Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91ABFD9/4AE8041EB9D711EA9CF51E5FC4F9AE02/36945EC2232711EBA0F14F17C4F9AE02.roa
File:                     36945EC2232711EBA0F14F17C4F9AE02.roa (raw, json)
Hash identifier:          /0RjVarbhWIDpd3cHraVVa21CcbNpmGk66YkcBro3Ns=
Subject key identifier:   15:A8:0D:49:8A:B8:7F:A8:C2:AF:3F:B4:C2:9A:C8:F2:8D:A5:69:78
Certificate issuer:       /CN=A91ABFD9/serialNumber=E5EB180CD6DC516C66D352B047B9E9C5A50270E3
Certificate serial:       0763
Authority key identifier: E5:EB:18:0C:D6:DC:51:6C:66:D3:52:B0:47:B9:E9:C5:A5:02:70:E3
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/5esYDNbcUWxm01KwR7npxaUCcOM.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91ABFD9/4AE8041EB9D711EA9CF51E5FC4F9AE02/36945EC2232711EBA0F14F17C4F9AE02.roa
Signing time:             Wed 02 Aug 2023 21:38:54 +0000
ROA not before:           Wed 02 Aug 2023 21:38:54 +0000
ROA not after:            Mon 30 Sep 2024 00:00:00 +0000
asID:                     137969
IP address blocks:        103.152.170.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91ABFD9/4AE8041EB9D711EA9CF51E5FC4F9AE02/5esYDNbcUWxm01KwR7npxaUCcOM.crl
                          rsync://rpki.apnic.net/member_repository/A91ABFD9/4AE8041EB9D711EA9CF51E5FC4F9AE02/5esYDNbcUWxm01KwR7npxaUCcOM.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/5esYDNbcUWxm01KwR7npxaUCcOM.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 02 Apr 2024 21:50:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1891 (0x763)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91ABFD9/serialNumber=E5EB180CD6DC516C66D352B047B9E9C5A50270E3
        Validity
            Not Before: Aug  2 21:38:54 2023 GMT
            Not After : Sep 30 00:00:00 2024 GMT
        Subject: CN=64caccee-6155
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:c2:44:07:e5:1f:4b:93:57:27:86:d0:98:3c:
                    ea:6b:ac:bf:62:34:d4:72:b1:89:de:4c:ad:ea:25:
                    b9:e1:03:ba:f4:eb:98:33:e3:7a:c3:aa:d5:5c:8f:
                    09:4b:63:db:e4:64:5c:c4:d5:4d:c4:f5:ec:3b:c7:
                    ba:1e:60:9b:3d:b0:02:5e:39:4b:0f:bf:3f:3b:f4:
                    07:f1:be:5d:2b:22:00:8a:20:6c:ee:42:39:cc:60:
                    76:be:12:e3:1d:6e:66:60:ea:f8:06:0c:b5:9e:25:
                    ca:8a:5a:2d:f8:52:03:6b:48:7b:60:18:e8:16:f9:
                    a8:9f:3e:3c:af:07:2b:1d:5a:95:92:33:86:06:05:
                    cd:87:b4:d7:67:c0:29:2c:64:7d:8a:6f:4e:e5:ef:
                    1b:87:6d:44:1b:56:5f:95:b6:9d:03:72:20:d6:de:
                    a9:ac:72:81:d0:f3:79:32:12:36:ab:7f:49:7a:95:
                    4d:69:13:68:d5:53:c3:58:c4:2a:77:e1:71:b7:aa:
                    fc:c7:c9:cb:44:2a:a0:67:85:b0:38:df:d1:ce:1e:
                    f0:91:54:e9:8c:f1:00:af:c6:24:de:9f:91:f9:cc:
                    aa:f8:4c:e8:89:33:9e:50:e4:c2:e9:27:b6:2b:f7:
                    7b:14:26:89:a2:e7:45:f5:7d:e8:b1:46:47:4e:d3:
                    69:39
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                15:A8:0D:49:8A:B8:7F:A8:C2:AF:3F:B4:C2:9A:C8:F2:8D:A5:69:78
            X509v3 Authority Key Identifier:
                keyid:E5:EB:18:0C:D6:DC:51:6C:66:D3:52:B0:47:B9:E9:C5:A5:02:70:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91ABFD9/4AE8041EB9D711EA9CF51E5FC4F9AE02/5esYDNbcUWxm01KwR7npxaUCcOM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/5esYDNbcUWxm01KwR7npxaUCcOM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91ABFD9/4AE8041EB9D711EA9CF51E5FC4F9AE02/36945EC2232711EBA0F14F17C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.152.170.0/23

    Signature Algorithm: sha256WithRSAEncryption
         2f:8f:16:0a:53:69:b5:55:15:96:b9:49:01:6d:85:c1:ce:64:
         62:a0:84:5c:38:7d:34:97:40:43:1b:c8:39:a0:06:c2:d9:ac:
         0e:3d:84:1d:58:19:fb:f5:1b:52:86:22:cf:e2:ae:09:21:c3:
         a1:1b:3c:d5:9c:16:78:ad:34:cd:df:3e:5b:e9:a9:18:81:b4:
         8a:47:61:5c:37:1d:ef:00:1b:2c:d9:2b:3c:f8:f7:f3:b5:be:
         21:ae:65:2e:4a:18:3a:fb:74:3b:fd:0c:64:86:33:48:27:32:
         49:55:88:4f:8a:f0:3f:a7:e4:d9:b0:4a:3c:5f:c8:22:ff:f4:
         23:ff:df:39:19:a2:97:0a:46:2a:e0:26:e2:46:5e:0d:f4:85:
         6b:94:f6:46:a7:4e:a7:d4:d4:2c:a7:ff:27:ec:ca:60:73:a4:
         4e:bf:fa:36:35:fd:96:4e:60:6d:f5:75:1d:0b:24:85:d6:05:
         01:29:e5:fb:60:2e:af:a5:dc:00:f6:77:4f:da:27:68:b7:18:
         b0:46:da:bc:21:6f:21:28:3f:d2:3d:08:bc:48:3c:7d:d7:64:
         76:e9:cc:49:82:50:29:1c:97:39:1d:e6:5c:77:78:c8:c0:08:
         c2:6d:a3:43:e1:db:67:4e:59:35:b5:50:a7:35:55:cf:2e:c4:
         52:2a:cc:f6
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICB2MwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QUJGRDkxMTAvBgNVBAUTKEU1RUIxODBDRDZEQzUxNkM2NkQzNTJCMDQ3QjlFOUM1
QTUwMjcwRTMwHhcNMjMwODAyMjEzODU0WhcNMjQwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NGNhY2NlZS02MTU1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA1cJEB+UfS5NXJ4bQmDzqa6y/YjTUcrGJ3kyt6iW54QO69OuYM+N6w6rVXI8J
S2Pb5GRcxNVNxPXsO8e6HmCbPbACXjlLD78/O/QH8b5dKyIAiiBs7kI5zGB2vhLj
HW5mYOr4Bgy1niXKilot+FIDa0h7YBjoFvmonz48rwcrHVqVkjOGBgXNh7TXZ8Ap
LGR9im9O5e8bh21EG1ZflbadA3Ig1t6prHKB0PN5MhI2q39JepVNaRNo1VPDWMQq
d+Fxt6r8x8nLRCqgZ4WwON/Rzh7wkVTpjPEAr8Yk3p+R+cyq+EzoiTOeUOTC6Se2
K/d7FCaJoudF9X3osUZHTtNpOQIDAQABo4IClTCCApEwHQYDVR0OBBYEFBWoDUmK
uH+owq8/tMKayPKNpWl4MB8GA1UdIwQYMBaAFOXrGAzW3FFsZtNSsEe56cWlAnDj
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBQkZEOS80QUU4MDQxRUI5
RDcxMUVBOUNGNTFFNUZDNEY5QUUwMi81ZXNZRE5iY1VXeG0wMUt3UjducHhhVUNj
T00uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzVlc1lETmJjVVd4bTAxS3dSN25weGFVQ2NPTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QUJGRDkvNEFFODA0MUVCOUQ3MTFFQTlDRjUxRTVGQzRGOUFFMDIvMzY5NDVFQzIy
MzI3MTFFQkEwRjE0RjE3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAFnmKowDQYJKoZIhvcNAQELBQADggEBAC+PFgpTabVVFZa5
SQFthcHOZGKghFw4fTSXQEMbyDmgBsLZrA49hB1YGfv1G1KGIs/irgkhw6EbPNWc
FnitNM3fPlvpqRiBtIpHYVw3He8AGyzZKzz49/O1viGuZS5KGDr7dDv9DGSGM0gn
MklViE+K8D+n5NmwSjxfyCL/9CP/3zkZopcKRirgJuJGXg30hWuU9kanTqfU1Cyn
/yfsymBzpE6/+jY1/ZZOYG31dR0LJIXWBQEp5ftgLq+l3AD2d0/aJ2i3GLBG2rwh
byEoP9I9CLxIPH3XZHbpzEmCUCkclzkd5lx3eMjACMJto0Ph22dOWTW1UKc1Vc8u
xFIqzPY=
-----END CERTIFICATE-----
Generated at Tue Mar 26 23:50:17 2024 by rpki-client on console-fra.rpki-client.org