Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A918D3A9/BB7FFB8E3A9211E9B52DCF53C4F9AE02/D4F3A2B4DBCD11EE9B6F4669C4F9AE02.roa
File:                     D4F3A2B4DBCD11EE9B6F4669C4F9AE02.roa (raw, json)
Hash identifier:          djH0DEstrjY1MlI/KGVSozlxQ/scosHYDHl38KhovH4=
Subject key identifier:   8B:0B:F3:7A:53:75:C0:65:F6:C0:A1:8C:1B:54:6C:1C:A6:93:37:D4
Certificate issuer:       /CN=A918D3A9/serialNumber=1968423ED6D2495880A56A6DB02BC67298C5E686
Certificate serial:       0F85
Authority key identifier: 19:68:42:3E:D6:D2:49:58:80:A5:6A:6D:B0:2B:C6:72:98:C5:E6:86
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/GWhCPtbSSViApWptsCvGcpjF5oY.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A918D3A9/BB7FFB8E3A9211E9B52DCF53C4F9AE02/D4F3A2B4DBCD11EE9B6F4669C4F9AE02.roa
Signing time:             Wed 06 Mar 2024 15:25:58 +0000
ROA not before:           Wed 06 Mar 2024 15:25:58 +0000
ROA not after:            Sun 02 Mar 2025 00:00:00 +0000
asID:                     137955
IP address blocks:        103.103.194.0/24 maxlen: 24
                          103.116.192.0/24 maxlen: 24
                          2405:1340::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A918D3A9/BB7FFB8E3A9211E9B52DCF53C4F9AE02/GWhCPtbSSViApWptsCvGcpjF5oY.crl
                          rsync://rpki.apnic.net/member_repository/A918D3A9/BB7FFB8E3A9211E9B52DCF53C4F9AE02/GWhCPtbSSViApWptsCvGcpjF5oY.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/GWhCPtbSSViApWptsCvGcpjF5oY.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 01 Dec 2024 17:11:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3973 (0xf85)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A918D3A9/serialNumber=1968423ED6D2495880A56A6DB02BC67298C5E686
        Validity
            Not Before: Mar  6 15:25:58 2024 GMT
            Not After : Mar  2 00:00:00 2025 GMT
        Subject: CN=65e88b06-c658
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:03:fd:72:12:83:d9:a4:89:54:07:03:7b:cb:
                    d6:8d:16:26:15:7b:ad:d9:87:8b:89:a4:38:00:43:
                    f5:08:13:34:5e:21:41:9d:77:78:d5:0a:12:0c:d8:
                    6d:53:b7:d8:98:aa:be:ff:09:ee:cb:e0:d0:99:14:
                    16:47:4c:60:6a:23:84:8d:fd:d8:ee:f5:8c:21:97:
                    83:81:22:5a:60:9b:36:c4:43:f1:9f:b9:48:e9:83:
                    78:82:d0:7a:99:8d:57:06:e5:06:4b:4c:e3:62:c7:
                    f8:9a:ed:a8:3e:af:3d:c8:6c:ea:4a:cf:b0:37:40:
                    ec:e7:67:3d:90:c8:e2:85:de:3f:6f:a9:43:40:4d:
                    fe:08:a1:45:d5:86:9d:e3:63:be:a7:5e:de:dd:ca:
                    f4:50:3b:e7:86:9d:a8:b2:90:18:4e:f3:d3:d8:f5:
                    3b:bb:3e:a9:02:2f:b6:56:42:f3:24:ae:ad:33:8e:
                    3e:e3:22:1c:76:b7:f9:fa:a4:a4:57:c4:1e:0e:4e:
                    80:39:6f:73:c1:e3:b2:93:21:29:d1:28:36:50:de:
                    e2:5e:b7:7c:60:aa:d4:82:de:65:08:bb:08:b3:28:
                    50:33:e5:20:2a:39:df:15:bb:20:36:60:b1:8b:f2:
                    b8:1b:e8:a1:68:3e:bc:27:a7:e4:48:d5:bd:c2:38:
                    24:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:0B:F3:7A:53:75:C0:65:F6:C0:A1:8C:1B:54:6C:1C:A6:93:37:D4
            X509v3 Authority Key Identifier:
                keyid:19:68:42:3E:D6:D2:49:58:80:A5:6A:6D:B0:2B:C6:72:98:C5:E6:86

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A918D3A9/BB7FFB8E3A9211E9B52DCF53C4F9AE02/GWhCPtbSSViApWptsCvGcpjF5oY.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/GWhCPtbSSViApWptsCvGcpjF5oY.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918D3A9/BB7FFB8E3A9211E9B52DCF53C4F9AE02/D4F3A2B4DBCD11EE9B6F4669C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.103.194.0/24
                  103.116.192.0/24
                IPv6:
                  2405:1340::/32

    Signature Algorithm: sha256WithRSAEncryption
         7c:19:47:38:55:ce:fb:cd:d5:8e:99:f0:18:3d:d2:0f:b3:b6:
         32:d8:06:ba:d3:d9:f6:da:30:d9:90:0a:01:1f:08:9d:29:98:
         a0:09:20:0e:df:28:40:b9:c1:0f:84:88:e4:b3:44:c3:69:aa:
         f2:86:74:06:b3:e1:88:8b:0c:4a:6a:06:11:50:60:80:2a:47:
         54:e9:78:62:ac:7b:28:59:25:bb:f7:7f:15:a3:79:f7:29:61:
         66:d4:46:ae:be:68:eb:62:d6:32:ed:4e:79:09:1f:34:08:ca:
         7c:87:ef:6b:ba:3c:50:b4:5c:54:4f:16:f5:b1:d5:27:dc:f4:
         54:03:ec:df:de:3b:f6:dc:07:90:a5:29:02:87:87:18:55:a5:
         80:78:a4:5a:56:90:10:e8:52:2a:bf:cb:92:9b:c9:87:03:8c:
         22:c7:80:1b:23:08:32:8f:cc:49:08:be:d6:e6:17:71:84:6c:
         93:34:c5:95:ef:2f:08:e5:e4:0e:b5:1b:7b:ce:2d:12:f9:ab:
         16:fd:09:37:26:e9:b7:82:c5:0a:8d:0d:45:1a:1c:99:83:3e:
         18:2b:36:1d:ef:55:2d:ba:bf:f4:0a:84:da:1d:a7:fc:16:d8:
         42:f5:6e:46:15:81:4c:c9:2e:83:51:e9:2e:ba:c4:92:d9:27:
         34:3f:8d:b2
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgICD4UwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OEQzQTkxMTAvBgNVBAUTKDE5Njg0MjNFRDZEMjQ5NTg4MEE1NkE2REIwMkJDNjcy
OThDNUU2ODYwHhcNMjQwMzA2MTUyNTU4WhcNMjUwMzAyMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWU4OGIwNi1jNjU4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAwwP9chKD2aSJVAcDe8vWjRYmFXut2YeLiaQ4AEP1CBM0XiFBnXd41QoSDNht
U7fYmKq+/wnuy+DQmRQWR0xgaiOEjf3Y7vWMIZeDgSJaYJs2xEPxn7lI6YN4gtB6
mY1XBuUGS0zjYsf4mu2oPq89yGzqSs+wN0Ds52c9kMjihd4/b6lDQE3+CKFF1Yad
42O+p17e3cr0UDvnhp2ospAYTvPT2PU7uz6pAi+2VkLzJK6tM44+4yIcdrf5+qSk
V8QeDk6AOW9zweOykyEp0Sg2UN7iXrd8YKrUgt5lCLsIsyhQM+UgKjnfFbsgNmCx
i/K4G+ihaD68J6fkSNW9wjgksQIDAQABo4ICqjCCAqYwHQYDVR0OBBYEFIsL83pT
dcBl9sChjBtUbBymkzfUMB8GA1UdIwQYMBaAFBloQj7W0klYgKVqbbArxnKYxeaG
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4RDNBOS9CQjdGRkI4RTNB
OTIxMUU5QjUyRENGNTNDNEY5QUUwMi9HV2hDUHRiU1NWaUFwV3B0c0N2R2NwakY1
b1kuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0dXaENQdGJTU1ZpQXBXcHRzQ3ZHY3BqRjVvWS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OEQzQTkvQkI3RkZCOEUzQTkyMTFFOUI1MkRDRjUzQzRGOUFFMDIvRDRGM0EyQjRE
QkNEMTFFRTlCNkY0NjY5QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNAYIKwYBBQUHAQcBAf8E
JTAjMBIEAgABMAwDBABnZ8IDBABndMAwDQQCAAIwBwMFACQFE0AwDQYJKoZIhvcN
AQELBQADggEBAHwZRzhVzvvN1Y6Z8Bg90g+ztjLYBrrT2fbaMNmQCgEfCJ0pmKAJ
IA7fKEC5wQ+EiOSzRMNpqvKGdAaz4YiLDEpqBhFQYIAqR1TpeGKseyhZJbv3fxWj
efcpYWbURq6+aOti1jLtTnkJHzQIynyH72u6PFC0XFRPFvWx1Sfc9FQD7N/eO/bc
B5ClKQKHhxhVpYB4pFpWkBDoUiq/y5KbyYcDjCLHgBsjCDKPzEkIvtbmF3GEbJM0
xZXvLwjl5A61G3vOLRL5qxb9CTcm6beCxQqNDUUaHJmDPhgrNh3vVS26v/QKhNod
p/wW2EL1bkYVgUzJLoNR6S66xJLZJzQ/jbI=
-----END CERTIFICATE-----
Generated at Sun Nov 24 18:36:23 2024 by rpki-client on console-fra.rpki-client.org