Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91A54FE/D6117DF6F6E911EEADBFFB52C4F9AE02/CD24A702015411EF83144341C4F9AE02.roa
File:                     CD24A702015411EF83144341C4F9AE02.roa (raw, json)
Hash identifier:          IQlxGBDm0ccdjlpT18ECed9Odt+DoMhDg+up6Oc4ECg=
Subject key identifier:   98:BA:EF:04:61:20:23:07:D6:2E:23:F2:67:E1:79:19:E3:6B:CB:76
Certificate issuer:       /CN=A91A54FE/serialNumber=6FC70906FBA6F4539452091932C45FFA4D8572B8
Certificate serial:       0E
Authority key identifier: 6F:C7:09:06:FB:A6:F4:53:94:52:09:19:32:C4:5F:FA:4D:85:72:B8
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/b8cJBvum9FOUUgkZMsRf-k2Fcrg.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91A54FE/D6117DF6F6E911EEADBFFB52C4F9AE02/CD24A702015411EF83144341C4F9AE02.roa
Signing time:             Tue 23 Apr 2024 09:35:20 +0000
ROA not before:           Tue 23 Apr 2024 09:35:20 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     9734
IP address blocks:        203.20.114.0/24 maxlen: 24
                          2001:df3:b540::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91A54FE/D6117DF6F6E911EEADBFFB52C4F9AE02/b8cJBvum9FOUUgkZMsRf-k2Fcrg.crl
                          rsync://rpki.apnic.net/member_repository/A91A54FE/D6117DF6F6E911EEADBFFB52C4F9AE02/b8cJBvum9FOUUgkZMsRf-k2Fcrg.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/b8cJBvum9FOUUgkZMsRf-k2Fcrg.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 22 Jun 2024 02:50:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 14 (0xe)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91A54FE/serialNumber=6FC70906FBA6F4539452091932C45FFA4D8572B8
        Validity
            Not Before: Apr 23 09:35:20 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=662780d8-f460
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:38:c5:7a:65:e8:3d:8e:95:24:f0:66:42:26:
                    54:3e:21:76:d1:bf:37:39:33:f1:95:e8:fa:cd:cc:
                    3b:ee:52:50:04:98:dd:00:d0:0a:08:bc:5e:2a:24:
                    bf:2a:13:22:7e:79:28:b7:bf:a7:11:4f:2c:9b:7c:
                    53:63:eb:b5:5d:d7:d9:06:f0:59:8e:e7:99:21:65:
                    0f:1c:14:b0:08:45:51:2d:85:95:bb:46:59:26:08:
                    28:ed:84:09:59:db:6b:8a:90:3f:71:10:c5:da:df:
                    f6:34:c4:b5:eb:47:8b:d0:0a:50:4e:01:33:ef:29:
                    49:71:64:26:5b:3f:cb:0a:4c:ab:3a:7e:8b:80:be:
                    e1:96:7e:bb:de:56:4c:62:1e:ae:1d:7e:b0:3e:94:
                    07:1a:b1:dc:4a:5d:54:6c:fb:61:71:a1:77:cd:1a:
                    a1:09:b3:a8:08:d7:3e:72:98:f8:6b:80:84:db:2a:
                    fd:45:f5:c2:e8:a3:8f:53:7b:b7:70:75:50:6a:87:
                    80:3e:a5:96:7f:c2:02:4c:df:7a:84:b8:1c:5f:db:
                    80:62:95:a0:4d:e9:eb:5f:01:62:c4:58:e7:0e:06:
                    16:26:26:ed:29:2c:1e:b0:0c:2d:b0:2d:15:45:93:
                    64:95:e7:c9:c9:d8:cd:54:c0:66:70:4c:25:69:35:
                    41:3f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                98:BA:EF:04:61:20:23:07:D6:2E:23:F2:67:E1:79:19:E3:6B:CB:76
            X509v3 Authority Key Identifier:
                keyid:6F:C7:09:06:FB:A6:F4:53:94:52:09:19:32:C4:5F:FA:4D:85:72:B8

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91A54FE/D6117DF6F6E911EEADBFFB52C4F9AE02/b8cJBvum9FOUUgkZMsRf-k2Fcrg.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/b8cJBvum9FOUUgkZMsRf-k2Fcrg.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A54FE/D6117DF6F6E911EEADBFFB52C4F9AE02/CD24A702015411EF83144341C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.20.114.0/24
                IPv6:
                  2001:df3:b540::/48

    Signature Algorithm: sha256WithRSAEncryption
         71:cc:96:e7:2f:db:49:83:10:a6:18:db:6b:f5:62:6c:c5:d1:
         fc:f8:73:9a:19:64:3a:51:52:96:39:05:26:30:34:b1:32:b3:
         51:0d:f5:91:6b:0e:1e:ec:1d:d6:e0:28:8b:58:de:cd:80:43:
         eb:be:f5:85:4d:67:4f:6e:ad:02:5b:59:f7:c4:9b:5e:08:b8:
         df:9a:3b:8b:e0:5a:d7:e5:01:44:93:f0:e0:26:77:77:0f:09:
         6b:1d:c7:67:87:41:8c:dd:85:40:9a:7e:ce:76:3f:36:a3:f6:
         0e:5b:ba:73:b2:73:fb:a1:51:04:99:73:d8:3b:d3:d7:70:33:
         bb:4d:88:8c:a6:f5:3f:01:c7:d0:68:e5:99:58:fc:f6:e6:c5:
         ff:4a:d2:c0:96:11:ab:1e:8c:6d:9e:a4:dd:0e:15:d7:d2:69:
         3d:e0:ae:4e:a9:7c:04:e1:09:20:4b:71:d0:20:ee:a1:66:1c:
         49:99:0a:38:f1:6f:65:fc:ec:b2:7f:73:ce:f2:1f:b8:ec:7b:
         ff:cc:99:1b:b1:8e:fe:6b:45:43:d0:cf:06:66:5d:d4:c3:89:
         f9:75:6d:83:78:8e:7b:a8:f4:c0:1c:6d:01:53:c1:21:3c:a9:
         23:ff:0e:7c:27:94:8e:63:1e:3c:46:ae:86:e7:4e:a2:8e:ad:
         d0:fa:8b:78
-----BEGIN CERTIFICATE-----
MIIFgTCCBGmgAwIBAgIBDjANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFB
NTRGRTExMC8GA1UEBRMoNkZDNzA5MDZGQkE2RjQ1Mzk0NTIwOTE5MzJDNDVGRkE0
RDg1NzJCODAeFw0yNDA0MjMwOTM1MjBaFw0yNTA3MDEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY2Mjc4MGQ4LWY0NjAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQC5OMV6Zeg9jpUk8GZCJlQ+IXbRvzc5M/GV6PrNzDvuUlAEmN0A0AoIvF4qJL8q
EyJ+eSi3v6cRTyybfFNj67Vd19kG8FmO55khZQ8cFLAIRVEthZW7RlkmCCjthAlZ
22uKkD9xEMXa3/Y0xLXrR4vQClBOATPvKUlxZCZbP8sKTKs6fouAvuGWfrveVkxi
Hq4dfrA+lAcasdxKXVRs+2FxoXfNGqEJs6gI1z5ymPhrgITbKv1F9cLoo49Te7dw
dVBqh4A+pZZ/wgJM33qEuBxf24BilaBN6etfAWLEWOcOBhYmJu0pLB6wDC2wLRVF
k2SV58nJ2M1UwGZwTCVpNUE/AgMBAAGjggKmMIICojAdBgNVHQ4EFgQUmLrvBGEg
IwfWLiPyZ+F5GeNry3YwHwYDVR0jBBgwFoAUb8cJBvum9FOUUgkZMsRf+k2Fcrgw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUE1NEZFL0Q2MTE3REY2RjZF
OTExRUVBREJGRkI1MkM0RjlBRTAyL2I4Y0pCdnVtOUZPVVVna1pNc1JmLWsyRmNy
Zy5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvYjhjSkJ2dW05Rk9VVWdrWk1zUmYtazJGY3JnLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFB
NTRGRS9ENjExN0RGNkY2RTkxMUVFQURCRkZCNTJDNEY5QUUwMi9DRDI0QTcwMjAx
NTQxMUVGODMxNDQzNDFDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAwBggrBgEFBQcBBwEB/wQh
MB8wDAQCAAEwBgMEAMsUcjAPBAIAAjAJAwcAIAEN87VAMA0GCSqGSIb3DQEBCwUA
A4IBAQBxzJbnL9tJgxCmGNtr9WJsxdH8+HOaGWQ6UVKWOQUmMDSxMrNRDfWRaw4e
7B3W4CiLWN7NgEPrvvWFTWdPbq0CW1n3xJteCLjfmjuL4FrX5QFEk/DgJnd3Dwlr
Hcdnh0GM3YVAmn7Odj82o/YOW7pzsnP7oVEEmXPYO9PXcDO7TYiMpvU/AcfQaOWZ
WPz25sX/StLAlhGrHoxtnqTdDhXX0mk94K5OqXwE4QkgS3HQIO6hZhxJmQo48W9l
/Oyyf3PO8h+47Hv/zJkbsY7+a0VD0M8GZl3Uw4n5dW2DeI57qPTAHG0BU8EhPKkj
/w58J5SOYx48Rq6G506ijq3Q+ot4
-----END CERTIFICATE-----
Generated at Sat Jun 15 10:17:35 2024 by rpki-client on console-fra.rpki-client.org