Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91AE85E/0BED35261D6E11E2B04A61AF08B02CD2/392987D254F611E79DF7E643C4F9AE02.roa
File:                     392987D254F611E79DF7E643C4F9AE02.roa (raw, json)
Hash identifier:          4h7J78rlX+2vspK7F8UUEGHUI6kq314rWzgttdFWu+g=
Subject key identifier:   A3:FC:F2:97:E5:EE:8D:DF:3E:40:DB:8B:4D:6C:E3:BD:88:8B:C9:3B
Certificate issuer:       /CN=A91AE85E/serialNumber=709765C7D4D331F4C36AC6BE347FA66A1F023490
Certificate serial:       33D9
Authority key identifier: 70:97:65:C7:D4:D3:31:F4:C3:6A:C6:BE:34:7F:A6:6A:1F:02:34:90
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/cJdlx9TTMfTDasa-NH-mah8CNJA.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91AE85E/0BED35261D6E11E2B04A61AF08B02CD2/392987D254F611E79DF7E643C4F9AE02.roa
Signing time:             Wed 10 Jan 2024 14:30:08 +0000
ROA not before:           Wed 10 Jan 2024 14:30:08 +0000
ROA not after:            Sun 02 Mar 2025 00:00:00 +0000
asID:                     132003
IP address blocks:        103.10.233.0/24 maxlen: 24
                          103.196.108.0/23 maxlen: 24
                          2404:2000:3000::/40 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91AE85E/0BED35261D6E11E2B04A61AF08B02CD2/cJdlx9TTMfTDasa-NH-mah8CNJA.crl
                          rsync://rpki.apnic.net/member_repository/A91AE85E/0BED35261D6E11E2B04A61AF08B02CD2/cJdlx9TTMfTDasa-NH-mah8CNJA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/cJdlx9TTMfTDasa-NH-mah8CNJA.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 29 Nov 2024 14:18:08 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 13273 (0x33d9)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91AE85E/serialNumber=709765C7D4D331F4C36AC6BE347FA66A1F023490
        Validity
            Not Before: Jan 10 14:30:08 2024 GMT
            Not After : Mar  2 00:00:00 2025 GMT
        Subject: CN=659ea9ef-720f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:b0:54:0a:dc:6a:5e:dd:8c:28:d1:03:ec:c2:
                    d9:8c:1d:c0:6c:ed:82:3c:04:8a:d0:59:6d:88:a0:
                    e8:47:ec:b3:29:64:22:d0:75:9a:3f:61:3e:d8:f5:
                    62:ec:77:5a:01:eb:26:fc:40:64:cc:b2:b4:24:ac:
                    a3:eb:91:f5:ac:be:fc:df:e8:b3:a0:77:5c:8b:1e:
                    9c:f4:d6:68:42:36:80:80:c0:04:8d:e7:3d:c6:ee:
                    ac:e1:4d:05:af:b8:90:39:ab:12:77:a3:73:f7:44:
                    a2:08:c0:71:b8:de:04:78:fa:63:72:b3:34:7e:83:
                    74:72:cc:ff:f4:b0:31:1c:a9:cc:58:f0:7e:a0:06:
                    d7:eb:13:76:a8:34:ce:99:73:32:04:6d:80:b8:1d:
                    aa:0c:aa:42:72:d1:f6:1f:81:c2:b0:3f:44:d4:71:
                    c9:f6:e0:27:dc:f7:1c:42:a2:11:a0:8e:90:c9:98:
                    01:f0:b5:08:0e:97:27:4b:4b:3d:4a:dc:e5:a3:6b:
                    98:a2:0a:fc:d1:d8:17:50:83:a7:e8:65:86:be:a8:
                    47:81:c4:af:9c:85:e4:26:b7:8b:96:a0:48:d6:0e:
                    c6:2f:f6:01:f3:bb:a5:60:6e:08:fe:e6:64:a0:bf:
                    b9:b3:98:66:97:21:2d:04:5f:c5:a1:16:6a:4b:80:
                    10:67
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:FC:F2:97:E5:EE:8D:DF:3E:40:DB:8B:4D:6C:E3:BD:88:8B:C9:3B
            X509v3 Authority Key Identifier:
                keyid:70:97:65:C7:D4:D3:31:F4:C3:6A:C6:BE:34:7F:A6:6A:1F:02:34:90

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91AE85E/0BED35261D6E11E2B04A61AF08B02CD2/cJdlx9TTMfTDasa-NH-mah8CNJA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/cJdlx9TTMfTDasa-NH-mah8CNJA.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91AE85E/0BED35261D6E11E2B04A61AF08B02CD2/392987D254F611E79DF7E643C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.10.233.0/24
                  103.196.108.0/23
                IPv6:
                  2404:2000:3000::/40

    Signature Algorithm: sha256WithRSAEncryption
         33:57:e4:9d:8d:99:87:f2:22:ea:28:c0:a2:65:fa:4e:cb:03:
         a9:34:f6:0a:e7:71:29:17:05:71:c7:5e:08:fa:58:3b:61:86:
         ee:51:b1:87:6d:cc:dd:51:9d:fd:5a:82:8d:5a:b4:3a:a9:31:
         9c:ff:73:42:a4:1d:3b:be:e3:0a:58:b0:d6:d4:3c:77:ef:18:
         cd:1b:a6:5d:6d:17:05:b8:a4:1a:5f:93:b0:8f:3a:08:89:94:
         c1:8e:ab:55:08:40:56:4d:d4:2c:01:8f:84:af:78:ac:4c:ea:
         05:12:10:33:ec:25:4f:56:fe:b3:4f:20:e6:c0:76:01:0e:fa:
         70:37:f8:8b:66:11:48:91:73:af:52:00:51:54:67:57:3b:94:
         7a:12:9f:05:2a:99:11:3e:ba:f0:d1:25:b8:40:1a:c8:1f:c8:
         64:db:11:6f:8f:e4:9c:09:4e:76:f3:5e:a7:af:d1:8f:87:a0:
         0f:f8:53:c5:1d:23:6e:3d:ca:63:38:02:53:f2:08:82:f0:b7:
         ae:90:44:a8:24:c1:c6:89:da:b0:c7:7f:a9:ed:38:e0:31:1c:
         4a:d7:23:2f:46:8d:85:5f:70:26:4a:7e:14:a2:70:71:92:ec:
         ff:cb:7b:38:eb:d0:a6:07:00:2c:8e:42:a2:2f:82:f3:1f:c6:
         6e:50:0b:7a
-----BEGIN CERTIFICATE-----
MIIFhzCCBG+gAwIBAgICM9kwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QUU4NUUxMTAvBgNVBAUTKDcwOTc2NUM3RDREMzMxRjRDMzZBQzZCRTM0N0ZBNjZB
MUYwMjM0OTAwHhcNMjQwMTEwMTQzMDA4WhcNMjUwMzAyMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTllYTllZi03MjBmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAnrBUCtxqXt2MKNED7MLZjB3AbO2CPASK0FltiKDoR+yzKWQi0HWaP2E+2PVi
7HdaAesm/EBkzLK0JKyj65H1rL783+izoHdcix6c9NZoQjaAgMAEjec9xu6s4U0F
r7iQOasSd6Nz90SiCMBxuN4EePpjcrM0foN0csz/9LAxHKnMWPB+oAbX6xN2qDTO
mXMyBG2AuB2qDKpCctH2H4HCsD9E1HHJ9uAn3PccQqIRoI6QyZgB8LUIDpcnS0s9
Stzlo2uYogr80dgXUIOn6GWGvqhHgcSvnIXkJreLlqBI1g7GL/YB87ulYG4I/uZk
oL+5s5hmlyEtBF/FoRZqS4AQZwIDAQABo4ICqzCCAqcwHQYDVR0OBBYEFKP88pfl
7o3fPkDbi01s472Ii8k7MB8GA1UdIwQYMBaAFHCXZcfU0zH0w2rGvjR/pmofAjSQ
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFBRTg1RS8wQkVEMzUyNjFE
NkUxMUUyQjA0QTYxQUYwOEIwMkNEMi9jSmRseDlUVE1mVERhc2EtTkgtbWFoOENO
SkEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2NKZGx4OVRUTWZURGFzYS1OSC1tYWg4Q05KQS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QUU4NUUvMEJFRDM1MjYxRDZFMTFFMkIwNEE2MUFGMDhCMDJDRDIvMzkyOTg3RDI1
NEY2MTFFNzlERjdFNjQzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNQYIKwYBBQUHAQcBAf8E
JjAkMBIEAgABMAwDBABnCukDBAFnxGwwDgQCAAIwCAMGACQEIAAwMA0GCSqGSIb3
DQEBCwUAA4IBAQAzV+SdjZmH8iLqKMCiZfpOywOpNPYK53EpFwVxx14I+lg7YYbu
UbGHbczdUZ39WoKNWrQ6qTGc/3NCpB07vuMKWLDW1Dx37xjNG6ZdbRcFuKQaX5Ow
jzoIiZTBjqtVCEBWTdQsAY+Er3isTOoFEhAz7CVPVv6zTyDmwHYBDvpwN/iLZhFI
kXOvUgBRVGdXO5R6Ep8FKpkRPrrw0SW4QBrIH8hk2xFvj+ScCU52816nr9GPh6AP
+FPFHSNuPcpjOAJT8giC8LeukESoJMHGidqwx3+p7TjgMRxK1yMvRo2FX3AmSn4U
onBxkuz/y3s469CmBwAsjkKiL4LzH8ZuUAt6
-----END CERTIFICATE-----
Generated at Fri Nov 22 15:25:43 2024 by rpki-client on console-fra.rpki-client.org