Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91ABFD9/4AE8041EB9D711EA9CF51E5FC4F9AE02/6AE50E1C21E011EBBF36CD21C4F9AE02.roa
File:                     6AE50E1C21E011EBBF36CD21C4F9AE02.roa (raw, json)
Hash identifier:          Lr1KMxJhPQ8D3zuPrAPoJ61RfejQ9+IvNN/JJj+oj5o=
Subject key identifier:   F7:DB:2F:E6:A3:94:49:F4:27:53:90:8F:AD:17:D3:61:1D:63:D3:66
Certificate issuer:       /CN=A91ABFD9/serialNumber=E5EB180CD6DC516C66D352B047B9E9C5A50270E3
Certificate serial:       0761
Authority key identifier: E5:EB:18:0C:D6:DC:51:6C:66:D3:52:B0:47:B9:E9:C5:A5:02:70:E3
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/5esYDNbcUWxm01KwR7npxaUCcOM.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91ABFD9/4AE8041EB9D711EA9CF51E5FC4F9AE02/6AE50E1C21E011EBBF36CD21C4F9AE02.roa
Signing time:             Wed 02 Aug 2023 21:38:52 +0000
ROA not before:           Wed 02 Aug 2023 21:38:52 +0000
ROA not after:            Mon 30 Sep 2024 00:00:00 +0000
asID:                     135386
IP address blocks:        103.152.170.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91ABFD9/4AE8041EB9D711EA9CF51E5FC4F9AE02/5esYDNbcUWxm01KwR7npxaUCcOM.crl
                          rsync://rpki.apnic.net/member_repository/A91ABFD9/4AE8041EB9D711EA9CF51E5FC4F9AE02/5esYDNbcUWxm01KwR7npxaUCcOM.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/5esYDNbcUWxm01KwR7npxaUCcOM.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 19 Jun 2024 22:07:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1889 (0x761)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91ABFD9/serialNumber=E5EB180CD6DC516C66D352B047B9E9C5A50270E3
        Validity
            Not Before: Aug  2 21:38:52 2023 GMT
            Not After : Sep 30 00:00:00 2024 GMT
        Subject: CN=64caccec-2c70
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:a9:a1:f5:5a:8e:7b:e6:32:a4:23:07:c7:94:
                    9c:43:60:51:1f:16:37:0c:28:aa:76:76:89:46:62:
                    5a:71:76:24:ed:79:f6:31:6d:c9:28:ad:3c:f5:ab:
                    bd:b7:f1:0b:51:ee:8e:67:7f:d3:59:47:ed:77:28:
                    ef:76:5f:a8:21:02:4d:1a:6d:4d:ff:03:f8:5d:b7:
                    70:a4:58:c0:12:c5:de:61:e0:b4:24:14:00:b9:8f:
                    ea:6e:ae:45:6a:45:6e:5a:b5:63:5f:4b:9d:3e:86:
                    02:f5:c5:16:80:6a:9e:19:5b:4c:5b:8d:ed:8e:a3:
                    c5:7a:56:19:79:c2:a0:70:7a:7e:d3:f6:2e:79:eb:
                    29:50:0d:78:b4:cd:b0:35:1b:76:b6:f6:5f:cf:60:
                    73:3f:dd:19:e4:8a:fa:1c:06:4d:c6:de:9c:71:47:
                    f9:ef:ed:5e:5a:5b:d9:5b:0c:60:90:d1:9b:c9:2e:
                    6e:73:3d:1c:45:b7:c4:74:73:90:98:f5:2a:4b:c3:
                    ca:07:1d:2a:40:a9:88:b4:5b:3c:25:bd:72:73:7f:
                    b1:4a:2c:4a:89:7c:dc:31:47:ab:c3:b2:a9:06:eb:
                    6f:48:10:aa:94:e6:65:7c:2f:80:b1:37:b2:75:e0:
                    e0:fb:91:a7:18:7a:ba:a1:bf:8a:46:5a:09:af:6a:
                    7b:07
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:DB:2F:E6:A3:94:49:F4:27:53:90:8F:AD:17:D3:61:1D:63:D3:66
            X509v3 Authority Key Identifier:
                keyid:E5:EB:18:0C:D6:DC:51:6C:66:D3:52:B0:47:B9:E9:C5:A5:02:70:E3

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91ABFD9/4AE8041EB9D711EA9CF51E5FC4F9AE02/5esYDNbcUWxm01KwR7npxaUCcOM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/5esYDNbcUWxm01KwR7npxaUCcOM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91ABFD9/4AE8041EB9D711EA9CF51E5FC4F9AE02/6AE50E1C21E011EBBF36CD21C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.152.170.0/23

    Signature Algorithm: sha256WithRSAEncryption
         3b:8d:db:e3:e0:7b:ff:14:1c:70:89:63:56:cb:c6:16:8e:5c:
         9c:f6:56:c9:d6:ff:ba:d7:91:e5:9d:ae:02:58:c0:e6:f5:42:
         87:a8:6f:e1:0a:52:ad:c9:be:e2:e5:d2:e9:ff:05:4d:a4:f1:
         a7:5b:ec:43:6f:9d:d5:cf:59:03:74:bf:ae:e3:ae:56:e6:e4:
         c5:de:6e:df:db:45:83:2e:69:0e:0a:6e:02:f9:85:9e:07:e0:
         49:6d:41:22:6a:bb:6e:e5:69:af:57:84:e8:f1:ed:e6:d0:24:
         6a:85:77:3b:33:71:d6:0e:b0:26:00:f5:67:89:70:6f:fa:6e:
         21:92:11:dc:4a:1c:f9:51:83:53:93:8c:06:d2:2a:1e:c0:08:
         00:1f:83:5b:32:2f:b4:32:d5:9c:ac:e1:6d:9d:68:93:e2:ed:
         03:aa:f0:a9:18:29:29:34:73:f3:95:7e:08:99:bb:e3:13:78:
         6e:fc:e7:52:6c:0f:7e:0f:a6:1b:72:36:a9:bc:16:15:9a:26:
         af:d9:c5:25:7d:f5:cd:19:90:e8:63:b2:3d:21:f0:20:c0:5a:
         59:62:03:ac:89:04:6d:75:4e:ef:98:47:b4:d8:5b:8b:9c:fe:
         68:fb:90:9f:46:a0:02:ed:2b:0e:af:3f:4a:ea:0a:39:c8:cd:
         fe:b3:59:a4
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICB2EwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QUJGRDkxMTAvBgNVBAUTKEU1RUIxODBDRDZEQzUxNkM2NkQzNTJCMDQ3QjlFOUM1
QTUwMjcwRTMwHhcNMjMwODAyMjEzODUyWhcNMjQwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NGNhY2NlYy0yYzcwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA9Kmh9VqOe+YypCMHx5ScQ2BRHxY3DCiqdnaJRmJacXYk7Xn2MW3JKK089au9
t/ELUe6OZ3/TWUftdyjvdl+oIQJNGm1N/wP4XbdwpFjAEsXeYeC0JBQAuY/qbq5F
akVuWrVjX0udPoYC9cUWgGqeGVtMW43tjqPFelYZecKgcHp+0/YueespUA14tM2w
NRt2tvZfz2BzP90Z5Ir6HAZNxt6ccUf57+1eWlvZWwxgkNGbyS5ucz0cRbfEdHOQ
mPUqS8PKBx0qQKmItFs8Jb1yc3+xSixKiXzcMUerw7KpButvSBCqlOZlfC+AsTey
deDg+5GnGHq6ob+KRloJr2p7BwIDAQABo4IClTCCApEwHQYDVR0OBBYEFPfbL+aj
lEn0J1OQj60X02EdY9NmMB8GA1UdIwQYMBaAFOXrGAzW3FFsZtNSsEe56cWlAnDj
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBQkZEOS80QUU4MDQxRUI5
RDcxMUVBOUNGNTFFNUZDNEY5QUUwMi81ZXNZRE5iY1VXeG0wMUt3UjducHhhVUNj
T00uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzVlc1lETmJjVVd4bTAxS3dSN25weGFVQ2NPTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QUJGRDkvNEFFODA0MUVCOUQ3MTFFQTlDRjUxRTVGQzRGOUFFMDIvNkFFNTBFMUMy
MUUwMTFFQkJGMzZDRDIxQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAFnmKowDQYJKoZIhvcNAQELBQADggEBADuN2+Pge/8UHHCJ
Y1bLxhaOXJz2VsnW/7rXkeWdrgJYwOb1Qoeob+EKUq3JvuLl0un/BU2k8adb7ENv
ndXPWQN0v67jrlbm5MXebt/bRYMuaQ4KbgL5hZ4H4EltQSJqu27laa9XhOjx7ebQ
JGqFdzszcdYOsCYA9WeJcG/6biGSEdxKHPlRg1OTjAbSKh7ACAAfg1syL7Qy1Zys
4W2daJPi7QOq8KkYKSk0c/OVfgiZu+MTeG7851JsD34PphtyNqm8FhWaJq/ZxSV9
9c0ZkOhjsj0h8CDAWlliA6yJBG11Tu+YR7TYW4uc/mj7kJ9GoALtKw6vP0rqCjnI
zf6zWaQ=
-----END CERTIFICATE-----
Generated at Wed Jun 12 23:36:07 2024 by rpki-client on console-fra.rpki-client.org