Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91D8A55/5FC658260BC911EE9C6F185EC4F9AE02/D1596F0E0BCF11EE8FB8EE16C4F9AE02.roa
File:                     D1596F0E0BCF11EE8FB8EE16C4F9AE02.roa (raw, json)
Hash identifier:          zBhQH2QPBJjbtff0NqJ2sRxz4Z/5Qhlp3SplF8PFlbk=
Subject key identifier:   1C:63:5B:12:B5:D8:BB:0B:F3:67:03:5F:65:BC:76:B8:3A:0A:22:57
Certificate issuer:       /CN=A91D8A55/serialNumber=43288DC9E9412862385C1E83DD37863583320D18
Certificate serial:       3A
Authority key identifier: 43:28:8D:C9:E9:41:28:62:38:5C:1E:83:DD:37:86:35:83:32:0D:18
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QyiNyelBKGI4XB6D3TeGNYMyDRg.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91D8A55/5FC658260BC911EE9C6F185EC4F9AE02/D1596F0E0BCF11EE8FB8EE16C4F9AE02.roa
Signing time:             Thu 21 Sep 2023 05:26:32 +0000
ROA not before:           Thu 21 Sep 2023 05:26:32 +0000
ROA not after:            Mon 30 Dec 2024 00:00:00 +0000
asID:                     132027
IP address blocks:        103.5.71.0/24 maxlen: 24
                          202.36.185.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91D8A55/5FC658260BC911EE9C6F185EC4F9AE02/QyiNyelBKGI4XB6D3TeGNYMyDRg.crl
                          rsync://rpki.apnic.net/member_repository/A91D8A55/5FC658260BC911EE9C6F185EC4F9AE02/QyiNyelBKGI4XB6D3TeGNYMyDRg.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QyiNyelBKGI4XB6D3TeGNYMyDRg.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 07 Nov 2024 02:50:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 58 (0x3a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91D8A55/serialNumber=43288DC9E9412862385C1E83DD37863583320D18
        Validity
            Not Before: Sep 21 05:26:32 2023 GMT
            Not After : Dec 30 00:00:00 2024 GMT
        Subject: CN=650bd407-1431
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:aa:59:90:28:f3:b6:9e:26:da:10:e1:85:a0:
                    7f:68:d3:62:01:40:0c:01:13:36:4e:cf:44:b4:9e:
                    74:ef:9b:3b:af:14:8e:f3:2d:76:44:bc:6a:f2:de:
                    22:79:bd:1f:48:40:18:a7:c2:ab:0a:cf:ad:d5:bb:
                    84:d3:79:3b:01:37:bb:93:c0:e0:2c:e0:4b:90:8d:
                    24:db:e4:c9:d4:68:7a:59:1a:17:fc:52:10:df:22:
                    69:21:30:3f:f9:8d:e6:e7:ae:ab:5f:b3:31:ee:ce:
                    92:0e:1e:40:2e:3c:01:82:c0:a5:69:90:bd:4a:43:
                    58:73:45:9b:e9:85:dd:8d:1d:74:7c:6e:3a:b7:59:
                    81:db:55:78:5c:c4:6b:58:f6:b3:76:1e:2d:b6:24:
                    1b:7d:e0:36:b3:9c:d0:49:53:25:20:94:07:72:27:
                    cd:e4:88:50:4f:64:4d:11:ec:e3:ce:81:75:e1:9f:
                    23:e6:f4:d9:b1:e4:6e:02:4f:cf:31:1c:0f:fc:f2:
                    a5:0d:07:58:bf:95:1f:10:a9:fa:f3:26:06:b3:df:
                    15:ed:bb:1e:24:f6:be:7b:e9:a3:3d:72:4a:66:1a:
                    22:ca:40:6a:f2:5c:9d:3d:19:78:71:31:13:18:be:
                    48:8d:44:51:39:dc:bf:e1:d3:95:8d:90:89:2b:05:
                    02:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1C:63:5B:12:B5:D8:BB:0B:F3:67:03:5F:65:BC:76:B8:3A:0A:22:57
            X509v3 Authority Key Identifier:
                keyid:43:28:8D:C9:E9:41:28:62:38:5C:1E:83:DD:37:86:35:83:32:0D:18

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91D8A55/5FC658260BC911EE9C6F185EC4F9AE02/QyiNyelBKGI4XB6D3TeGNYMyDRg.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QyiNyelBKGI4XB6D3TeGNYMyDRg.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91D8A55/5FC658260BC911EE9C6F185EC4F9AE02/D1596F0E0BCF11EE8FB8EE16C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.5.71.0/24
                  202.36.185.0/24

    Signature Algorithm: sha256WithRSAEncryption
         54:46:5a:20:1b:da:64:32:2c:f4:0f:db:19:6c:b1:e7:17:02:
         9f:4b:5b:f1:c1:2b:7f:0e:c0:12:d6:a2:4b:55:27:42:ce:1f:
         8e:aa:a2:5f:1d:e9:05:25:a8:f4:5c:da:ec:ba:2f:7c:54:2a:
         ce:ec:02:0a:fb:67:ac:52:da:54:a2:56:87:96:35:0b:9e:4d:
         ed:cb:4b:b4:6c:9b:1f:c2:12:8a:9f:a9:f3:75:7d:82:61:aa:
         5b:b2:79:27:0e:64:42:90:d7:b0:60:c8:85:23:f1:38:c9:62:
         84:ba:26:13:27:1b:23:b9:09:14:12:48:20:b1:0d:2c:94:c0:
         4a:b6:10:10:50:fe:3d:b2:8a:92:c1:25:cc:16:2b:30:6b:5e:
         3b:d1:ea:61:50:a7:f9:e6:91:2f:6f:0b:03:7e:6e:24:80:77:
         70:3c:e6:33:bf:53:d8:d3:e4:0e:35:a8:4f:82:2c:9c:c7:d0:
         e5:52:62:de:52:59:65:7e:75:ef:51:bf:4e:b9:ed:17:fe:b8:
         22:98:b0:a3:b3:1e:c8:06:23:3f:46:77:1c:f3:93:41:52:ce:
         64:7a:05:24:d2:87:2c:bb:a7:bb:40:aa:37:ce:06:47:11:be:
         a8:a5:2d:d1:77:2e:69:62:82:73:25:83:1f:5f:9a:b8:6b:ba:
         5c:3c:96:72
-----BEGIN CERTIFICATE-----
MIIFdjCCBF6gAwIBAgIBOjANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFE
OEE1NTExMC8GA1UEBRMoNDMyODhEQzlFOTQxMjg2MjM4NUMxRTgzREQzNzg2MzU4
MzMyMEQxODAeFw0yMzA5MjEwNTI2MzJaFw0yNDEyMzAwMDAwMDBaMBgxFjAUBgNV
BAMTDTY1MGJkNDA3LTE0MzEwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDPqlmQKPO2nibaEOGFoH9o02IBQAwBEzZOz0S0nnTvmzuvFI7zLXZEvGry3iJ5
vR9IQBinwqsKz63Vu4TTeTsBN7uTwOAs4EuQjSTb5MnUaHpZGhf8UhDfImkhMD/5
jebnrqtfszHuzpIOHkAuPAGCwKVpkL1KQ1hzRZvphd2NHXR8bjq3WYHbVXhcxGtY
9rN2Hi22JBt94DaznNBJUyUglAdyJ83kiFBPZE0R7OPOgXXhnyPm9Nmx5G4CT88x
HA/88qUNB1i/lR8QqfrzJgaz3xXtux4k9r576aM9ckpmGiLKQGryXJ09GXhxMRMY
vkiNRFE53L/h05WNkIkrBQLTAgMBAAGjggKbMIIClzAdBgNVHQ4EFgQUHGNbErXY
uwvzZwNfZbx2uDoKIlcwHwYDVR0jBBgwFoAUQyiNyelBKGI4XB6D3TeGNYMyDRgw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUQ4QTU1LzVGQzY1ODI2MEJD
OTExRUU5QzZGMTg1RUM0RjlBRTAyL1F5aU55ZWxCS0dJNFhCNkQzVGVHTllNeURS
Zy5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvUXlpTnllbEJLR0k0WEI2RDNUZUdOWU15RFJnLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFE
OEE1NS81RkM2NTgyNjBCQzkxMUVFOUM2RjE4NUVDNEY5QUUwMi9EMTU5NkYwRTBC
Q0YxMUVFOEZCOEVFMTZDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAlBggrBgEFBQcBBwEB/wQW
MBQwEgQCAAEwDAMEAGcFRwMEAMokuTANBgkqhkiG9w0BAQsFAAOCAQEAVEZaIBva
ZDIs9A/bGWyx5xcCn0tb8cErfw7AEtaiS1UnQs4fjqqiXx3pBSWo9Fza7LovfFQq
zuwCCvtnrFLaVKJWh5Y1C55N7ctLtGybH8ISip+p83V9gmGqW7J5Jw5kQpDXsGDI
hSPxOMlihLomEycbI7kJFBJIILENLJTASrYQEFD+PbKKksElzBYrMGteO9HqYVCn
+eaRL28LA35uJIB3cDzmM79T2NPkDjWoT4IsnMfQ5VJi3lJZZX5171G/TrntF/64
Ipiwo7MeyAYjP0Z3HPOTQVLOZHoFJNKHLLunu0CqN84GRxG+qKUt0XcuaWKCcyWD
H1+auGu6XDyWcg==
-----END CERTIFICATE-----
Generated at Thu Oct 31 04:22:55 2024 by rpki-client on console-ams.rpki-client.org