Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91FDD4D/BAE108C4EA6011E58815770CC4F9AE02/7798FA94D9BF11ED88162D23C4F9AE02.roa
File:                     7798FA94D9BF11ED88162D23C4F9AE02.roa (raw, json)
Hash identifier:          vStZnM9WCgxtVX8wfoyGf3Lbbte/JmkQGjn+i0zi598=
Subject key identifier:   50:8A:0D:97:A9:45:E0:DD:20:5B:F7:74:76:00:F8:CF:5B:07:36:01
Certificate issuer:       /CN=A91FDD4D/serialNumber=72AFBAEBC9ECDDA2EED2D49B13E6048EA3E41E60
Certificate serial:       20AB
Authority key identifier: 72:AF:BA:EB:C9:EC:DD:A2:EE:D2:D4:9B:13:E6:04:8E:A3:E4:1E:60
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/cq-668ns3aLu0tSbE-YEjqPkHmA.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91FDD4D/BAE108C4EA6011E58815770CC4F9AE02/7798FA94D9BF11ED88162D23C4F9AE02.roa
Signing time:             Tue 12 Mar 2024 01:03:34 +0000
ROA not before:           Tue 12 Mar 2024 01:03:34 +0000
ROA not after:            Thu 01 May 2025 00:00:00 +0000
asID:                     136161
IP address blocks:        103.82.124.0/24 maxlen: 24
                          103.92.94.0/24 maxlen: 24
                          103.112.104.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91FDD4D/BAE108C4EA6011E58815770CC4F9AE02/cq-668ns3aLu0tSbE-YEjqPkHmA.crl
                          rsync://rpki.apnic.net/member_repository/A91FDD4D/BAE108C4EA6011E58815770CC4F9AE02/cq-668ns3aLu0tSbE-YEjqPkHmA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/cq-668ns3aLu0tSbE-YEjqPkHmA.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 29 Nov 2024 15:56:33 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 8363 (0x20ab)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91FDD4D/serialNumber=72AFBAEBC9ECDDA2EED2D49B13E6048EA3E41E60
        Validity
            Not Before: Mar 12 01:03:34 2024 GMT
            Not After : May  1 00:00:00 2025 GMT
        Subject: CN=65efa9e6-1c2c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:ce:f7:7a:ee:5c:e5:c9:b8:b6:0c:e0:f9:cf:
                    c6:b8:3f:bb:df:61:8e:30:a7:66:07:88:ce:6b:f7:
                    b5:22:63:01:d6:73:c5:03:fb:ec:76:5a:49:d0:6a:
                    89:c1:72:5c:af:1f:dc:b3:1a:05:d1:3f:25:37:21:
                    cd:24:3f:df:1d:a9:8f:b1:af:2d:7d:d7:9d:79:45:
                    72:0c:c5:8a:f6:ba:1d:c3:a2:8e:18:38:9b:b4:fc:
                    a1:39:6b:54:17:38:1c:d3:9b:5c:8a:d5:90:bd:08:
                    a4:0e:16:2e:09:f9:43:6e:67:10:4f:c9:4e:64:27:
                    3b:8d:a4:9e:85:c6:fc:bb:c7:06:64:e9:c8:7d:0e:
                    08:62:ce:99:b8:7c:2c:3c:4d:fe:79:98:a1:f7:de:
                    be:98:93:94:9b:72:61:3c:75:f9:4e:17:43:12:cc:
                    00:ea:03:f4:5f:a9:f6:d2:2e:73:45:94:1b:8a:d4:
                    25:9b:7a:14:1b:dd:8f:58:ce:c9:26:b4:df:78:1c:
                    a2:c8:cd:f8:7f:c9:0f:80:f2:e3:c6:c4:4b:97:a0:
                    21:d8:3a:07:5b:33:7e:de:81:6f:6a:58:59:f4:a3:
                    ca:2a:a2:3f:68:4a:8e:81:f2:cf:17:94:85:ed:02:
                    69:98:2a:be:bd:dd:90:8c:cf:fc:67:0e:da:4c:0f:
                    3e:5b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                50:8A:0D:97:A9:45:E0:DD:20:5B:F7:74:76:00:F8:CF:5B:07:36:01
            X509v3 Authority Key Identifier:
                keyid:72:AF:BA:EB:C9:EC:DD:A2:EE:D2:D4:9B:13:E6:04:8E:A3:E4:1E:60

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91FDD4D/BAE108C4EA6011E58815770CC4F9AE02/cq-668ns3aLu0tSbE-YEjqPkHmA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/cq-668ns3aLu0tSbE-YEjqPkHmA.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91FDD4D/BAE108C4EA6011E58815770CC4F9AE02/7798FA94D9BF11ED88162D23C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.82.124.0/24
                  103.92.94.0/24
                  103.112.104.0/23

    Signature Algorithm: sha256WithRSAEncryption
         51:5c:ca:c7:50:21:75:16:e3:1c:dd:42:55:df:01:f0:32:6c:
         88:88:e9:02:0e:2e:1f:09:3f:c2:5d:cc:ec:ef:a4:f5:28:e2:
         e4:59:94:0e:23:bd:e3:83:65:22:94:85:d7:75:28:de:90:38:
         da:bb:56:84:d0:b0:c9:83:e0:12:d2:51:b9:c6:f4:ef:51:89:
         fb:c1:05:58:28:21:c8:82:89:9c:d9:eb:22:02:0b:2e:94:90:
         1f:6b:86:2c:22:7a:ec:04:18:19:e5:eb:3b:10:5f:f0:19:67:
         ab:9a:4c:27:5c:70:77:8c:12:86:b7:83:1c:a1:27:c6:30:26:
         12:4a:4b:61:73:ad:ca:eb:9d:07:cc:37:46:6c:84:ad:eb:92:
         db:e2:b7:ed:24:74:0d:b1:5c:74:68:e0:31:40:30:71:df:34:
         be:7f:71:29:0a:f7:ff:f0:15:df:8c:af:4c:49:55:b4:03:30:
         c1:6e:35:19:c1:49:6e:12:c1:cb:18:24:57:e5:b3:df:bf:cf:
         dd:e1:48:63:ad:24:3b:c5:fd:45:c0:98:83:da:40:f6:20:90:
         ef:05:55:0b:98:7d:a1:d9:58:af:a3:61:4f:aa:05:e9:e1:0a:
         2d:ce:78:11:e2:63:1a:6b:2d:94:d0:1d:1f:6d:91:5e:19:98:
         5a:fe:c6:57
-----BEGIN CERTIFICATE-----
MIIFfTCCBGWgAwIBAgICIKswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RkRENEQxMTAvBgNVBAUTKDcyQUZCQUVCQzlFQ0REQTJFRUQyRDQ5QjEzRTYwNDhF
QTNFNDFFNjAwHhcNMjQwMzEyMDEwMzM0WhcNMjUwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWVmYTllNi0xYzJjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA4M73eu5c5cm4tgzg+c/GuD+732GOMKdmB4jOa/e1ImMB1nPFA/vsdlpJ0GqJ
wXJcrx/csxoF0T8lNyHNJD/fHamPsa8tfdedeUVyDMWK9rodw6KOGDibtPyhOWtU
Fzgc05tcitWQvQikDhYuCflDbmcQT8lOZCc7jaSehcb8u8cGZOnIfQ4IYs6ZuHws
PE3+eZih996+mJOUm3JhPHX5ThdDEswA6gP0X6n20i5zRZQbitQlm3oUG92PWM7J
JrTfeByiyM34f8kPgPLjxsRLl6Ah2DoHWzN+3oFvalhZ9KPKKqI/aEqOgfLPF5SF
7QJpmCq+vd2QjM/8Zw7aTA8+WwIDAQABo4ICoTCCAp0wHQYDVR0OBBYEFFCKDZep
ReDdIFv3dHYA+M9bBzYBMB8GA1UdIwQYMBaAFHKvuuvJ7N2i7tLUmxPmBI6j5B5g
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGREQ0RC9CQUUxMDhDNEVB
NjAxMUU1ODgxNTc3MENDNEY5QUUwMi9jcS02NjhuczNhTHUwdFNiRS1ZRWpxUGtI
bUEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2NxLTY2OG5zM2FMdTB0U2JFLVlFanFQa0htQS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RkRENEQvQkFFMTA4QzRFQTYwMTFFNTg4MTU3NzBDQzRGOUFFMDIvNzc5OEZBOTRE
OUJGMTFFRDg4MTYyRDIzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwKwYIKwYBBQUHAQcBAf8E
HDAaMBgEAgABMBIDBABnUnwDBABnXF4DBAFncGgwDQYJKoZIhvcNAQELBQADggEB
AFFcysdQIXUW4xzdQlXfAfAybIiI6QIOLh8JP8JdzOzvpPUo4uRZlA4jveODZSKU
hdd1KN6QONq7VoTQsMmD4BLSUbnG9O9RifvBBVgoIciCiZzZ6yICCy6UkB9rhiwi
euwEGBnl6zsQX/AZZ6uaTCdccHeMEoa3gxyhJ8YwJhJKS2FzrcrrnQfMN0ZshK3r
ktvit+0kdA2xXHRo4DFAMHHfNL5/cSkK9//wFd+Mr0xJVbQDMMFuNRnBSW4SwcsY
JFfls9+/z93hSGOtJDvF/UXAmIPaQPYgkO8FVQuYfaHZWK+jYU+qBenhCi3OeBHi
YxprLZTQHR9tkV4ZmFr+xlc=
-----END CERTIFICATE-----
Generated at Fri Nov 22 17:56:23 2024 by rpki-client on console-fra.rpki-client.org