Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91BCC23/925C80CE81E111EE8CF66B0AC4F9AE02/D36C048A81E211EEAF423C87C4F9AE02.roa
File:                     D36C048A81E211EEAF423C87C4F9AE02.roa (raw, json)
Hash identifier:          AgEcJkKDpEPBaGjrS9V0jt2iST6E+qzc3K1SEhivhc4=
Subject key identifier:   1B:A7:62:A3:EF:EE:79:96:CD:3B:35:B3:07:C7:5A:7D:E7:A7:1E:90
Certificate issuer:       /CN=A91BCC23/serialNumber=F3C84940B2BDF4025588706F59C1E6EC3D2147F0
Certificate serial:       05
Authority key identifier: F3:C8:49:40:B2:BD:F4:02:55:88:70:6F:59:C1:E6:EC:3D:21:47:F0
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/88hJQLK99AJViHBvWcHm7D0hR_A.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91BCC23/925C80CE81E111EE8CF66B0AC4F9AE02/D36C048A81E211EEAF423C87C4F9AE02.roa
Signing time:             Mon 13 Nov 2023 05:10:40 +0000
ROA not before:           Mon 13 Nov 2023 05:10:40 +0000
ROA not after:            Fri 31 Oct 2025 00:00:00 +0000
asID:                     139296
IP address blocks:        103.141.8.0/23 maxlen: 23
                          103.141.8.0/24 maxlen: 24
                          103.141.9.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91BCC23/925C80CE81E111EE8CF66B0AC4F9AE02/88hJQLK99AJViHBvWcHm7D0hR_A.crl
                          rsync://rpki.apnic.net/member_repository/A91BCC23/925C80CE81E111EE8CF66B0AC4F9AE02/88hJQLK99AJViHBvWcHm7D0hR_A.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/88hJQLK99AJViHBvWcHm7D0hR_A.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 22 Jun 2024 02:50:19 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 5 (0x5)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91BCC23/serialNumber=F3C84940B2BDF4025588706F59C1E6EC3D2147F0
        Validity
            Not Before: Nov 13 05:10:40 2023 GMT
            Not After : Oct 31 00:00:00 2025 GMT
        Subject: CN=6551afcf-0ea6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e2:d6:70:17:50:80:7e:cb:cf:c3:8c:fc:0d:c4:
                    98:e5:ab:7a:cd:78:ae:70:38:76:5b:df:15:1a:cb:
                    97:d8:b7:b7:1c:e7:45:e9:21:d0:e0:52:cd:13:6c:
                    11:71:2b:14:dc:9b:63:22:fb:c4:76:da:e5:a3:b0:
                    c2:4e:3b:63:32:8d:0c:3a:0b:b2:f1:fc:69:08:c1:
                    2c:e9:50:a2:a1:c2:f6:e2:ea:0f:10:71:5c:42:66:
                    dd:f9:7d:0a:8d:51:33:a3:99:e3:7b:e7:b6:08:4a:
                    d6:88:ec:19:9c:33:40:a9:da:40:31:a3:3b:84:87:
                    bf:f7:49:d1:b0:53:5c:f6:86:8c:78:cc:0a:3f:67:
                    ac:7d:6a:e8:f6:e5:2f:79:c6:7d:fd:0b:1c:b0:26:
                    00:20:c1:16:15:9e:fb:69:e8:f8:94:f0:c2:d9:fd:
                    c1:6f:73:86:24:35:be:18:7c:93:49:65:7a:c6:67:
                    e6:ca:0d:f3:1c:18:15:a3:60:b6:09:3f:b5:e6:97:
                    5c:c3:b4:b9:66:83:41:c0:2e:ba:a9:0b:df:52:f1:
                    ae:0a:71:44:6d:43:9c:d8:48:dd:d3:ac:9a:42:1d:
                    28:f8:df:ae:c8:f9:9c:12:5e:6b:a9:70:09:09:22:
                    cc:f7:fe:f8:45:b6:51:8d:b2:0d:a6:c5:3a:c0:af:
                    0b:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:A7:62:A3:EF:EE:79:96:CD:3B:35:B3:07:C7:5A:7D:E7:A7:1E:90
            X509v3 Authority Key Identifier:
                keyid:F3:C8:49:40:B2:BD:F4:02:55:88:70:6F:59:C1:E6:EC:3D:21:47:F0

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91BCC23/925C80CE81E111EE8CF66B0AC4F9AE02/88hJQLK99AJViHBvWcHm7D0hR_A.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/88hJQLK99AJViHBvWcHm7D0hR_A.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91BCC23/925C80CE81E111EE8CF66B0AC4F9AE02/D36C048A81E211EEAF423C87C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.141.8.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4e:92:9a:8c:87:ee:fe:9e:77:d7:c9:bc:a9:63:1f:49:74:26:
         30:a2:b5:51:3d:15:a5:37:01:a0:ed:ad:69:85:a0:56:71:5e:
         cb:58:78:28:26:e3:4c:02:03:83:6d:3b:e8:c2:0c:d5:e4:8a:
         0b:8d:a8:3b:a5:30:74:67:13:c1:71:f2:df:12:29:df:7e:61:
         a1:3e:2c:ee:47:81:06:2e:9b:fe:9a:ee:9a:49:2a:99:68:39:
         a7:32:42:fd:0f:a6:db:cd:43:7a:17:10:08:61:6b:e3:3b:40:
         21:89:dc:1d:7b:2f:ac:a9:42:3e:47:21:63:b0:2a:39:55:52:
         bf:57:ae:2a:99:7b:b9:15:a9:77:17:53:98:c4:7d:df:63:1f:
         6b:79:39:ba:f3:cc:44:9f:f8:d5:44:d6:86:8a:e2:ce:f8:3e:
         d8:73:25:ef:a6:3b:b0:96:48:c8:bf:f0:df:e0:0b:cc:7f:e5:
         cc:bc:f6:3c:ef:33:78:6d:68:dd:e3:11:24:ad:d2:82:26:50:
         1d:93:ad:1f:08:96:54:dc:41:08:4f:e0:ee:fb:c9:29:b2:cc:
         0f:b9:26:81:90:08:0f:ff:f6:96:5b:37:98:a9:dc:31:8b:3e:
         30:7d:0d:49:0f:ff:e9:e3:2a:87:05:61:0c:0e:90:e6:c3:1a:
         2f:a6:1c:a6
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgIBBTANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFC
Q0MyMzExMC8GA1UEBRMoRjNDODQ5NDBCMkJERjQwMjU1ODg3MDZGNTlDMUU2RUMz
RDIxNDdGMDAeFw0yMzExMTMwNTEwNDBaFw0yNTEwMzEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY1NTFhZmNmLTBlYTYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDi1nAXUIB+y8/DjPwNxJjlq3rNeK5wOHZb3xUay5fYt7cc50XpIdDgUs0TbBFx
KxTcm2Mi+8R22uWjsMJOO2MyjQw6C7Lx/GkIwSzpUKKhwvbi6g8QcVxCZt35fQqN
UTOjmeN757YIStaI7BmcM0Cp2kAxozuEh7/3SdGwU1z2hox4zAo/Z6x9auj25S95
xn39CxywJgAgwRYVnvtp6PiU8MLZ/cFvc4YkNb4YfJNJZXrGZ+bKDfMcGBWjYLYJ
P7Xml1zDtLlmg0HALrqpC99S8a4KcURtQ5zYSN3TrJpCHSj4367I+ZwSXmupcAkJ
Isz3/vhFtlGNsg2mxTrArwufAgMBAAGjggKVMIICkTAdBgNVHQ4EFgQUG6dio+/u
eZbNOzWzB8dafeenHpAwHwYDVR0jBBgwFoAU88hJQLK99AJViHBvWcHm7D0hR/Aw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUJDQzIzLzkyNUM4MENFODFF
MTExRUU4Q0Y2NkIwQUM0RjlBRTAyLzg4aEpRTEs5OUFKVmlIQnZXY0htN0QwaFJf
QS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvODhoSlFMSzk5QUpWaUhCdldjSG03RDBoUl9BLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFC
Q0MyMy85MjVDODBDRTgxRTExMUVFOENGNjZCMEFDNEY5QUUwMi9EMzZDMDQ4QTgx
RTIxMUVFQUY0MjNDODdDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEAWeNCDANBgkqhkiG9w0BAQsFAAOCAQEATpKajIfu/p5318m8
qWMfSXQmMKK1UT0VpTcBoO2taYWgVnFey1h4KCbjTAIDg2076MIM1eSKC42oO6Uw
dGcTwXHy3xIp335hoT4s7keBBi6b/prumkkqmWg5pzJC/Q+m281DehcQCGFr4ztA
IYncHXsvrKlCPkchY7AqOVVSv1euKpl7uRWpdxdTmMR932Mfa3k5uvPMRJ/41UTW
horizvg+2HMl76Y7sJZIyL/w3+ALzH/lzLz2PO8zeG1o3eMRJK3SgiZQHZOtHwiW
VNxBCE/g7vvJKbLMD7kmgZAID//2lls3mKncMYs+MH0NSQ//6eMqhwVhDA6Q5sMa
L6Ycpg==
-----END CERTIFICATE-----
Generated at Sat Jun 15 10:17:36 2024 by rpki-client on console-fra.rpki-client.org