Route Origin Authorization

$ rpki-client -vvf rpki.rand.apnic.net/repo/A91872ED0001/0/3230332e3134372e3130382e302f32342d3234203d3e203234303231.roa
File:                     3230332e3134372e3130382e302f32342d3234203d3e203234303231.roa (raw, json)
Hash identifier:          9DJay/851lVwbvtEVU0xit+qNWZolzMOZNPHBme6QHk=
Subject key identifier:   86:60:18:CE:08:96:3E:04:D5:B2:6E:7C:23:1B:DA:77:8E:90:09:E5
Certificate issuer:       /CN=A91872ED0001/serialNumber=C0906A19A7DE349BFA2B32B3C3EB4C2D17760CE1
Certificate serial:       6C5D27D74DA949CBDC3D74FE942F61B405A67686
Authority key identifier: C0:90:6A:19:A7:DE:34:9B:FA:2B:32:B3:C3:EB:4C:2D:17:76:0C:E1
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/wJBqGafeNJv6KzKzw-tMLRd2DOE.cer
Subject info access:      rsync://rpki.rand.apnic.net/repo/A91872ED0001/0/3230332e3134372e3130382e302f32342d3234203d3e203234303231.roa
Signing time:             Tue 10 Oct 2023 16:36:20 +0000
ROA not before:           Tue 10 Oct 2023 16:31:20 +0000
ROA not after:            Tue 08 Oct 2024 16:36:20 +0000
asID:                     24021
IP address blocks:        203.147.108.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.rand.apnic.net/repo/A91872ED0001/0/C0906A19A7DE349BFA2B32B3C3EB4C2D17760CE1.crl
                          rsync://rpki.rand.apnic.net/repo/A91872ED0001/0/C0906A19A7DE349BFA2B32B3C3EB4C2D17760CE1.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/wJBqGafeNJv6KzKzw-tMLRd2DOE.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 18 Jun 2024 01:42:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6c:5d:27:d7:4d:a9:49:cb:dc:3d:74:fe:94:2f:61:b4:05:a6:76:86
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91872ED0001/serialNumber=C0906A19A7DE349BFA2B32B3C3EB4C2D17760CE1
        Validity
            Not Before: Oct 10 16:31:20 2023 GMT
            Not After : Oct  8 16:36:20 2024 GMT
        Subject: CN=866018CE08963E04D5B26E7C231BDA778E9009E5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:6b:c4:e3:6c:f9:c7:00:4b:4b:2f:71:42:b2:
                    c6:77:b7:44:4a:01:eb:a6:17:32:cd:47:d8:17:98:
                    eb:fe:5c:2b:58:a3:2b:5f:53:e6:1b:76:2f:17:97:
                    df:ed:fe:b1:ec:81:b8:ea:df:c4:29:78:a1:9a:5e:
                    cc:31:ee:0c:8f:86:bf:3e:72:7a:45:f4:a1:bc:8d:
                    80:94:88:74:26:3d:21:40:5e:94:f1:df:37:ca:4f:
                    da:a8:ca:bc:2f:c7:99:56:de:bf:64:76:4b:53:38:
                    1d:4c:0f:84:f0:c9:2c:4d:98:13:16:af:d5:b3:a2:
                    8e:b7:18:6c:11:e3:71:73:2b:3a:09:48:21:cd:ff:
                    28:16:40:0c:74:5c:6c:0f:de:d5:db:dd:08:40:40:
                    e0:45:e0:e6:8a:02:bd:85:34:f1:74:0d:5e:65:07:
                    0e:d0:b1:44:da:c9:81:c7:49:ff:4d:f4:bf:f2:cd:
                    89:25:54:28:4d:57:a7:c7:b9:aa:f9:90:52:c4:90:
                    29:35:8e:2d:b2:cc:df:e5:95:7c:ee:c1:a1:09:b5:
                    81:38:9f:23:4f:b3:9d:be:c1:53:e3:f3:2d:1c:9b:
                    d8:d8:b9:02:dd:05:50:c5:5d:85:20:56:66:ca:5c:
                    c6:9b:1d:5d:91:2e:84:12:3a:9b:e0:b3:11:14:77:
                    b2:9b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                86:60:18:CE:08:96:3E:04:D5:B2:6E:7C:23:1B:DA:77:8E:90:09:E5
            X509v3 Authority Key Identifier:
                keyid:C0:90:6A:19:A7:DE:34:9B:FA:2B:32:B3:C3:EB:4C:2D:17:76:0C:E1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.rand.apnic.net/repo/A91872ED0001/0/C0906A19A7DE349BFA2B32B3C3EB4C2D17760CE1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/wJBqGafeNJv6KzKzw-tMLRd2DOE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.rand.apnic.net/repo/A91872ED0001/0/3230332e3134372e3130382e302f32342d3234203d3e203234303231.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.147.108.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:62:6b:04:74:5f:92:86:f7:bc:70:26:99:33:62:7c:89:50:
         c1:a2:df:eb:81:65:07:e2:74:fa:24:50:2e:49:79:d4:3d:f0:
         cd:0a:74:fe:7a:28:9d:bb:16:e5:69:4b:05:ff:26:7a:e8:80:
         7b:82:e2:bf:00:d9:a3:0b:2a:29:b1:7f:73:fd:1a:2c:f1:5b:
         31:3e:58:e3:36:43:f6:d1:f2:5e:1a:79:f1:88:fc:da:46:62:
         5a:63:e3:17:1e:a7:45:26:12:b8:c5:c0:2e:8e:5a:9e:ef:a3:
         fa:6a:cd:b5:fa:b5:c9:0b:e4:aa:d0:42:7a:22:4e:17:7e:c2:
         90:c4:f6:15:77:98:d6:ae:72:d5:fb:1e:94:23:b4:91:0b:38:
         d3:08:fe:16:79:c8:60:29:ed:c7:73:42:28:af:87:e8:50:da:
         84:f8:ae:de:a4:af:8d:6b:b9:4b:e0:b0:28:f6:96:7b:5b:da:
         e8:ac:ab:7f:a0:b5:6b:7e:e8:67:1c:41:44:0d:d6:5f:ea:e1:
         86:fd:dc:29:09:20:92:38:73:a7:d0:71:be:57:35:4a:f3:d8:
         a6:32:0a:4e:7c:ee:4f:68:88:93:22:d2:52:d1:30:fb:de:f3:
         6c:ac:b8:5e:d5:f9:7f:3c:f8:a2:51:19:67:a5:27:b1:c0:4a:
         fe:d4:c0:6f
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgIUbF0n102pScvcPXT+lC9htAWmdoYwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODcyRUQwMDAxMTEwLwYDVQQFEyhDMDkwNkExOUE3
REUzNDlCRkEyQjMyQjNDM0VCNEMyRDE3NzYwQ0UxMB4XDTIzMTAxMDE2MzEyMFoX
DTI0MTAwODE2MzYyMFowMzExMC8GA1UEAxMoODY2MDE4Q0UwODk2M0UwNEQ1QjI2
RTdDMjMxQkRBNzc4RTkwMDlFNTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBALdrxONs+ccAS0svcUKyxne3REoB66YXMs1H2BeY6/5cK1ijK19T5ht2LxeX
3+3+seyBuOrfxCl4oZpezDHuDI+Gvz5yekX0obyNgJSIdCY9IUBelPHfN8pP2qjK
vC/HmVbev2R2S1M4HUwPhPDJLE2YExav1bOijrcYbBHjcXMrOglIIc3/KBZADHRc
bA/e1dvdCEBA4EXg5ooCvYU08XQNXmUHDtCxRNrJgcdJ/030v/LNiSVUKE1Xp8e5
qvmQUsSQKTWOLbLM3+WVfO7BoQm1gTifI0+znb7BU+PzLRyb2Ni5At0FUMVdhSBW
ZspcxpsdXZEuhBI6m+CzERR3spsCAwEAAaOCAgkwggIFMB0GA1UdDgQWBBSGYBjO
CJY+BNWybnwjG9p3jpAJ5TAfBgNVHSMEGDAWgBTAkGoZp940m/orMrPD60wtF3YM
4TAOBgNVHQ8BAf8EBAMCB4AwbQYDVR0fBGYwZDBioGCgXoZccnN5bmM6Ly9ycGtp
LnJhbmQuYXBuaWMubmV0L3JlcG8vQTkxODcyRUQwMDAxLzAvQzA5MDZBMTlBN0RF
MzQ5QkZBMkIzMkIzQzNFQjRDMkQxNzc2MENFMS5jcmwwfgYIKwYBBQUHAQEEcjBw
MG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkv
QjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvd0pCcUdhZmVOSnY2S3pL
enctdE1MUmQyRE9FLmNlcjCBiAYIKwYBBQUHAQsEfDB6MHgGCCsGAQUFBzALhmxy
c3luYzovL3Jwa2kucmFuZC5hcG5pYy5uZXQvcmVwby9BOTE4NzJFRDAwMDEvMC8z
MjMwMzMyZTMxMzQzNzJlMzEzMDM4MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIz
NDMwMzIzMS5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcB
BwEB/wQQMA4wDAQCAAEwBgMEAMuTbDANBgkqhkiG9w0BAQsFAAOCAQEAkWJrBHRf
kob3vHAmmTNifIlQwaLf64FlB+J0+iRQLkl51D3wzQp0/noonbsW5WlLBf8meuiA
e4LivwDZowsqKbF/c/0aLPFbMT5Y4zZD9tHyXhp58Yj82kZiWmPjFx6nRSYSuMXA
Lo5anu+j+mrNtfq1yQvkqtBCeiJOF37CkMT2FXeY1q5y1fselCO0kQs40wj+FnnI
YCntx3NCKK+H6FDahPiu3qSvjWu5S+CwKPaWe1va6Kyrf6C1a37oZxxBRA3WX+rh
hv3cKQkgkjhzp9Bxvlc1SvPYpjIKTnzuT2iIkyLSUtEw+97zbKy4XtX5fzz4olEZ
Z6UnscBK/tTAbw==
-----END CERTIFICATE-----
Generated at Mon Jun 17 02:30:28 2024 by rpki-client on console-ams.rpki-client.org