Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91CFAB9/E853382C9F1311EC9E45D572C4F9AE02/596CCC4E9F1911EC8FDFEA7DC4F9AE02.roa
File:                     596CCC4E9F1911EC8FDFEA7DC4F9AE02.roa (raw, json)
Hash identifier:          ninl9qaRwReMJ+VyWpCOBcznoKGFRI4XnhBOBj8GIYw=
Subject key identifier:   31:E9:75:61:B7:DA:B2:8A:A4:64:7F:CC:79:B6:C9:C3:F0:D8:9D:5A
Certificate issuer:       /CN=A91CFAB9/serialNumber=DD8A2B88654C3366FFE7FCF6556A9786002AA65B
Certificate serial:       02C5
Authority key identifier: DD:8A:2B:88:65:4C:33:66:FF:E7:FC:F6:55:6A:97:86:00:2A:A6:5B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/3YoriGVMM2b_5_z2VWqXhgAqpls.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91CFAB9/E853382C9F1311EC9E45D572C4F9AE02/596CCC4E9F1911EC8FDFEA7DC4F9AE02.roa
Signing time:             Wed 27 Mar 2024 03:16:01 +0000
ROA not before:           Wed 27 Mar 2024 03:16:01 +0000
ROA not after:            Wed 28 May 2025 00:00:00 +0000
asID:                     135069
IP address blocks:        103.208.140.0/22 maxlen: 22
                          103.208.140.0/24 maxlen: 24
                          103.208.141.0/24 maxlen: 24
                          103.208.142.0/24 maxlen: 24
                          103.208.143.0/24 maxlen: 24
                          163.47.109.0/24 maxlen: 24
                          180.235.104.0/22 maxlen: 22
                          180.235.104.0/24 maxlen: 24
                          180.235.105.0/24 maxlen: 24
                          180.235.106.0/24 maxlen: 24
                          180.235.107.0/24 maxlen: 24
                          203.28.247.0/24 maxlen: 24
                          223.26.24.0/22 maxlen: 22
                          223.26.24.0/24 maxlen: 24
                          223.26.25.0/24 maxlen: 24
                          223.26.26.0/24 maxlen: 24
                          223.26.27.0/24 maxlen: 24
                          2404:4880::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91CFAB9/E853382C9F1311EC9E45D572C4F9AE02/3YoriGVMM2b_5_z2VWqXhgAqpls.crl
                          rsync://rpki.apnic.net/member_repository/A91CFAB9/E853382C9F1311EC9E45D572C4F9AE02/3YoriGVMM2b_5_z2VWqXhgAqpls.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/3YoriGVMM2b_5_z2VWqXhgAqpls.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 27 Nov 2024 20:33:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 709 (0x2c5)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91CFAB9/serialNumber=DD8A2B88654C3366FFE7FCF6556A9786002AA65B
        Validity
            Not Before: Mar 27 03:16:01 2024 GMT
            Not After : May 28 00:00:00 2025 GMT
        Subject: CN=66038f71-a496
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:c3:0d:e6:99:4e:de:4f:bf:77:e8:b1:26:dd:
                    54:70:a1:40:8c:f7:82:c0:45:8a:b7:5d:e8:ca:51:
                    68:fb:f1:f8:76:cc:df:37:a7:82:6c:98:80:5c:6e:
                    7a:d8:21:a5:5a:5c:23:b8:7c:0a:b6:0d:57:b0:18:
                    17:44:2d:94:63:2a:b0:45:6a:15:6a:73:6b:1f:5c:
                    39:db:3a:b4:1a:4b:61:c7:09:20:ba:18:42:7c:79:
                    75:98:99:d0:ef:12:1f:a0:55:14:9c:37:7f:20:55:
                    ba:b3:f8:31:5e:10:f6:eb:59:1e:59:9a:20:a7:b4:
                    b2:f1:e1:c4:b0:cf:55:2e:69:bb:5a:0a:35:4d:cd:
                    5f:94:df:37:8b:29:dd:41:66:56:c0:69:fe:cb:75:
                    2e:a2:6e:a5:b9:d8:04:de:bb:7a:2b:18:fa:e0:80:
                    a3:63:1a:6c:d6:c6:83:d8:5e:3b:bc:6c:df:07:f2:
                    be:a6:3d:31:c3:13:c3:f3:83:0d:b9:40:ea:6d:c5:
                    56:e0:91:20:c8:a2:3f:ae:a1:4e:26:cd:f1:90:9e:
                    06:33:cc:65:5f:16:3e:22:3e:1e:8c:39:73:44:13:
                    42:92:d3:be:44:62:b4:d0:56:e0:97:f5:85:0c:66:
                    b2:78:96:7d:78:e9:5d:64:3e:0e:77:b8:ab:0d:06:
                    4f:a1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                31:E9:75:61:B7:DA:B2:8A:A4:64:7F:CC:79:B6:C9:C3:F0:D8:9D:5A
            X509v3 Authority Key Identifier:
                keyid:DD:8A:2B:88:65:4C:33:66:FF:E7:FC:F6:55:6A:97:86:00:2A:A6:5B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91CFAB9/E853382C9F1311EC9E45D572C4F9AE02/3YoriGVMM2b_5_z2VWqXhgAqpls.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/3YoriGVMM2b_5_z2VWqXhgAqpls.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91CFAB9/E853382C9F1311EC9E45D572C4F9AE02/596CCC4E9F1911EC8FDFEA7DC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.208.140.0/22
                  163.47.109.0/24
                  180.235.104.0/22
                  203.28.247.0/24
                  223.26.24.0/22
                IPv6:
                  2404:4880::/32

    Signature Algorithm: sha256WithRSAEncryption
         05:80:b8:35:70:77:45:ea:5c:79:74:05:e7:6d:71:22:c3:2c:
         b2:ee:5a:db:be:94:72:1b:2d:bb:96:da:cb:40:54:a8:c1:ac:
         b1:d3:6c:44:45:a5:67:ca:4d:32:15:c8:22:20:26:84:7a:0a:
         75:eb:86:b1:eb:90:b9:df:6c:55:bd:af:07:05:11:d5:88:09:
         1d:a7:25:a0:68:98:cb:8e:05:b1:00:aa:e2:43:39:b8:b6:34:
         6a:60:ce:b3:01:ac:ef:8a:54:2a:15:0f:eb:a4:f8:5f:96:67:
         56:bf:85:60:d0:8d:aa:31:20:2f:17:5d:90:d4:ee:24:d1:a9:
         4f:16:c2:c5:8d:3b:21:51:6a:05:e7:8f:a4:19:0d:51:29:ab:
         07:5b:65:88:cf:bf:7f:cf:94:df:0c:56:e5:fc:48:f4:35:77:
         1d:fb:35:3a:2e:06:eb:26:9d:30:bf:74:ad:5c:5e:50:6d:d0:
         3d:03:ca:d5:a3:ae:1b:53:24:12:ae:90:62:30:77:c1:64:e2:
         3b:b1:fc:3f:59:be:42:84:e1:37:bd:98:81:22:27:d3:c2:a6:
         d4:8c:fb:a8:7d:ed:32:bd:a6:5e:cd:c0:f8:cc:61:42:fc:66:
         46:9f:9e:aa:c1:5d:6b:9e:52:e1:0a:d4:81:ae:a0:51:43:88:
         fb:1f:06:76
-----BEGIN CERTIFICATE-----
MIIFmDCCBICgAwIBAgICAsUwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Q0ZBQjkxMTAvBgNVBAUTKEREOEEyQjg4NjU0QzMzNjZGRkU3RkNGNjU1NkE5Nzg2
MDAyQUE2NUIwHhcNMjQwMzI3MDMxNjAxWhcNMjUwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02NjAzOGY3MS1hNDk2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAy8MN5plO3k+/d+ixJt1UcKFAjPeCwEWKt13oylFo+/H4dszfN6eCbJiAXG56
2CGlWlwjuHwKtg1XsBgXRC2UYyqwRWoVanNrH1w52zq0GkthxwkguhhCfHl1mJnQ
7xIfoFUUnDd/IFW6s/gxXhD261keWZogp7Sy8eHEsM9VLmm7Wgo1Tc1flN83iynd
QWZWwGn+y3Uuom6ludgE3rt6Kxj64ICjYxps1saD2F47vGzfB/K+pj0xwxPD84MN
uUDqbcVW4JEgyKI/rqFOJs3xkJ4GM8xlXxY+Ij4ejDlzRBNCktO+RGK00Fbgl/WF
DGayeJZ9eOldZD4Od7irDQZPoQIDAQABo4ICvDCCArgwHQYDVR0OBBYEFDHpdWG3
2rKKpGR/zHm2ycPw2J1aMB8GA1UdIwQYMBaAFN2KK4hlTDNm/+f89lVql4YAKqZb
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFDRkFCOS9FODUzMzgyQzlG
MTMxMUVDOUU0NUQ1NzJDNEY5QUUwMi8zWW9yaUdWTU0yYl81X3oyVldxWGhnQXFw
bHMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzNZb3JpR1ZNTTJiXzVfejJWV3FYaGdBcXBscy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Q0ZBQjkvRTg1MzM4MkM5RjEzMTFFQzlFNDVENTcyQzRGOUFFMDIvNTk2Q0NDNEU5
RjE5MTFFQzhGREZFQTdEQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwRgYIKwYBBQUHAQcBAf8E
NzA1MCQEAgABMB4DBAJn0IwDBACjL20DBAK062gDBADLHPcDBALfGhgwDQQCAAIw
BwMFACQESIAwDQYJKoZIhvcNAQELBQADggEBAAWAuDVwd0XqXHl0BedtcSLDLLLu
Wtu+lHIbLbuW2stAVKjBrLHTbERFpWfKTTIVyCIgJoR6CnXrhrHrkLnfbFW9rwcF
EdWICR2nJaBomMuOBbEAquJDObi2NGpgzrMBrO+KVCoVD+uk+F+WZ1a/hWDQjaox
IC8XXZDU7iTRqU8WwsWNOyFRagXnj6QZDVEpqwdbZYjPv3/PlN8MVuX8SPQ1dx37
NTouBusmnTC/dK1cXlBt0D0DytWjrhtTJBKukGIwd8Fk4jux/D9ZvkKE4Te9mIEi
J9PCptSM+6h97TK9pl7NwPjMYUL8ZkafnqrBXWueUuEK1IGuoFFDiPsfBnY=
-----END CERTIFICATE-----
Generated at Thu Nov 21 01:26:05 2024 by rpki-client on console-ams.rpki-client.org