Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91E0EF8/C938D106CB5411EBA3D36C5BC4F9AE02/16A4DFE893C711EDB3D8A867C4F9AE02.roa
File:                     16A4DFE893C711EDB3D8A867C4F9AE02.roa (raw, json)
Hash identifier:          scNMUXtQ2MU4PUSrLzi92Q7S+49oFF7Vr4Rm3IDeQqk=
Subject key identifier:   C1:3A:AE:DB:A2:66:19:7C:E6:E7:08:98:E3:FA:F4:D7:0F:93:42:D0
Certificate issuer:       /CN=A91E0EF8/serialNumber=A04E743AD31F4F83F09DC5D2F7EF4FABE1EF687B
Certificate serial:       03EE
Authority key identifier: A0:4E:74:3A:D3:1F:4F:83:F0:9D:C5:D2:F7:EF:4F:AB:E1:EF:68:7B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/oE50OtMfT4PwncXS9-9Pq-HvaHs.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91E0EF8/C938D106CB5411EBA3D36C5BC4F9AE02/16A4DFE893C711EDB3D8A867C4F9AE02.roa
Signing time:             Sat 14 Jan 2023 04:51:21 +0000
ROA not before:           Sat 14 Jan 2023 04:51:21 +0000
ROA not after:            Sat 30 Sep 2023 00:00:00 +0000
asID:                     20473
IP address blocks:        103.168.42.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91E0EF8/C938D106CB5411EBA3D36C5BC4F9AE02/oE50OtMfT4PwncXS9-9Pq-HvaHs.crl
                          rsync://rpki.apnic.net/member_repository/A91E0EF8/C938D106CB5411EBA3D36C5BC4F9AE02/oE50OtMfT4PwncXS9-9Pq-HvaHs.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/oE50OtMfT4PwncXS9-9Pq-HvaHs.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 22 Mar 2023 02:25:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1006 (0x3ee)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E0EF8/serialNumber=A04E743AD31F4F83F09DC5D2F7EF4FABE1EF687B
        Validity
            Not Before: Jan 14 04:51:21 2023 GMT
            Not After : Sep 30 00:00:00 2023 GMT
        Subject: CN=63c234c8-7d6c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:6e:46:87:5d:fa:ad:59:92:95:a7:03:53:34:
                    a1:9e:8c:49:c8:3e:bc:48:68:58:58:1d:c0:06:1d:
                    97:d4:45:24:de:95:a8:a1:f3:7d:10:ba:a0:5d:5c:
                    63:51:59:8a:c5:f2:4c:08:98:52:5e:2a:09:06:cd:
                    27:7a:1b:2f:83:f3:58:6a:a0:19:78:d9:bf:e9:82:
                    ff:91:82:d4:ff:82:b0:a4:e3:c0:67:c4:3d:d5:cc:
                    ac:61:34:6c:de:59:b9:94:14:c9:64:a8:ed:bd:19:
                    87:38:e5:e7:a8:c2:8a:65:fc:f6:49:a3:52:9c:4d:
                    5a:c2:93:63:bc:48:f6:16:2d:14:eb:30:01:64:22:
                    48:14:d2:3c:62:cb:f6:52:9d:3a:c7:85:38:20:29:
                    30:d4:07:16:af:a4:ae:c8:38:17:eb:a7:13:bf:ba:
                    22:85:1c:d3:ec:4c:40:77:91:3b:09:a4:6f:3b:9a:
                    81:f1:27:a1:e4:d8:e4:e9:0d:71:6c:be:72:53:27:
                    48:66:40:7b:1d:dd:82:90:95:f0:d9:53:1b:b7:fd:
                    6a:f2:f6:41:df:95:b9:de:8b:fa:bf:28:c3:c6:ff:
                    64:63:1d:6f:39:2b:4e:e9:a5:86:5a:f7:8b:29:83:
                    ea:e8:4d:5a:00:3e:b6:22:7d:a5:eb:57:a6:75:f8:
                    b6:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                C1:3A:AE:DB:A2:66:19:7C:E6:E7:08:98:E3:FA:F4:D7:0F:93:42:D0
            X509v3 Authority Key Identifier: 
                keyid:A0:4E:74:3A:D3:1F:4F:83:F0:9D:C5:D2:F7:EF:4F:AB:E1:EF:68:7B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91E0EF8/C938D106CB5411EBA3D36C5BC4F9AE02/oE50OtMfT4PwncXS9-9Pq-HvaHs.crl

            Authority Information Access: 
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/oE50OtMfT4PwncXS9-9Pq-HvaHs.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access: 
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91E0EF8/C938D106CB5411EBA3D36C5BC4F9AE02/16A4DFE893C711EDB3D8A867C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.168.42.0/24

    Signature Algorithm: sha256WithRSAEncryption
         79:06:d2:e6:18:7a:67:ee:c2:d4:46:bc:aa:a1:1b:8e:77:97:
         e5:f5:38:6a:73:7a:3f:43:4f:be:b8:01:86:27:cf:1a:09:cd:
         41:f3:27:ad:15:4f:67:3f:22:57:11:b8:f9:8b:ca:c3:a4:a0:
         61:21:f7:ca:20:4a:d7:84:65:b2:05:b1:12:50:7a:c6:d8:08:
         0e:68:d0:7e:4e:b4:90:7c:50:fa:b8:30:bf:5d:e8:f3:6d:d1:
         a6:10:42:3a:12:24:2f:5d:47:ad:99:ea:08:4d:da:51:0c:d2:
         12:35:bb:d9:e9:c6:91:0b:7a:8a:41:2c:9a:ac:7a:b2:a1:b6:
         a0:f8:2b:8b:bd:94:3b:cd:99:4d:4c:58:56:79:94:9f:80:e7:
         36:c0:63:e0:db:6d:20:c4:59:1f:29:54:28:31:2e:15:b1:6f:
         f6:5b:64:fe:ed:07:f0:93:14:d9:2d:27:f1:af:30:82:f6:30:
         da:1e:e1:58:4d:32:05:c8:e5:1f:1c:7b:06:d9:96:a2:7b:3c:
         58:e6:cc:e0:6a:d8:96:2f:29:fe:9b:08:b8:25:0d:93:45:67:
         ec:6b:91:ec:c9:01:be:06:42:67:ce:ef:ee:7c:18:65:91:c5:
         a2:ad:2a:96:aa:3d:2a:a1:e4:37:50:c7:6e:60:f6:84:ce:ec:
         e6:54:cb:d6
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICA+4wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RTBFRjgxMTAvBgNVBAUTKEEwNEU3NDNBRDMxRjRGODNGMDlEQzVEMkY3RUY0RkFC
RTFFRjY4N0IwHhcNMjMwMTE0MDQ1MTIxWhcNMjMwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02M2MyMzRjOC03ZDZjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAv25Gh136rVmSlacDUzShnoxJyD68SGhYWB3ABh2X1EUk3pWoofN9ELqgXVxj
UVmKxfJMCJhSXioJBs0nehsvg/NYaqAZeNm/6YL/kYLU/4KwpOPAZ8Q91cysYTRs
3lm5lBTJZKjtvRmHOOXnqMKKZfz2SaNSnE1awpNjvEj2Fi0U6zABZCJIFNI8Ysv2
Up06x4U4ICkw1AcWr6SuyDgX66cTv7oihRzT7ExAd5E7CaRvO5qB8Seh5Njk6Q1x
bL5yUydIZkB7Hd2CkJXw2VMbt/1q8vZB35W53ov6vyjDxv9kYx1vOStO6aWGWveL
KYPq6E1aAD62In2l61emdfi2pwIDAQABo4IClTCCApEwHQYDVR0OBBYEFME6rtui
Zhl85ucImOP69NcPk0LQMB8GA1UdIwQYMBaAFKBOdDrTH0+D8J3F0vfvT6vh72h7
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFMEVGOC9DOTM4RDEwNkNC
NTQxMUVCQTNEMzZDNUJDNEY5QUUwMi9vRTUwT3RNZlQ0UHduY1hTOS05UHEtSHZh
SHMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL29FNTBPdE1mVDRQd25jWFM5LTlQcS1IdmFIcy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RTBFRjgvQzkzOEQxMDZDQjU0MTFFQkEzRDM2QzVCQzRGOUFFMDIvMTZBNERGRTg5
M0M3MTFFREIzRDhBODY3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBABnqCowDQYJKoZIhvcNAQELBQADggEBAHkG0uYYemfuwtRG
vKqhG453l+X1OGpzej9DT764AYYnzxoJzUHzJ60VT2c/IlcRuPmLysOkoGEh98og
SteEZbIFsRJQesbYCA5o0H5OtJB8UPq4ML9d6PNt0aYQQjoSJC9dR62Z6ghN2lEM
0hI1u9npxpELeopBLJqserKhtqD4K4u9lDvNmU1MWFZ5lJ+A5zbAY+DbbSDEWR8p
VCgxLhWxb/ZbZP7tB/CTFNktJ/GvMIL2MNoe4VhNMgXI5R8cewbZlqJ7PFjmzOBq
2JYvKf6bCLglDZNFZ+xrkezJAb4GQmfO7+58GGWRxaKtKpaqPSqh5DdQx25g9oTO
7OZUy9Y=
-----END CERTIFICATE-----
Generated at Wed Mar 15 11:54:25 2023 by rpki-client on console-fra.rpki-client.org