Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91DE2AE/C70FEA2A8C2011EDADD5C809C4F9AE02/38E45CE08C2511EDB64DB410C4F9AE02.roa
File:                     38E45CE08C2511EDB64DB410C4F9AE02.roa (raw, json)
Hash identifier:          wwhddg3RMeo3ysiKpZIkpJZYnoyXbvI39OLMxKPP5Xg=
Subject key identifier:   E8:23:82:B4:89:3E:35:54:57:90:97:20:FA:98:BE:17:FD:30:28:99
Certificate issuer:       /CN=A91DE2AE/serialNumber=697620515E7B1EE8AC7F3F6D13BEAEBA62C4EDA9
Certificate serial:       0108
Authority key identifier: 69:76:20:51:5E:7B:1E:E8:AC:7F:3F:6D:13:BE:AE:BA:62:C4:ED:A9
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/aXYgUV57Huisfz9tE76uumLE7ak.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91DE2AE/C70FEA2A8C2011EDADD5C809C4F9AE02/38E45CE08C2511EDB64DB410C4F9AE02.roa
Signing time:             Thu 25 Apr 2024 05:38:56 +0000
ROA not before:           Thu 25 Apr 2024 05:38:56 +0000
ROA not after:            Mon 30 Sep 2024 00:00:00 +0000
asID:                     131471
IP address blocks:        103.152.42.0/24 maxlen: 24
                          103.152.43.0/24 maxlen: 24
                          2001:df7:1f80::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91DE2AE/C70FEA2A8C2011EDADD5C809C4F9AE02/aXYgUV57Huisfz9tE76uumLE7ak.crl
                          rsync://rpki.apnic.net/member_repository/A91DE2AE/C70FEA2A8C2011EDADD5C809C4F9AE02/aXYgUV57Huisfz9tE76uumLE7ak.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/aXYgUV57Huisfz9tE76uumLE7ak.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 15 May 2024 02:42:42 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 264 (0x108)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91DE2AE/serialNumber=697620515E7B1EE8AC7F3F6D13BEAEBA62C4EDA9
        Validity
            Not Before: Apr 25 05:38:56 2024 GMT
            Not After : Sep 30 00:00:00 2024 GMT
        Subject: CN=6629ec70-d8ce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:71:1f:38:ad:58:52:95:3e:52:04:65:1b:e0:
                    23:d9:52:da:1b:aa:ce:77:fa:70:e1:a8:21:4a:53:
                    8c:1e:15:c5:74:82:dc:da:1d:d1:30:13:41:cc:c3:
                    76:cc:8e:df:ed:7c:84:f0:92:d7:74:70:ed:4e:19:
                    29:81:7c:d7:6b:55:3c:87:bd:80:cc:a8:63:86:63:
                    91:26:d8:af:70:7c:15:02:17:ea:04:24:d7:30:ac:
                    44:c3:68:6d:a5:79:4e:9a:85:93:ba:89:0d:2e:13:
                    f9:4d:2f:8c:ff:71:5e:4d:ef:a4:9e:1c:9f:43:c6:
                    a5:e9:ca:c8:fa:25:45:4a:c8:d3:20:45:7e:7f:0d:
                    a7:86:2e:e5:ad:76:f4:52:e5:4e:f7:e0:0c:1f:12:
                    da:79:4c:9e:e5:df:5e:5f:37:74:1b:19:e1:b7:1f:
                    7f:66:3e:94:5e:72:45:8f:78:ad:b3:50:13:2f:f5:
                    94:bd:21:34:67:b6:ed:bc:fe:8e:a6:f1:03:b6:8e:
                    10:50:cd:fc:0b:bc:96:4c:64:9f:8c:5d:d9:ef:d7:
                    4e:c2:93:03:49:c3:6e:7b:c6:0c:88:b8:46:6a:3d:
                    39:b4:14:bf:52:c7:36:78:90:a7:df:d9:28:3e:44:
                    91:1e:fc:9f:2d:69:ea:d4:39:67:82:7e:18:3e:d1:
                    6c:8d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:23:82:B4:89:3E:35:54:57:90:97:20:FA:98:BE:17:FD:30:28:99
            X509v3 Authority Key Identifier:
                keyid:69:76:20:51:5E:7B:1E:E8:AC:7F:3F:6D:13:BE:AE:BA:62:C4:ED:A9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91DE2AE/C70FEA2A8C2011EDADD5C809C4F9AE02/aXYgUV57Huisfz9tE76uumLE7ak.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/aXYgUV57Huisfz9tE76uumLE7ak.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91DE2AE/C70FEA2A8C2011EDADD5C809C4F9AE02/38E45CE08C2511EDB64DB410C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.152.42.0/23
                IPv6:
                  2001:df7:1f80::/48

    Signature Algorithm: sha256WithRSAEncryption
         73:c8:42:f6:fa:94:4c:71:1e:7a:5c:ef:3d:e3:0b:fb:62:66:
         13:bd:be:1c:ca:a3:7c:ab:93:c2:b7:d1:f9:b6:e7:3c:e0:b9:
         a1:5c:bf:be:3f:b5:89:74:91:a0:0e:dd:4c:50:e9:7f:22:e4:
         16:83:d0:76:3a:08:f7:c3:aa:7b:5b:6c:df:94:c9:cc:7b:f1:
         77:97:e1:3f:5f:a7:7c:27:2c:0f:c9:67:0f:cf:12:95:d6:90:
         68:66:15:81:c5:0d:39:87:63:9b:0f:53:73:4d:d3:56:bb:a5:
         55:90:27:8a:db:0e:ba:19:58:77:49:ef:9a:bc:0d:eb:3f:5f:
         e0:5d:0e:8a:0a:63:26:b6:89:c3:f2:af:5f:5f:3b:d5:ca:5a:
         c1:d9:1c:1f:75:ce:dd:77:6b:d6:ed:01:f3:23:16:27:95:6a:
         51:6d:e6:f4:f9:f1:32:d2:2a:7b:e0:35:76:4b:f9:ac:0e:0b:
         8c:37:f6:eb:38:85:e8:42:3a:8a:f8:76:d6:7a:bf:ce:fb:34:
         6b:11:5e:50:b2:bf:48:45:01:39:27:41:bb:c7:ac:6e:67:6a:
         92:26:61:84:de:a8:fc:2e:40:79:a4:db:c3:1c:72:c3:92:77:
         cf:03:88:c8:71:d7:dd:12:18:4c:be:2d:b2:65:0a:15:39:3c:
         34:e2:be:01
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICAQgwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
REUyQUUxMTAvBgNVBAUTKDY5NzYyMDUxNUU3QjFFRThBQzdGM0Y2RDEzQkVBRUJB
NjJDNEVEQTkwHhcNMjQwNDI1MDUzODU2WhcNMjQwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjI5ZWM3MC1kOGNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAqHEfOK1YUpU+UgRlG+Aj2VLaG6rOd/pw4aghSlOMHhXFdILc2h3RMBNBzMN2
zI7f7XyE8JLXdHDtThkpgXzXa1U8h72AzKhjhmORJtivcHwVAhfqBCTXMKxEw2ht
pXlOmoWTuokNLhP5TS+M/3FeTe+knhyfQ8al6crI+iVFSsjTIEV+fw2nhi7lrXb0
UuVO9+AMHxLaeUye5d9eXzd0Gxnhtx9/Zj6UXnJFj3its1ATL/WUvSE0Z7btvP6O
pvEDto4QUM38C7yWTGSfjF3Z79dOwpMDScNue8YMiLhGaj05tBS/Usc2eJCn39ko
PkSRHvyfLWnq1Dlngn4YPtFsjQIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFOgjgrSJ
PjVUV5CXIPqYvhf9MCiZMB8GA1UdIwQYMBaAFGl2IFFeex7orH8/bRO+rrpixO2p
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFERTJBRS9DNzBGRUEyQThD
MjAxMUVEQURENUM4MDlDNEY5QUUwMi9hWFlnVVY1N0h1aXNmejl0RTc2dXVtTEU3
YWsuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2FYWWdVVjU3SHVpc2Z6OXRFNzZ1dW1MRTdhay5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
REUyQUUvQzcwRkVBMkE4QzIwMTFFREFERDVDODA5QzRGOUFFMDIvMzhFNDVDRTA4
QzI1MTFFREI2NERCNDEwQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBAFnmCowDwQCAAIwCQMHACABDfcfgDANBgkqhkiG9w0BAQsF
AAOCAQEAc8hC9vqUTHEeelzvPeML+2JmE72+HMqjfKuTwrfR+bbnPOC5oVy/vj+1
iXSRoA7dTFDpfyLkFoPQdjoI98Oqe1ts35TJzHvxd5fhP1+nfCcsD8lnD88SldaQ
aGYVgcUNOYdjmw9Tc03TVrulVZAnitsOuhlYd0nvmrwN6z9f4F0OigpjJraJw/Kv
X1871cpawdkcH3XO3Xdr1u0B8yMWJ5VqUW3m9PnxMtIqe+A1dkv5rA4LjDf26ziF
6EI6ivh21nq/zvs0axFeULK/SEUBOSdBu8esbmdqkiZhhN6o/C5AeaTbwxxyw5J3
zwOIyHHX3RIYTL4tsmUKFTk8NOK+AQ==
-----END CERTIFICATE-----
Generated at Sat May 11 08:03:49 2024 by rpki-client on console-fra.rpki-client.org