Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91FF5A9/00B7151CFD0811E7A428FF0FC4F9AE02/07D665E0862711EBAC147872C4F9AE02.roa
File:                     07D665E0862711EBAC147872C4F9AE02.roa (raw, json)
Hash identifier:          ous1E0oLiCs3r+HQiFOj64dMFKdW/gP7r3rj77Prx3Y=
Subject key identifier:   02:D6:A2:10:4A:B5:A5:2A:28:FE:A6:A9:1F:F5:5F:3E:F9:AF:47:C0
Certificate issuer:       /CN=A91FF5A9/serialNumber=2B95D8D8228A89147D80193D9770EB50AEDDBB6B
Certificate serial:       15CE
Authority key identifier: 2B:95:D8:D8:22:8A:89:14:7D:80:19:3D:97:70:EB:50:AE:DD:BB:6B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/K5XY2CKKiRR9gBk9l3DrUK7du2s.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91FF5A9/00B7151CFD0811E7A428FF0FC4F9AE02/07D665E0862711EBAC147872C4F9AE02.roa
Signing time:             Thu 22 Feb 2024 17:24:55 +0000
ROA not before:           Thu 22 Feb 2024 17:24:55 +0000
ROA not after:            Thu 01 May 2025 00:00:00 +0000
asID:                     136933
IP address blocks:        103.107.236.0/22 maxlen: 22
                          103.107.239.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91FF5A9/00B7151CFD0811E7A428FF0FC4F9AE02/K5XY2CKKiRR9gBk9l3DrUK7du2s.crl
                          rsync://rpki.apnic.net/member_repository/A91FF5A9/00B7151CFD0811E7A428FF0FC4F9AE02/K5XY2CKKiRR9gBk9l3DrUK7du2s.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/K5XY2CKKiRR9gBk9l3DrUK7du2s.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 02 Apr 2024 17:09:35 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 5582 (0x15ce)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91FF5A9/serialNumber=2B95D8D8228A89147D80193D9770EB50AEDDBB6B
        Validity
            Not Before: Feb 22 17:24:55 2024 GMT
            Not After : May  1 00:00:00 2025 GMT
        Subject: CN=65d78366-636c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:66:4f:de:33:84:37:c5:99:2d:c9:10:b9:ad:
                    73:6e:69:50:ef:3d:4b:ec:4a:6b:75:3c:5f:5c:12:
                    d9:87:31:cd:cc:5c:d4:67:83:33:89:fd:70:38:5d:
                    bf:54:f3:b0:3a:b1:a0:4e:95:f3:cd:26:a3:76:b1:
                    84:b9:c6:62:ba:c8:3b:6d:0d:2a:42:ed:1e:ff:81:
                    a0:79:ce:95:6c:a1:aa:c9:09:e1:a0:9d:4a:44:e7:
                    f9:8e:ab:36:d8:68:8d:e7:7d:77:af:43:70:a5:99:
                    c7:22:89:98:58:ea:17:08:19:1e:42:cf:51:2d:a7:
                    cb:8c:bd:3a:03:c4:b9:09:96:e0:24:0d:d2:2b:44:
                    79:1b:d6:12:c4:f2:04:00:bc:96:59:5e:1a:f5:c0:
                    0b:25:47:fa:fc:2d:d8:cd:0a:ca:24:68:8b:60:f6:
                    b4:14:ec:5b:e2:d0:24:80:4f:a5:ee:a1:d9:ab:97:
                    58:1c:4f:5a:c4:5a:2f:ba:6a:17:55:ca:a8:63:80:
                    9a:68:85:9d:fd:c4:70:cb:be:01:bf:a1:b9:b6:9c:
                    77:b7:7b:f5:0f:ee:4f:d7:96:36:6d:0a:75:55:5a:
                    a4:dc:f0:a9:57:79:fb:07:26:46:f3:82:d5:1b:41:
                    14:59:20:40:54:ac:d2:eb:2c:ff:ad:e4:45:83:71:
                    5d:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                02:D6:A2:10:4A:B5:A5:2A:28:FE:A6:A9:1F:F5:5F:3E:F9:AF:47:C0
            X509v3 Authority Key Identifier:
                keyid:2B:95:D8:D8:22:8A:89:14:7D:80:19:3D:97:70:EB:50:AE:DD:BB:6B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91FF5A9/00B7151CFD0811E7A428FF0FC4F9AE02/K5XY2CKKiRR9gBk9l3DrUK7du2s.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/K5XY2CKKiRR9gBk9l3DrUK7du2s.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91FF5A9/00B7151CFD0811E7A428FF0FC4F9AE02/07D665E0862711EBAC147872C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  103.107.236.0/22

    Signature Algorithm: sha256WithRSAEncryption
         73:a5:35:1c:df:91:e8:d1:da:88:ea:4c:cf:ed:b6:df:ba:1b:
         2d:f0:4d:6d:32:c1:92:3a:d7:2a:66:53:a5:71:48:ba:3f:5e:
         6d:62:ae:69:7d:49:8d:c0:e1:b9:d2:0e:ca:7b:2c:e6:80:be:
         e1:87:64:6b:f8:fe:e8:1f:d8:95:78:47:87:c3:ec:94:b2:77:
         7e:94:a9:b0:c8:e2:85:6a:c9:be:ed:0c:42:1d:bf:01:96:00:
         95:f3:52:91:1c:41:0b:bb:72:f4:9d:f1:e8:c9:ff:49:de:65:
         ea:be:3b:6b:59:6b:e9:75:95:2e:e4:79:6b:d4:22:5c:39:b1:
         02:26:bb:50:e2:f7:12:4e:32:93:4e:3e:85:f4:c8:69:47:b9:
         ca:6e:ed:95:3a:a2:27:49:71:de:e2:66:73:36:33:9d:1c:86:
         ed:87:f3:c9:13:ff:d8:92:33:01:29:df:d5:72:37:d4:b0:f0:
         f7:2e:8a:a4:58:d8:0c:1b:81:dd:c6:36:d9:7c:0b:7c:34:22:
         46:10:13:4e:cf:31:7e:ff:f9:6f:a8:2c:47:81:b9:9b:1d:79:
         56:7f:3b:fb:7e:b4:0d:0f:c6:f8:5e:bb:12:8c:34:c6:9b:c1:
         55:c9:0b:bb:2a:62:27:7c:c3:d4:5f:48:a8:af:04:d0:fc:52:
         06:a1:fe:e4
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICFc4wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RkY1QTkxMTAvBgNVBAUTKDJCOTVEOEQ4MjI4QTg5MTQ3RDgwMTkzRDk3NzBFQjUw
QUVEREJCNkIwHhcNMjQwMjIyMTcyNDU1WhcNMjUwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWQ3ODM2Ni02MzZjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAt2ZP3jOEN8WZLckQua1zbmlQ7z1L7EprdTxfXBLZhzHNzFzUZ4Mzif1wOF2/
VPOwOrGgTpXzzSajdrGEucZiusg7bQ0qQu0e/4Ggec6VbKGqyQnhoJ1KROf5jqs2
2GiN5313r0NwpZnHIomYWOoXCBkeQs9RLafLjL06A8S5CZbgJA3SK0R5G9YSxPIE
ALyWWV4a9cALJUf6/C3YzQrKJGiLYPa0FOxb4tAkgE+l7qHZq5dYHE9axFovumoX
VcqoY4CaaIWd/cRwy74Bv6G5tpx3t3v1D+5P15Y2bQp1VVqk3PCpV3n7ByZG84LV
G0EUWSBAVKzS6yz/reRFg3Fd/QIDAQABo4IClTCCApEwHQYDVR0OBBYEFALWohBK
taUqKP6mqR/1Xz75r0fAMB8GA1UdIwQYMBaAFCuV2NgiiokUfYAZPZdw61Cu3btr
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGRjVBOS8wMEI3MTUxQ0ZE
MDgxMUU3QTQyOEZGMEZDNEY5QUUwMi9LNVhZMkNLS2lSUjlnQms5bDNEclVLN2R1
MnMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0s1WFkyQ0tLaVJSOWdCazlsM0RyVUs3ZHUycy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RkY1QTkvMDBCNzE1MUNGRDA4MTFFN0E0MjhGRjBGQzRGOUFFMDIvMDdENjY1RTA4
NjI3MTFFQkFDMTQ3ODcyQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAJna+wwDQYJKoZIhvcNAQELBQADggEBAHOlNRzfkejR2ojq
TM/ttt+6Gy3wTW0ywZI61ypmU6VxSLo/Xm1irml9SY3A4bnSDsp7LOaAvuGHZGv4
/ugf2JV4R4fD7JSyd36UqbDI4oVqyb7tDEIdvwGWAJXzUpEcQQu7cvSd8ejJ/0ne
Zeq+O2tZa+l1lS7keWvUIlw5sQImu1Di9xJOMpNOPoX0yGlHucpu7ZU6oidJcd7i
ZnM2M50chu2H88kT/9iSMwEp39VyN9Sw8PcuiqRY2Awbgd3GNtl8C3w0IkYQE07P
MX7/+W+oLEeBuZsdeVZ/O/t+tA0PxvheuxKMNMabwVXJC7sqYid8w9RfSKivBND8
Ugah/uQ=
-----END CERTIFICATE-----
Generated at Tue Mar 26 18:03:23 2024 by rpki-client on console-ams.rpki-client.org