Route Origin Authorization

$ rpki-client -vvf rpki.rand.apnic.net/repo/A91872ED0001/0/3230332e31302e36312e302f32342d3234203d3e203435313633.roa
File:                     3230332e31302e36312e302f32342d3234203d3e203435313633.roa (raw, json)
Hash identifier:          h5d4nm6UDVIM1mHpAmBBMuYbnv7Z434/dGxh/e5XEXM=
Subject key identifier:   22:4A:0C:89:3D:44:F4:25:C8:10:D7:03:43:D8:59:ED:C5:22:99:CF
Certificate issuer:       /CN=A91872ED0001/serialNumber=C0906A19A7DE349BFA2B32B3C3EB4C2D17760CE1
Certificate serial:       38EBD2815EAB32B91F8013EFDD5D7F928461A571
Authority key identifier: C0:90:6A:19:A7:DE:34:9B:FA:2B:32:B3:C3:EB:4C:2D:17:76:0C:E1
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/wJBqGafeNJv6KzKzw-tMLRd2DOE.cer
Subject info access:      rsync://rpki.rand.apnic.net/repo/A91872ED0001/0/3230332e31302e36312e302f32342d3234203d3e203435313633.roa
Signing time:             Wed 10 Apr 2024 07:50:34 +0000
ROA not before:           Wed 10 Apr 2024 07:45:34 +0000
ROA not after:            Wed 09 Apr 2025 07:50:34 +0000
asID:                     45163
IP address blocks:        203.10.61.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.rand.apnic.net/repo/A91872ED0001/0/C0906A19A7DE349BFA2B32B3C3EB4C2D17760CE1.crl
                          rsync://rpki.rand.apnic.net/repo/A91872ED0001/0/C0906A19A7DE349BFA2B32B3C3EB4C2D17760CE1.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/wJBqGafeNJv6KzKzw-tMLRd2DOE.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 18 Jun 2024 01:42:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            38:eb:d2:81:5e:ab:32:b9:1f:80:13:ef:dd:5d:7f:92:84:61:a5:71
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91872ED0001/serialNumber=C0906A19A7DE349BFA2B32B3C3EB4C2D17760CE1
        Validity
            Not Before: Apr 10 07:45:34 2024 GMT
            Not After : Apr  9 07:50:34 2025 GMT
        Subject: CN=224A0C893D44F425C810D70343D859EDC52299CF
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bb:93:91:64:ba:cd:21:bc:48:d5:18:a0:fc:32:
                    22:3b:77:6a:c3:5a:f6:9f:c1:c7:46:3c:e1:11:40:
                    17:e2:08:4a:1e:ab:fd:c4:0f:f8:07:a7:a5:cd:8f:
                    16:16:47:22:fa:68:7e:12:04:da:8f:4c:43:56:c9:
                    bf:c4:2c:4c:5d:d8:2e:4c:a6:92:54:36:64:84:4d:
                    bc:eb:bb:72:e6:c0:b4:78:fc:c3:3f:03:97:2b:67:
                    f9:90:4b:60:1e:d6:48:c8:d8:3a:2e:e2:f0:10:de:
                    02:e8:21:67:72:42:d4:43:f3:40:fb:e4:d3:d9:28:
                    9f:11:10:76:84:d6:41:22:a5:64:c6:84:85:9f:c5:
                    74:9f:97:34:08:b1:a8:f0:54:95:d5:87:e8:f2:08:
                    33:54:cb:23:4a:a6:f7:5a:73:0b:84:ff:2a:46:17:
                    f7:40:e4:fd:31:42:3b:ad:2d:90:39:d4:92:38:3c:
                    90:ec:43:82:98:fd:e6:7c:00:44:d0:1a:6e:5d:60:
                    39:0f:de:2f:18:db:6e:e5:8c:64:1f:0a:e6:c6:bb:
                    f7:e9:00:d9:32:a1:54:11:3e:af:e6:7f:bf:4b:88:
                    36:05:45:6d:f0:cc:5d:8c:d6:15:95:78:00:9e:b1:
                    a7:ca:3b:0b:19:cd:b9:6f:e0:08:b3:2c:a0:43:b5:
                    ee:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                22:4A:0C:89:3D:44:F4:25:C8:10:D7:03:43:D8:59:ED:C5:22:99:CF
            X509v3 Authority Key Identifier:
                keyid:C0:90:6A:19:A7:DE:34:9B:FA:2B:32:B3:C3:EB:4C:2D:17:76:0C:E1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.rand.apnic.net/repo/A91872ED0001/0/C0906A19A7DE349BFA2B32B3C3EB4C2D17760CE1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/wJBqGafeNJv6KzKzw-tMLRd2DOE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.rand.apnic.net/repo/A91872ED0001/0/3230332e31302e36312e302f32342d3234203d3e203435313633.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.10.61.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5b:59:7d:a0:e4:92:d0:31:23:26:6e:8d:ad:9e:b1:d4:8f:4f:
         d2:47:01:2b:cb:fc:e6:49:9f:55:84:39:fe:82:64:94:eb:d9:
         e3:da:05:05:16:7f:d5:9e:10:1c:10:a0:24:55:ec:ee:cc:59:
         d2:88:20:4a:95:99:c1:22:f4:48:65:c5:0d:d7:f7:24:29:bb:
         4a:65:c9:05:30:4c:c6:e5:ee:32:ab:41:f5:2e:65:3a:50:88:
         40:7c:6a:19:0b:0b:a6:75:bb:69:68:fd:b8:a4:26:ac:95:20:
         a4:8a:cc:f4:28:76:67:16:5d:64:f5:e0:91:c5:09:ff:09:94:
         89:ca:00:7b:58:49:69:1e:d7:75:6c:7f:0d:f5:b7:ad:3e:16:
         7b:68:06:f7:6b:83:7e:12:b1:8a:89:05:7a:bd:1b:ca:e4:29:
         da:91:3b:f7:91:97:fa:74:2a:9d:09:2d:dc:9f:44:e3:f2:99:
         a0:ca:4a:e4:9a:b0:bc:6f:85:bf:2c:3d:23:52:b3:00:35:c3:
         62:c6:28:30:d6:8c:57:1f:80:24:8f:ec:99:90:30:27:43:62:
         b0:d3:af:45:80:c9:9c:78:84:5e:cb:c0:91:6f:0a:a6:8d:48:
         0c:e8:71:60:46:5f:c0:75:02:7d:ae:78:b8:b0:ae:61:f3:93:
         60:ea:1a:d0
-----BEGIN CERTIFICATE-----
MIIFEjCCA/qgAwIBAgIUOOvSgV6rMrkfgBPv3V1/koRhpXEwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODcyRUQwMDAxMTEwLwYDVQQFEyhDMDkwNkExOUE3
REUzNDlCRkEyQjMyQjNDM0VCNEMyRDE3NzYwQ0UxMB4XDTI0MDQxMDA3NDUzNFoX
DTI1MDQwOTA3NTAzNFowMzExMC8GA1UEAxMoMjI0QTBDODkzRDQ0RjQyNUM4MTBE
NzAzNDNEODU5RURDNTIyOTlDRjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALuTkWS6zSG8SNUYoPwyIjt3asNa9p/Bx0Y84RFAF+IISh6r/cQP+Aenpc2P
FhZHIvpofhIE2o9MQ1bJv8QsTF3YLkymklQ2ZIRNvOu7cubAtHj8wz8Dlytn+ZBL
YB7WSMjYOi7i8BDeAughZ3JC1EPzQPvk09konxEQdoTWQSKlZMaEhZ/FdJ+XNAix
qPBUldWH6PIIM1TLI0qm91pzC4T/KkYX90Dk/TFCO60tkDnUkjg8kOxDgpj95nwA
RNAabl1gOQ/eLxjbbuWMZB8K5sa79+kA2TKhVBE+r+Z/v0uINgVFbfDMXYzWFZV4
AJ6xp8o7CxnNuW/gCLMsoEO17qsCAwEAAaOCAgUwggIBMB0GA1UdDgQWBBQiSgyJ
PUT0JcgQ1wND2FntxSKZzzAfBgNVHSMEGDAWgBTAkGoZp940m/orMrPD60wtF3YM
4TAOBgNVHQ8BAf8EBAMCB4AwbQYDVR0fBGYwZDBioGCgXoZccnN5bmM6Ly9ycGtp
LnJhbmQuYXBuaWMubmV0L3JlcG8vQTkxODcyRUQwMDAxLzAvQzA5MDZBMTlBN0RF
MzQ5QkZBMkIzMkIzQzNFQjRDMkQxNzc2MENFMS5jcmwwfgYIKwYBBQUHAQEEcjBw
MG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkv
QjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvd0pCcUdhZmVOSnY2S3pL
enctdE1MUmQyRE9FLmNlcjCBhAYIKwYBBQUHAQsEeDB2MHQGCCsGAQUFBzALhmhy
c3luYzovL3Jwa2kucmFuZC5hcG5pYy5uZXQvcmVwby9BOTE4NzJFRDAwMDEvMC8z
MjMwMzMyZTMxMzAyZTM2MzEyZTMwMmYzMjM0MmQzMjM0MjAzZDNlMjAzNDM1MzEz
NjMzLnJvYTAYBgNVHSABAf8EDjAMMAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/
BBAwDjAMBAIAATAGAwQAywo9MA0GCSqGSIb3DQEBCwUAA4IBAQBbWX2g5JLQMSMm
bo2tnrHUj0/SRwEry/zmSZ9VhDn+gmSU69nj2gUFFn/VnhAcEKAkVezuzFnSiCBK
lZnBIvRIZcUN1/ckKbtKZckFMEzG5e4yq0H1LmU6UIhAfGoZCwumdbtpaP24pCas
lSCkisz0KHZnFl1k9eCRxQn/CZSJygB7WElpHtd1bH8N9betPhZ7aAb3a4N+ErGK
iQV6vRvK5CnakTv3kZf6dCqdCS3cn0Tj8pmgykrkmrC8b4W/LD0jUrMANcNixigw
1oxXH4Akj+yZkDAnQ2Kw069FgMmceIRey8CRbwqmjUgM6HFgRl/AdQJ9rni4sK5h
85Ng6hrQ
-----END CERTIFICATE-----
Generated at Mon Jun 17 02:30:28 2024 by rpki-client on console-ams.rpki-client.org