Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91EC7F2/48EFD17CF1A711E8AA614F51C4F9AE02/09F041C675FB11EAB470A130C4F9AE02.roa
File:                     09F041C675FB11EAB470A130C4F9AE02.roa (raw, json)
Hash identifier:          01auJBJrZO7TjesFidqSxu496IEavKsZQTauOd7GJVY=
Subject key identifier:   63:FD:57:69:8E:F8:6F:0C:7A:A4:65:BF:10:52:7D:19:AD:6F:B3:7E
Certificate issuer:       /CN=A91EC7F2/serialNumber=83BD47ADE302259C758C74C830B29E6F3A5773DB
Certificate serial:       10A4
Authority key identifier: 83:BD:47:AD:E3:02:25:9C:75:8C:74:C8:30:B2:9E:6F:3A:57:73:DB
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/g71HreMCJZx1jHTIMLKebzpXc9s.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91EC7F2/48EFD17CF1A711E8AA614F51C4F9AE02/09F041C675FB11EAB470A130C4F9AE02.roa
Signing time:             Sat 28 Oct 2023 17:45:17 +0000
ROA not before:           Sat 28 Oct 2023 17:45:17 +0000
ROA not after:            Mon 30 Dec 2024 00:00:00 +0000
asID:                     0
IP address blocks:        103.21.244.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91EC7F2/48EFD17CF1A711E8AA614F51C4F9AE02/g71HreMCJZx1jHTIMLKebzpXc9s.crl
                          rsync://rpki.apnic.net/member_repository/A91EC7F2/48EFD17CF1A711E8AA614F51C4F9AE02/g71HreMCJZx1jHTIMLKebzpXc9s.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/g71HreMCJZx1jHTIMLKebzpXc9s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 04 Apr 2024 17:51:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4260 (0x10a4)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91EC7F2/serialNumber=83BD47ADE302259C758C74C830B29E6F3A5773DB
        Validity
            Not Before: Oct 28 17:45:17 2023 GMT
            Not After : Dec 30 00:00:00 2024 GMT
        Subject: CN=653d48ac-31e5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:90:7c:c8:1e:8d:54:14:63:ea:ae:d0:11:1c:
                    70:aa:23:bc:aa:5d:36:23:64:1b:4d:4c:5b:dd:0c:
                    55:fe:5c:85:ae:ef:e9:af:0d:1c:91:cb:c2:c7:11:
                    61:26:aa:aa:31:b4:6c:4b:49:6e:a7:dd:9a:4f:9f:
                    43:d3:3a:d8:a4:33:0d:03:2d:27:1a:b7:a2:50:fc:
                    36:3b:e6:47:c6:b6:0a:2f:c8:1e:fc:42:80:60:50:
                    36:39:95:5d:ce:c1:04:14:54:db:95:0a:fd:1d:f5:
                    19:c8:25:9a:7d:ac:3c:ff:48:3b:df:56:fb:97:69:
                    dd:4f:e6:0b:b0:72:f4:ca:36:9b:03:c6:a9:66:16:
                    fc:f6:fb:0d:47:58:4f:76:63:5a:cb:e5:05:3c:ae:
                    a2:75:10:dc:94:34:e3:52:d3:a6:1a:10:8d:1a:54:
                    33:f2:a9:b5:90:36:ec:bb:b1:e3:ec:41:77:49:a4:
                    82:85:1c:67:c7:da:f6:ca:7c:a4:72:50:aa:48:2e:
                    c1:5a:60:87:53:a3:ae:3d:a7:f7:e2:2c:5f:e3:c0:
                    91:3c:2d:d4:f7:4a:48:4d:19:b6:f3:fd:62:b8:e2:
                    09:ff:04:94:a8:7a:de:ad:3b:e9:13:1f:6f:bf:34:
                    0a:8d:a7:e5:80:20:e0:93:58:52:e5:0b:c8:35:87:
                    b3:7b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:FD:57:69:8E:F8:6F:0C:7A:A4:65:BF:10:52:7D:19:AD:6F:B3:7E
            X509v3 Authority Key Identifier:
                keyid:83:BD:47:AD:E3:02:25:9C:75:8C:74:C8:30:B2:9E:6F:3A:57:73:DB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91EC7F2/48EFD17CF1A711E8AA614F51C4F9AE02/g71HreMCJZx1jHTIMLKebzpXc9s.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/g71HreMCJZx1jHTIMLKebzpXc9s.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91EC7F2/48EFD17CF1A711E8AA614F51C4F9AE02/09F041C675FB11EAB470A130C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.21.244.0/23

    Signature Algorithm: sha256WithRSAEncryption
         4f:9a:7a:b8:0e:a9:8c:31:9d:ed:54:6f:e0:25:40:fc:b7:9c:
         36:59:91:cc:d6:7f:49:a7:d8:e6:64:cd:0e:33:77:af:f1:d7:
         eb:25:b8:9e:ba:a6:0b:36:d8:6b:6c:e0:01:c6:0c:a2:cc:cd:
         a1:66:64:11:34:46:1e:18:85:8f:e1:35:f2:08:cf:cc:e3:80:
         d0:58:23:f0:dc:94:4c:4d:e3:4d:14:20:c8:db:44:aa:3a:2e:
         a6:65:46:d0:56:6a:22:1b:0e:d2:6e:c5:a8:8d:dd:29:d8:7c:
         e3:92:f8:b0:bb:bb:ac:89:e6:fc:91:7c:56:46:a4:fe:ab:af:
         77:d0:a7:95:c3:87:b2:af:f9:c6:ad:83:ca:14:9e:f9:b0:1c:
         55:0d:8a:e9:4b:91:77:f2:fc:b4:46:38:2f:1f:44:20:1f:50:
         fc:c3:24:36:be:63:5b:fc:0f:5c:7c:19:e0:f1:84:48:55:22:
         1c:5a:fe:0a:ec:ac:9b:bc:4b:d2:0e:3d:6d:dc:79:3f:c3:ce:
         f4:66:b3:86:65:59:eb:20:98:93:43:8d:0c:9d:e3:22:09:c2:
         b8:3d:df:aa:4c:25:89:76:a3:54:31:fa:10:9f:6f:55:81:ae:
         92:f1:e4:09:57:ea:9a:cd:e8:e9:2c:bd:bd:b8:1c:ec:aa:aa:
         29:02:35:90
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICEKQwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RUM3RjIxMTAvBgNVBAUTKDgzQkQ0N0FERTMwMjI1OUM3NThDNzRDODMwQjI5RTZG
M0E1NzczREIwHhcNMjMxMDI4MTc0NTE3WhcNMjQxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTNkNDhhYy0zMWU1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAvpB8yB6NVBRj6q7QERxwqiO8ql02I2QbTUxb3QxV/lyFru/prw0ckcvCxxFh
JqqqMbRsS0lup92aT59D0zrYpDMNAy0nGreiUPw2O+ZHxrYKL8ge/EKAYFA2OZVd
zsEEFFTblQr9HfUZyCWafaw8/0g731b7l2ndT+YLsHL0yjabA8apZhb89vsNR1hP
dmNay+UFPK6idRDclDTjUtOmGhCNGlQz8qm1kDbsu7Hj7EF3SaSChRxnx9r2ynyk
clCqSC7BWmCHU6OuPaf34ixf48CRPC3U90pITRm28/1iuOIJ/wSUqHrerTvpEx9v
vzQKjaflgCDgk1hS5QvINYezewIDAQABo4IClTCCApEwHQYDVR0OBBYEFGP9V2mO
+G8MeqRlvxBSfRmtb7N+MB8GA1UdIwQYMBaAFIO9R63jAiWcdYx0yDCynm86V3Pb
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFQzdGMi80OEVGRDE3Q0Yx
QTcxMUU4QUE2MTRGNTFDNEY5QUUwMi9nNzFIcmVNQ0paeDFqSFRJTUxLZWJ6cFhj
OXMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2c3MUhyZU1DSlp4MWpIVElNTEtlYnpwWGM5cy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RUM3RjIvNDhFRkQxN0NGMUE3MTFFOEFBNjE0RjUxQzRGOUFFMDIvMDlGMDQxQzY3
NUZCMTFFQUI0NzBBMTMwQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAFnFfQwDQYJKoZIhvcNAQELBQADggEBAE+aergOqYwxne1U
b+AlQPy3nDZZkczWf0mn2OZkzQ4zd6/x1+sluJ66pgs22Gts4AHGDKLMzaFmZBE0
Rh4YhY/hNfIIz8zjgNBYI/DclExN400UIMjbRKo6LqZlRtBWaiIbDtJuxaiN3SnY
fOOS+LC7u6yJ5vyRfFZGpP6rr3fQp5XDh7Kv+catg8oUnvmwHFUNiulLkXfy/LRG
OC8fRCAfUPzDJDa+Y1v8D1x8GeDxhEhVIhxa/grsrJu8S9IOPW3ceT/DzvRms4Zl
WesgmJNDjQyd4yIJwrg936pMJYl2o1Qx+hCfb1WBrpLx5AlX6prN6Oksvb24HOyq
qikCNZA=
-----END CERTIFICATE-----
Generated at Thu Mar 28 19:44:26 2024 by rpki-client on console-fra.rpki-client.org