Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91B253D/86B0D73EF71F11EAAE96B225C4F9AE02/76EBD456F72011EA8776EC28C4F9AE02.roa
File:                     76EBD456F72011EA8776EC28C4F9AE02.roa (raw, json)
Hash identifier:          jOge8skLIcHPRNXBOddiPea5ED5jJLRslseWiOh+s+E=
Subject key identifier:   D9:BA:08:86:35:D9:90:E4:04:52:3B:0A:81:92:D0:3C:D0:34:12:EF
Certificate issuer:       /CN=A91B253D/serialNumber=00C131E668B5FE94ECB43931847A728AACE82D4B
Certificate serial:       068D
Authority key identifier: 00:C1:31:E6:68:B5:FE:94:EC:B4:39:31:84:7A:72:8A:AC:E8:2D:4B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/AMEx5mi1_pTstDkxhHpyiqzoLUs.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91B253D/86B0D73EF71F11EAAE96B225C4F9AE02/76EBD456F72011EA8776EC28C4F9AE02.roa
Signing time:             Tue 26 Sep 2023 22:19:49 +0000
ROA not before:           Tue 26 Sep 2023 22:19:49 +0000
ROA not after:            Sun 01 Dec 2024 00:00:00 +0000
asID:                     38203
IP address blocks:        103.155.178.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91B253D/86B0D73EF71F11EAAE96B225C4F9AE02/AMEx5mi1_pTstDkxhHpyiqzoLUs.crl
                          rsync://rpki.apnic.net/member_repository/A91B253D/86B0D73EF71F11EAAE96B225C4F9AE02/AMEx5mi1_pTstDkxhHpyiqzoLUs.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/AMEx5mi1_pTstDkxhHpyiqzoLUs.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 25 Apr 2024 22:41:45 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1677 (0x68d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91B253D/serialNumber=00C131E668B5FE94ECB43931847A728AACE82D4B
        Validity
            Not Before: Sep 26 22:19:49 2023 GMT
            Not After : Dec  1 00:00:00 2024 GMT
        Subject: CN=65135905-0f35
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:95:e8:59:22:fd:de:f3:c5:31:ee:7b:56:b2:51:
                    56:d7:13:86:c2:e7:28:56:30:ef:85:17:78:06:6f:
                    33:9f:9a:42:e6:20:7f:a7:d9:bb:c6:49:dc:08:85:
                    a8:e4:43:05:85:0c:ba:e9:0a:53:10:b2:59:aa:af:
                    d4:a7:4d:3c:1a:3d:a7:e9:be:c7:cd:64:35:f9:7c:
                    22:2e:f0:0f:06:03:0d:4e:a2:f6:d5:fd:ee:67:93:
                    48:02:c9:d5:cf:68:db:95:8d:4f:36:43:bb:81:88:
                    f3:a3:35:f9:98:70:43:a5:c3:76:30:a5:bb:7e:bc:
                    59:fd:b6:59:31:8b:7d:b8:7a:76:5a:70:3b:0f:ed:
                    cc:36:79:3d:ee:c3:20:09:3c:b2:4b:ba:a5:ec:f3:
                    ea:c5:83:2d:f1:fd:dc:cd:30:78:b3:7c:2b:89:cb:
                    0e:1f:3d:af:67:e9:0e:c3:53:5b:7e:a2:68:02:35:
                    6f:02:ff:f1:aa:54:1e:dd:36:b4:37:56:34:0e:01:
                    9b:60:51:85:fd:38:31:11:c9:24:60:eb:ce:19:c7:
                    1e:10:f0:a3:b4:a3:73:c6:ad:7a:d1:1c:f4:66:a0:
                    58:20:52:03:b6:e4:33:92:09:fd:72:7f:98:9e:36:
                    7f:5f:ad:31:d2:7f:cc:31:b7:42:6b:4d:8f:69:5a:
                    83:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:BA:08:86:35:D9:90:E4:04:52:3B:0A:81:92:D0:3C:D0:34:12:EF
            X509v3 Authority Key Identifier:
                keyid:00:C1:31:E6:68:B5:FE:94:EC:B4:39:31:84:7A:72:8A:AC:E8:2D:4B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91B253D/86B0D73EF71F11EAAE96B225C4F9AE02/AMEx5mi1_pTstDkxhHpyiqzoLUs.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/AMEx5mi1_pTstDkxhHpyiqzoLUs.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B253D/86B0D73EF71F11EAAE96B225C4F9AE02/76EBD456F72011EA8776EC28C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.155.178.0/23

    Signature Algorithm: sha256WithRSAEncryption
         1e:95:91:9c:e4:fe:2e:16:f1:4d:10:a5:ab:3d:e7:cc:4d:cd:
         66:df:d2:34:ac:13:a1:1e:7f:66:22:3a:a1:c2:cf:c0:3b:4f:
         4c:7e:04:f4:43:04:10:f6:b7:c5:69:e1:6e:a3:96:20:c4:0b:
         8f:41:49:0a:13:17:06:3f:30:b4:3a:88:d1:43:c7:fa:bc:66:
         78:bf:84:f9:b9:0a:98:83:e9:6e:51:02:7f:32:7f:74:dd:c7:
         0a:f4:d3:c1:66:41:08:27:77:c1:85:43:23:6b:71:38:41:14:
         c1:e6:9c:4c:31:d4:4a:b1:3c:d6:01:7a:99:0c:2d:5d:bf:db:
         ba:d7:c3:f3:f5:5d:59:1c:ab:36:3e:e2:3d:57:82:cf:c8:cb:
         2d:3e:de:9f:fa:c9:28:20:06:7a:63:91:8d:26:d2:97:c9:a0:
         75:89:d8:f9:f5:cd:7e:cd:34:21:bd:b9:8f:d8:36:76:43:e0:
         62:1e:1c:ea:70:f6:6b:7d:e4:46:3d:11:1c:f5:78:8d:38:9a:
         3e:c9:a6:d5:9e:a3:7f:a4:46:cf:c4:5c:d9:02:3f:7f:fb:13:
         c2:41:69:46:df:53:75:17:2c:72:fd:fa:20:f2:aa:da:53:21:
         ca:40:03:b9:69:32:0a:35:26:b5:73:2a:9a:29:bf:13:f2:15:
         cc:be:b8:89
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICBo0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QjI1M0QxMTAvBgNVBAUTKDAwQzEzMUU2NjhCNUZFOTRFQ0I0MzkzMTg0N0E3MjhB
QUNFODJENEIwHhcNMjMwOTI2MjIxOTQ5WhcNMjQxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTEzNTkwNS0wZjM1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAlehZIv3e88Ux7ntWslFW1xOGwucoVjDvhRd4Bm8zn5pC5iB/p9m7xkncCIWo
5EMFhQy66QpTELJZqq/Up008Gj2n6b7HzWQ1+XwiLvAPBgMNTqL21f3uZ5NIAsnV
z2jblY1PNkO7gYjzozX5mHBDpcN2MKW7frxZ/bZZMYt9uHp2WnA7D+3MNnk97sMg
CTyyS7ql7PPqxYMt8f3czTB4s3wricsOHz2vZ+kOw1NbfqJoAjVvAv/xqlQe3Ta0
N1Y0DgGbYFGF/TgxEckkYOvOGcceEPCjtKNzxq160Rz0ZqBYIFIDtuQzkgn9cn+Y
njZ/X60x0n/MMbdCa02PaVqDsQIDAQABo4IClTCCApEwHQYDVR0OBBYEFNm6CIY1
2ZDkBFI7CoGS0DzQNBLvMB8GA1UdIwQYMBaAFADBMeZotf6U7LQ5MYR6coqs6C1L
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCMjUzRC84NkIwRDczRUY3
MUYxMUVBQUU5NkIyMjVDNEY5QUUwMi9BTUV4NW1pMV9wVHN0RGt4aEhweWlxem9M
VXMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0FNRXg1bWkxX3BUc3REa3hoSHB5aXF6b0xVcy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QjI1M0QvODZCMEQ3M0VGNzFGMTFFQUFFOTZCMjI1QzRGOUFFMDIvNzZFQkQ0NTZG
NzIwMTFFQTg3NzZFQzI4QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAFnm7IwDQYJKoZIhvcNAQELBQADggEBAB6VkZzk/i4W8U0Q
pas958xNzWbf0jSsE6Eef2YiOqHCz8A7T0x+BPRDBBD2t8Vp4W6jliDEC49BSQoT
FwY/MLQ6iNFDx/q8Zni/hPm5CpiD6W5RAn8yf3Tdxwr008FmQQgnd8GFQyNrcThB
FMHmnEwx1EqxPNYBepkMLV2/27rXw/P1XVkcqzY+4j1Xgs/Iyy0+3p/6ySggBnpj
kY0m0pfJoHWJ2Pn1zX7NNCG9uY/YNnZD4GIeHOpw9mt95EY9ERz1eI04mj7JptWe
o3+kRs/EXNkCP3/7E8JBaUbfU3UXLHL9+iDyqtpTIcpAA7lpMgo1JrVzKpopvxPy
Fcy+uIk=
-----END CERTIFICATE-----
Generated at Fri Apr 19 00:06:09 2024 by rpki-client on console-ams.rpki-client.org