Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91CE978/3223F35E1D9811E28A8C2E8208B02CD2/DDF4B0D2F08C11EEB70A1F76C4F9AE02.roa
File:                     DDF4B0D2F08C11EEB70A1F76C4F9AE02.roa (raw, json)
Hash identifier:          xpjctOic9ALUbvMpVasWFZFNE3OfU+88qrN9oKY4+Dw=
Subject key identifier:   3A:F5:15:FD:C9:FC:0A:16:A5:7E:8D:4D:AE:45:8F:BC:8C:0E:FD:42
Certificate issuer:       /CN=A91CE978/serialNumber=6A1E4F72847EB3699522C93D26773F0DF8396EBE
Certificate serial:       3473
Authority key identifier: 6A:1E:4F:72:84:7E:B3:69:95:22:C9:3D:26:77:3F:0D:F8:39:6E:BE
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ah5PcoR-s2mVIsk9Jnc_Dfg5br4.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91CE978/3223F35E1D9811E28A8C2E8208B02CD2/DDF4B0D2F08C11EEB70A1F76C4F9AE02.roa
Signing time:             Sat 04 May 2024 15:20:57 +0000
ROA not before:           Sat 04 May 2024 15:20:57 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     23838
IP address blocks:        43.255.160.0/22 maxlen: 22
                          43.255.160.0/24 maxlen: 24
                          43.255.161.0/24 maxlen: 24
                          43.255.162.0/24 maxlen: 24
                          43.255.163.0/24 maxlen: 24
                          103.8.252.0/22 maxlen: 23
                          116.90.135.0/24 maxlen: 24
                          120.136.48.0/20 maxlen: 20
                          120.136.48.0/21 maxlen: 21
                          120.136.49.0/24 maxlen: 24
                          120.136.53.0/24 maxlen: 24
                          120.136.56.0/21 maxlen: 21
                          120.136.56.0/24 maxlen: 24
                          120.136.58.0/24 maxlen: 24
                          2401:f000:6::/48 maxlen: 48
                          2401:f000:8::/48 maxlen: 48
                          2401:f000:16::/48 maxlen: 48
                          2401:f000:18::/48 maxlen: 48
                          2402:1c00::/32 maxlen: 32
                          2402:1c00::/32 maxlen: 48
                          2402:1c00:4000::/36 maxlen: 36
                          2402:1c00:8000::/36 maxlen: 36
                          2402:1c00:9000::/37 maxlen: 37
                          2402:1c00:c000::/36 maxlen: 36

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91CE978/3223F35E1D9811E28A8C2E8208B02CD2/ah5PcoR-s2mVIsk9Jnc_Dfg5br4.crl
                          rsync://rpki.apnic.net/member_repository/A91CE978/3223F35E1D9811E28A8C2E8208B02CD2/ah5PcoR-s2mVIsk9Jnc_Dfg5br4.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ah5PcoR-s2mVIsk9Jnc_Dfg5br4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 29 Nov 2024 14:54:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 13427 (0x3473)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91CE978/serialNumber=6A1E4F72847EB3699522C93D26773F0DF8396EBE
        Validity
            Not Before: May  4 15:20:57 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=66365259-fc27
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:fa:65:b4:95:9a:29:14:59:b4:a8:36:fc:f6:
                    44:32:d0:e4:1b:dc:81:c6:e0:c5:59:80:96:05:e4:
                    8f:4d:b9:98:18:4d:d2:c7:2c:ed:c0:35:f6:63:63:
                    32:9a:d2:40:f1:34:5c:ed:8b:80:c4:1f:43:f8:8d:
                    d6:62:47:49:22:ad:82:bb:4e:2b:ef:66:de:a9:69:
                    b6:5b:ba:70:c8:46:00:64:1d:71:4b:81:53:7b:a5:
                    2f:2c:b8:ce:95:17:a9:e5:2f:71:7e:8e:7c:1f:71:
                    ba:69:54:67:67:03:6e:a8:3a:30:31:26:07:d7:17:
                    8a:2b:ad:af:47:98:55:39:44:16:27:16:6c:87:46:
                    45:67:82:9a:35:78:92:ba:57:d4:65:4d:aa:96:9c:
                    5b:e6:d6:43:65:e6:94:31:16:0e:52:e9:3b:83:7f:
                    4e:f3:c8:b5:03:f9:22:c3:0d:ff:c6:26:51:73:3b:
                    34:3c:66:2c:11:ea:6f:4e:72:0b:12:d8:ed:72:53:
                    20:b3:f3:8e:02:9f:cb:b3:50:1a:44:37:0b:14:16:
                    31:1c:7c:f2:ec:ef:be:7d:25:bd:9a:97:a8:49:61:
                    a1:6c:0e:da:eb:75:93:16:80:b2:2e:69:fc:24:11:
                    b2:d8:8b:65:ca:09:64:e3:48:60:95:4b:fa:bf:76:
                    d0:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3A:F5:15:FD:C9:FC:0A:16:A5:7E:8D:4D:AE:45:8F:BC:8C:0E:FD:42
            X509v3 Authority Key Identifier:
                keyid:6A:1E:4F:72:84:7E:B3:69:95:22:C9:3D:26:77:3F:0D:F8:39:6E:BE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91CE978/3223F35E1D9811E28A8C2E8208B02CD2/ah5PcoR-s2mVIsk9Jnc_Dfg5br4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ah5PcoR-s2mVIsk9Jnc_Dfg5br4.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91CE978/3223F35E1D9811E28A8C2E8208B02CD2/DDF4B0D2F08C11EEB70A1F76C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.255.160.0/22
                  103.8.252.0/22
                  116.90.135.0/24
                  120.136.48.0/20
                IPv6:
                  2401:f000:6::/48
                  2401:f000:8::/48
                  2401:f000:16::/48
                  2401:f000:18::/48
                  2402:1c00::/32

    Signature Algorithm: sha256WithRSAEncryption
         a3:6f:d1:61:18:70:9b:04:df:9b:01:f9:1a:79:16:bb:c1:0a:
         80:f3:85:b3:d0:78:ff:72:62:11:72:c9:2f:68:12:62:f1:28:
         9a:dd:e1:bb:2e:ce:65:ac:01:de:e5:cb:be:da:fd:39:f2:d0:
         7d:81:a4:b7:d4:f1:6c:7c:b3:3b:ac:c7:f9:d9:b2:f1:fc:bb:
         79:e8:75:52:a4:3a:5f:ed:df:10:ff:cb:47:2e:5e:1a:10:eb:
         ae:ba:f7:4d:65:36:f0:33:37:23:78:b4:a2:e3:d9:64:51:e7:
         0a:04:cd:51:d7:af:f5:4c:54:e0:85:2e:32:83:6a:1c:de:e9:
         fa:16:ea:8d:20:26:0a:7c:9e:5d:d8:4e:f3:6e:c9:fd:de:d0:
         73:11:30:07:30:f5:a1:34:72:a1:c9:57:71:b3:65:a0:61:9c:
         18:1e:89:e3:36:f0:a4:e9:6e:fc:ad:c8:58:08:42:8e:6b:7b:
         cb:62:a7:dd:a1:5f:00:b4:0a:28:36:2f:a7:9d:0d:1d:59:f4:
         ee:32:36:69:a8:43:d6:be:09:c1:03:9c:1b:15:80:e6:c9:96:
         95:65:e5:f2:f6:4e:ce:43:04:a9:6f:10:eb:3f:4e:91:8c:8e:
         f2:5f:be:24:2e:70:7b:03:94:38:6f:16:a1:87:82:09:41:73:
         f8:a1:1b:05
-----BEGIN CERTIFICATE-----
MIIFtjCCBJ6gAwIBAgICNHMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Q0U5NzgxMTAvBgNVBAUTKDZBMUU0RjcyODQ3RUIzNjk5NTIyQzkzRDI2NzczRjBE
RjgzOTZFQkUwHhcNMjQwNTA0MTUyMDU3WhcNMjUwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjM2NTI1OS1mYzI3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAu/pltJWaKRRZtKg2/PZEMtDkG9yBxuDFWYCWBeSPTbmYGE3SxyztwDX2Y2My
mtJA8TRc7YuAxB9D+I3WYkdJIq2Cu04r72beqWm2W7pwyEYAZB1xS4FTe6UvLLjO
lRep5S9xfo58H3G6aVRnZwNuqDowMSYH1xeKK62vR5hVOUQWJxZsh0ZFZ4KaNXiS
ulfUZU2qlpxb5tZDZeaUMRYOUuk7g39O88i1A/kiww3/xiZRczs0PGYsEepvTnIL
EtjtclMgs/OOAp/Ls1AaRDcLFBYxHHzy7O++fSW9mpeoSWGhbA7a63WTFoCyLmn8
JBGy2Itlyglk40hglUv6v3bQrQIDAQABo4IC2jCCAtYwHQYDVR0OBBYEFDr1Ff3J
/AoWpX6NTa5Fj7yMDv1CMB8GA1UdIwQYMBaAFGoeT3KEfrNplSLJPSZ3Pw34OW6+
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDRTk3OC8zMjIzRjM1RTFE
OTgxMUUyOEE4QzJFODIwOEIwMkNEMi9haDVQY29SLXMybVZJc2s5Sm5jX0RmZzVi
cjQuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2FoNVBjb1ItczJtVklzazlKbmNfRGZnNWJyNC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Q0U5NzgvMzIyM0YzNUUxRDk4MTFFMjhBOEMyRTgyMDhCMDJDRDIvRERGNEIwRDJG
MDhDMTFFRUI3MEExRjc2QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwZAYIKwYBBQUHAQcBAf8E
VTBTMB4EAgABMBgDBAIr/6ADBAJnCPwDBAB0WocDBAR4iDAwMQQCAAIwKwMHACQB
8AAABgMHACQB8AAACAMHACQB8AAAFgMHACQB8AAAGAMFACQCHAAwDQYJKoZIhvcN
AQELBQADggEBAKNv0WEYcJsE35sB+Rp5FrvBCoDzhbPQeP9yYhFyyS9oEmLxKJrd
4bsuzmWsAd7ly77a/Tny0H2BpLfU8Wx8szusx/nZsvH8u3nodVKkOl/t3xD/y0cu
XhoQ6666901lNvAzNyN4tKLj2WRR5woEzVHXr/VMVOCFLjKDahze6foW6o0gJgp8
nl3YTvNuyf3e0HMRMAcw9aE0cqHJV3GzZaBhnBgeieM28KTpbvytyFgIQo5re8ti
p92hXwC0Cig2L6edDR1Z9O4yNmmoQ9a+CcEDnBsVgObJlpVl5fL2Ts5DBKlvEOs/
TpGMjvJfviQucHsDlDhvFqGHgglBc/ihGwU=
-----END CERTIFICATE-----
Generated at Fri Nov 22 16:50:04 2024 by rpki-client on console-ams.rpki-client.org