2K9A
tiNg3VHWplwHbApss1v194xl3HMixcUUqYkE9Hdi95OAtuTbTg6xpG6OApiKp/39
vz1Wc9ry+sM5ZWr+0u5hK8gN3QIDAQABo4IClTCCApEwHQYDVR0OBBYEFLweR/fK
xPPkEn/qTiaE13huIWbzMB8GA1UdIwQYMBaAFFwKtCXytCNeHIFWg71sjot7gLcn
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3RjhBOS8yQUEwNDMzMDk0
RjAxMUVBODNFRjFFN0RDNEY5QUUwMi9YQXEwSmZLMEkxNGNnVmFEdld5T2kzdUF0
eWMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1hBcTBKZkswSTE0Y2dWYUR2V3lPaTN1QXR5Yy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
N0Y4QTkvMkFBMDQzMzA5NEYwMTFFQTgzRUYxRTdEQzRGOUFFMDIvODNEQzMwRTBE
MERCMTFFQTkzMzY5NjJGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAJnVjQwDQYJKoZIhvcNAQELBQADggEBANeJ1mQOsNqOHNiP
pxtiBVq3IqRdZuu9B1m+2aakDLB2TKWZihxgQrCsQUjelUCKcyMGelMKJAOpXH2i
3PrHP7hlUTHLpjdG2/SI30pcIalreykid5GV4jk2PI1KhN9kxDHNx8V26MFBUo3N
zUAIR7wuA9QtIxnb0JZXBGCiAcFBTQBdxoyh0p0s332Y3ZijnfguaUVifsSb+8dg
1J5jOw9K+Hwe+xDtbu2R6vLQHgEsw7tBRpEyzUrsLihmpss/WSxC7c09dEjfGXuV
nFriGdK6XJEmMovHnURVP9Kvio7jRGEtbm36HY24Q1T88u6bqt31itltQPCBOset
dvQHKR4=
-----END CERTIFICATE-----
Generated at Fri Nov 22 22:14:32 2024 by rpki-client on console-ams.rpki-client.org