Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91A5C90/42E1FD2A3D2911ECB0BCD21FC4F9AE02/CDA06D9C3D2A11EC8ECCEB1FC4F9AE02.roa
File:                     CDA06D9C3D2A11EC8ECCEB1FC4F9AE02.roa (raw, json)
Hash identifier:          /e9BPLwzavFi7mOmK+pKtzCtyRFF2aMFazuZ5AqXg3Y=
Subject key identifier:   F6:E7:D2:58:60:04:07:57:48:C7:76:05:B6:20:14:D1:89:6E:A9:44
Certificate issuer:       /CN=A91A5C90/serialNumber=2F77F7ED34F66A6FC67080FB9B61BB26792F85A1
Certificate serial:       037D
Authority key identifier: 2F:77:F7:ED:34:F6:6A:6F:C6:70:80:FB:9B:61:BB:26:79:2F:85:A1
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/L3f37TT2am_GcID7m2G7JnkvhaE.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91A5C90/42E1FD2A3D2911ECB0BCD21FC4F9AE02/CDA06D9C3D2A11EC8ECCEB1FC4F9AE02.roa
Signing time:             Fri 15 Dec 2023 02:13:59 +0000
ROA not before:           Fri 15 Dec 2023 02:13:59 +0000
ROA not after:            Fri 31 Jan 2025 00:00:00 +0000
asID:                     14618
IP address blocks:        103.175.120.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91A5C90/42E1FD2A3D2911ECB0BCD21FC4F9AE02/L3f37TT2am_GcID7m2G7JnkvhaE.crl
                          rsync://rpki.apnic.net/member_repository/A91A5C90/42E1FD2A3D2911ECB0BCD21FC4F9AE02/L3f37TT2am_GcID7m2G7JnkvhaE.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/L3f37TT2am_GcID7m2G7JnkvhaE.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 03 Apr 2024 02:09:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 893 (0x37d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91A5C90/serialNumber=2F77F7ED34F66A6FC67080FB9B61BB26792F85A1
        Validity
            Not Before: Dec 15 02:13:59 2023 GMT
            Not After : Jan 31 00:00:00 2025 GMT
        Subject: CN=657bb667-fed1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:35:2f:47:9f:b4:56:d0:9a:97:89:74:25:4f:
                    af:c7:ea:e0:6b:6e:a5:75:9b:46:30:37:ff:a6:51:
                    f8:77:00:33:b9:99:a4:14:37:9e:af:28:6c:96:53:
                    fb:44:13:19:77:d0:a5:47:ec:40:c9:63:b6:7f:16:
                    ba:92:65:5e:93:d9:d5:aa:e9:1f:7b:e3:f4:b2:bc:
                    ad:0d:59:fe:d7:18:29:ac:70:2c:d4:1d:15:af:4a:
                    1d:d2:46:69:46:7f:dd:75:ee:b3:4d:84:87:ef:7b:
                    c1:a5:a2:41:8c:25:99:04:0d:d9:32:8a:d6:38:f0:
                    de:2c:5f:91:a8:8c:37:04:0b:9a:98:35:7f:10:66:
                    d4:f5:e6:59:55:e9:75:e3:cd:80:9f:9a:05:a4:90:
                    bd:bc:e0:97:d8:98:ed:dc:21:13:26:4d:30:7b:f1:
                    e4:c2:e8:65:fc:84:8c:80:da:ab:65:8d:97:80:7c:
                    5f:f1:37:ac:e8:d9:6b:30:ff:18:90:ea:6b:38:9a:
                    ef:d1:72:d8:ae:aa:a4:ca:40:de:16:98:bc:8a:4e:
                    b7:f3:b0:6e:80:34:bb:17:4b:78:43:2f:d0:f6:6c:
                    6e:31:c9:40:14:5c:e7:a2:e7:ec:ed:43:3c:b7:bd:
                    90:5d:1f:5c:da:54:10:01:63:bb:a5:ca:65:38:bd:
                    f5:e5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F6:E7:D2:58:60:04:07:57:48:C7:76:05:B6:20:14:D1:89:6E:A9:44
            X509v3 Authority Key Identifier:
                keyid:2F:77:F7:ED:34:F6:6A:6F:C6:70:80:FB:9B:61:BB:26:79:2F:85:A1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91A5C90/42E1FD2A3D2911ECB0BCD21FC4F9AE02/L3f37TT2am_GcID7m2G7JnkvhaE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/L3f37TT2am_GcID7m2G7JnkvhaE.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91A5C90/42E1FD2A3D2911ECB0BCD21FC4F9AE02/CDA06D9C3D2A11EC8ECCEB1FC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.175.120.0/23

    Signature Algorithm: sha256WithRSAEncryption
         31:29:c5:db:6a:22:ce:b6:ca:93:94:f6:36:24:1a:21:4c:a5:
         53:05:71:93:a3:45:4b:96:84:cb:9b:3e:1e:1a:03:16:bd:be:
         1a:4a:00:fd:86:b9:d3:f4:61:f7:c7:95:c6:ec:fc:cf:a5:f4:
         f0:57:4d:72:df:f8:06:f9:dc:b8:1c:7c:45:af:de:f2:14:ad:
         d9:6f:08:03:06:88:1f:a4:29:51:49:3a:ea:c0:51:70:d6:8e:
         37:47:ce:85:28:61:13:a5:79:17:19:66:b7:20:28:e1:f2:80:
         d6:db:45:93:6c:91:ad:52:11:09:31:82:7d:da:e8:0f:58:c2:
         b8:fd:29:c1:df:0e:e2:c7:af:cc:18:80:b3:78:4d:7e:20:75:
         79:19:f7:65:a0:44:a9:39:3a:b7:42:66:69:28:34:52:1e:1d:
         7f:92:fe:ce:4d:06:fc:d5:ce:19:8f:2f:a9:33:47:14:77:c2:
         51:7b:cd:39:6c:07:5c:b7:39:b1:28:2c:77:7a:23:a9:56:41:
         a8:17:64:7d:1c:e4:ae:76:56:44:58:90:f8:7e:22:7c:ec:2c:
         39:69:b0:90:d8:db:05:3c:58:71:7d:0a:0f:d8:a3:26:e9:78:
         4b:aa:46:7d:32:94:3e:6d:25:d4:45:eb:cb:61:87:ba:63:0d:
         9a:9d:3a:fd
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICA30wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QTVDOTAxMTAvBgNVBAUTKDJGNzdGN0VEMzRGNjZBNkZDNjcwODBGQjlCNjFCQjI2
NzkyRjg1QTEwHhcNMjMxMjE1MDIxMzU5WhcNMjUwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTdiYjY2Ny1mZWQxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA4DUvR5+0VtCal4l0JU+vx+rga26ldZtGMDf/plH4dwAzuZmkFDeeryhsllP7
RBMZd9ClR+xAyWO2fxa6kmVek9nVqukfe+P0srytDVn+1xgprHAs1B0Vr0od0kZp
Rn/dde6zTYSH73vBpaJBjCWZBA3ZMorWOPDeLF+RqIw3BAuamDV/EGbU9eZZVel1
482An5oFpJC9vOCX2Jjt3CETJk0we/Hkwuhl/ISMgNqrZY2XgHxf8Tes6NlrMP8Y
kOprOJrv0XLYrqqkykDeFpi8ik6387BugDS7F0t4Qy/Q9mxuMclAFFznoufs7UM8
t72QXR9c2lQQAWO7pcplOL315QIDAQABo4IClTCCApEwHQYDVR0OBBYEFPbn0lhg
BAdXSMd2BbYgFNGJbqlEMB8GA1UdIwQYMBaAFC939+009mpvxnCA+5thuyZ5L4Wh
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBNUM5MC80MkUxRkQyQTNE
MjkxMUVDQjBCQ0QyMUZDNEY5QUUwMi9MM2YzN1RUMmFtX0djSUQ3bTJHN0pua3Zo
YUUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0wzZjM3VFQyYW1fR2NJRDdtMkc3Sm5rdmhhRS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QTVDOTAvNDJFMUZEMkEzRDI5MTFFQ0IwQkNEMjFGQzRGOUFFMDIvQ0RBMDZEOUMz
RDJBMTFFQzhFQ0NFQjFGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAFnr3gwDQYJKoZIhvcNAQELBQADggEBADEpxdtqIs62ypOU
9jYkGiFMpVMFcZOjRUuWhMubPh4aAxa9vhpKAP2GudP0YffHlcbs/M+l9PBXTXLf
+Ab53LgcfEWv3vIUrdlvCAMGiB+kKVFJOurAUXDWjjdHzoUoYROleRcZZrcgKOHy
gNbbRZNska1SEQkxgn3a6A9Ywrj9KcHfDuLHr8wYgLN4TX4gdXkZ92WgRKk5OrdC
ZmkoNFIeHX+S/s5NBvzVzhmPL6kzRxR3wlF7zTlsB1y3ObEoLHd6I6lWQagXZH0c
5K52VkRYkPh+InzsLDlpsJDY2wU8WHF9Cg/YoybpeEuqRn0ylD5tJdRF68thh7pj
DZqdOv0=
-----END CERTIFICATE-----
Generated at Wed Mar 27 05:24:26 2024 by rpki-client on console-fra.rpki-client.org