Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91B9790/71805BAC5AE211EFAEB0312EC4F9AE02/B1CB71925DDF11EF8DBEED1FC4F9AE02.roa
File:                     B1CB71925DDF11EF8DBEED1FC4F9AE02.roa (raw, json)
Hash identifier:          HSMhV9B6fnrXUJjpIZM4gDs/Fg5+cHbZVi57IqRBjEU=
Subject key identifier:   2F:34:F9:A7:EA:DF:6C:4F:BE:FA:31:71:F7:4D:C6:28:65:F4:76:03
Certificate issuer:       /CN=A91B9790/serialNumber=894289AD40EE7E626F5CD82FCEC5406DB91E1E71
Certificate serial:       07
Authority key identifier: 89:42:89:AD:40:EE:7E:62:6F:5C:D8:2F:CE:C5:40:6D:B9:1E:1E:71
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/iUKJrUDufmJvXNgvzsVAbbkeHnE.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91B9790/71805BAC5AE211EFAEB0312EC4F9AE02/B1CB71925DDF11EF8DBEED1FC4F9AE02.roa
Signing time:             Mon 19 Aug 2024 04:01:46 +0000
ROA not before:           Mon 19 Aug 2024 04:01:46 +0000
ROA not after:            Sun 02 Mar 2025 00:00:00 +0000
asID:                     26658
IP address blocks:        103.199.244.0/22 maxlen: 24
                          203.82.28.0/22 maxlen: 22

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91B9790/71805BAC5AE211EFAEB0312EC4F9AE02/iUKJrUDufmJvXNgvzsVAbbkeHnE.crl
                          rsync://rpki.apnic.net/member_repository/A91B9790/71805BAC5AE211EFAEB0312EC4F9AE02/iUKJrUDufmJvXNgvzsVAbbkeHnE.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/iUKJrUDufmJvXNgvzsVAbbkeHnE.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 28 Nov 2024 05:18:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 7 (0x7)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91B9790/serialNumber=894289AD40EE7E626F5CD82FCEC5406DB91E1E71
        Validity
            Not Before: Aug 19 04:01:46 2024 GMT
            Not After : Mar  2 00:00:00 2025 GMT
        Subject: CN=66c2c3a9-c087
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:46:75:73:52:38:d6:8a:d0:b4:95:20:b9:29:
                    50:96:bf:12:c6:e2:d6:da:1f:70:2f:6a:a0:e8:48:
                    5b:fd:bc:66:0b:52:fa:e8:b8:14:95:47:4c:80:52:
                    85:3e:71:7e:3c:90:29:36:af:25:65:32:9a:ed:7d:
                    8a:36:cc:af:0a:7b:b9:87:84:b8:57:28:4d:42:1e:
                    3b:9d:8f:6e:d7:0b:8a:1b:ea:60:c4:0b:4c:18:4a:
                    45:cc:c7:f0:6b:1d:21:3f:7e:97:30:f7:76:d7:c6:
                    68:dd:d0:84:2c:a0:6d:17:0d:dd:f1:48:8f:45:a8:
                    89:c5:1f:aa:97:98:c9:09:21:96:7d:89:bf:ce:88:
                    84:24:f1:2d:d1:57:70:8f:05:95:16:8c:ad:c6:5e:
                    4c:82:78:cd:ea:ee:0b:6f:55:82:82:14:dc:60:29:
                    e1:d3:cd:01:11:ea:18:c6:7a:21:47:38:16:8a:a5:
                    9e:3d:92:4d:7d:ed:e2:ec:a7:77:5b:a7:f7:54:73:
                    21:7f:4c:a5:18:b7:70:65:e7:27:20:74:45:98:20:
                    fc:8a:3a:e8:ed:6d:07:45:e1:15:71:de:75:ef:26:
                    60:b3:51:f3:17:60:ed:0c:f8:5e:dd:4b:1d:88:6e:
                    5f:92:42:29:44:d0:6f:6c:10:fb:0f:9d:21:40:00:
                    db:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2F:34:F9:A7:EA:DF:6C:4F:BE:FA:31:71:F7:4D:C6:28:65:F4:76:03
            X509v3 Authority Key Identifier:
                keyid:89:42:89:AD:40:EE:7E:62:6F:5C:D8:2F:CE:C5:40:6D:B9:1E:1E:71

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91B9790/71805BAC5AE211EFAEB0312EC4F9AE02/iUKJrUDufmJvXNgvzsVAbbkeHnE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/iUKJrUDufmJvXNgvzsVAbbkeHnE.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B9790/71805BAC5AE211EFAEB0312EC4F9AE02/B1CB71925DDF11EF8DBEED1FC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.199.244.0/22
                  203.82.28.0/22

    Signature Algorithm: sha256WithRSAEncryption
         2b:6e:05:d6:c2:42:34:f9:29:0e:ab:6c:5b:74:bf:f5:8d:73:
         96:c4:71:61:12:82:88:05:6f:3d:58:96:85:a6:a8:5a:89:94:
         45:b8:fc:4c:4e:61:f6:f7:13:91:c9:8e:cd:e8:2a:a8:46:83:
         c4:c2:2c:85:da:2c:90:fc:2a:14:94:89:c2:52:39:bd:de:fe:
         f1:b6:f7:4d:6b:af:38:b7:56:f3:c9:d5:a2:16:2b:5a:cc:79:
         f0:f9:5c:22:26:df:9a:3f:a9:65:ab:93:c5:bd:e2:02:41:7c:
         57:46:16:fe:fa:f5:06:d1:dc:91:9d:eb:be:db:7d:89:93:9a:
         e2:e6:fe:fd:87:7a:51:8b:ee:af:4f:57:44:e7:bf:77:4f:02:
         6f:53:ef:b9:ed:ec:c7:0f:38:cf:00:74:58:26:4c:7a:69:df:
         84:52:d3:75:cf:a0:da:2e:29:ad:01:4a:20:8a:ee:06:70:11:
         1b:f7:8c:36:ef:0c:24:c0:d2:48:eb:e3:c3:8c:83:f3:0d:5b:
         b9:b0:07:73:5a:b3:e6:b3:48:80:d3:33:23:b9:72:83:30:a7:
         18:7f:b7:82:d8:6a:2a:27:58:6a:61:af:c2:e1:74:d2:b7:3c:
         ab:c4:9f:a3:63:15:f4:8f:d5:a4:7e:02:d5:98:e2:6e:dc:6e:
         11:aa:8a:3b
-----BEGIN CERTIFICATE-----
MIIFdjCCBF6gAwIBAgIBBzANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFC
OTc5MDExMC8GA1UEBRMoODk0Mjg5QUQ0MEVFN0U2MjZGNUNEODJGQ0VDNTQwNkRC
OTFFMUU3MTAeFw0yNDA4MTkwNDAxNDZaFw0yNTAzMDIwMDAwMDBaMBgxFjAUBgNV
BAMTDTY2YzJjM2E5LWMwODcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDDRnVzUjjWitC0lSC5KVCWvxLG4tbaH3AvaqDoSFv9vGYLUvrouBSVR0yAUoU+
cX48kCk2ryVlMprtfYo2zK8Ke7mHhLhXKE1CHjudj27XC4ob6mDEC0wYSkXMx/Br
HSE/fpcw93bXxmjd0IQsoG0XDd3xSI9FqInFH6qXmMkJIZZ9ib/OiIQk8S3RV3CP
BZUWjK3GXkyCeM3q7gtvVYKCFNxgKeHTzQER6hjGeiFHOBaKpZ49kk197eLsp3db
p/dUcyF/TKUYt3Bl5ycgdEWYIPyKOujtbQdF4RVx3nXvJmCzUfMXYO0M+F7dSx2I
bl+SQilE0G9sEPsPnSFAANspAgMBAAGjggKbMIIClzAdBgNVHQ4EFgQULzT5p+rf
bE+++jFx903GKGX0dgMwHwYDVR0jBBgwFoAUiUKJrUDufmJvXNgvzsVAbbkeHnEw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUI5NzkwLzcxODA1QkFDNUFF
MjExRUZBRUIwMzEyRUM0RjlBRTAyL2lVS0pyVUR1Zm1KdlhOZ3Z6c1ZBYmJrZUhu
RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvaVVLSnJVRHVmbUp2WE5ndnpzVkFiYmtlSG5FLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFC
OTc5MC83MTgwNUJBQzVBRTIxMUVGQUVCMDMxMkVDNEY5QUUwMi9CMUNCNzE5MjVE
REYxMUVGOERCRUVEMUZDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAlBggrBgEFBQcBBwEB/wQW
MBQwEgQCAAEwDAMEAmfH9AMEAstSHDANBgkqhkiG9w0BAQsFAAOCAQEAK24F1sJC
NPkpDqtsW3S/9Y1zlsRxYRKCiAVvPViWhaaoWomURbj8TE5h9vcTkcmOzegqqEaD
xMIshdoskPwqFJSJwlI5vd7+8bb3TWuvOLdW88nVohYrWsx58PlcIibfmj+pZauT
xb3iAkF8V0YW/vr1BtHckZ3rvtt9iZOa4ub+/Yd6UYvur09XROe/d08Cb1Pvue3s
xw84zwB0WCZMemnfhFLTdc+g2i4prQFKIIruBnARG/eMNu8MJMDSSOvjw4yD8w1b
ubAHc1qz5rNIgNMzI7lygzCnGH+3gthqKidYamGvwuF00rc8q8Sfo2MV9I/VpH4C
1ZjibtxuEaqKOw==
-----END CERTIFICATE-----
Generated at Thu Nov 21 07:40:38 2024 by rpki-client on console-ams.rpki-client.org