Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91B036A/BBC2F776D1F111EE86051A61C4F9AE02/860FE244E7F211EEA82C4340C4F9AE02.roa
File:                     860FE244E7F211EEA82C4340C4F9AE02.roa (raw, json)
Hash identifier:          tJJTcGQ2m2pshzd0U/DwfkAv50Vcbcpb9AnTouLN/sk=
Subject key identifier:   31:E5:67:CC:67:1D:50:46:F6:D2:06:1A:11:5F:54:47:59:A1:35:E7
Certificate issuer:       /CN=A91B036A/serialNumber=0F17F37DBC9484D96E1A0ABC78A4F9CACD5EDA8A
Certificate serial:       58
Authority key identifier: 0F:17:F3:7D:BC:94:84:D9:6E:1A:0A:BC:78:A4:F9:CA:CD:5E:DA:8A
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DxfzfbyUhNluGgq8eKT5ys1e2oo.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91B036A/BBC2F776D1F111EE86051A61C4F9AE02/860FE244E7F211EEA82C4340C4F9AE02.roa
Signing time:             Fri 22 Mar 2024 02:28:22 +0000
ROA not before:           Fri 22 Mar 2024 02:28:22 +0000
ROA not after:            Thu 01 May 2025 00:00:00 +0000
asID:                     24334
IP address blocks:        103.11.88.0/22 maxlen: 24
                          202.83.240.0/21 maxlen: 21
                          202.83.240.0/24 maxlen: 24
                          202.83.241.0/24 maxlen: 24
                          202.83.242.0/24 maxlen: 24
                          202.83.243.0/24 maxlen: 24
                          202.83.244.0/24 maxlen: 24
                          202.83.245.0/24 maxlen: 24
                          202.83.246.0/24 maxlen: 24
                          202.83.247.0/24 maxlen: 24
                          202.171.208.0/21 maxlen: 21
                          202.171.208.0/24 maxlen: 24
                          202.171.209.0/24 maxlen: 24
                          202.171.210.0/24 maxlen: 24
                          202.171.211.0/24 maxlen: 24
                          202.171.212.0/24 maxlen: 24
                          202.171.213.0/24 maxlen: 24
                          202.171.214.0/24 maxlen: 24
                          202.171.215.0/24 maxlen: 24
                          203.142.88.0/21 maxlen: 21
                          203.142.88.0/24 maxlen: 24
                          203.142.89.0/24 maxlen: 24
                          203.142.90.0/24 maxlen: 24
                          203.142.91.0/24 maxlen: 24
                          203.142.92.0/24 maxlen: 24
                          203.142.93.0/24 maxlen: 24
                          203.142.94.0/24 maxlen: 24
                          203.142.95.0/24 maxlen: 24
                          2404:1a0::/30 maxlen: 32
                          2404:1a0:1000::/46 maxlen: 46
                          2404:1a0:1000::/47 maxlen: 47
                          2404:1a0:1001::/48 maxlen: 48
                          2404:1a0:1002::/48 maxlen: 48
                          2404:1a0:2008::/48 maxlen: 48
                          2404:1a0:fffc::/46 maxlen: 46
                          2404:1a0:fffc::/47 maxlen: 47
                          2404:1a0:ffff::/48 maxlen: 48
                          2404:1a3:1000::/46 maxlen: 46
                          2404:1a3:1000::/47 maxlen: 47
                          2404:1a3:1001::/48 maxlen: 48
                          2404:1a3:fffc::/46 maxlen: 46
                          2404:1a3:fffc::/47 maxlen: 47
                          2404:1a3:ffff::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91B036A/BBC2F776D1F111EE86051A61C4F9AE02/DxfzfbyUhNluGgq8eKT5ys1e2oo.crl
                          rsync://rpki.apnic.net/member_repository/A91B036A/BBC2F776D1F111EE86051A61C4F9AE02/DxfzfbyUhNluGgq8eKT5ys1e2oo.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DxfzfbyUhNluGgq8eKT5ys1e2oo.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 20 Jun 2024 07:03:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 88 (0x58)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91B036A/serialNumber=0F17F37DBC9484D96E1A0ABC78A4F9CACD5EDA8A
        Validity
            Not Before: Mar 22 02:28:22 2024 GMT
            Not After : May  1 00:00:00 2025 GMT
        Subject: CN=65fcecc6-354a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:a7:71:46:e5:06:b3:69:4f:27:44:bf:98:7b:
                    53:80:7f:75:b8:c3:bc:ff:4f:96:42:7e:04:0b:a4:
                    79:40:c8:f6:38:ba:99:a5:ed:22:47:8e:af:56:20:
                    5c:a7:52:94:a2:bb:d5:5f:3f:ab:de:ac:6f:2d:39:
                    08:0b:c3:97:c1:4e:d8:8f:d2:68:7e:64:e3:71:da:
                    0f:b4:f1:e1:99:d2:8a:d8:12:ed:62:80:64:a1:a6:
                    9e:a8:2e:10:ba:9e:0e:7f:45:46:9d:02:5b:09:7c:
                    e4:2b:2f:e0:9e:5b:07:90:57:13:76:5a:ea:9d:5a:
                    f4:a2:e8:f0:48:a7:86:7b:af:8d:69:ad:9b:a3:8e:
                    e6:50:08:b0:8d:6d:26:97:b6:fd:48:ef:ba:fc:85:
                    4e:06:8c:d3:aa:43:57:71:b6:bf:96:21:01:ac:85:
                    87:db:9f:f3:e1:b9:30:7d:c6:5c:8e:47:e5:a2:ab:
                    14:e0:89:ab:43:a4:7b:9a:dc:a9:f2:0e:0c:e2:6b:
                    72:37:14:8f:e2:62:f8:fc:3f:56:c3:eb:31:08:7b:
                    c2:b8:54:00:1b:17:fc:96:e1:a6:0f:7f:3e:48:94:
                    72:bd:fa:7b:d5:72:58:a3:48:83:a2:b8:5c:4d:a5:
                    07:79:e9:a3:3e:05:3e:0f:b3:2b:44:25:3d:e3:21:
                    e1:a9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:E5:67:CC:67:1D:50:46:F6:D2:06:1A:11:5F:54:47:59:A1:35:E7
            X509v3 Authority Key Identifier:
                keyid:0F:17:F3:7D:BC:94:84:D9:6E:1A:0A:BC:78:A4:F9:CA:CD:5E:DA:8A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91B036A/BBC2F776D1F111EE86051A61C4F9AE02/DxfzfbyUhNluGgq8eKT5ys1e2oo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DxfzfbyUhNluGgq8eKT5ys1e2oo.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B036A/BBC2F776D1F111EE86051A61C4F9AE02/860FE244E7F211EEA82C4340C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.11.88.0/22
                  202.83.240.0/21
                  202.171.208.0/21
                  203.142.88.0/21
                IPv6:
                  2404:1a0::/30

    Signature Algorithm: sha256WithRSAEncryption
         49:3f:2c:8f:a4:e2:cc:eb:59:62:ef:e2:ef:7e:6b:cf:59:27:
         eb:79:a5:62:9a:5c:f0:50:75:d1:08:a2:50:89:70:be:6d:9b:
         cf:c3:ef:57:68:13:19:9a:9d:4c:ea:f9:ed:72:38:78:49:62:
         c0:00:0c:0e:c5:ad:27:05:ba:91:0b:ef:90:6a:06:e9:01:8d:
         45:08:ca:eb:bc:95:4e:33:49:e2:5d:2c:25:62:e6:be:59:3e:
         4d:20:02:a5:38:9a:4b:74:fd:53:82:04:12:d3:30:3e:10:26:
         1a:83:0f:d1:45:0c:46:5a:9f:96:95:4c:7d:30:f9:b5:51:b4:
         d9:e0:07:22:0a:f2:31:82:d5:ec:db:07:99:b7:49:97:27:11:
         ea:69:67:1b:30:3d:a3:ce:f9:f2:29:ad:f8:72:3a:6b:3e:30:
         36:bc:a5:38:b2:23:90:01:df:5a:80:1d:76:49:c2:53:e9:72:
         0f:07:a6:e3:0a:9a:a2:08:79:52:a0:c6:00:f1:80:98:6d:09:
         25:52:32:12:5f:d3:8f:73:f0:bf:85:e4:0b:33:3c:d8:93:f8:
         ec:aa:66:e7:ce:c3:57:f8:fc:75:16:aa:ea:13:f9:1b:18:0d:
         66:08:55:11:15:58:b1:cd:2c:1e:3b:c9:44:cf:e3:44:c7:a0:
         4c:d0:96:f4
-----BEGIN CERTIFICATE-----
MIIFkTCCBHmgAwIBAgIBWDANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFC
MDM2QTExMC8GA1UEBRMoMEYxN0YzN0RCQzk0ODREOTZFMUEwQUJDNzhBNEY5Q0FD
RDVFREE4QTAeFw0yNDAzMjIwMjI4MjJaFw0yNTA1MDEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY1ZmNlY2M2LTM1NGEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQC5p3FG5QazaU8nRL+Ye1OAf3W4w7z/T5ZCfgQLpHlAyPY4upml7SJHjq9WIFyn
UpSiu9VfP6verG8tOQgLw5fBTtiP0mh+ZONx2g+08eGZ0orYEu1igGShpp6oLhC6
ng5/RUadAlsJfOQrL+CeWweQVxN2WuqdWvSi6PBIp4Z7r41prZujjuZQCLCNbSaX
tv1I77r8hU4GjNOqQ1dxtr+WIQGshYfbn/PhuTB9xlyOR+WiqxTgiatDpHua3Kny
Dgzia3I3FI/iYvj8P1bD6zEIe8K4VAAbF/yW4aYPfz5IlHK9+nvVclijSIOiuFxN
pQd56aM+BT4PsytEJT3jIeGpAgMBAAGjggK2MIICsjAdBgNVHQ4EFgQUMeVnzGcd
UEb20gYaEV9UR1mhNecwHwYDVR0jBBgwFoAUDxfzfbyUhNluGgq8eKT5ys1e2oow
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUIwMzZBL0JCQzJGNzc2RDFG
MTExRUU4NjA1MUE2MUM0RjlBRTAyL0R4ZnpmYnlVaE5sdUdncThlS1Q1eXMxZTJv
by5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvRHhmemZieVVoTmx1R2dxOGVLVDV5czFlMm9vLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFC
MDM2QS9CQkMyRjc3NkQxRjExMUVFODYwNTFBNjFDNEY5QUUwMi84NjBGRTI0NEU3
RjIxMUVFQTgyQzQzNDBDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDBABggrBgEFBQcBBwEB/wQx
MC8wHgQCAAEwGAMEAmcLWAMEA8pT8AMEA8qr0AMEA8uOWDANBAIAAjAHAwUCJAQB
oDANBgkqhkiG9w0BAQsFAAOCAQEAST8sj6TizOtZYu/i735rz1kn63mlYppc8FB1
0QiiUIlwvm2bz8PvV2gTGZqdTOr57XI4eEliwAAMDsWtJwW6kQvvkGoG6QGNRQjK
67yVTjNJ4l0sJWLmvlk+TSACpTiaS3T9U4IEEtMwPhAmGoMP0UUMRlqflpVMfTD5
tVG02eAHIgryMYLV7NsHmbdJlycR6mlnGzA9o8758imt+HI6az4wNrylOLIjkAHf
WoAddknCU+lyDwem4wqaogh5UqDGAPGAmG0JJVIyEl/Tj3Pwv4XkCzM82JP47Kpm
587DV/j8dRaq6hP5GxgNZghVERVYsc0sHjvJRM/jRMegTNCW9A==
-----END CERTIFICATE-----
Generated at Thu Jun 13 08:42:07 2024 by rpki-client on console-fra.rpki-client.org