Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91D51A0/7C53910C7F8411EC80518E51C4F9AE02/5CA964A68AC111EC91D19A11C4F9AE02.roa
File:                     5CA964A68AC111EC91D19A11C4F9AE02.roa (raw, json)
Hash identifier:          RXAdqmSBa5R8pArnqqd3C38h3ZgnJT4nvm5yTc/m5SQ=
Subject key identifier:   16:17:68:EF:28:86:1B:EB:14:E8:1F:2C:0F:4A:73:B3:C0:BF:59:18
Certificate issuer:       /CN=A91D51A0/serialNumber=C6EABEB93E1D06E2C32E1C4CBE147CFB39992539
Certificate serial:       0367
Authority key identifier: C6:EA:BE:B9:3E:1D:06:E2:C3:2E:1C:4C:BE:14:7C:FB:39:99:25:39
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xuq-uT4dBuLDLhxMvhR8-zmZJTk.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91D51A0/7C53910C7F8411EC80518E51C4F9AE02/5CA964A68AC111EC91D19A11C4F9AE02.roa
Signing time:             Sat 01 Jun 2024 15:26:48 +0000
ROA not before:           Sat 01 Jun 2024 15:26:48 +0000
ROA not after:            Thu 01 May 2025 00:00:00 +0000
asID:                     34927
IP address blocks:        103.180.192.0/24 maxlen: 24
                          103.180.193.0/24 maxlen: 24
                          2400:54a0:1010::/48 maxlen: 48
                          2400:54a0:101a::/48 maxlen: 48
                          2400:54a0:1020::/48 maxlen: 48
                          2400:54a0:102a::/48 maxlen: 48
                          2400:54a0:102b::/48 maxlen: 48
                          2400:54a0:102c::/48 maxlen: 48
                          2400:54a0:21a0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91D51A0/7C53910C7F8411EC80518E51C4F9AE02/xuq-uT4dBuLDLhxMvhR8-zmZJTk.crl
                          rsync://rpki.apnic.net/member_repository/A91D51A0/7C53910C7F8411EC80518E51C4F9AE02/xuq-uT4dBuLDLhxMvhR8-zmZJTk.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xuq-uT4dBuLDLhxMvhR8-zmZJTk.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 27 Nov 2024 20:33:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 871 (0x367)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91D51A0/serialNumber=C6EABEB93E1D06E2C32E1C4CBE147CFB39992539
        Validity
            Not Before: Jun  1 15:26:48 2024 GMT
            Not After : May  1 00:00:00 2025 GMT
        Subject: CN=665b3db8-6c14
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d6:46:c3:ff:a4:ff:02:44:6b:64:a3:93:bf:96:
                    8f:13:7c:52:ad:85:ce:b7:e4:d2:af:69:19:0d:8a:
                    5c:82:05:eb:69:1e:20:9e:91:1a:74:6a:fd:b1:04:
                    13:0e:13:e4:4f:a8:97:bd:7d:e5:f4:4e:ca:e1:49:
                    a5:ed:e5:32:38:ec:1e:9b:df:c4:83:8f:e2:9c:cd:
                    e3:22:78:ff:6d:33:2b:6e:96:aa:7f:85:62:a3:12:
                    6d:08:6c:f3:6f:82:c4:f2:d5:0e:d7:4b:bd:f8:f1:
                    72:52:f4:3c:7e:3b:62:43:7a:ab:a4:ad:18:e7:70:
                    e3:9e:a2:cb:be:a5:89:13:d2:79:e6:3d:54:0a:1a:
                    34:2c:a5:36:be:77:36:af:70:a2:81:62:59:f3:35:
                    7c:d4:85:90:ee:43:ff:84:d5:b4:e2:27:9a:42:5f:
                    56:d1:ad:31:c1:6a:27:a2:47:6d:84:37:6f:f3:6c:
                    b8:d5:fb:51:ce:44:7c:bd:7c:1d:be:1b:25:d5:bf:
                    6e:1f:92:8f:52:6a:26:23:df:a0:4a:ca:6c:4a:6a:
                    33:c0:92:e5:92:2c:75:41:1d:69:51:1d:18:d4:5f:
                    0b:dc:3e:66:ee:24:51:19:4c:28:6f:a2:5f:10:63:
                    aa:56:f2:a7:af:b3:9d:de:99:b1:08:2f:71:8f:de:
                    c7:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                16:17:68:EF:28:86:1B:EB:14:E8:1F:2C:0F:4A:73:B3:C0:BF:59:18
            X509v3 Authority Key Identifier:
                keyid:C6:EA:BE:B9:3E:1D:06:E2:C3:2E:1C:4C:BE:14:7C:FB:39:99:25:39

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91D51A0/7C53910C7F8411EC80518E51C4F9AE02/xuq-uT4dBuLDLhxMvhR8-zmZJTk.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xuq-uT4dBuLDLhxMvhR8-zmZJTk.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91D51A0/7C53910C7F8411EC80518E51C4F9AE02/5CA964A68AC111EC91D19A11C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.180.192.0/23
                IPv6:
                  2400:54a0:1010::/48
                  2400:54a0:101a::/48
                  2400:54a0:1020::/48
                  2400:54a0:102a::-2400:54a0:102c:ffff:ffff:ffff:ffff:ffff
                  2400:54a0:21a0::/48

    Signature Algorithm: sha256WithRSAEncryption
         3c:5a:d6:bc:0c:3e:b2:6d:1c:e3:b0:51:0f:41:81:a4:57:cb:
         96:b7:c4:f8:2f:df:ab:fc:83:3d:b1:2e:af:74:d8:13:c8:23:
         10:75:6e:d0:e2:1d:48:b3:c6:ba:a1:55:89:3a:9c:66:0c:d2:
         58:ad:dd:bf:0c:d7:f1:34:97:3e:27:48:ba:23:f1:1c:bc:61:
         55:21:5a:fa:cb:6f:f1:cd:c3:74:f6:e9:db:09:f9:da:a7:fd:
         f5:af:47:92:c0:98:bc:f3:f6:81:a9:17:f6:b5:31:6b:a8:f2:
         30:9f:66:38:6f:3d:b2:95:d7:f8:da:36:92:20:34:71:ee:a1:
         3b:ca:36:04:5c:f6:e7:9a:09:2a:f4:75:cc:1e:56:e0:87:ce:
         31:6f:34:26:1f:00:47:6c:5f:49:c6:59:0b:8c:bc:9c:c3:a1:
         e8:c8:69:97:b3:f2:69:49:34:52:6d:c8:a0:f6:a4:ba:c7:ef:
         50:02:5b:9b:6e:ac:a8:54:5c:fe:79:c4:05:1f:76:9b:ed:96:
         97:17:3e:48:ec:f7:aa:d8:a8:7c:01:14:f9:f7:7c:8f:98:dd:
         cc:5e:34:59:3a:4b:d4:56:f2:2c:dc:c4:2e:59:ac:bf:07:93:
         23:5f:d0:70:fa:d0:f7:f6:a1:fc:19:21:ee:53:8f:4c:21:7e:
         10:93:c0:30
-----BEGIN CERTIFICATE-----
MIIFsTCCBJmgAwIBAgICA2cwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RDUxQTAxMTAvBgNVBAUTKEM2RUFCRUI5M0UxRDA2RTJDMzJFMUM0Q0JFMTQ3Q0ZC
Mzk5OTI1MzkwHhcNMjQwNjAxMTUyNjQ4WhcNMjUwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjViM2RiOC02YzE0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA1kbD/6T/AkRrZKOTv5aPE3xSrYXOt+TSr2kZDYpcggXraR4gnpEadGr9sQQT
DhPkT6iXvX3l9E7K4Uml7eUyOOwem9/Eg4/inM3jInj/bTMrbpaqf4VioxJtCGzz
b4LE8tUO10u9+PFyUvQ8fjtiQ3qrpK0Y53DjnqLLvqWJE9J55j1UCho0LKU2vnc2
r3CigWJZ8zV81IWQ7kP/hNW04ieaQl9W0a0xwWonokdthDdv82y41ftRzkR8vXwd
vhsl1b9uH5KPUmomI9+gSspsSmozwJLlkix1QR1pUR0Y1F8L3D5m7iRRGUwob6Jf
EGOqVvKnr7Od3pmxCC9xj97HjQIDAQABo4IC1TCCAtEwHQYDVR0OBBYEFBYXaO8o
hhvrFOgfLA9Kc7PAv1kYMB8GA1UdIwQYMBaAFMbqvrk+HQbiwy4cTL4UfPs5mSU5
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFENTFBMC83QzUzOTEwQzdG
ODQxMUVDODA1MThFNTFDNEY5QUUwMi94dXEtdVQ0ZEJ1TERMaHhNdmhSOC16bVpK
VGsuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3h1cS11VDRkQnVMRExoeE12aFI4LXptWkpUay5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RDUxQTAvN0M1MzkxMEM3Rjg0MTFFQzgwNTE4RTUxQzRGOUFFMDIvNUNBOTY0QTY4
QUMxMTFFQzkxRDE5QTExQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwXwYIKwYBBQUHAQcBAf8E
UDBOMAwEAgABMAYDBAFntMAwPgQCAAIwOAMHACQAVKAQEAMHACQAVKAQGgMHACQA
VKAQIDASAwcBJABUoBAqAwcAJABUoBAsAwcAJABUoCGgMA0GCSqGSIb3DQEBCwUA
A4IBAQA8Wta8DD6ybRzjsFEPQYGkV8uWt8T4L9+r/IM9sS6vdNgTyCMQdW7Q4h1I
s8a6oVWJOpxmDNJYrd2/DNfxNJc+J0i6I/EcvGFVIVr6y2/xzcN09unbCfnap/31
r0eSwJi88/aBqRf2tTFrqPIwn2Y4bz2yldf42jaSIDRx7qE7yjYEXPbnmgkq9HXM
Hlbgh84xbzQmHwBHbF9JxlkLjLycw6HoyGmXs/JpSTRSbcig9qS6x+9QAlubbqyo
VFz+ecQFH3ab7ZaXFz5I7Peq2Kh8ART593yPmN3MXjRZOkvUVvIs3MQuWay/B5Mj
X9Bw+tD39qH8GSHuU49MIX4Qk8Aw
-----END CERTIFICATE-----
Generated at Thu Nov 21 01:31:58 2024 by rpki-client on console-fra.rpki-client.org