Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A919C19A/24AB2C3E4F8D11EC8157125FC4F9AE02/D9A7B280C4FA11EEA3AF2932C4F9AE02.roa
File:                     D9A7B280C4FA11EEA3AF2932C4F9AE02.roa (raw, json)
Hash identifier:          cJIwz/JsTDgsL3u8mdpUstTIr2TVgKDrX6Ae6kVf0Ps=
Subject key identifier:   A9:85:AC:A4:C1:A2:EF:FF:A9:B3:25:D4:00:A3:45:A8:65:65:0C:45
Certificate issuer:       /CN=A919C19A/serialNumber=D89CFF6D7D9551AE704D93E97553616C8DB13F5E
Certificate serial:       0376
Authority key identifier: D8:9C:FF:6D:7D:95:51:AE:70:4D:93:E9:75:53:61:6C:8D:B1:3F:5E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/2Jz_bX2VUa5wTZPpdVNhbI2xP14.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A919C19A/24AB2C3E4F8D11EC8157125FC4F9AE02/D9A7B280C4FA11EEA3AF2932C4F9AE02.roa
Signing time:             Tue 06 Feb 2024 14:20:17 +0000
ROA not before:           Tue 06 Feb 2024 14:20:17 +0000
ROA not after:            Sun 02 Mar 2025 00:00:00 +0000
asID:                     132366
IP address blocks:        103.159.127.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A919C19A/24AB2C3E4F8D11EC8157125FC4F9AE02/2Jz_bX2VUa5wTZPpdVNhbI2xP14.crl
                          rsync://rpki.apnic.net/member_repository/A919C19A/24AB2C3E4F8D11EC8157125FC4F9AE02/2Jz_bX2VUa5wTZPpdVNhbI2xP14.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/2Jz_bX2VUa5wTZPpdVNhbI2xP14.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 29 Nov 2024 20:43:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 886 (0x376)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A919C19A/serialNumber=D89CFF6D7D9551AE704D93E97553616C8DB13F5E
        Validity
            Not Before: Feb  6 14:20:17 2024 GMT
            Not After : Mar  2 00:00:00 2025 GMT
        Subject: CN=65c24021-01a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:42:17:a1:77:97:92:90:97:5c:bc:24:4c:0c:
                    d8:7f:81:f0:50:bd:79:9a:03:08:9e:7c:a8:70:04:
                    9f:4c:e9:75:49:f3:d3:7d:2e:e8:78:bb:09:f2:a7:
                    82:3e:6c:46:6e:2d:16:d4:ea:2a:d8:84:59:3d:79:
                    50:cc:74:89:c5:13:6f:81:2c:b8:b5:e5:0a:66:90:
                    b7:f3:c0:b2:41:33:51:56:22:fa:1b:13:a2:26:73:
                    8a:ae:e9:c5:e6:31:d6:dc:80:e4:79:9e:cd:ec:32:
                    28:21:c1:0d:ca:ba:d3:16:0c:13:f9:41:7f:eb:9f:
                    bb:c4:4c:42:a0:9d:7e:c9:17:97:95:72:82:f9:79:
                    e1:a0:07:56:ff:59:98:90:c1:8a:d9:f7:b0:36:ef:
                    e4:a1:1d:6c:b1:1b:59:e0:1d:1d:47:12:cb:1e:4b:
                    c5:5e:b2:8f:f0:49:79:32:c8:a2:d7:ea:a1:4c:ab:
                    ee:97:7e:b2:a9:af:6d:d8:80:ea:26:39:21:42:18:
                    da:fc:39:8b:ac:19:9b:5a:1f:57:cd:2f:89:bc:8b:
                    98:c5:0c:b3:ce:c8:18:6f:ad:4b:1d:bf:5f:61:31:
                    02:b0:e7:ab:c3:b5:30:44:c9:3e:ac:ba:6b:a6:c3:
                    4e:9a:84:0b:da:70:76:17:99:c5:c0:fb:71:17:ce:
                    5f:fb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A9:85:AC:A4:C1:A2:EF:FF:A9:B3:25:D4:00:A3:45:A8:65:65:0C:45
            X509v3 Authority Key Identifier:
                keyid:D8:9C:FF:6D:7D:95:51:AE:70:4D:93:E9:75:53:61:6C:8D:B1:3F:5E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A919C19A/24AB2C3E4F8D11EC8157125FC4F9AE02/2Jz_bX2VUa5wTZPpdVNhbI2xP14.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/2Jz_bX2VUa5wTZPpdVNhbI2xP14.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A919C19A/24AB2C3E4F8D11EC8157125FC4F9AE02/D9A7B280C4FA11EEA3AF2932C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.159.127.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:04:9c:ad:c6:0d:91:d0:a3:9e:db:10:bf:e5:d7:ac:8a:3d:
         02:4a:aa:0b:67:c5:5f:9f:28:b5:57:98:0d:24:e1:e5:f3:14:
         97:02:14:d9:f5:f9:6d:2d:0c:ae:ee:0b:a1:41:5c:5a:85:e3:
         3f:52:41:5b:e3:40:e7:4b:41:d7:39:13:6a:7b:1e:c3:32:1b:
         c5:ab:a2:89:20:07:67:2b:07:87:6e:b5:5c:11:ad:88:9d:84:
         23:e9:21:fe:a1:e7:3b:08:08:cd:21:9a:d0:3a:d4:37:52:5b:
         89:50:0f:25:bf:87:a4:67:71:9b:a8:fa:6e:4c:2e:69:dc:ad:
         ef:46:71:59:be:31:50:54:ab:d4:3d:cc:c1:49:15:e7:b5:9e:
         9e:b7:61:34:55:a9:f2:a1:69:9d:18:26:4e:75:61:8d:22:48:
         86:74:1d:5e:f3:36:be:7f:b2:a0:f9:cc:d0:66:69:d8:c0:aa:
         d2:4f:d3:55:c2:c9:92:69:56:5e:37:20:2d:58:a3:04:08:43:
         e6:e4:68:c7:5a:50:81:ce:96:42:cb:38:1c:f5:c0:9c:78:1f:
         c7:f6:aa:da:fd:b7:c7:4a:24:bd:74:80:66:ba:3b:c4:8b:69:
         42:f5:86:cc:1b:9e:1a:e6:4e:43:e5:fe:82:3a:21:15:ae:54:
         e7:35:70:f3
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICA3YwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OUMxOUExMTAvBgNVBAUTKEQ4OUNGRjZEN0Q5NTUxQUU3MDREOTNFOTc1NTM2MTZD
OERCMTNGNUUwHhcNMjQwMjA2MTQyMDE3WhcNMjUwMzAyMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWMyNDAyMS0wMWE0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAskIXoXeXkpCXXLwkTAzYf4HwUL15mgMInnyocASfTOl1SfPTfS7oeLsJ8qeC
PmxGbi0W1Ooq2IRZPXlQzHSJxRNvgSy4teUKZpC388CyQTNRViL6GxOiJnOKrunF
5jHW3IDkeZ7N7DIoIcENyrrTFgwT+UF/65+7xExCoJ1+yReXlXKC+XnhoAdW/1mY
kMGK2fewNu/koR1ssRtZ4B0dRxLLHkvFXrKP8El5Msii1+qhTKvul36yqa9t2IDq
JjkhQhja/DmLrBmbWh9XzS+JvIuYxQyzzsgYb61LHb9fYTECsOerw7UwRMk+rLpr
psNOmoQL2nB2F5nFwPtxF85f+wIDAQABo4IClTCCApEwHQYDVR0OBBYEFKmFrKTB
ou//qbMl1ACjRahlZQxFMB8GA1UdIwQYMBaAFNic/219lVGucE2T6XVTYWyNsT9e
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5QzE5QS8yNEFCMkMzRTRG
OEQxMUVDODE1NzEyNUZDNEY5QUUwMi8ySnpfYlgyVlVhNXdUWlBwZFZOaGJJMnhQ
MTQuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzJKel9iWDJWVWE1d1RaUHBkVk5oYkkyeFAxNC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OUMxOUEvMjRBQjJDM0U0RjhEMTFFQzgxNTcxMjVGQzRGOUFFMDIvRDlBN0IyODBD
NEZBMTFFRUEzQUYyOTMyQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBABnn38wDQYJKoZIhvcNAQELBQADggEBAJwEnK3GDZHQo57b
EL/l16yKPQJKqgtnxV+fKLVXmA0k4eXzFJcCFNn1+W0tDK7uC6FBXFqF4z9SQVvj
QOdLQdc5E2p7HsMyG8WrookgB2crB4dutVwRrYidhCPpIf6h5zsICM0hmtA61DdS
W4lQDyW/h6RncZuo+m5MLmncre9GcVm+MVBUq9Q9zMFJFee1np63YTRVqfKhaZ0Y
Jk51YY0iSIZ0HV7zNr5/sqD5zNBmadjAqtJP01XCyZJpVl43IC1YowQIQ+bkaMda
UIHOlkLLOBz1wJx4H8f2qtr9t8dKJL10gGa6O8SLaUL1hswbnhrmTkPl/oI6IRWu
VOc1cPM=
-----END CERTIFICATE-----
Generated at Sat Nov 23 00:49:36 2024 by rpki-client on console-fra.rpki-client.org