Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91EF2E1/3F69CC667F0311EBA081A02BC4F9AE02/ECCDCA04809A11EB9093216EC4F9AE02.roa
File:                     ECCDCA04809A11EB9093216EC4F9AE02.roa (raw, json)
Hash identifier:          qTJ268wwQytdjg2xmDrgJYTCKvbgN+TXWt8f/k8okt0=
Subject key identifier:   CB:32:5C:31:21:27:5C:85:61:B2:A5:F7:94:77:50:7D:E4:F8:3B:A2
Certificate issuer:       /CN=A91EF2E1/serialNumber=6C197DA4922CFDDC4E98C8846E03A7D7D0E40B71
Certificate serial:       05BE
Authority key identifier: 6C:19:7D:A4:92:2C:FD:DC:4E:98:C8:84:6E:03:A7:D7:D0:E4:0B:71
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/bBl9pJIs_dxOmMiEbgOn19DkC3E.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91EF2E1/3F69CC667F0311EBA081A02BC4F9AE02/ECCDCA04809A11EB9093216EC4F9AE02.roa
Signing time:             Fri 31 May 2024 00:54:30 +0000
ROA not before:           Fri 31 May 2024 00:54:30 +0000
ROA not after:            Wed 30 Jul 2025 00:00:00 +0000
asID:                     136187
IP address blocks:        103.215.67.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91EF2E1/3F69CC667F0311EBA081A02BC4F9AE02/bBl9pJIs_dxOmMiEbgOn19DkC3E.crl
                          rsync://rpki.apnic.net/member_repository/A91EF2E1/3F69CC667F0311EBA081A02BC4F9AE02/bBl9pJIs_dxOmMiEbgOn19DkC3E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/bBl9pJIs_dxOmMiEbgOn19DkC3E.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 29 Nov 2024 20:43:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1470 (0x5be)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91EF2E1/serialNumber=6C197DA4922CFDDC4E98C8846E03A7D7D0E40B71
        Validity
            Not Before: May 31 00:54:30 2024 GMT
            Not After : Jul 30 00:00:00 2025 GMT
        Subject: CN=66591fc6-0248
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:83:7c:ea:74:14:75:c8:87:26:13:f5:f6:d6:
                    36:01:d0:59:6f:1b:55:90:5e:bc:02:1e:15:d7:4b:
                    65:d8:58:34:ff:00:21:9b:bf:4a:8b:f3:a7:83:c3:
                    bb:59:96:ff:2d:e5:ed:6a:b5:e8:f0:77:0e:4e:4f:
                    f3:9f:f8:59:07:cc:e2:6b:20:b5:53:02:42:a0:e7:
                    4c:24:e5:39:d8:89:ac:8a:45:0d:52:58:95:81:e9:
                    12:54:e5:91:33:a8:49:2e:2c:f3:8d:a8:17:20:32:
                    fd:59:9d:15:d5:e9:56:78:45:61:26:a2:43:df:3b:
                    bf:f2:b2:0e:b1:08:9e:a7:ab:18:8f:6a:08:b5:25:
                    37:4d:b9:64:38:39:2f:03:74:a1:86:df:6b:c0:db:
                    22:2e:74:ff:d2:ca:af:6b:f8:32:0c:fd:91:c9:9c:
                    d3:4f:68:da:6f:c3:40:03:2c:38:6c:e5:ca:0d:b1:
                    3f:90:5a:c6:8e:6c:0c:2f:3a:35:81:ed:25:74:b0:
                    16:ac:2c:a2:17:8d:92:a1:97:56:08:ea:15:a4:e4:
                    07:74:7d:f5:2f:3a:ea:3d:66:00:8b:b6:c8:c3:6d:
                    fb:a9:da:83:45:8f:8f:53:f3:7c:83:2d:07:00:a9:
                    61:c5:c7:2a:4c:30:41:ca:78:f5:f1:88:b0:b8:7d:
                    e6:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:32:5C:31:21:27:5C:85:61:B2:A5:F7:94:77:50:7D:E4:F8:3B:A2
            X509v3 Authority Key Identifier:
                keyid:6C:19:7D:A4:92:2C:FD:DC:4E:98:C8:84:6E:03:A7:D7:D0:E4:0B:71

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91EF2E1/3F69CC667F0311EBA081A02BC4F9AE02/bBl9pJIs_dxOmMiEbgOn19DkC3E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/bBl9pJIs_dxOmMiEbgOn19DkC3E.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91EF2E1/3F69CC667F0311EBA081A02BC4F9AE02/ECCDCA04809A11EB9093216EC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.215.67.0/24

    Signature Algorithm: sha256WithRSAEncryption
         bc:b9:61:ab:6f:43:5e:8e:8a:b8:1e:de:fe:22:9e:af:52:65:
         6d:93:4e:2d:08:6d:9e:a9:70:78:eb:19:d6:50:e2:3c:42:b8:
         ff:94:3f:40:eb:46:9e:53:73:73:c7:a8:68:6e:3f:25:86:9b:
         b8:43:3b:94:67:dd:0d:ac:7a:bc:a2:9e:98:a5:fa:e9:60:ff:
         fc:c9:d0:2d:fa:11:e1:a6:0f:7c:ce:de:2c:1e:86:ce:39:cc:
         9d:c4:a5:aa:e0:54:00:31:e3:25:4c:39:02:8a:d6:c3:e4:47:
         1b:f0:86:11:b7:92:a7:35:43:8d:92:29:0b:0e:fe:ba:12:20:
         ab:a2:7e:cb:c0:a6:6f:bd:8d:b3:e5:94:f9:7d:91:d6:9e:9e:
         33:9e:97:59:8b:9c:07:ce:76:4a:14:1f:21:f2:de:a8:92:40:
         c1:48:96:8b:f2:f8:5b:1a:0f:93:a0:ca:bb:39:7c:7c:ee:8f:
         4f:cd:82:e0:d9:4a:3e:d3:1d:cb:43:ea:d1:64:45:9d:c7:2c:
         80:48:34:0c:f8:9f:aa:8f:1f:53:18:e6:ba:0a:02:75:6e:03:
         76:dd:c1:ca:e6:19:1a:c0:d5:93:6d:4e:a4:f7:e8:3d:4b:f7:
         ee:5f:8d:6d:35:41:4a:a8:a0:75:88:71:49:83:a9:35:97:0a:
         dc:19:a7:27
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICBb4wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RUYyRTExMTAvBgNVBAUTKDZDMTk3REE0OTIyQ0ZEREM0RTk4Qzg4NDZFMDNBN0Q3
RDBFNDBCNzEwHhcNMjQwNTMxMDA1NDMwWhcNMjUwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjU5MWZjNi0wMjQ4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAxoN86nQUdciHJhP19tY2AdBZbxtVkF68Ah4V10tl2Fg0/wAhm79Ki/Ong8O7
WZb/LeXtarXo8HcOTk/zn/hZB8ziayC1UwJCoOdMJOU52ImsikUNUliVgekSVOWR
M6hJLizzjagXIDL9WZ0V1elWeEVhJqJD3zu/8rIOsQiep6sYj2oItSU3TblkODkv
A3Shht9rwNsiLnT/0sqva/gyDP2RyZzTT2jab8NAAyw4bOXKDbE/kFrGjmwMLzo1
ge0ldLAWrCyiF42SoZdWCOoVpOQHdH31LzrqPWYAi7bIw237qdqDRY+PU/N8gy0H
AKlhxccqTDBBynj18YiwuH3miwIDAQABo4IClTCCApEwHQYDVR0OBBYEFMsyXDEh
J1yFYbKl95R3UH3k+DuiMB8GA1UdIwQYMBaAFGwZfaSSLP3cTpjIhG4Dp9fQ5Atx
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFRjJFMS8zRjY5Q0M2NjdG
MDMxMUVCQTA4MUEwMkJDNEY5QUUwMi9iQmw5cEpJc19keE9tTWlFYmdPbjE5RGtD
M0UuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2JCbDlwSklzX2R4T21NaUViZ09uMTlEa0MzRS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RUYyRTEvM0Y2OUNDNjY3RjAzMTFFQkEwODFBMDJCQzRGOUFFMDIvRUNDRENBMDQ4
MDlBMTFFQjkwOTMyMTZFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBABn10MwDQYJKoZIhvcNAQELBQADggEBALy5YatvQ16Oirge
3v4inq9SZW2TTi0IbZ6pcHjrGdZQ4jxCuP+UP0DrRp5Tc3PHqGhuPyWGm7hDO5Rn
3Q2seryinpil+ulg//zJ0C36EeGmD3zO3iwehs45zJ3EpargVAAx4yVMOQKK1sPk
RxvwhhG3kqc1Q42SKQsO/roSIKuifsvApm+9jbPllPl9kdaenjOel1mLnAfOdkoU
HyHy3qiSQMFIlovy+FsaD5Ogyrs5fHzuj0/NguDZSj7THctD6tFkRZ3HLIBINAz4
n6qPH1MY5roKAnVuA3bdwcrmGRrA1ZNtTqT36D1L9+5fjW01QUqooHWIcUmDqTWX
CtwZpyc=
-----END CERTIFICATE-----
Generated at Fri Nov 22 23:39:37 2024 by rpki-client on console-fra.rpki-client.org