Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91D4190/F9DE76CA08DA11ED9402D357C4F9AE02/D18B56F408DD11ED830BEB5CC4F9AE02.roa
File:                     D18B56F408DD11ED830BEB5CC4F9AE02.roa (raw, json)
Hash identifier:          65QKn1iwWtzaEt6FfyQQXaoXVramIQmLx5AtEX20zao=
Subject key identifier:   72:F5:6E:BF:BB:FA:50:37:61:F0:90:2E:99:62:63:52:33:E3:88:3F
Certificate issuer:       /CN=A91D4190/serialNumber=57E759DC279B546EDA81B7EFDAF5578516B80AFC
Certificate serial:       01A6
Authority key identifier: 57:E7:59:DC:27:9B:54:6E:DA:81:B7:EF:DA:F5:57:85:16:B8:0A:FC
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/V-dZ3CebVG7agbfv2vVXhRa4Cvw.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91D4190/F9DE76CA08DA11ED9402D357C4F9AE02/D18B56F408DD11ED830BEB5CC4F9AE02.roa
Signing time:             Wed 13 Mar 2024 03:46:01 +0000
ROA not before:           Wed 13 Mar 2024 03:46:01 +0000
ROA not after:            Wed 28 May 2025 00:00:00 +0000
asID:                     136512
IP address blocks:        103.91.104.0/23 maxlen: 24
                          2001:df1:700::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91D4190/F9DE76CA08DA11ED9402D357C4F9AE02/V-dZ3CebVG7agbfv2vVXhRa4Cvw.crl
                          rsync://rpki.apnic.net/member_repository/A91D4190/F9DE76CA08DA11ED9402D357C4F9AE02/V-dZ3CebVG7agbfv2vVXhRa4Cvw.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/V-dZ3CebVG7agbfv2vVXhRa4Cvw.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 30 Nov 2024 01:27:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 422 (0x1a6)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91D4190/serialNumber=57E759DC279B546EDA81B7EFDAF5578516B80AFC
        Validity
            Not Before: Mar 13 03:46:01 2024 GMT
            Not After : May 28 00:00:00 2025 GMT
        Subject: CN=65f12179-20cd
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b3:f7:a4:74:8b:be:23:55:d3:44:62:27:7a:5d:
                    b6:bb:95:b4:c9:a4:af:f0:59:8c:a1:55:d9:f7:8e:
                    2d:81:6e:c9:2e:05:15:2b:95:68:c5:87:ee:72:41:
                    8e:cb:a1:e4:c2:91:59:bd:6f:a8:36:59:0d:66:48:
                    9e:f6:f2:71:8c:f1:37:11:97:c7:a3:a4:54:0a:13:
                    92:34:3f:d3:04:9b:77:6a:46:b7:ad:9c:05:c2:c3:
                    30:90:fe:dc:6f:03:33:37:4e:82:7e:6a:7e:fb:a8:
                    ad:87:08:e0:7c:37:f1:62:a1:82:df:d2:7c:2f:99:
                    f7:df:39:69:74:fd:a2:7e:e0:3c:7f:bc:25:b8:4d:
                    25:92:0e:b8:5b:7c:e6:b9:bb:2a:99:7d:36:96:76:
                    bc:8c:79:68:c7:41:29:15:48:e3:a1:1c:e4:74:41:
                    7b:a9:c6:8a:a7:4c:25:39:8d:91:76:19:0d:d6:5d:
                    c3:1f:1a:7b:fa:7d:f0:ec:d0:21:2c:37:ed:d8:8a:
                    47:6e:b6:5a:30:07:f1:6c:f0:2e:80:3b:70:a1:9f:
                    7a:32:0d:c3:4a:84:9e:42:24:c1:00:ce:ed:fe:f2:
                    18:88:68:d5:4c:d3:22:2d:eb:6a:cc:37:ee:ac:65:
                    78:20:49:fa:4c:fc:26:1e:21:52:98:df:e3:c6:9b:
                    29:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                72:F5:6E:BF:BB:FA:50:37:61:F0:90:2E:99:62:63:52:33:E3:88:3F
            X509v3 Authority Key Identifier:
                keyid:57:E7:59:DC:27:9B:54:6E:DA:81:B7:EF:DA:F5:57:85:16:B8:0A:FC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91D4190/F9DE76CA08DA11ED9402D357C4F9AE02/V-dZ3CebVG7agbfv2vVXhRa4Cvw.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/V-dZ3CebVG7agbfv2vVXhRa4Cvw.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91D4190/F9DE76CA08DA11ED9402D357C4F9AE02/D18B56F408DD11ED830BEB5CC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.91.104.0/23
                IPv6:
                  2001:df1:700::/48

    Signature Algorithm: sha256WithRSAEncryption
         51:74:eb:d7:94:d4:a5:3a:af:c9:d1:84:00:10:c8:72:75:03:
         db:70:57:19:56:ad:73:54:ed:b4:ac:d4:a3:1f:6f:f7:e5:7e:
         ff:a1:89:47:37:d1:e8:43:db:1a:2e:bf:19:a7:2c:50:88:57:
         ad:55:d1:14:9e:93:35:8d:9d:e6:59:83:78:93:b5:89:93:1c:
         84:5f:76:d8:23:ca:ed:ff:b0:11:d1:b6:02:0d:69:10:0e:7e:
         5f:75:72:20:f5:1c:2d:5f:9f:1e:c3:cc:e7:25:7f:e8:54:41:
         b9:a2:10:7f:2a:73:87:aa:a7:00:55:3c:d4:7f:99:72:93:e5:
         66:b2:dd:a9:54:6c:fb:18:de:0e:ed:53:80:c2:f7:f6:2e:16:
         12:70:0b:eb:e2:97:4b:79:50:54:48:03:cc:17:97:87:a5:20:
         f1:3a:d1:51:8e:bb:9e:e4:ad:64:f1:36:9b:41:0b:da:e8:be:
         25:b0:39:42:4c:c3:54:93:36:d8:b7:f9:70:6f:41:42:2e:1a:
         08:3d:e0:73:c7:6e:58:d7:dd:fc:cf:bf:49:20:45:9e:4e:ce:
         8c:04:9d:d0:e5:10:fa:88:5c:30:02:8f:26:6f:9f:10:d4:5e:
         ee:94:0b:71:56:e8:87:a6:e7:36:62:fd:d0:63:5e:73:00:f4:
         7c:3a:d1:44
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICAaYwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RDQxOTAxMTAvBgNVBAUTKDU3RTc1OURDMjc5QjU0NkVEQTgxQjdFRkRBRjU1Nzg1
MTZCODBBRkMwHhcNMjQwMzEzMDM0NjAxWhcNMjUwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02NWYxMjE3OS0yMGNkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAs/ekdIu+I1XTRGInel22u5W0yaSv8FmMoVXZ944tgW7JLgUVK5VoxYfuckGO
y6HkwpFZvW+oNlkNZkie9vJxjPE3EZfHo6RUChOSND/TBJt3aka3rZwFwsMwkP7c
bwMzN06Cfmp++6ithwjgfDfxYqGC39J8L5n33zlpdP2ifuA8f7wluE0lkg64W3zm
ubsqmX02lna8jHlox0EpFUjjoRzkdEF7qcaKp0wlOY2RdhkN1l3DHxp7+n3w7NAh
LDft2IpHbrZaMAfxbPAugDtwoZ96Mg3DSoSeQiTBAM7t/vIYiGjVTNMiLetqzDfu
rGV4IEn6TPwmHiFSmN/jxpspwwIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFHL1br+7
+lA3YfCQLpliY1Iz44g/MB8GA1UdIwQYMBaAFFfnWdwnm1Ru2oG379r1V4UWuAr8
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFENDE5MC9GOURFNzZDQTA4
REExMUVEOTQwMkQzNTdDNEY5QUUwMi9WLWRaM0NlYlZHN2FnYmZ2MnZWWGhSYTRD
dncuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1YtZFozQ2ViVkc3YWdiZnYydlZYaFJhNEN2dy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RDQxOTAvRjlERTc2Q0EwOERBMTFFRDk0MDJEMzU3QzRGOUFFMDIvRDE4QjU2RjQw
OEREMTFFRDgzMEJFQjVDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBAFnW2gwDwQCAAIwCQMHACABDfEHADANBgkqhkiG9w0BAQsF
AAOCAQEAUXTr15TUpTqvydGEABDIcnUD23BXGVatc1TttKzUox9v9+V+/6GJRzfR
6EPbGi6/GacsUIhXrVXRFJ6TNY2d5lmDeJO1iZMchF922CPK7f+wEdG2Ag1pEA5+
X3VyIPUcLV+fHsPM5yV/6FRBuaIQfypzh6qnAFU81H+ZcpPlZrLdqVRs+xjeDu1T
gML39i4WEnAL6+KXS3lQVEgDzBeXh6Ug8TrRUY67nuStZPE2m0EL2ui+JbA5QkzD
VJM22Lf5cG9BQi4aCD3gc8duWNfd/M+/SSBFnk7OjASd0OUQ+ohcMAKPJm+fENRe
7pQLcVboh6bnNmL90GNecwD0fDrRRA==
-----END CERTIFICATE-----
Generated at Sat Nov 23 03:58:52 2024 by rpki-client on console-ams.rpki-client.org