Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9198FD0/20B4BD803DD511ECB7266464C4F9AE02/8327C2403DE011ECAB508171C4F9AE02.roa
File:                     8327C2403DE011ECAB508171C4F9AE02.roa (raw, json)
Hash identifier:          Sa14PRGt0bBOrLuIs7j8Gc0qLkwHSO6EtTYwSlnujqM=
Subject key identifier:   47:41:96:67:DD:E2:D0:8F:83:05:06:F0:11:DB:4C:17:4A:AA:E7:6F
Certificate issuer:       /CN=A9198FD0/serialNumber=9D604777A0AC7BE6AA0810B025EB493EA6DD3463
Certificate serial:       03D2
Authority key identifier: 9D:60:47:77:A0:AC:7B:E6:AA:08:10:B0:25:EB:49:3E:A6:DD:34:63
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/nWBHd6Cse-aqCBCwJetJPqbdNGM.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9198FD0/20B4BD803DD511ECB7266464C4F9AE02/8327C2403DE011ECAB508171C4F9AE02.roa
Signing time:             Sun 19 May 2024 02:36:41 +0000
ROA not before:           Sun 19 May 2024 02:36:41 +0000
ROA not after:            Wed 30 Jul 2025 00:00:00 +0000
asID:                     132797
IP address blocks:        103.25.229.0/24 maxlen: 24
                          2001:dec::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9198FD0/20B4BD803DD511ECB7266464C4F9AE02/nWBHd6Cse-aqCBCwJetJPqbdNGM.crl
                          rsync://rpki.apnic.net/member_repository/A9198FD0/20B4BD803DD511ECB7266464C4F9AE02/nWBHd6Cse-aqCBCwJetJPqbdNGM.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/nWBHd6Cse-aqCBCwJetJPqbdNGM.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 29 Nov 2024 20:43:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 978 (0x3d2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9198FD0/serialNumber=9D604777A0AC7BE6AA0810B025EB493EA6DD3463
        Validity
            Not Before: May 19 02:36:41 2024 GMT
            Not After : Jul 30 00:00:00 2025 GMT
        Subject: CN=664965b9-5486
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a3:dc:e5:96:98:ac:84:f7:f8:4e:0b:cc:cb:f4:
                    e2:19:d2:62:a0:9b:f8:59:d8:bc:15:eb:38:fc:7c:
                    0f:35:72:0c:c6:75:29:d1:dd:2d:53:50:c8:a3:5a:
                    fd:21:a8:c2:da:c6:da:8c:2b:a5:36:36:c6:6d:01:
                    7a:85:b9:f8:eb:51:a9:36:3c:97:80:46:71:e6:77:
                    f0:c7:08:59:3c:6b:0b:87:c7:9f:11:3d:2b:35:b5:
                    7b:c6:9f:e0:40:67:6a:80:76:a7:31:f4:f6:68:39:
                    cb:4b:45:97:48:6b:87:e6:f9:72:76:ab:b7:fd:df:
                    0a:68:6f:2c:53:a7:c0:fa:a0:de:3a:de:87:c5:22:
                    ff:11:fe:40:10:d1:69:94:a6:54:54:11:07:45:fe:
                    cd:74:e2:43:81:cd:16:72:5d:fc:a5:df:be:cc:3a:
                    de:f2:3d:91:b7:e9:49:f2:58:b6:36:42:f7:dc:0b:
                    ad:b9:06:08:24:66:14:29:e2:d0:cf:a1:19:db:58:
                    72:70:4f:3d:3b:cc:19:89:05:ea:9b:3d:de:96:9f:
                    82:9e:76:d5:23:a6:81:36:e4:d7:34:c4:be:11:c8:
                    de:c8:35:99:97:fa:b9:62:97:8b:e9:71:94:cf:d4:
                    b3:be:1e:06:ba:8b:03:93:35:84:74:1f:27:9a:d8:
                    18:e9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                47:41:96:67:DD:E2:D0:8F:83:05:06:F0:11:DB:4C:17:4A:AA:E7:6F
            X509v3 Authority Key Identifier:
                keyid:9D:60:47:77:A0:AC:7B:E6:AA:08:10:B0:25:EB:49:3E:A6:DD:34:63

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9198FD0/20B4BD803DD511ECB7266464C4F9AE02/nWBHd6Cse-aqCBCwJetJPqbdNGM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/nWBHd6Cse-aqCBCwJetJPqbdNGM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9198FD0/20B4BD803DD511ECB7266464C4F9AE02/8327C2403DE011ECAB508171C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.25.229.0/24
                IPv6:
                  2001:dec::/48

    Signature Algorithm: sha256WithRSAEncryption
         36:e3:bc:3c:57:ec:53:1e:b0:d7:b8:a1:50:1b:96:1a:92:81:
         4b:82:cf:17:d9:34:4c:fc:ce:e8:60:5e:09:85:c9:c1:88:d4:
         7d:f4:d2:c0:60:65:9a:4e:8d:22:2c:da:fd:ba:8a:bf:da:53:
         32:26:fc:54:6c:49:11:ef:6e:8a:1b:ee:7b:a3:e9:4f:2d:39:
         6f:7d:0c:5f:4b:d1:c3:00:01:d1:83:40:29:b6:50:11:26:f2:
         72:05:17:9b:6b:8b:18:dd:22:be:cd:19:07:90:67:da:1a:94:
         ab:4d:bf:b0:6e:d9:cf:c0:3b:51:d8:20:39:b5:39:c6:94:2a:
         03:15:4c:c1:49:8f:28:85:da:07:20:70:ab:50:a7:ed:a1:3c:
         07:05:64:43:0c:f0:d1:e3:9c:46:6e:3e:36:9b:0a:1e:71:ad:
         fc:bc:82:92:c9:fe:c0:0d:94:0e:84:46:ee:30:28:fc:48:e3:
         17:70:7a:66:19:2c:b2:c0:01:8b:1d:05:bb:2e:31:e8:66:05:
         29:27:83:9e:db:8a:09:e0:9e:f3:d6:6e:a7:8b:ef:ae:fe:f1:
         b1:dc:61:02:99:f0:a4:29:ed:c7:a1:81:32:3a:94:d7:c8:38:
         ee:a3:ca:3a:c2:44:b6:fa:08:d9:e1:14:08:28:4d:22:09:28:
         e5:c5:14:99
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICA9IwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OThGRDAxMTAvBgNVBAUTKDlENjA0Nzc3QTBBQzdCRTZBQTA4MTBCMDI1RUI0OTNF
QTZERDM0NjMwHhcNMjQwNTE5MDIzNjQxWhcNMjUwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjQ5NjViOS01NDg2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAo9zllpishPf4TgvMy/TiGdJioJv4Wdi8Fes4/HwPNXIMxnUp0d0tU1DIo1r9
IajC2sbajCulNjbGbQF6hbn461GpNjyXgEZx5nfwxwhZPGsLh8efET0rNbV7xp/g
QGdqgHanMfT2aDnLS0WXSGuH5vlydqu3/d8KaG8sU6fA+qDeOt6HxSL/Ef5AENFp
lKZUVBEHRf7NdOJDgc0Wcl38pd++zDre8j2Rt+lJ8li2NkL33AutuQYIJGYUKeLQ
z6EZ21hycE89O8wZiQXqmz3elp+CnnbVI6aBNuTXNMS+EcjeyDWZl/q5YpeL6XGU
z9Szvh4GuosDkzWEdB8nmtgY6QIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFEdBlmfd
4tCPgwUG8BHbTBdKqudvMB8GA1UdIwQYMBaAFJ1gR3egrHvmqggQsCXrST6m3TRj
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5OEZEMC8yMEI0QkQ4MDNE
RDUxMUVDQjcyNjY0NjRDNEY5QUUwMi9uV0JIZDZDc2UtYXFDQkN3SmV0SlBxYmRO
R00uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL25XQkhkNkNzZS1hcUNCQ3dKZXRKUHFiZE5HTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OThGRDAvMjBCNEJEODAzREQ1MTFFQ0I3MjY2NDY0QzRGOUFFMDIvODMyN0MyNDAz
REUwMTFFQ0FCNTA4MTcxQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBABnGeUwDwQCAAIwCQMHACABDewAADANBgkqhkiG9w0BAQsF
AAOCAQEANuO8PFfsUx6w17ihUBuWGpKBS4LPF9k0TPzO6GBeCYXJwYjUffTSwGBl
mk6NIiza/bqKv9pTMib8VGxJEe9uihvue6PpTy05b30MX0vRwwAB0YNAKbZQESby
cgUXm2uLGN0ivs0ZB5Bn2hqUq02/sG7Zz8A7UdggObU5xpQqAxVMwUmPKIXaByBw
q1Cn7aE8BwVkQwzw0eOcRm4+NpsKHnGt/LyCksn+wA2UDoRG7jAo/EjjF3B6Zhks
ssABix0Fuy4x6GYFKSeDntuKCeCe89Zup4vvrv7xsdxhApnwpCntx6GBMjqU18g4
7qPKOsJEtvoI2eEUCChNIgko5cUUmQ==
-----END CERTIFICATE-----
Generated at Sat Nov 23 00:49:36 2024 by rpki-client on console-fra.rpki-client.org