Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91D8A55/5FC658260BC911EE9C6F185EC4F9AE02/D1596F0E0BCF11EE8FB8EE16C4F9AE02.roa
File:                     D1596F0E0BCF11EE8FB8EE16C4F9AE02.roa (raw, json)
Hash identifier:          JnZnYwDPY6T9KAqalaHmfpI6/yYUrsg6tF5XISERaGQ=
Subject key identifier:   83:42:EB:8F:AD:D4:84:B6:CC:D9:0F:83:31:CB:88:A0:43:D6:BF:8B
Certificate issuer:       /CN=A91D8A55/serialNumber=43288DC9E9412862385C1E83DD37863583320D18
Certificate serial:       010B
Authority key identifier: 43:28:8D:C9:E9:41:28:62:38:5C:1E:83:DD:37:86:35:83:32:0D:18
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QyiNyelBKGI4XB6D3TeGNYMyDRg.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91D8A55/5FC658260BC911EE9C6F185EC4F9AE02/D1596F0E0BCF11EE8FB8EE16C4F9AE02.roa
Signing time:             Sun 03 Nov 2024 03:16:57 +0000
ROA not before:           Sun 03 Nov 2024 03:16:57 +0000
ROA not after:            Tue 30 Dec 2025 00:00:00 +0000
asID:                     132027
IP address blocks:        103.5.71.0/24 maxlen: 24
                          202.36.185.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91D8A55/5FC658260BC911EE9C6F185EC4F9AE02/QyiNyelBKGI4XB6D3TeGNYMyDRg.crl
                          rsync://rpki.apnic.net/member_repository/A91D8A55/5FC658260BC911EE9C6F185EC4F9AE02/QyiNyelBKGI4XB6D3TeGNYMyDRg.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QyiNyelBKGI4XB6D3TeGNYMyDRg.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 30 Nov 2024 02:50:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 267 (0x10b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91D8A55/serialNumber=43288DC9E9412862385C1E83DD37863583320D18
        Validity
            Not Before: Nov  3 03:16:57 2024 GMT
            Not After : Dec 30 00:00:00 2025 GMT
        Subject: CN=6726eb29-dde3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:bc:c4:9e:28:ec:75:71:5f:d1:54:bc:c3:1d:
                    1b:24:be:45:f8:5a:fc:ee:9b:8f:f6:37:d8:19:51:
                    ee:c1:e1:9d:49:d6:fe:f6:63:04:83:80:e2:12:c2:
                    9d:23:a8:91:49:a4:96:a9:1b:3c:a2:0c:7e:10:ba:
                    d2:95:a9:75:4e:bd:a8:09:8d:03:24:c8:a6:14:42:
                    c5:96:44:4b:81:70:38:a7:a7:4b:3c:37:5c:c4:43:
                    62:01:cc:9b:8b:02:30:3f:7a:dc:e6:ac:a9:59:c3:
                    5a:4b:20:90:c2:8c:2a:e0:e4:a6:ec:c0:4c:e7:45:
                    6f:59:06:f9:38:ff:08:a8:8b:ae:07:0b:d6:42:df:
                    fd:3d:76:6d:8b:6e:a9:7c:21:a6:0c:b5:95:d4:f8:
                    bb:62:c1:a2:0b:14:e1:7c:a0:c2:dc:d5:52:71:a8:
                    35:3d:2f:5e:7e:70:71:33:ec:ba:d2:e9:a6:36:8e:
                    6b:26:e0:dc:88:48:c6:aa:47:f8:26:05:e2:31:97:
                    df:d2:1a:51:94:6e:76:dc:4e:72:3f:b9:99:e8:c2:
                    ef:5f:71:48:65:86:64:25:ab:24:f5:60:2b:70:a6:
                    fb:4a:1e:c6:5d:4f:ed:8f:cb:9b:cf:c1:60:0b:96:
                    25:7e:4b:79:70:1f:1d:9a:e6:35:d7:a9:b4:69:db:
                    7c:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:42:EB:8F:AD:D4:84:B6:CC:D9:0F:83:31:CB:88:A0:43:D6:BF:8B
            X509v3 Authority Key Identifier:
                keyid:43:28:8D:C9:E9:41:28:62:38:5C:1E:83:DD:37:86:35:83:32:0D:18

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91D8A55/5FC658260BC911EE9C6F185EC4F9AE02/QyiNyelBKGI4XB6D3TeGNYMyDRg.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QyiNyelBKGI4XB6D3TeGNYMyDRg.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91D8A55/5FC658260BC911EE9C6F185EC4F9AE02/D1596F0E0BCF11EE8FB8EE16C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.5.71.0/24
                  202.36.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         65:13:46:eb:cd:90:85:86:c2:28:11:fe:39:e7:29:4a:26:bc:
         e7:d4:93:35:7a:1c:34:68:5c:a8:81:77:7e:e4:1a:03:bd:0a:
         cf:72:c9:c0:1e:2e:ad:96:9b:63:62:6c:97:f7:b7:a4:b3:49:
         65:8f:d0:eb:fa:97:db:b7:9d:b2:9e:ed:84:d9:e4:92:b6:6d:
         76:2d:55:6c:ea:ea:99:81:93:d5:71:b7:52:85:34:9b:5d:ca:
         ba:7b:95:19:e1:eb:8b:c4:90:30:7e:a5:2a:d3:1f:24:b4:ba:
         1c:aa:ef:d1:e0:ea:a0:76:a7:94:56:be:87:ff:2d:04:d2:39:
         a7:b9:71:8d:7c:30:31:87:72:b5:5a:c7:fd:dd:01:0a:bd:bd:
         6b:be:86:a6:c5:33:ab:8f:e5:75:a4:64:65:66:a0:47:76:7d:
         99:1e:3b:a8:16:48:93:c2:64:44:2b:f1:a7:da:aa:e6:f8:62:
         8a:d9:ae:2a:93:e6:f1:af:4b:2a:a1:42:2a:82:10:f2:67:8c:
         84:3f:b1:f3:28:2c:6a:12:fd:45:68:df:e8:64:df:dd:a3:f4:
         21:2c:e5:ff:8f:29:e1:44:d6:1b:36:c0:b0:db:3f:9c:ac:eb:
         3d:f5:95:ce:19:dc:e9:3c:dd:c8:08:02:49:c3:d5:e1:89:0c:
         c0:f7:21:13
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICAQswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RDhBNTUxMTAvBgNVBAUTKDQzMjg4REM5RTk0MTI4NjIzODVDMUU4M0REMzc4NjM1
ODMzMjBEMTgwHhcNMjQxMTAzMDMxNjU3WhcNMjUxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NzI2ZWIyOS1kZGUzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAzbzEnijsdXFf0VS8wx0bJL5F+Fr87puP9jfYGVHuweGdSdb+9mMEg4DiEsKd
I6iRSaSWqRs8ogx+ELrSlal1Tr2oCY0DJMimFELFlkRLgXA4p6dLPDdcxENiAcyb
iwIwP3rc5qypWcNaSyCQwowq4OSm7MBM50VvWQb5OP8IqIuuBwvWQt/9PXZti26p
fCGmDLWV1Pi7YsGiCxThfKDC3NVScag1PS9efnBxM+y60ummNo5rJuDciEjGqkf4
JgXiMZff0hpRlG523E5yP7mZ6MLvX3FIZYZkJask9WArcKb7Sh7GXU/tj8ubz8Fg
C5Ylfkt5cB8dmuY116m0adt8xwIDAQABo4ICmzCCApcwHQYDVR0OBBYEFINC64+t
1IS2zNkPgzHLiKBD1r+LMB8GA1UdIwQYMBaAFEMojcnpQShiOFweg903hjWDMg0Y
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFEOEE1NS81RkM2NTgyNjBC
QzkxMUVFOUM2RjE4NUVDNEY5QUUwMi9ReWlOeWVsQktHSTRYQjZEM1RlR05ZTXlE
UmcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1F5aU55ZWxCS0dJNFhCNkQzVGVHTllNeURSZy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RDhBNTUvNUZDNjU4MjYwQkM5MTFFRTlDNkYxODVFQzRGOUFFMDIvRDE1OTZGMEUw
QkNGMTFFRThGQjhFRTE2QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBABnBUcDBADKJLkwDQYJKoZIhvcNAQELBQADggEBAGUTRuvN
kIWGwigR/jnnKUomvOfUkzV6HDRoXKiBd37kGgO9Cs9yycAeLq2Wm2NibJf3t6Sz
SWWP0Ov6l9u3nbKe7YTZ5JK2bXYtVWzq6pmBk9Vxt1KFNJtdyrp7lRnh64vEkDB+
pSrTHyS0uhyq79Hg6qB2p5RWvof/LQTSOae5cY18MDGHcrVax/3dAQq9vWu+hqbF
M6uP5XWkZGVmoEd2fZkeO6gWSJPCZEQr8afaqub4YorZriqT5vGvSyqhQiqCEPJn
jIQ/sfMoLGoS/UVo3+hk392j9CEs5f+PKeFE1hs2wLDbP5ys6z31lc4Z3Ok83cgI
AknD1eGJDMD3IRM=
-----END CERTIFICATE-----
Generated at Sat Nov 23 05:02:58 2024 by rpki-client on console-fra.rpki-client.org