Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91CB14D/30FE0AFEC4C611EAA8D5BE66C4F9AE02/1D03DD1ADF1D11EEB8258B62C4F9AE02.roa
File:                     1D03DD1ADF1D11EEB8258B62C4F9AE02.roa (raw, json)
Hash identifier:          m4TORhXDWgzUv++JKCEYQa2IIH0GlbNmdQKsyCYlBbU=
Subject key identifier:   11:B6:BC:C5:23:64:7B:8F:FC:B4:C3:08:42:BB:B1:42:C6:A1:28:73
Certificate issuer:       /CN=A91CB14D/serialNumber=16C662726F4A009133D6591664239E00C681A004
Certificate serial:       03
Authority key identifier: 16:C6:62:72:6F:4A:00:91:33:D6:59:16:64:23:9E:00:C6:81:A0:04
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/FsZicm9KAJEz1lkWZCOeAMaBoAQ.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91CB14D/30FE0AFEC4C611EAA8D5BE66C4F9AE02/1D03DD1ADF1D11EEB8258B62C4F9AE02.roa
Signing time:             Sun 10 Mar 2024 20:31:03 +0000
ROA not before:           Sun 10 Mar 2024 20:31:03 +0000
ROA not after:            Fri 31 Oct 2025 00:00:00 +0000
asID:                     140901
IP address blocks:        103.153.52.0/23 maxlen: 23
                          103.153.52.0/24 maxlen: 24
                          103.153.53.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91CB14D/30FE0AFEC4C611EAA8D5BE66C4F9AE02/FsZicm9KAJEz1lkWZCOeAMaBoAQ.crl
                          rsync://rpki.apnic.net/member_repository/A91CB14D/30FE0AFEC4C611EAA8D5BE66C4F9AE02/FsZicm9KAJEz1lkWZCOeAMaBoAQ.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/FsZicm9KAJEz1lkWZCOeAMaBoAQ.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 11 Jun 2024 22:22:37 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3 (0x3)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91CB14D/serialNumber=16C662726F4A009133D6591664239E00C681A004
        Validity
            Not Before: Mar 10 20:31:03 2024 GMT
            Not After : Oct 31 00:00:00 2025 GMT
        Subject: CN=65ee1887-4423
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:3c:44:d6:8e:b4:84:ff:0a:38:54:49:db:ee:
                    11:4e:60:c7:79:f7:f3:02:24:d5:00:c3:9d:89:6b:
                    37:b8:f6:38:d2:49:fb:dc:69:bd:64:ba:cb:85:9c:
                    c3:6a:66:02:ed:f7:fb:af:35:85:1d:f7:01:6b:9b:
                    b7:ad:15:1e:89:47:d1:61:69:d4:89:84:b3:18:71:
                    12:e3:a6:22:cc:42:1b:a7:2c:3d:6d:ba:0c:9e:10:
                    ae:6c:30:19:f4:7d:69:15:f0:db:e5:a9:9d:3b:eb:
                    cb:a5:ab:02:09:97:4d:2f:e8:94:84:4e:17:0d:82:
                    1b:24:3f:05:92:00:17:7d:d2:2e:16:a5:cc:f8:fa:
                    33:fe:6b:0d:59:81:f8:f5:af:58:ed:e6:40:64:50:
                    d9:b5:14:81:42:24:3d:d1:75:7f:a1:54:01:85:7a:
                    b0:71:a7:45:a6:17:28:66:09:4d:59:e5:89:9e:9c:
                    49:28:d0:8f:8a:52:4c:bb:cd:50:2d:29:b7:f0:53:
                    87:46:cc:48:35:b9:61:69:27:fc:bf:79:b1:73:e0:
                    79:80:09:57:69:8e:c6:ac:ba:39:28:a4:8d:e3:30:
                    a4:55:55:8f:c8:45:c5:5c:94:4b:7d:2f:9a:62:72:
                    ff:d7:31:c5:f5:37:9a:a8:e6:ca:d0:26:16:07:e8:
                    bd:31
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                11:B6:BC:C5:23:64:7B:8F:FC:B4:C3:08:42:BB:B1:42:C6:A1:28:73
            X509v3 Authority Key Identifier:
                keyid:16:C6:62:72:6F:4A:00:91:33:D6:59:16:64:23:9E:00:C6:81:A0:04

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91CB14D/30FE0AFEC4C611EAA8D5BE66C4F9AE02/FsZicm9KAJEz1lkWZCOeAMaBoAQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/FsZicm9KAJEz1lkWZCOeAMaBoAQ.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91CB14D/30FE0AFEC4C611EAA8D5BE66C4F9AE02/1D03DD1ADF1D11EEB8258B62C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.153.52.0/23

    Signature Algorithm: sha256WithRSAEncryption
         20:15:2d:b6:1f:f0:9b:89:b7:9d:42:92:70:b7:9b:0b:89:21:
         f2:bf:09:e7:3f:ac:ab:31:dd:a3:7f:8f:bf:03:d3:ec:b6:1d:
         2e:96:60:4b:52:92:53:c8:0d:ba:e5:d5:a4:34:94:bc:60:55:
         52:51:b6:2b:c2:25:31:cf:23:16:77:be:8b:01:bd:bb:d1:43:
         fb:91:36:a6:96:b5:83:b4:9a:27:9e:49:6d:30:54:75:ff:34:
         a5:32:96:2a:46:9e:57:42:18:9f:d3:7f:83:04:2a:eb:7d:22:
         62:33:7c:96:6f:2c:72:6f:b3:d9:fb:7f:87:1b:22:39:ec:66:
         52:e0:3c:75:af:24:98:c9:e5:d7:40:2b:63:af:37:37:ef:0e:
         9a:b3:f7:5b:93:0f:db:d9:0f:dc:d5:57:d0:fe:6c:87:a7:0e:
         8e:b6:b3:55:70:55:0e:b4:90:d0:33:66:54:36:2b:2b:40:83:
         59:fb:e7:01:19:92:4a:72:95:66:fe:a2:91:3f:fb:da:d4:1f:
         9d:17:59:1e:1a:5f:bf:d4:94:84:6c:4f:93:0b:1c:8a:8d:dc:
         33:ea:c6:1c:d8:96:e6:75:58:46:3b:11:ee:39:8a:47:78:bf:
         c9:60:f3:a8:54:2a:17:62:fc:27:f6:a2:5d:9b:2e:e4:95:51:
         06:64:1d:c8
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgIBAzANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFD
QjE0RDExMC8GA1UEBRMoMTZDNjYyNzI2RjRBMDA5MTMzRDY1OTE2NjQyMzlFMDBD
NjgxQTAwNDAeFw0yNDAzMTAyMDMxMDNaFw0yNTEwMzEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY1ZWUxODg3LTQ0MjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQC3PETWjrSE/wo4VEnb7hFOYMd59/MCJNUAw52Jaze49jjSSfvcab1kusuFnMNq
ZgLt9/uvNYUd9wFrm7etFR6JR9FhadSJhLMYcRLjpiLMQhunLD1tugyeEK5sMBn0
fWkV8NvlqZ0768ulqwIJl00v6JSEThcNghskPwWSABd90i4Wpcz4+jP+aw1Zgfj1
r1jt5kBkUNm1FIFCJD3RdX+hVAGFerBxp0WmFyhmCU1Z5YmenEko0I+KUky7zVAt
KbfwU4dGzEg1uWFpJ/y/ebFz4HmACVdpjsasujkopI3jMKRVVY/IRcVclEt9L5pi
cv/XMcX1N5qo5srQJhYH6L0xAgMBAAGjggKVMIICkTAdBgNVHQ4EFgQUEba8xSNk
e4/8tMMIQruxQsahKHMwHwYDVR0jBBgwFoAUFsZicm9KAJEz1lkWZCOeAMaBoAQw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUNCMTRELzMwRkUwQUZFQzRD
NjExRUFBOEQ1QkU2NkM0RjlBRTAyL0ZzWmljbTlLQUpFejFsa1daQ09lQU1hQm9B
US5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvRnNaaWNtOUtBSkV6MWxrV1pDT2VBTWFCb0FRLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFD
QjE0RC8zMEZFMEFGRUM0QzYxMUVBQThENUJFNjZDNEY5QUUwMi8xRDAzREQxQURG
MUQxMUVFQjgyNThCNjJDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEAWeZNDANBgkqhkiG9w0BAQsFAAOCAQEAIBUtth/wm4m3nUKS
cLebC4kh8r8J5z+sqzHdo3+PvwPT7LYdLpZgS1KSU8gNuuXVpDSUvGBVUlG2K8Il
Mc8jFne+iwG9u9FD+5E2ppa1g7SaJ55JbTBUdf80pTKWKkaeV0IYn9N/gwQq630i
YjN8lm8scm+z2ft/hxsiOexmUuA8da8kmMnl10ArY683N+8OmrP3W5MP29kP3NVX
0P5sh6cOjrazVXBVDrSQ0DNmVDYrK0CDWfvnARmSSnKVZv6ikT/72tQfnRdZHhpf
v9SUhGxPkwscio3cM+rGHNiW5nVYRjsR7jmKR3i/yWDzqFQqF2L8J/aiXZsu5JVR
BmQdyA==
-----END CERTIFICATE-----
Generated at Thu Jun 6 16:51:41 2024 by rpki-client on console-fra.rpki-client.org