Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91FCDE1/29E0B442B50D11EAAC6C401FC4F9AE02/65B2076021E011EBBF36CD21C4F9AE02.roa
File:                     65B2076021E011EBBF36CD21C4F9AE02.roa (raw, json)
Hash identifier:          3lfeIdyzv2+dHsGRE5ikpdzrvtLTjMAaW25CR/R82YQ=
Subject key identifier:   E2:C0:F2:85:43:F8:BE:6F:FA:34:9D:7B:19:F6:01:40:CC:9B:A0:E4
Certificate issuer:       /CN=A91FCDE1/serialNumber=C2FF115D310BB9147CDDC74991CC1C471FBA1299
Certificate serial:       0779
Authority key identifier: C2:FF:11:5D:31:0B:B9:14:7C:DD:C7:49:91:CC:1C:47:1F:BA:12:99
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/wv8RXTELuRR83cdJkcwcRx-6Epk.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91FCDE1/29E0B442B50D11EAAC6C401FC4F9AE02/65B2076021E011EBBF36CD21C4F9AE02.roa
Signing time:             Wed 02 Aug 2023 21:38:41 +0000
ROA not before:           Wed 02 Aug 2023 21:38:41 +0000
ROA not after:            Mon 30 Sep 2024 00:00:00 +0000
asID:                     135386
IP address blocks:        103.152.132.0/23 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91FCDE1/29E0B442B50D11EAAC6C401FC4F9AE02/wv8RXTELuRR83cdJkcwcRx-6Epk.crl
                          rsync://rpki.apnic.net/member_repository/A91FCDE1/29E0B442B50D11EAAC6C401FC4F9AE02/wv8RXTELuRR83cdJkcwcRx-6Epk.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/wv8RXTELuRR83cdJkcwcRx-6Epk.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 04 Apr 2024 21:46:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1913 (0x779)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91FCDE1/serialNumber=C2FF115D310BB9147CDDC74991CC1C471FBA1299
        Validity
            Not Before: Aug  2 21:38:41 2023 GMT
            Not After : Sep 30 00:00:00 2024 GMT
        Subject: CN=64cacce1-1504
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:8d:20:96:e1:0b:8a:40:7d:3d:f6:a1:5b:34:
                    56:12:63:43:17:47:8c:ea:43:b5:0c:64:de:aa:6f:
                    bd:3c:b2:2f:e8:76:17:90:d4:f9:8d:d5:83:a9:45:
                    7f:ba:60:2b:a4:1a:56:b5:6a:18:3a:32:ed:7d:0a:
                    79:60:29:f3:59:49:12:eb:ee:df:51:9b:d4:a0:3e:
                    c4:53:12:d7:f6:84:54:d4:46:34:91:45:35:30:c1:
                    d5:b0:9e:75:26:4d:7b:8a:88:bf:5a:68:d9:78:de:
                    e4:ca:77:c6:b3:38:cc:81:59:3b:2f:96:4f:34:fd:
                    3a:76:be:02:c7:66:bf:27:e1:0c:5b:47:05:03:b5:
                    ba:b2:95:f5:37:60:94:5d:27:b5:b9:12:76:8a:a4:
                    81:7f:96:d6:4c:c4:50:1c:ba:90:49:14:3a:e2:fb:
                    50:ad:ba:8c:e1:49:d5:76:d0:97:ec:ac:a4:ba:fd:
                    54:c0:f6:ce:8d:0f:36:ce:ce:00:e2:3e:9c:09:55:
                    be:fd:b9:8b:73:11:35:da:eb:6c:7c:93:09:83:f7:
                    92:ad:c2:6d:7d:4f:06:41:c9:a6:2f:f8:1a:72:46:
                    59:92:46:c4:0c:60:ed:09:48:8b:aa:cc:1d:ef:b7:
                    97:d3:05:e3:35:df:34:d2:47:b9:f4:20:94:b1:93:
                    48:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E2:C0:F2:85:43:F8:BE:6F:FA:34:9D:7B:19:F6:01:40:CC:9B:A0:E4
            X509v3 Authority Key Identifier:
                keyid:C2:FF:11:5D:31:0B:B9:14:7C:DD:C7:49:91:CC:1C:47:1F:BA:12:99

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91FCDE1/29E0B442B50D11EAAC6C401FC4F9AE02/wv8RXTELuRR83cdJkcwcRx-6Epk.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/wv8RXTELuRR83cdJkcwcRx-6Epk.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91FCDE1/29E0B442B50D11EAAC6C401FC4F9AE02/65B2076021E011EBBF36CD21C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.152.132.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9a:0f:f6:70:bc:78:32:10:fd:5a:16:4c:f7:b7:1e:d2:c6:93:
         8a:d2:46:73:c7:6c:6f:22:b6:8e:47:5e:85:be:8f:d7:cd:19:
         09:19:c2:00:25:3d:41:e3:3f:31:0f:d6:a9:92:ff:2a:1d:57:
         e7:60:57:3f:50:54:0b:89:e2:31:c7:d9:84:ef:6f:80:10:d8:
         68:28:8c:8f:05:57:96:3c:48:11:b6:3d:d2:77:31:f2:34:d9:
         77:53:28:30:78:6f:c6:da:b3:4e:a1:f0:e1:51:cf:8d:0e:08:
         ac:8f:41:57:2c:4f:6e:87:d8:23:4b:49:5b:6e:ff:7d:c0:11:
         a7:9b:fb:9c:8a:b5:0c:f7:87:72:2c:15:b3:b2:98:b4:d8:7d:
         35:4a:b6:f3:1e:10:da:e2:dc:01:7b:b9:f4:28:7a:00:a6:07:
         eb:13:74:39:71:d5:b9:61:fd:f9:62:b4:f8:b6:6a:b9:1b:87:
         07:ff:bc:bb:93:5d:ee:76:c3:dd:ad:ee:08:26:01:c9:72:83:
         62:c0:d6:07:24:d5:08:c5:63:b0:fa:9e:71:e4:85:ef:87:27:
         f2:fc:4f:35:d2:31:94:b3:41:a4:61:12:98:f5:41:7a:23:56:
         68:d7:38:56:9c:74:fd:c8:51:1d:d1:47:3d:9d:bd:22:c4:8b:
         1f:2e:0c:b5
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICB3kwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RkNERTExMTAvBgNVBAUTKEMyRkYxMTVEMzEwQkI5MTQ3Q0REQzc0OTkxQ0MxQzQ3
MUZCQTEyOTkwHhcNMjMwODAyMjEzODQxWhcNMjQwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NGNhY2NlMS0xNTA0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAoY0gluELikB9PfahWzRWEmNDF0eM6kO1DGTeqm+9PLIv6HYXkNT5jdWDqUV/
umArpBpWtWoYOjLtfQp5YCnzWUkS6+7fUZvUoD7EUxLX9oRU1EY0kUU1MMHVsJ51
Jk17ioi/WmjZeN7kynfGszjMgVk7L5ZPNP06dr4Cx2a/J+EMW0cFA7W6spX1N2CU
XSe1uRJ2iqSBf5bWTMRQHLqQSRQ64vtQrbqM4UnVdtCX7Kykuv1UwPbOjQ82zs4A
4j6cCVW+/bmLcxE12utsfJMJg/eSrcJtfU8GQcmmL/gackZZkkbEDGDtCUiLqswd
77eX0wXjNd800ke59CCUsZNIJwIDAQABo4IClTCCApEwHQYDVR0OBBYEFOLA8oVD
+L5v+jSdexn2AUDMm6DkMB8GA1UdIwQYMBaAFML/EV0xC7kUfN3HSZHMHEcfuhKZ
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGQ0RFMS8yOUUwQjQ0MkI1
MEQxMUVBQUM2QzQwMUZDNEY5QUUwMi93djhSWFRFTHVSUjgzY2RKa2N3Y1J4LTZF
cGsuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3d2OFJYVEVMdVJSODNjZEprY3djUngtNkVway5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RkNERTEvMjlFMEI0NDJCNTBEMTFFQUFDNkM0MDFGQzRGOUFFMDIvNjVCMjA3NjAy
MUUwMTFFQkJGMzZDRDIxQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAFnmIQwDQYJKoZIhvcNAQELBQADggEBAJoP9nC8eDIQ/VoW
TPe3HtLGk4rSRnPHbG8ito5HXoW+j9fNGQkZwgAlPUHjPzEP1qmS/yodV+dgVz9Q
VAuJ4jHH2YTvb4AQ2GgojI8FV5Y8SBG2PdJ3MfI02XdTKDB4b8bas06h8OFRz40O
CKyPQVcsT26H2CNLSVtu/33AEaeb+5yKtQz3h3IsFbOymLTYfTVKtvMeENri3AF7
ufQoegCmB+sTdDlx1blh/flitPi2arkbhwf/vLuTXe52w92t7ggmAclyg2LA1gck
1QjFY7D6nnHkhe+HJ/L8TzXSMZSzQaRhEpj1QXojVmjXOFacdP3IUR3RRz2dvSLE
ix8uDLU=
-----END CERTIFICATE-----
Generated at Thu Mar 28 22:56:01 2024 by rpki-client on console-ams.rpki-client.org