Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91E4D3D/B0202D32D8B911EBABC1F485C4F9AE02/3003C4BA7C7711EEB9E0BE15C4F9AE02.roa
File:                     3003C4BA7C7711EEB9E0BE15C4F9AE02.roa (raw, json)
Hash identifier:          iS2kCadt9EPztCML62YjpO3iZQeKW9op8orLhEYixVE=
Subject key identifier:   FE:1D:CA:42:22:54:1E:90:5C:0C:62:47:76:43:C8:D4:71:EC:A6:4E
Certificate issuer:       /CN=A91E4D3D/serialNumber=C8070FD061A851FF8AEDE0DE0C3607EEB98FF701
Certificate serial:       04DD
Authority key identifier: C8:07:0F:D0:61:A8:51:FF:8A:ED:E0:DE:0C:36:07:EE:B9:8F:F7:01
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/yAcP0GGoUf-K7eDeDDYH7rmP9wE.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91E4D3D/B0202D32D8B911EBABC1F485C4F9AE02/3003C4BA7C7711EEB9E0BE15C4F9AE02.roa
Signing time:             Sun 31 Mar 2024 11:47:03 +0000
ROA not before:           Sun 31 Mar 2024 11:47:03 +0000
ROA not after:            Mon 31 Mar 2025 00:00:00 +0000
asID:                     13150
IP address blocks:        103.203.220.0/24 maxlen: 24
                          103.203.221.0/24 maxlen: 24
                          103.203.222.0/24 maxlen: 24
                          103.203.223.0/24 maxlen: 24
                          123.253.152.0/24 maxlen: 24
                          123.253.153.0/24 maxlen: 24
                          123.253.154.0/24 maxlen: 24
                          123.253.155.0/24 maxlen: 24
                          150.195.208.0/24 maxlen: 24
                          150.195.209.0/24 maxlen: 24
                          150.195.210.0/24 maxlen: 24
                          150.195.211.0/24 maxlen: 24
                          150.195.212.0/24 maxlen: 24
                          150.195.214.0/24 maxlen: 24
                          150.195.217.0/24 maxlen: 24
                          150.195.218.0/24 maxlen: 24
                          150.195.219.0/24 maxlen: 24
                          150.195.220.0/24 maxlen: 24
                          150.195.221.0/24 maxlen: 24
                          150.195.222.0/24 maxlen: 24
                          150.195.223.0/24 maxlen: 24
                          202.75.242.0/24 maxlen: 24
                          202.75.243.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91E4D3D/B0202D32D8B911EBABC1F485C4F9AE02/yAcP0GGoUf-K7eDeDDYH7rmP9wE.crl
                          rsync://rpki.apnic.net/member_repository/A91E4D3D/B0202D32D8B911EBABC1F485C4F9AE02/yAcP0GGoUf-K7eDeDDYH7rmP9wE.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/yAcP0GGoUf-K7eDeDDYH7rmP9wE.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 27 Nov 2024 20:33:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1245 (0x4dd)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E4D3D/serialNumber=C8070FD061A851FF8AEDE0DE0C3607EEB98FF701
        Validity
            Not Before: Mar 31 11:47:03 2024 GMT
            Not After : Mar 31 00:00:00 2025 GMT
        Subject: CN=66094d36-3e32
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:b5:37:41:dc:f6:b1:08:d7:36:21:0b:3b:2c:
                    c3:5a:7b:e9:09:78:41:63:ad:29:d3:ed:aa:e5:c0:
                    6e:8d:15:e7:23:ee:01:8f:92:49:2e:93:82:11:9e:
                    6d:0a:90:44:42:34:1a:9c:4f:d7:db:8d:76:13:99:
                    6f:d8:2b:d6:5a:aa:d8:47:b0:1f:e1:d8:5e:dc:bb:
                    b1:1a:d4:eb:19:d7:40:d7:e1:2b:37:95:58:9e:17:
                    95:e8:a0:02:12:6e:b3:77:b6:bf:a2:0c:f6:82:0a:
                    25:aa:41:e9:ee:22:69:0b:bf:b7:d6:ea:11:b7:b0:
                    08:69:2c:70:f1:78:6f:cd:5c:2d:4e:ed:ba:24:74:
                    41:ed:e2:1a:b7:90:f9:c5:78:85:0c:69:d1:f8:9f:
                    2b:e9:2c:39:7d:7c:28:62:7c:97:0c:4b:90:be:15:
                    ac:0e:48:56:21:4d:0d:2f:56:46:d1:48:7a:9d:8d:
                    1b:7d:00:7e:18:fc:fb:fe:c7:30:05:5f:a9:82:36:
                    68:07:0f:3a:2e:66:75:8c:87:a1:38:69:67:15:23:
                    9c:bc:b9:28:7f:b8:ae:49:b8:01:b5:fa:b5:ff:ec:
                    3a:4c:a0:63:2c:61:7d:9a:0f:ee:e4:bd:57:cb:a9:
                    ac:b9:48:7c:35:ec:09:14:bf:fe:12:59:0f:9a:f9:
                    c0:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:1D:CA:42:22:54:1E:90:5C:0C:62:47:76:43:C8:D4:71:EC:A6:4E
            X509v3 Authority Key Identifier:
                keyid:C8:07:0F:D0:61:A8:51:FF:8A:ED:E0:DE:0C:36:07:EE:B9:8F:F7:01

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91E4D3D/B0202D32D8B911EBABC1F485C4F9AE02/yAcP0GGoUf-K7eDeDDYH7rmP9wE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/yAcP0GGoUf-K7eDeDDYH7rmP9wE.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91E4D3D/B0202D32D8B911EBABC1F485C4F9AE02/3003C4BA7C7711EEB9E0BE15C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.203.220.0/22
                  123.253.152.0/22
                  150.195.208.0-150.195.212.255
                  150.195.214.0/24
                  150.195.217.0-150.195.223.255
                  202.75.242.0/23

    Signature Algorithm: sha256WithRSAEncryption
         25:0d:fb:67:dc:dc:ee:88:09:0c:d2:40:d8:4a:87:a4:09:54:
         f6:76:26:c6:c4:67:46:75:cb:c0:5c:19:07:15:77:61:76:08:
         a3:12:8b:d6:7f:b6:a1:8d:2b:ca:73:c1:81:a3:9d:3a:65:e1:
         49:53:e8:b3:3c:5f:5f:d7:ab:3b:af:13:28:2d:99:dd:01:4a:
         3b:3d:2c:26:b5:11:b7:29:a2:14:d1:30:13:73:39:5b:7d:8a:
         75:14:f8:55:38:03:64:ba:5c:d2:24:e4:e8:d2:aa:2b:94:f9:
         c4:d1:18:ad:a9:f2:2c:5d:af:10:87:95:db:35:03:05:33:5c:
         47:ee:a3:d8:71:63:49:3d:f4:2b:3f:6a:8d:ba:02:1c:ca:22:
         6d:4b:81:cb:c1:0a:f4:86:a6:71:cc:82:21:7f:ea:f2:ff:16:
         99:7a:af:0f:34:aa:4f:7f:bc:64:6f:44:9c:64:4e:97:6b:aa:
         f1:bb:a8:23:e7:bc:24:f6:4f:fe:ca:61:96:f0:22:9a:4c:ad:
         d9:21:5a:86:92:88:28:23:7a:5b:9d:49:2b:7d:c7:a5:41:ac:
         14:fa:24:48:18:88:66:42:5a:e6:96:f9:e1:b5:f9:54:bb:2a:
         eb:4e:60:21:b6:85:73:e0:e5:0f:aa:26:57:65:e9:33:91:3e:
         09:5d:b8:f2
-----BEGIN CERTIFICATE-----
MIIFnzCCBIegAwIBAgICBN0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RTREM0QxMTAvBgNVBAUTKEM4MDcwRkQwNjFBODUxRkY4QUVERTBERTBDMzYwN0VF
Qjk4RkY3MDEwHhcNMjQwMzMxMTE0NzAzWhcNMjUwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjA5NGQzNi0zZTMyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA3LU3Qdz2sQjXNiELOyzDWnvpCXhBY60p0+2q5cBujRXnI+4Bj5JJLpOCEZ5t
CpBEQjQanE/X2412E5lv2CvWWqrYR7Af4dhe3LuxGtTrGddA1+ErN5VYnheV6KAC
Em6zd7a/ogz2ggolqkHp7iJpC7+31uoRt7AIaSxw8XhvzVwtTu26JHRB7eIat5D5
xXiFDGnR+J8r6Sw5fXwoYnyXDEuQvhWsDkhWIU0NL1ZG0Uh6nY0bfQB+GPz7/scw
BV+pgjZoBw86LmZ1jIehOGlnFSOcvLkof7iuSbgBtfq1/+w6TKBjLGF9mg/u5L1X
y6msuUh8NewJFL/+ElkPmvnA0wIDAQABo4ICwzCCAr8wHQYDVR0OBBYEFP4dykIi
VB6QXAxiR3ZDyNRx7KZOMB8GA1UdIwQYMBaAFMgHD9BhqFH/iu3g3gw2B+65j/cB
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFNEQzRC9CMDIwMkQzMkQ4
QjkxMUVCQUJDMUY0ODVDNEY5QUUwMi95QWNQMEdHb1VmLUs3ZURlRERZSDdybVA5
d0UuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3lBY1AwR0dvVWYtSzdlRGVERFlIN3JtUDl3RS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RTREM0QvQjAyMDJEMzJEOEI5MTFFQkFCQzFGNDg1QzRGOUFFMDIvMzAwM0M0QkE3
Qzc3MTFFRUI5RTBCRTE1QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwTQYIKwYBBQUHAQcBAf8E
PjA8MDoEAgABMDQDBAJny9wDBAJ7/ZgwDAMEBJbD0AMEAJbD1AMEAJbD1jAMAwQA
lsPZAwQFlsPAAwQBykvyMA0GCSqGSIb3DQEBCwUAA4IBAQAlDftn3NzuiAkM0kDY
SoekCVT2dibGxGdGdcvAXBkHFXdhdgijEovWf7ahjSvKc8GBo506ZeFJU+izPF9f
16s7rxMoLZndAUo7PSwmtRG3KaIU0TATczlbfYp1FPhVOANkulzSJOTo0qorlPnE
0RitqfIsXa8Qh5XbNQMFM1xH7qPYcWNJPfQrP2qNugIcyiJtS4HLwQr0hqZxzIIh
f+ry/xaZeq8PNKpPf7xkb0ScZE6Xa6rxu6gj57wk9k/+ymGW8CKaTK3ZIVqGkogo
I3pbnUkrfcelQawU+iRIGIhmQlrmlvnhtflUuyrrTmAhtoVz4OUPqiZXZekzkT4J
Xbjy
-----END CERTIFICATE-----
Generated at Thu Nov 21 00:21:25 2024 by rpki-client on console-fra.rpki-client.org