Route Origin Authorization

$ cd rpki.apnic.net/member_repository/A91FCDE1/29E0B442B50D11EAAC6C401FC4F9AE02/

$ rpki-client -vvf 65B2076021E011EBBF36CD21C4F9AE02.roa
File:                     65B2076021E011EBBF36CD21C4F9AE02.roa (download)
Hash identifier:          80/HZB8sNUYg4A96kziSdHq2ynlczUDcJxoUt4lhAmk=
Subject key identifier:   05:56:5F:3E:AD:C8:B2:9D:8A:E3:C2:79:A1:1B:48:E1:6B:18:43:6A
Certificate issuer:       /CN=A91FCDE1/serialNumber=C2FF115D310BB9147CDDC74991CC1C471FBA1299
Certificate serial:       068A
Authority key identifier: C2:FF:11:5D:31:0B:B9:14:7C:DD:C7:49:91:CC:1C:47:1F:BA:12:99
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/wv8RXTELuRR83cdJkcwcRx-6Epk.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91FCDE1/29E0B442B50D11EAAC6C401FC4F9AE02/65B2076021E011EBBF36CD21C4F9AE02.roa
ROA valid until:          Sep 30 00:00:00 2023 GMT
asID:                     135386
IP address blocks:
    1: 103.152.132.0/23 maxlen: 24

Validation: OK

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1674 (0x68a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91FCDE1/serialNumber=C2FF115D310BB9147CDDC74991CC1C471FBA1299
        Validity
            Not Before: Aug 25 10:39:32 2022 GMT
            Not After : Sep 30 00:00:00 2023 GMT
        Subject: CN=63075164-d308
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:df:ca:7f:d6:a1:f1:da:2f:ed:47:dc:99:cd:
                    e8:aa:68:1b:1d:ee:cc:69:35:68:83:53:0f:b9:ea:
                    70:28:95:a2:10:ed:12:c1:78:8d:23:e9:cc:9f:09:
                    a2:9c:cc:80:41:ee:b2:20:df:47:17:90:e5:28:58:
                    9c:60:0a:fa:47:3b:6d:05:fa:f9:aa:37:d0:30:37:
                    cd:c7:9f:49:64:2b:99:1b:7c:d9:d9:96:c4:0e:99:
                    1d:c7:b9:2c:1e:e8:73:3a:64:ae:a6:ec:f5:d8:d1:
                    5d:0d:15:30:99:8d:05:2f:43:1f:5e:bd:43:f3:ce:
                    6d:44:7f:9c:99:c8:3b:a9:57:8f:22:ff:83:5d:ef:
                    aa:69:59:e7:f4:54:87:97:21:78:bf:94:57:41:d8:
                    12:44:ec:9b:f2:bf:8c:8b:ed:21:d2:b1:f5:e9:2d:
                    c9:64:76:4c:18:71:cf:ca:4b:6d:ca:be:e3:f0:21:
                    e7:c2:0f:3b:24:27:e4:9d:31:00:09:15:53:90:b5:
                    4c:3b:3c:02:e1:42:72:ae:a8:5b:24:d0:06:a9:fa:
                    64:1b:42:a4:0f:9c:7a:a4:b6:17:7d:1d:73:db:c1:
                    8a:f0:52:25:fc:1b:a0:8e:60:94:a9:cd:dc:4c:e1:
                    1b:4a:65:ee:2f:be:5c:bb:36:92:4a:ad:29:03:d1:
                    e0:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                05:56:5F:3E:AD:C8:B2:9D:8A:E3:C2:79:A1:1B:48:E1:6B:18:43:6A
            X509v3 Authority Key Identifier: 
                keyid:C2:FF:11:5D:31:0B:B9:14:7C:DD:C7:49:91:CC:1C:47:1F:BA:12:99

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91FCDE1/29E0B442B50D11EAAC6C401FC4F9AE02/wv8RXTELuRR83cdJkcwcRx-6Epk.crl

            Authority Information Access: 
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/wv8RXTELuRR83cdJkcwcRx-6Epk.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access: 
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91FCDE1/29E0B442B50D11EAAC6C401FC4F9AE02/65B2076021E011EBBF36CD21C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.152.132.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7e:ee:8d:1f:35:5c:97:d3:7b:09:fa:09:dd:2b:30:96:b8:92:
         93:e1:9e:e6:85:3f:17:23:93:39:c2:6c:de:dd:b4:dd:90:05:
         77:6b:b1:20:8b:ba:0c:79:0f:84:23:88:37:be:39:73:a8:8f:
         1f:8d:ae:b7:04:a1:1d:d0:04:70:ee:04:53:4d:86:28:f6:53:
         9d:91:a3:c6:1a:d4:3a:99:65:41:6e:b0:4f:31:0a:0d:2b:13:
         03:5c:0a:e6:af:55:d2:6c:bf:0a:3a:c8:e4:71:88:8c:5c:b7:
         27:75:c7:5d:e6:77:b4:5f:9c:b0:59:27:b7:1e:2a:d2:ae:10:
         98:f8:d0:72:a9:40:75:0b:67:59:0d:f1:f9:54:7c:94:6f:68:
         7a:97:40:b0:f0:bd:a0:6d:ce:aa:c2:d4:03:6c:1a:a3:89:0a:
         d8:69:e2:6d:db:f1:6e:b6:1e:4e:dd:7c:9a:71:67:75:b4:17:
         79:8f:8d:63:4b:dc:c2:84:4a:e8:1f:03:b5:de:83:f8:e9:e4:
         0d:ce:8f:3d:c4:d6:23:56:e0:91:ab:a5:b3:df:0b:77:54:7f:
         ac:6c:59:79:f7:9d:ce:bd:aa:cc:c9:92:5a:3a:b1:71:a4:1f:
         4d:17:42:22:ac:5e:3a:bf:db:4c:85:0b:6b:50:03:9d:8b:39:
         7c:a3:e9:9d
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICBoowDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RkNERTExMTAvBgNVBAUTKEMyRkYxMTVEMzEwQkI5MTQ3Q0REQzc0OTkxQ0MxQzQ3
MUZCQTEyOTkwHhcNMjIwODI1MTAzOTMyWhcNMjMwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02MzA3NTE2NC1kMzA4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAyd/Kf9ah8dov7Ufcmc3oqmgbHe7MaTVog1MPuepwKJWiEO0SwXiNI+nMnwmi
nMyAQe6yIN9HF5DlKFicYAr6RzttBfr5qjfQMDfNx59JZCuZG3zZ2ZbEDpkdx7ks
HuhzOmSupuz12NFdDRUwmY0FL0MfXr1D885tRH+cmcg7qVePIv+DXe+qaVnn9FSH
lyF4v5RXQdgSROyb8r+Mi+0h0rH16S3JZHZMGHHPykttyr7j8CHnwg87JCfknTEA
CRVTkLVMOzwC4UJyrqhbJNAGqfpkG0KkD5x6pLYXfR1z28GK8FIl/BugjmCUqc3c
TOEbSmXuL75cuzaSSq0pA9HgZQIDAQABo4IClTCCApEwHQYDVR0OBBYEFAVWXz6t
yLKdiuPCeaEbSOFrGENqMB8GA1UdIwQYMBaAFML/EV0xC7kUfN3HSZHMHEcfuhKZ
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGQ0RFMS8yOUUwQjQ0MkI1
MEQxMUVBQUM2QzQwMUZDNEY5QUUwMi93djhSWFRFTHVSUjgzY2RKa2N3Y1J4LTZF
cGsuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3d2OFJYVEVMdVJSODNjZEprY3djUngtNkVway5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RkNERTEvMjlFMEI0NDJCNTBEMTFFQUFDNkM0MDFGQzRGOUFFMDIvNjVCMjA3NjAy
MUUwMTFFQkJGMzZDRDIxQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAFnmIQwDQYJKoZIhvcNAQELBQADggEBAH7ujR81XJfTewn6
Cd0rMJa4kpPhnuaFPxcjkznCbN7dtN2QBXdrsSCLugx5D4QjiDe+OXOojx+NrrcE
oR3QBHDuBFNNhij2U52Ro8Ya1DqZZUFusE8xCg0rEwNcCuavVdJsvwo6yORxiIxc
tyd1x13md7RfnLBZJ7ceKtKuEJj40HKpQHULZ1kN8flUfJRvaHqXQLDwvaBtzqrC
1ANsGqOJCthp4m3b8W62Hk7dfJpxZ3W0F3mPjWNL3MKESugfA7Xeg/jp5A3Ojz3E
1iNW4JGrpbPfC3dUf6xsWXn3nc69qszJklo6sXGkH00XQiKsXjq/20yFC2tQA52L
OXyj6Z0=
-----END CERTIFICATE-----
Generated at Sat Dec 3 19:12:47 2022 by rpki-client.