Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A919D530/5E55F656406411EFA3C5B827C4F9AE02/A48F17F6406411EF96445E28C4F9AE02.roa
File:                     A48F17F6406411EF96445E28C4F9AE02.roa (raw, json)
Hash identifier:          tty+LCDvang4Y0BeMpj6lCM+SIBVUZxAkloasgq2izo=
Subject key identifier:   36:30:EF:06:EF:79:C1:D5:04:45:3A:65:7A:45:85:F1:94:07:46:97
Certificate issuer:       /CN=A919D530/serialNumber=82E42386CD01F88680DD300DFBFFA2B6D2E7E4E6
Certificate serial:       04
Authority key identifier: 82:E4:23:86:CD:01:F8:86:80:DD:30:0D:FB:FF:A2:B6:D2:E7:E4:E6
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/guQjhs0B-IaA3TAN-_-ittLn5OY.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A919D530/5E55F656406411EFA3C5B827C4F9AE02/A48F17F6406411EF96445E28C4F9AE02.roa
Signing time:             Fri 12 Jul 2024 17:27:29 +0000
ROA not before:           Fri 12 Jul 2024 17:27:29 +0000
ROA not after:            Wed 28 May 2025 00:00:00 +0000
asID:                     56067
IP address blocks:        103.30.124.0/22 maxlen: 22
                          103.30.124.0/24 maxlen: 24
                          103.30.125.0/24 maxlen: 24
                          103.30.126.0/24 maxlen: 24
                          103.30.127.0/24 maxlen: 24
                          2404:8240::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A919D530/5E55F656406411EFA3C5B827C4F9AE02/guQjhs0B-IaA3TAN-_-ittLn5OY.crl
                          rsync://rpki.apnic.net/member_repository/A919D530/5E55F656406411EFA3C5B827C4F9AE02/guQjhs0B-IaA3TAN-_-ittLn5OY.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/guQjhs0B-IaA3TAN-_-ittLn5OY.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 30 Nov 2024 02:50:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4 (0x4)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A919D530/serialNumber=82E42386CD01F88680DD300DFBFFA2B6D2E7E4E6
        Validity
            Not Before: Jul 12 17:27:29 2024 GMT
            Not After : May 28 00:00:00 2025 GMT
        Subject: CN=66916781-a3cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:05:47:ad:03:4e:5d:61:58:48:46:e8:9d:0e:
                    82:6f:c3:6d:e1:de:c0:1e:d7:7f:ca:89:a9:c9:1d:
                    9b:78:b3:23:d3:e6:d0:b3:7d:71:1f:63:9c:26:b4:
                    70:f2:4e:18:82:d0:ac:89:e0:75:56:d2:d9:bb:ed:
                    02:a1:fc:62:3c:30:b2:61:e7:05:d3:de:64:1a:fd:
                    dd:27:0d:32:9a:7d:89:76:20:38:23:6d:2a:44:12:
                    00:57:f0:00:55:78:6a:03:43:61:bf:b1:2b:d7:b9:
                    8b:dd:44:20:81:c1:95:fc:84:91:d5:d0:34:24:b0:
                    ce:33:f1:28:4c:52:9a:b1:2e:a6:5a:73:f3:80:7b:
                    ed:22:c4:32:90:93:42:7c:32:a8:9c:e9:28:21:34:
                    2a:81:39:be:43:01:f3:e6:77:e4:a7:2b:96:88:1a:
                    64:aa:6d:af:46:f2:60:06:de:f3:a8:bc:ce:9e:42:
                    7c:13:3d:49:fa:2e:4c:96:e3:bc:76:0d:27:0a:5f:
                    c5:e9:0f:b4:94:8f:94:77:37:43:a7:6a:5e:23:3c:
                    1d:fa:bf:c9:f4:ab:e2:19:74:ac:69:ec:97:82:48:
                    3c:f6:b8:44:40:10:8d:47:61:cf:10:3f:20:bd:8b:
                    58:b0:11:93:f1:73:5a:43:cf:a5:27:7d:cb:79:03:
                    6a:1f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:30:EF:06:EF:79:C1:D5:04:45:3A:65:7A:45:85:F1:94:07:46:97
            X509v3 Authority Key Identifier:
                keyid:82:E4:23:86:CD:01:F8:86:80:DD:30:0D:FB:FF:A2:B6:D2:E7:E4:E6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A919D530/5E55F656406411EFA3C5B827C4F9AE02/guQjhs0B-IaA3TAN-_-ittLn5OY.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/guQjhs0B-IaA3TAN-_-ittLn5OY.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A919D530/5E55F656406411EFA3C5B827C4F9AE02/A48F17F6406411EF96445E28C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.30.124.0/22
                IPv6:
                  2404:8240::/32

    Signature Algorithm: sha256WithRSAEncryption
         4f:d0:bf:3f:dd:19:93:68:a1:29:3b:16:78:6e:6e:f2:39:c6:
         9e:a3:72:45:40:7d:9a:31:5a:ff:d3:b2:9b:a9:b8:d1:80:9a:
         2d:f8:ef:90:99:9f:98:a1:18:ee:c8:d5:34:d1:08:70:45:b8:
         f1:fb:7e:4e:76:d9:45:53:af:3a:e9:ab:36:20:d0:56:ed:c1:
         02:a7:e6:8e:7a:a5:4b:33:20:bb:92:7a:5a:c0:4e:6a:0e:65:
         a0:dc:78:4e:e5:2a:e1:7e:21:79:00:c0:26:e1:ef:79:c1:fb:
         9a:93:77:27:68:a2:a6:6e:53:12:0a:95:1e:ab:91:3c:7f:61:
         6b:8b:17:13:0f:ca:68:25:12:3c:51:ae:10:ec:ba:d1:90:3b:
         6a:62:08:be:6f:5b:72:fb:8d:99:aa:d8:14:1c:8c:c8:54:8b:
         fd:bc:ab:08:d7:96:9c:8c:9d:0b:85:23:03:da:bd:0b:59:ad:
         c8:1b:b2:f5:07:05:e7:d4:6f:b8:44:62:b1:72:77:8e:70:38:
         8d:58:3b:bb:40:81:9c:6a:e4:9a:79:63:1b:84:3f:14:d1:75:
         33:5a:26:4d:11:39:b4:6c:62:be:2c:c9:06:ec:0e:96:f6:fb:
         a8:cc:57:79:39:84:a5:42:a0:cc:a2:d1:c2:33:f5:a4:8f:00:
         db:b7:6e:77
-----BEGIN CERTIFICATE-----
MIIFfzCCBGegAwIBAgIBBDANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTE5
RDUzMDExMC8GA1UEBRMoODJFNDIzODZDRDAxRjg4NjgwREQzMDBERkJGRkEyQjZE
MkU3RTRFNjAeFw0yNDA3MTIxNzI3MjlaFw0yNTA1MjgwMDAwMDBaMBgxFjAUBgNV
BAMTDTY2OTE2NzgxLWEzY2MwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDVBUetA05dYVhIRuidDoJvw23h3sAe13/KianJHZt4syPT5tCzfXEfY5wmtHDy
ThiC0KyJ4HVW0tm77QKh/GI8MLJh5wXT3mQa/d0nDTKafYl2IDgjbSpEEgBX8ABV
eGoDQ2G/sSvXuYvdRCCBwZX8hJHV0DQksM4z8ShMUpqxLqZac/OAe+0ixDKQk0J8
Mqic6SghNCqBOb5DAfPmd+SnK5aIGmSqba9G8mAG3vOovM6eQnwTPUn6LkyW47x2
DScKX8XpD7SUj5R3N0Onal4jPB36v8n0q+IZdKxp7JeCSDz2uERAEI1HYc8QPyC9
i1iwEZPxc1pDz6Unfct5A2ofAgMBAAGjggKkMIICoDAdBgNVHQ4EFgQUNjDvBu95
wdUERTplekWF8ZQHRpcwHwYDVR0jBBgwFoAUguQjhs0B+IaA3TAN+/+ittLn5OYw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTlENTMwLzVFNTVGNjU2NDA2
NDExRUZBM0M1QjgyN0M0RjlBRTAyL2d1UWpoczBCLUlhQTNUQU4tXy1pdHRMbjVP
WS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvZ3VRamhzMEItSWFBM1RBTi1fLWl0dExuNU9ZLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5
RDUzMC81RTU1RjY1NjQwNjQxMUVGQTNDNUI4MjdDNEY5QUUwMi9BNDhGMTdGNjQw
NjQxMUVGOTY0NDVFMjhDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAuBggrBgEFBQcBBwEB/wQf
MB0wDAQCAAEwBgMEAmcefDANBAIAAjAHAwUAJASCQDANBgkqhkiG9w0BAQsFAAOC
AQEAT9C/P90Zk2ihKTsWeG5u8jnGnqNyRUB9mjFa/9Oym6m40YCaLfjvkJmfmKEY
7sjVNNEIcEW48ft+TnbZRVOvOumrNiDQVu3BAqfmjnqlSzMgu5J6WsBOag5loNx4
TuUq4X4heQDAJuHvecH7mpN3J2iipm5TEgqVHquRPH9ha4sXEw/KaCUSPFGuEOy6
0ZA7amIIvm9bcvuNmarYFByMyFSL/byrCNeWnIydC4UjA9q9C1mtyBuy9QcF59Rv
uERisXJ3jnA4jVg7u0CBnGrkmnljG4Q/FNF1M1omTRE5tGxivizJBuwOlvb7qMxX
eTmEpUKgzKLRwjP1pI8A27dudw==
-----END CERTIFICATE-----
Generated at Sat Nov 23 06:21:28 2024 by rpki-client on console-fra.rpki-client.org