Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91F6E65/FED93A7CD88A11E8A3ECFF4DC4F9AE02/F87DE4E2518011E98D519C48C4F9AE02.roa
File:                     F87DE4E2518011E98D519C48C4F9AE02.roa (raw, json)
Hash identifier:          +szOYx+Q3+AezQ08mU9olGDq3G2uogPJHsHw1wNri78=
Subject key identifier:   76:A8:97:8E:A8:68:FC:B2:10:9D:10:00:D5:11:9B:77:88:78:7A:A7
Certificate issuer:       /CN=A91F6E65/serialNumber=EA8D864BBD2BB1D78CD8890A1504E111367F7A13
Certificate serial:       1127
Authority key identifier: EA:8D:86:4B:BD:2B:B1:D7:8C:D8:89:0A:15:04:E1:11:36:7F:7A:13
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/6o2GS70rsdeM2IkKFQThETZ_ehM.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91F6E65/FED93A7CD88A11E8A3ECFF4DC4F9AE02/F87DE4E2518011E98D519C48C4F9AE02.roa
Signing time:             Sat 02 Dec 2023 18:05:13 +0000
ROA not before:           Sat 02 Dec 2023 18:05:13 +0000
ROA not after:            Fri 31 Jan 2025 00:00:00 +0000
asID:                     10780
IP address blocks:        103.11.165.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91F6E65/FED93A7CD88A11E8A3ECFF4DC4F9AE02/6o2GS70rsdeM2IkKFQThETZ_ehM.crl
                          rsync://rpki.apnic.net/member_repository/A91F6E65/FED93A7CD88A11E8A3ECFF4DC4F9AE02/6o2GS70rsdeM2IkKFQThETZ_ehM.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/6o2GS70rsdeM2IkKFQThETZ_ehM.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 29 Nov 2024 17:10:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4391 (0x1127)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F6E65/serialNumber=EA8D864BBD2BB1D78CD8890A1504E111367F7A13
        Validity
            Not Before: Dec  2 18:05:13 2023 GMT
            Not After : Jan 31 00:00:00 2025 GMT
        Subject: CN=656b71d9-0d01
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9b:ba:f4:0f:37:09:2a:21:3e:0b:67:a2:50:9a:
                    71:5f:d5:5c:84:0d:b7:54:3e:54:64:74:03:2b:e3:
                    0b:d7:76:26:ae:35:ea:45:e4:3f:29:ad:d6:7e:ad:
                    a1:b6:1c:45:31:dc:fc:f6:f7:4b:3c:45:22:51:e3:
                    78:99:4b:2e:92:6c:1d:58:2a:26:1d:f1:3a:05:4b:
                    67:f0:f2:0c:11:b3:57:56:91:26:d5:0d:3e:c9:1d:
                    a3:35:eb:44:1e:6c:81:ba:6b:3f:c5:94:71:e8:40:
                    ff:23:f0:c4:be:45:d2:42:da:b9:56:94:ff:b8:4f:
                    42:72:34:1e:dd:d0:84:fd:1f:56:33:9a:ac:20:7f:
                    0b:33:ef:75:b5:27:9b:2d:9d:ff:24:2b:e5:1b:f8:
                    1e:be:24:e7:85:86:17:ce:76:2e:3a:a3:33:f8:0f:
                    31:57:07:88:67:9f:ee:31:8c:b8:9b:dd:9f:45:a1:
                    4c:f7:cf:93:f4:f2:6d:e6:61:63:c8:99:8b:44:52:
                    4a:2e:8e:53:12:a3:96:50:aa:d6:74:3a:0c:9e:23:
                    58:38:57:64:b2:0d:07:14:43:89:fe:c6:7c:33:2b:
                    8e:ff:3e:5b:23:6d:51:f0:7a:f0:5c:80:54:9c:29:
                    59:2e:80:3c:be:f8:f4:ba:da:41:a9:7b:a3:a5:d3:
                    24:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:A8:97:8E:A8:68:FC:B2:10:9D:10:00:D5:11:9B:77:88:78:7A:A7
            X509v3 Authority Key Identifier:
                keyid:EA:8D:86:4B:BD:2B:B1:D7:8C:D8:89:0A:15:04:E1:11:36:7F:7A:13

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91F6E65/FED93A7CD88A11E8A3ECFF4DC4F9AE02/6o2GS70rsdeM2IkKFQThETZ_ehM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/6o2GS70rsdeM2IkKFQThETZ_ehM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91F6E65/FED93A7CD88A11E8A3ECFF4DC4F9AE02/F87DE4E2518011E98D519C48C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.11.165.0/24

    Signature Algorithm: sha256WithRSAEncryption
         89:b8:9c:6a:3e:07:5c:b7:5e:26:01:f9:f8:99:46:43:18:8d:
         44:74:d7:3c:09:32:bf:71:c9:61:e0:52:83:19:9e:42:5e:3f:
         54:b5:eb:88:6c:6b:98:64:8f:64:2d:7a:e3:8c:56:67:a5:f0:
         35:93:16:30:0c:9e:91:8a:67:d2:4f:6d:12:42:0f:b6:bb:86:
         79:bc:18:20:90:0a:fd:18:88:d5:53:92:70:58:8a:c1:7e:0a:
         b9:f8:6b:e5:a4:1a:6a:40:be:e7:03:1a:b3:b8:4e:27:60:fa:
         49:74:7d:6a:74:8c:2e:85:c5:bf:48:08:88:20:da:4e:f6:21:
         94:f9:40:51:67:f8:fb:f8:2a:52:43:00:47:c5:ac:63:93:6a:
         59:1c:d3:b1:94:f5:ea:db:65:59:00:49:83:81:9c:d4:71:ce:
         97:99:b6:cd:25:9e:60:8e:f7:34:5f:21:e5:3d:23:d7:d3:07:
         74:54:6e:86:52:92:a9:f3:e7:7e:17:cf:13:f8:ab:92:92:f2:
         d8:5e:2e:0b:47:4a:97:2d:f1:7e:56:c7:e9:23:2d:50:d1:97:
         be:85:db:23:82:9f:8c:f4:bb:30:7e:91:bd:55:a0:f6:a2:97:
         7d:36:79:89:fc:55:af:87:bf:2f:3f:68:3f:e2:31:fd:40:27:
         50:14:57:37
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICEScwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RjZFNjUxMTAvBgNVBAUTKEVBOEQ4NjRCQkQyQkIxRDc4Q0Q4ODkwQTE1MDRFMTEx
MzY3RjdBMTMwHhcNMjMxMjAyMTgwNTEzWhcNMjUwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTZiNzFkOS0wZDAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAm7r0DzcJKiE+C2eiUJpxX9VchA23VD5UZHQDK+ML13YmrjXqReQ/Ka3Wfq2h
thxFMdz89vdLPEUiUeN4mUsukmwdWComHfE6BUtn8PIMEbNXVpEm1Q0+yR2jNetE
HmyBums/xZRx6ED/I/DEvkXSQtq5VpT/uE9CcjQe3dCE/R9WM5qsIH8LM+91tSeb
LZ3/JCvlG/geviTnhYYXznYuOqMz+A8xVweIZ5/uMYy4m92fRaFM98+T9PJt5mFj
yJmLRFJKLo5TEqOWUKrWdDoMniNYOFdksg0HFEOJ/sZ8MyuO/z5bI21R8HrwXIBU
nClZLoA8vvj0utpBqXujpdMkFwIDAQABo4IClTCCApEwHQYDVR0OBBYEFHaol46o
aPyyEJ0QANURm3eIeHqnMB8GA1UdIwQYMBaAFOqNhku9K7HXjNiJChUE4RE2f3oT
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGNkU2NS9GRUQ5M0E3Q0Q4
OEExMUU4QTNFQ0ZGNERDNEY5QUUwMi82bzJHUzcwcnNkZU0ySWtLRlFUaEVUWl9l
aE0uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzZvMkdTNzByc2RlTTJJa0tGUVRoRVRaX2VoTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RjZFNjUvRkVEOTNBN0NEODhBMTFFOEEzRUNGRjREQzRGOUFFMDIvRjg3REU0RTI1
MTgwMTFFOThENTE5QzQ4QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBABnC6UwDQYJKoZIhvcNAQELBQADggEBAIm4nGo+B1y3XiYB
+fiZRkMYjUR01zwJMr9xyWHgUoMZnkJeP1S164hsa5hkj2QteuOMVmel8DWTFjAM
npGKZ9JPbRJCD7a7hnm8GCCQCv0YiNVTknBYisF+Crn4a+WkGmpAvucDGrO4Tidg
+kl0fWp0jC6Fxb9ICIgg2k72IZT5QFFn+Pv4KlJDAEfFrGOTalkc07GU9erbZVkA
SYOBnNRxzpeZts0lnmCO9zRfIeU9I9fTB3RUboZSkqnz534XzxP4q5KS8theLgtH
Spct8X5Wx+kjLVDRl76F2yOCn4z0uzB+kb1VoPail302eYn8Va+Hvy8/aD/iMf1A
J1AUVzc=
-----END CERTIFICATE-----
Generated at Fri Nov 22 19:50:22 2024 by rpki-client on console-ams.rpki-client.org