Route Origin Authorization

$ rpki-client -vvf rpki.rand.apnic.net/repo/A91872ED0001/0/3230332e3134372e3130382e302f32332d3233203d3e203435313633.roa
File:                     3230332e3134372e3130382e302f32332d3233203d3e203435313633.roa (raw, json)
Hash identifier:          823OKQ7p3FCh3xI6V7cH14Uo7V742zclv0kcduSy4TY=
Subject key identifier:   4D:7A:02:DA:1D:A7:A4:77:4A:E0:14:4B:3A:4F:B7:30:8F:50:E7:F4
Certificate issuer:       /CN=A91872ED0001/serialNumber=C0906A19A7DE349BFA2B32B3C3EB4C2D17760CE1
Certificate serial:       47A4FFEB180555415C8AC61B0ABB4834D33DC3FC
Authority key identifier: C0:90:6A:19:A7:DE:34:9B:FA:2B:32:B3:C3:EB:4C:2D:17:76:0C:E1
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/wJBqGafeNJv6KzKzw-tMLRd2DOE.cer
Subject info access:      rsync://rpki.rand.apnic.net/repo/A91872ED0001/0/3230332e3134372e3130382e302f32332d3233203d3e203435313633.roa
Signing time:             Tue 25 Jun 2024 12:00:01 +0000
ROA not before:           Tue 25 Jun 2024 11:55:01 +0000
ROA not after:            Tue 24 Jun 2025 12:00:01 +0000
asID:                     45163
IP address blocks:        203.147.108.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.rand.apnic.net/repo/A91872ED0001/0/C0906A19A7DE349BFA2B32B3C3EB4C2D17760CE1.crl
                          rsync://rpki.rand.apnic.net/repo/A91872ED0001/0/C0906A19A7DE349BFA2B32B3C3EB4C2D17760CE1.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/wJBqGafeNJv6KzKzw-tMLRd2DOE.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 27 Jun 2024 07:48:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            47:a4:ff:eb:18:05:55:41:5c:8a:c6:1b:0a:bb:48:34:d3:3d:c3:fc
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91872ED0001/serialNumber=C0906A19A7DE349BFA2B32B3C3EB4C2D17760CE1
        Validity
            Not Before: Jun 25 11:55:01 2024 GMT
            Not After : Jun 24 12:00:01 2025 GMT
        Subject: CN=4D7A02DA1DA7A4774AE0144B3A4FB7308F50E7F4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:9b:e5:b1:38:7e:cf:34:14:e5:10:76:eb:cc:
                    54:0a:76:59:70:a0:49:80:2e:25:84:e4:2e:ab:1a:
                    59:00:e2:2d:62:63:8c:df:d5:61:66:54:1d:fa:c4:
                    b8:b9:ea:a7:ba:09:cb:ec:f9:51:ff:65:59:d3:22:
                    18:54:19:e1:78:1b:0c:f7:a3:c8:72:6d:06:cf:03:
                    0a:d1:b8:ea:d3:19:8f:14:aa:88:13:4f:b7:60:f9:
                    3a:71:46:0a:18:03:cb:b2:a8:45:91:b8:c0:fa:27:
                    25:e1:ef:5b:d1:aa:d6:ce:64:05:ce:aa:de:ff:9e:
                    4d:29:7b:a8:05:7f:a3:2e:e1:e9:46:b9:1d:bd:eb:
                    58:90:e5:ce:a0:82:e1:62:29:66:36:6b:1a:de:6f:
                    1e:3f:44:90:ef:06:69:81:33:0a:5b:d6:98:a9:a6:
                    b5:b0:d9:5d:00:0c:be:6e:70:5b:a0:9b:bc:34:c4:
                    33:dc:db:f3:e7:29:18:0a:cf:99:0a:c2:79:ce:2c:
                    9e:0b:1d:b5:75:6f:d3:7f:2b:e7:d2:db:a6:5a:f5:
                    bd:24:45:ae:ea:83:32:58:05:27:ec:ea:b8:92:39:
                    06:c4:1f:b8:79:ab:e0:75:56:c9:eb:0a:ae:f4:0a:
                    7e:15:8f:56:88:05:0f:97:e4:c6:4f:8c:e2:cc:71:
                    e0:cd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4D:7A:02:DA:1D:A7:A4:77:4A:E0:14:4B:3A:4F:B7:30:8F:50:E7:F4
            X509v3 Authority Key Identifier:
                keyid:C0:90:6A:19:A7:DE:34:9B:FA:2B:32:B3:C3:EB:4C:2D:17:76:0C:E1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.rand.apnic.net/repo/A91872ED0001/0/C0906A19A7DE349BFA2B32B3C3EB4C2D17760CE1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/wJBqGafeNJv6KzKzw-tMLRd2DOE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.rand.apnic.net/repo/A91872ED0001/0/3230332e3134372e3130382e302f32332d3233203d3e203435313633.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.147.108.0/23

    Signature Algorithm: sha256WithRSAEncryption
         85:42:25:06:cc:78:2b:48:69:13:40:39:15:2a:df:03:43:94:
         61:1a:33:8b:36:53:d8:df:09:6f:04:46:16:33:da:a4:8b:8c:
         72:bb:42:78:d3:40:ce:3f:c6:86:b4:da:de:c5:bf:15:fc:d3:
         34:d6:af:9e:bb:e9:9e:6c:1c:2e:3f:50:2c:9f:28:47:5c:b4:
         86:64:33:99:3b:96:51:67:f9:52:c1:23:d1:aa:81:6d:99:ec:
         fb:f7:63:76:48:ac:83:c0:ff:34:f7:05:06:83:19:b2:3e:da:
         e9:76:f1:15:6c:01:60:ea:bd:d4:d6:aa:54:97:e2:86:1a:4e:
         f9:27:b5:8a:ac:3a:54:fd:74:81:bf:77:73:45:aa:46:ec:0c:
         3c:da:49:85:5d:da:57:c1:9a:eb:2b:81:53:eb:07:40:77:1d:
         d3:8a:8c:9d:71:7a:a5:9c:0d:4e:8d:e4:79:9a:ff:08:34:fc:
         0c:57:76:20:60:32:e1:0c:be:e3:87:c1:7d:79:93:e1:34:f3:
         89:17:58:3c:85:b0:5a:42:c5:42:f7:24:fd:04:34:ed:40:c1:
         7d:b3:fe:27:05:74:0e:1b:aa:09:c7:46:a1:07:20:8b:63:4a:
         50:bb:d9:52:66:97:d9:23:80:7b:81:f6:7b:ac:f4:b2:81:b6:
         b8:12:02:27
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgIUR6T/6xgFVUFcisYbCrtINNM9w/wwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODcyRUQwMDAxMTEwLwYDVQQFEyhDMDkwNkExOUE3
REUzNDlCRkEyQjMyQjNDM0VCNEMyRDE3NzYwQ0UxMB4XDTI0MDYyNTExNTUwMVoX
DTI1MDYyNDEyMDAwMVowMzExMC8GA1UEAxMoNEQ3QTAyREExREE3QTQ3NzRBRTAx
NDRCM0E0RkI3MzA4RjUwRTdGNDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAPab5bE4fs80FOUQduvMVAp2WXCgSYAuJYTkLqsaWQDiLWJjjN/VYWZUHfrE
uLnqp7oJy+z5Uf9lWdMiGFQZ4XgbDPejyHJtBs8DCtG46tMZjxSqiBNPt2D5OnFG
ChgDy7KoRZG4wPonJeHvW9Gq1s5kBc6q3v+eTSl7qAV/oy7h6Ua5Hb3rWJDlzqCC
4WIpZjZrGt5vHj9EkO8GaYEzClvWmKmmtbDZXQAMvm5wW6CbvDTEM9zb8+cpGArP
mQrCec4sngsdtXVv038r59Lbplr1vSRFruqDMlgFJ+zquJI5BsQfuHmr4HVWyesK
rvQKfhWPVogFD5fkxk+M4sxx4M0CAwEAAaOCAgkwggIFMB0GA1UdDgQWBBRNegLa
Haekd0rgFEs6T7cwj1Dn9DAfBgNVHSMEGDAWgBTAkGoZp940m/orMrPD60wtF3YM
4TAOBgNVHQ8BAf8EBAMCB4AwbQYDVR0fBGYwZDBioGCgXoZccnN5bmM6Ly9ycGtp
LnJhbmQuYXBuaWMubmV0L3JlcG8vQTkxODcyRUQwMDAxLzAvQzA5MDZBMTlBN0RF
MzQ5QkZBMkIzMkIzQzNFQjRDMkQxNzc2MENFMS5jcmwwfgYIKwYBBQUHAQEEcjBw
MG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkv
QjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvd0pCcUdhZmVOSnY2S3pL
enctdE1MUmQyRE9FLmNlcjCBiAYIKwYBBQUHAQsEfDB6MHgGCCsGAQUFBzALhmxy
c3luYzovL3Jwa2kucmFuZC5hcG5pYy5uZXQvcmVwby9BOTE4NzJFRDAwMDEvMC8z
MjMwMzMyZTMxMzQzNzJlMzEzMDM4MmUzMDJmMzIzMzJkMzIzMzIwM2QzZTIwMzQz
NTMxMzYzMy5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcB
BwEB/wQQMA4wDAQCAAEwBgMEAcuTbDANBgkqhkiG9w0BAQsFAAOCAQEAhUIlBsx4
K0hpE0A5FSrfA0OUYRozizZT2N8JbwRGFjPapIuMcrtCeNNAzj/GhrTa3sW/FfzT
NNavnrvpnmwcLj9QLJ8oR1y0hmQzmTuWUWf5UsEj0aqBbZns+/djdkisg8D/NPcF
BoMZsj7a6XbxFWwBYOq91NaqVJfihhpO+Se1iqw6VP10gb93c0WqRuwMPNpJhV3a
V8Ga6yuBU+sHQHcd04qMnXF6pZwNTo3keZr/CDT8DFd2IGAy4Qy+44fBfXmT4TTz
iRdYPIWwWkLFQvck/QQ07UDBfbP+JwV0DhuqCcdGoQcgi2NKULvZUmaX2SOAe4H2
e6z0soG2uBICJw==
-----END CERTIFICATE-----
Generated at Wed Jun 26 08:21:50 2024 by rpki-client on console-ams.rpki-client.org