Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91CA559/AAC34F4630C411EC99F2F66CC4F9AE02/45CC5B763C8311ECA86D031EC4F9AE02.roa
File:                     45CC5B763C8311ECA86D031EC4F9AE02.roa (raw, json)
Hash identifier:          T0x2Plu9ngMiF22DMmohr6DFduIGNsE4bILifRH3Lz8=
Subject key identifier:   CA:44:1A:13:4F:10:2C:81:CE:09:71:1D:7A:B6:0E:86:91:66:83:41
Certificate issuer:       /CN=A91CA559/serialNumber=21A76F3BB816CFFE7C466555C2B0BEBC9C7BC56E
Certificate serial:       03D1
Authority key identifier: 21:A7:6F:3B:B8:16:CF:FE:7C:46:65:55:C2:B0:BE:BC:9C:7B:C5:6E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/IadvO7gWz_58RmVVwrC-vJx7xW4.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91CA559/AAC34F4630C411EC99F2F66CC4F9AE02/45CC5B763C8311ECA86D031EC4F9AE02.roa
Signing time:             Sat 09 Mar 2024 01:54:01 +0000
ROA not before:           Sat 09 Mar 2024 01:54:01 +0000
ROA not after:            Thu 01 May 2025 00:00:00 +0000
asID:                     9744
IP address blocks:        103.147.224.0/23 maxlen: 24
                          103.231.172.0/22 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91CA559/AAC34F4630C411EC99F2F66CC4F9AE02/IadvO7gWz_58RmVVwrC-vJx7xW4.crl
                          rsync://rpki.apnic.net/member_repository/A91CA559/AAC34F4630C411EC99F2F66CC4F9AE02/IadvO7gWz_58RmVVwrC-vJx7xW4.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/IadvO7gWz_58RmVVwrC-vJx7xW4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 27 Nov 2024 20:33:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 977 (0x3d1)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91CA559/serialNumber=21A76F3BB816CFFE7C466555C2B0BEBC9C7BC56E
        Validity
            Not Before: Mar  9 01:54:01 2024 GMT
            Not After : May  1 00:00:00 2025 GMT
        Subject: CN=65ebc139-be9a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9e:87:66:88:a4:d6:1b:7b:ee:13:2f:44:93:46:
                    54:b9:66:3d:94:12:58:4a:2b:dc:52:a6:3d:a3:fd:
                    fe:33:81:f3:88:69:6c:a0:92:c8:5b:f7:98:66:82:
                    09:74:5e:3b:2c:c3:e5:c9:10:61:5a:66:80:38:1b:
                    e8:6c:bb:93:c8:81:e5:51:76:43:84:96:85:8a:3f:
                    5a:58:01:49:39:84:dc:47:5b:0a:ec:04:80:8b:66:
                    1c:c6:8e:73:90:1c:96:64:9d:23:27:3e:4f:2c:00:
                    7b:31:29:b8:36:9a:9e:6e:ce:85:51:4d:b8:82:fd:
                    83:48:c9:b3:a0:f6:96:94:9d:fd:a5:91:5e:ab:d0:
                    cc:54:81:d5:dd:64:81:06:c5:2d:b6:d6:8b:6d:07:
                    ae:84:1d:0e:39:df:21:82:07:a7:cf:10:28:08:6f:
                    af:21:ba:d4:8e:88:0e:bc:9a:9b:fc:0a:9f:1f:bd:
                    d5:fa:98:b5:ef:53:49:e3:90:a6:6e:75:87:4f:86:
                    ad:3a:8c:69:ba:64:90:a3:c9:9c:e2:77:7b:c2:c7:
                    c6:43:4f:9b:44:c4:c5:ac:c4:92:3c:15:0c:1a:b8:
                    32:44:c9:6f:00:cf:6f:1a:7a:e7:46:3e:9f:df:62:
                    ef:0f:b5:ed:8e:e6:3e:c1:8a:0c:05:97:e9:d3:b0:
                    65:61
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CA:44:1A:13:4F:10:2C:81:CE:09:71:1D:7A:B6:0E:86:91:66:83:41
            X509v3 Authority Key Identifier:
                keyid:21:A7:6F:3B:B8:16:CF:FE:7C:46:65:55:C2:B0:BE:BC:9C:7B:C5:6E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91CA559/AAC34F4630C411EC99F2F66CC4F9AE02/IadvO7gWz_58RmVVwrC-vJx7xW4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/IadvO7gWz_58RmVVwrC-vJx7xW4.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91CA559/AAC34F4630C411EC99F2F66CC4F9AE02/45CC5B763C8311ECA86D031EC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.147.224.0/23
                  103.231.172.0/22

    Signature Algorithm: sha256WithRSAEncryption
         b7:1d:4f:f0:99:03:b6:8c:13:03:ff:91:cd:01:9e:9e:ea:68:
         ad:bc:a0:61:08:ed:e4:8d:01:2a:f8:66:1c:90:40:ba:8a:4b:
         56:3d:60:ee:22:54:da:76:17:52:0e:b3:f0:b1:9a:e2:4c:c6:
         fd:c8:14:89:51:5c:6c:74:d7:94:43:bc:60:cc:97:c5:b8:6f:
         5b:7b:97:16:65:fc:09:81:cb:61:e3:06:1f:70:27:37:a5:dd:
         e4:3a:45:69:98:f9:9e:97:52:d6:44:6f:cf:af:f4:a4:9c:1d:
         f6:5d:a8:ac:a7:4a:57:95:97:19:76:5d:8e:8e:55:77:65:67:
         0a:a6:04:8f:ea:f5:6c:92:c5:27:08:8a:12:cf:5e:9d:86:72:
         34:0e:80:d5:7b:5e:6d:c8:5b:b6:77:20:82:fa:9a:11:3a:be:
         c5:9f:41:42:4c:9d:2f:4f:5a:82:c0:86:ad:a9:b2:ce:26:41:
         33:cc:81:53:c5:6d:91:60:b3:b6:3a:81:7f:fd:21:8f:3e:76:
         1d:62:32:71:69:9b:f9:e2:e4:a0:35:d1:4a:cf:8d:ad:2b:09:
         a4:0b:17:8d:01:37:43:20:a2:9a:3b:4f:db:42:9a:64:ef:ed:
         d1:d4:fd:db:09:f6:ac:2b:e1:54:de:06:54:d1:92:24:e8:be:
         ff:f2:13:0e
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICA9EwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Q0E1NTkxMTAvBgNVBAUTKDIxQTc2RjNCQjgxNkNGRkU3QzQ2NjU1NUMyQjBCRUJD
OUM3QkM1NkUwHhcNMjQwMzA5MDE1NDAxWhcNMjUwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWViYzEzOS1iZTlhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAnodmiKTWG3vuEy9Ek0ZUuWY9lBJYSivcUqY9o/3+M4HziGlsoJLIW/eYZoIJ
dF47LMPlyRBhWmaAOBvobLuTyIHlUXZDhJaFij9aWAFJOYTcR1sK7ASAi2Ycxo5z
kByWZJ0jJz5PLAB7MSm4Npqebs6FUU24gv2DSMmzoPaWlJ39pZFeq9DMVIHV3WSB
BsUtttaLbQeuhB0OOd8hggenzxAoCG+vIbrUjogOvJqb/AqfH73V+pi171NJ45Cm
bnWHT4atOoxpumSQo8mc4nd7wsfGQ0+bRMTFrMSSPBUMGrgyRMlvAM9vGnrnRj6f
32LvD7XtjuY+wYoMBZfp07BlYQIDAQABo4ICmzCCApcwHQYDVR0OBBYEFMpEGhNP
ECyBzglxHXq2DoaRZoNBMB8GA1UdIwQYMBaAFCGnbzu4Fs/+fEZlVcKwvryce8Vu
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDQTU1OS9BQUMzNEY0NjMw
QzQxMUVDOTlGMkY2NkNDNEY5QUUwMi9JYWR2TzdnV3pfNThSbVZWd3JDLXZKeDd4
VzQuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0lhZHZPN2dXel81OFJtVlZ3ckMtdkp4N3hXNC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Q0E1NTkvQUFDMzRGNDYzMEM0MTFFQzk5RjJGNjZDQzRGOUFFMDIvNDVDQzVCNzYz
QzgzMTFFQ0E4NkQwMzFFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBAFnk+ADBAJn56wwDQYJKoZIhvcNAQELBQADggEBALcdT/CZ
A7aMEwP/kc0Bnp7qaK28oGEI7eSNASr4ZhyQQLqKS1Y9YO4iVNp2F1IOs/CxmuJM
xv3IFIlRXGx015RDvGDMl8W4b1t7lxZl/AmBy2HjBh9wJzel3eQ6RWmY+Z6XUtZE
b8+v9KScHfZdqKynSleVlxl2XY6OVXdlZwqmBI/q9WySxScIihLPXp2GcjQOgNV7
Xm3IW7Z3IIL6mhE6vsWfQUJMnS9PWoLAhq2pss4mQTPMgVPFbZFgs7Y6gX/9IY8+
dh1iMnFpm/ni5KA10UrPja0rCaQLF40BN0Mgopo7T9tCmmTv7dHU/dsJ9qwr4VTe
BlTRkiTovv/yEw4=
-----END CERTIFICATE-----
Generated at Thu Nov 21 01:31:58 2024 by rpki-client on console-fra.rpki-client.org