Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91F0CF4/9AE9A9121FA511EABE9D1575C4F9AE02/949F398CDC6F11EABFEF2548C4F9AE02.roa
File:                     949F398CDC6F11EABFEF2548C4F9AE02.roa (raw, json)
Hash identifier:          1MXsVVhWdBlk4OJjB5/CwtyIc6CTDhnlVYTEJxIbans=
Subject key identifier:   21:2B:D5:09:37:5C:C6:EF:2C:14:D4:5D:38:03:85:EB:D8:30:36:F1
Certificate issuer:       /CN=A91F0CF4/serialNumber=FD25BA961101B5CE6014993CE7488FDB6F08A423
Certificate serial:       06A0
Authority key identifier: FD:25:BA:96:11:01:B5:CE:60:14:99:3C:E7:48:8F:DB:6F:08:A4:23
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_SW6lhEBtc5gFJk850iP228IpCM.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91F0CF4/9AE9A9121FA511EABE9D1575C4F9AE02/949F398CDC6F11EABFEF2548C4F9AE02.roa
Signing time:             Fri 02 Jun 2023 21:02:21 +0000
ROA not before:           Fri 02 Jun 2023 21:02:21 +0000
ROA not after:            Tue 30 Jul 2024 00:00:00 +0000
asID:                     136907
IP address blocks:        103.215.0.0/24 maxlen: 24
                          103.215.1.0/24 maxlen: 24
                          103.215.3.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91F0CF4/9AE9A9121FA511EABE9D1575C4F9AE02/_SW6lhEBtc5gFJk850iP228IpCM.crl
                          rsync://rpki.apnic.net/member_repository/A91F0CF4/9AE9A9121FA511EABE9D1575C4F9AE02/_SW6lhEBtc5gFJk850iP228IpCM.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_SW6lhEBtc5gFJk850iP228IpCM.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 25 May 2024 19:51:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1696 (0x6a0)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F0CF4/serialNumber=FD25BA961101B5CE6014993CE7488FDB6F08A423
        Validity
            Not Before: Jun  2 21:02:21 2023 GMT
            Not After : Jul 30 00:00:00 2024 GMT
        Subject: CN=647a58dc-856e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:ac:78:fa:86:15:4d:12:f3:5e:5a:b9:da:e7:
                    f7:a0:5a:5d:3e:58:54:6f:f7:d8:d7:ab:46:70:63:
                    97:1b:6a:f5:4c:52:8d:55:62:db:99:9f:92:d5:9d:
                    bd:85:66:8d:52:64:b6:d8:99:c0:3e:62:a9:d2:03:
                    9f:cd:99:55:ea:bd:20:6a:6b:82:1d:37:d1:54:ca:
                    14:75:56:c9:30:d1:9c:53:14:ab:c7:79:95:87:73:
                    74:dd:ff:6c:15:f9:04:c4:df:f9:b9:ad:46:5c:eb:
                    96:dd:d8:52:1d:86:58:a0:cb:aa:e6:18:5c:c1:ef:
                    00:4d:b9:45:dd:5a:89:a8:94:1c:6b:fa:b6:b7:d3:
                    d3:e0:0c:32:99:5f:1e:ee:0b:cc:b2:d9:58:1e:18:
                    3f:d6:50:55:81:2f:cd:ae:67:30:c9:a9:ec:bb:e6:
                    b3:23:e1:59:c9:4b:3d:43:9a:2c:41:93:96:83:78:
                    67:a6:82:39:bd:bf:c1:b5:b6:24:33:3a:f5:e1:d7:
                    ff:61:bc:b3:6f:fd:ce:3a:af:0b:88:f3:f4:ed:10:
                    3a:ae:be:8b:60:ac:fd:04:53:d5:a0:50:4e:2b:4b:
                    db:a4:8c:6b:6d:f7:ec:03:b5:c8:a3:e7:73:c2:95:
                    f9:4d:05:10:e6:97:d1:8e:c0:e9:12:e3:79:25:ee:
                    e7:df
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                21:2B:D5:09:37:5C:C6:EF:2C:14:D4:5D:38:03:85:EB:D8:30:36:F1
            X509v3 Authority Key Identifier:
                keyid:FD:25:BA:96:11:01:B5:CE:60:14:99:3C:E7:48:8F:DB:6F:08:A4:23

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91F0CF4/9AE9A9121FA511EABE9D1575C4F9AE02/_SW6lhEBtc5gFJk850iP228IpCM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/_SW6lhEBtc5gFJk850iP228IpCM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91F0CF4/9AE9A9121FA511EABE9D1575C4F9AE02/949F398CDC6F11EABFEF2548C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.215.0.0/23
                  103.215.3.0/24

    Signature Algorithm: sha256WithRSAEncryption
         11:ff:da:cb:18:4b:e8:b3:67:4d:39:6b:60:87:5f:e3:49:ea:
         88:67:5f:25:d8:b8:1d:79:e5:ec:2f:c4:80:8e:5b:b8:ad:22:
         f0:71:92:4f:f8:45:6a:9b:6c:1d:b9:2d:c8:a8:ae:89:20:05:
         f8:b7:e7:a8:15:0d:48:2d:aa:87:1f:88:8e:8c:a1:11:fe:9e:
         2a:56:15:ba:da:24:88:a0:fe:ba:aa:d1:e8:9d:75:bc:78:c8:
         5e:d5:25:5e:7e:75:32:63:94:33:1c:8c:58:bb:24:ae:b9:0b:
         3d:18:b2:da:ba:70:a7:a0:42:22:f9:49:15:36:c6:c2:9e:34:
         94:93:2b:0c:dc:ab:8f:67:39:cf:89:1c:db:2e:ed:09:54:eb:
         68:dc:84:b7:25:b9:c0:27:2b:e5:87:e3:6c:0f:69:d2:e5:06:
         84:84:70:af:f5:84:59:49:7b:2e:b5:7a:2c:01:2b:e4:08:0e:
         9e:1a:17:70:25:ce:ea:3f:28:9e:f0:09:71:40:1f:0e:7f:93:
         6a:e0:01:45:9e:94:d0:2e:e5:b6:a1:ca:f7:b4:72:42:86:fb:
         20:64:3b:4d:51:5f:b4:df:6f:1d:8f:2c:c6:16:a0:d6:f6:6b:
         f6:68:26:93:b6:04:56:2c:e0:4c:18:ea:ae:96:8e:80:9b:19:
         6a:fe:24:f3
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICBqAwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RjBDRjQxMTAvBgNVBAUTKEZEMjVCQTk2MTEwMUI1Q0U2MDE0OTkzQ0U3NDg4RkRC
NkYwOEE0MjMwHhcNMjMwNjAyMjEwMjIxWhcNMjQwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDdhNThkYy04NTZlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAsax4+oYVTRLzXlq52uf3oFpdPlhUb/fY16tGcGOXG2r1TFKNVWLbmZ+S1Z29
hWaNUmS22JnAPmKp0gOfzZlV6r0gamuCHTfRVMoUdVbJMNGcUxSrx3mVh3N03f9s
FfkExN/5ua1GXOuW3dhSHYZYoMuq5hhcwe8ATblF3VqJqJQca/q2t9PT4AwymV8e
7gvMstlYHhg/1lBVgS/Nrmcwyansu+azI+FZyUs9Q5osQZOWg3hnpoI5vb/BtbYk
Mzr14df/Ybyzb/3OOq8LiPP07RA6rr6LYKz9BFPVoFBOK0vbpIxrbffsA7XIo+dz
wpX5TQUQ5pfRjsDpEuN5Je7n3wIDAQABo4ICmzCCApcwHQYDVR0OBBYEFCEr1Qk3
XMbvLBTUXTgDhevYMDbxMB8GA1UdIwQYMBaAFP0lupYRAbXOYBSZPOdIj9tvCKQj
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGMENGNC85QUU5QTkxMjFG
QTUxMUVBQkU5RDE1NzVDNEY5QUUwMi9fU1c2bGhFQnRjNWdGSms4NTBpUDIyOElw
Q00uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL19TVzZsaEVCdGM1Z0ZKazg1MGlQMjI4SXBDTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RjBDRjQvOUFFOUE5MTIxRkE1MTFFQUJFOUQxNTc1QzRGOUFFMDIvOTQ5RjM5OENE
QzZGMTFFQUJGRUYyNTQ4QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBAFn1wADBABn1wMwDQYJKoZIhvcNAQELBQADggEBABH/2ssY
S+izZ005a2CHX+NJ6ohnXyXYuB155ewvxICOW7itIvBxkk/4RWqbbB25Lciorokg
Bfi356gVDUgtqocfiI6MoRH+nipWFbraJIig/rqq0eiddbx4yF7VJV5+dTJjlDMc
jFi7JK65Cz0Ystq6cKegQiL5SRU2xsKeNJSTKwzcq49nOc+JHNsu7QlU62jchLcl
ucAnK+WH42wPadLlBoSEcK/1hFlJey61eiwBK+QIDp4aF3Alzuo/KJ7wCXFAHw5/
k2rgAUWelNAu5bahyve0ckKG+yBkO01RX7Tfbx2PLMYWoNb2a/ZoJpO2BFYs4EwY
6q6WjoCbGWr+JPM=
-----END CERTIFICATE-----
Generated at Sat May 18 21:31:32 2024 by rpki-client on console-ams.rpki-client.org