Route Origin Authorization

$ rpki-client -vvf rpki.rand.apnic.net/repo/A91872ED0001/0/3230332e3134372e3130392e302f32342d3234203d3e203234303231.roa
File:                     3230332e3134372e3130392e302f32342d3234203d3e203234303231.roa (raw, json)
Hash identifier:          Rl4MN2Xw4+nqS9HwCi3mEej414TJXkF16bbqf5Ot+54=
Subject key identifier:   60:48:E2:81:E5:B6:B9:B8:2A:65:72:1E:60:01:8C:2D:3D:7C:A0:6B
Certificate issuer:       /CN=A91872ED0001/serialNumber=C0906A19A7DE349BFA2B32B3C3EB4C2D17760CE1
Certificate serial:       6E194932256E8681F540E13105708FFEAB5A4070
Authority key identifier: C0:90:6A:19:A7:DE:34:9B:FA:2B:32:B3:C3:EB:4C:2D:17:76:0C:E1
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/wJBqGafeNJv6KzKzw-tMLRd2DOE.cer
Subject info access:      rsync://rpki.rand.apnic.net/repo/A91872ED0001/0/3230332e3134372e3130392e302f32342d3234203d3e203234303231.roa
Signing time:             Tue 10 Oct 2023 16:36:20 +0000
ROA not before:           Tue 10 Oct 2023 16:31:20 +0000
ROA not after:            Tue 08 Oct 2024 16:36:20 +0000
asID:                     24021
IP address blocks:        203.147.109.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.rand.apnic.net/repo/A91872ED0001/0/C0906A19A7DE349BFA2B32B3C3EB4C2D17760CE1.crl
                          rsync://rpki.rand.apnic.net/repo/A91872ED0001/0/C0906A19A7DE349BFA2B32B3C3EB4C2D17760CE1.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/wJBqGafeNJv6KzKzw-tMLRd2DOE.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 18 Jun 2024 01:42:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            6e:19:49:32:25:6e:86:81:f5:40:e1:31:05:70:8f:fe:ab:5a:40:70
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91872ED0001/serialNumber=C0906A19A7DE349BFA2B32B3C3EB4C2D17760CE1
        Validity
            Not Before: Oct 10 16:31:20 2023 GMT
            Not After : Oct  8 16:36:20 2024 GMT
        Subject: CN=6048E281E5B6B9B82A65721E60018C2D3D7CA06B
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:86:d0:8e:44:3d:f2:3c:da:df:c7:c7:af:f1:
                    aa:69:19:6a:aa:9b:27:fd:96:17:35:44:82:0b:95:
                    74:96:42:f2:6e:8f:ff:f0:a5:ad:16:cf:06:82:75:
                    a4:eb:f6:73:2c:b0:01:ef:5e:e2:41:d9:03:d7:40:
                    83:2d:32:48:11:c4:0b:48:4f:ba:cd:42:60:25:36:
                    46:ca:10:d7:ca:6d:95:a5:e5:50:1b:03:5c:77:f4:
                    de:9c:db:dd:e2:a5:78:cb:0d:8a:f0:5a:e3:31:64:
                    e0:08:67:6d:f6:4b:79:57:da:b9:92:0d:8e:76:fd:
                    9b:dd:3e:3d:ee:4c:7f:b2:85:f6:f4:5c:40:e1:86:
                    77:16:c7:c4:c2:fb:13:18:41:eb:d8:80:50:8e:22:
                    4b:f0:55:8c:21:d6:d4:ee:af:a2:35:8d:03:44:e7:
                    d7:d5:ee:4c:65:29:58:31:15:dd:81:1f:c3:7b:58:
                    0e:22:60:c2:37:63:c8:7a:2b:94:1c:2b:a7:39:ef:
                    a7:b4:5a:12:f0:12:a3:2b:04:8c:7c:be:56:39:dd:
                    44:0c:27:70:88:3c:23:20:77:34:4c:bc:c0:5b:61:
                    37:d6:16:8e:82:3b:b9:b5:7a:49:bf:83:27:68:89:
                    df:82:b3:64:83:92:51:db:ac:59:38:b1:c6:d3:07:
                    db:f5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                60:48:E2:81:E5:B6:B9:B8:2A:65:72:1E:60:01:8C:2D:3D:7C:A0:6B
            X509v3 Authority Key Identifier:
                keyid:C0:90:6A:19:A7:DE:34:9B:FA:2B:32:B3:C3:EB:4C:2D:17:76:0C:E1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.rand.apnic.net/repo/A91872ED0001/0/C0906A19A7DE349BFA2B32B3C3EB4C2D17760CE1.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/wJBqGafeNJv6KzKzw-tMLRd2DOE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.rand.apnic.net/repo/A91872ED0001/0/3230332e3134372e3130392e302f32342d3234203d3e203234303231.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.147.109.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9b:0c:4c:d2:80:90:04:a5:42:14:ad:57:62:82:63:3d:30:0c:
         19:2f:7b:95:88:37:9d:8b:ed:2a:92:84:10:d6:2d:56:17:7d:
         ee:ef:88:7f:f8:db:92:c0:08:ea:09:40:0f:ef:6c:d9:73:66:
         26:98:06:0f:e9:cc:f0:d3:21:2d:eb:59:2e:07:87:b6:81:7d:
         a6:34:16:e9:c1:4f:a5:8d:60:eb:39:b5:4e:02:d7:b6:97:01:
         2e:f7:0e:11:a5:00:1f:c2:ea:c8:7f:47:a1:a3:da:b2:95:40:
         65:60:f6:1e:85:c4:1d:b8:95:d7:a6:9c:2c:ab:38:07:39:ed:
         0f:c1:c0:26:c9:28:6e:15:c8:ab:da:2b:bb:c7:d3:71:4f:d9:
         1a:5f:eb:e9:12:45:12:31:fe:b7:b6:c6:2a:2d:85:fd:76:49:
         b8:56:d8:74:9b:fa:fd:67:9a:9e:2e:3b:36:d6:df:9e:56:8d:
         67:0f:f1:27:13:61:56:7d:c7:cb:c3:aa:41:b5:5d:b7:37:cf:
         7c:26:dd:e4:3d:5b:aa:f3:07:74:98:9e:49:e4:59:cd:ef:e8:
         5e:b4:56:fc:da:0e:83:96:0d:0f:ac:d2:b4:29:c5:9e:da:1d:
         25:8b:d8:35:ab:83:8e:7c:c3:4b:62:97:78:c5:e2:bf:34:0d:
         a2:fb:87:8a
-----BEGIN CERTIFICATE-----
MIIFFjCCA/6gAwIBAgIUbhlJMiVuhoH1QOExBXCP/qtaQHAwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxODcyRUQwMDAxMTEwLwYDVQQFEyhDMDkwNkExOUE3
REUzNDlCRkEyQjMyQjNDM0VCNEMyRDE3NzYwQ0UxMB4XDTIzMTAxMDE2MzEyMFoX
DTI0MTAwODE2MzYyMFowMzExMC8GA1UEAxMoNjA0OEUyODFFNUI2QjlCODJBNjU3
MjFFNjAwMThDMkQzRDdDQTA2QjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAM6G0I5EPfI82t/Hx6/xqmkZaqqbJ/2WFzVEgguVdJZC8m6P//ClrRbPBoJ1
pOv2cyywAe9e4kHZA9dAgy0ySBHEC0hPus1CYCU2RsoQ18ptlaXlUBsDXHf03pzb
3eKleMsNivBa4zFk4AhnbfZLeVfauZINjnb9m90+Pe5Mf7KF9vRcQOGGdxbHxML7
ExhB69iAUI4iS/BVjCHW1O6vojWNA0Tn19XuTGUpWDEV3YEfw3tYDiJgwjdjyHor
lBwrpznvp7RaEvASoysEjHy+VjndRAwncIg8IyB3NEy8wFthN9YWjoI7ubV6Sb+D
J2iJ34KzZIOSUdusWTixxtMH2/UCAwEAAaOCAgkwggIFMB0GA1UdDgQWBBRgSOKB
5ba5uCplch5gAYwtPXygazAfBgNVHSMEGDAWgBTAkGoZp940m/orMrPD60wtF3YM
4TAOBgNVHQ8BAf8EBAMCB4AwbQYDVR0fBGYwZDBioGCgXoZccnN5bmM6Ly9ycGtp
LnJhbmQuYXBuaWMubmV0L3JlcG8vQTkxODcyRUQwMDAxLzAvQzA5MDZBMTlBN0RF
MzQ5QkZBMkIzMkIzQzNFQjRDMkQxNzc2MENFMS5jcmwwfgYIKwYBBQUHAQEEcjBw
MG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2kuYXBuaWMubmV0L3JlcG9zaXRvcnkv
QjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJGRDFGRjIvd0pCcUdhZmVOSnY2S3pL
enctdE1MUmQyRE9FLmNlcjCBiAYIKwYBBQUHAQsEfDB6MHgGCCsGAQUFBzALhmxy
c3luYzovL3Jwa2kucmFuZC5hcG5pYy5uZXQvcmVwby9BOTE4NzJFRDAwMDEvMC8z
MjMwMzMyZTMxMzQzNzJlMzEzMDM5MmUzMDJmMzIzNDJkMzIzNDIwM2QzZTIwMzIz
NDMwMzIzMS5yb2EwGAYDVR0gAQH/BA4wDDAKBggrBgEFBQcOAjAfBggrBgEFBQcB
BwEB/wQQMA4wDAQCAAEwBgMEAMuTbTANBgkqhkiG9w0BAQsFAAOCAQEAmwxM0oCQ
BKVCFK1XYoJjPTAMGS97lYg3nYvtKpKEENYtVhd97u+If/jbksAI6glAD+9s2XNm
JpgGD+nM8NMhLetZLgeHtoF9pjQW6cFPpY1g6zm1TgLXtpcBLvcOEaUAH8LqyH9H
oaPaspVAZWD2HoXEHbiV16acLKs4BzntD8HAJskobhXIq9oru8fTcU/ZGl/r6RJF
EjH+t7bGKi2F/XZJuFbYdJv6/Weani47NtbfnlaNZw/xJxNhVn3Hy8OqQbVdtzfP
fCbd5D1bqvMHdJieSeRZze/oXrRW/NoOg5YND6zStCnFntodJYvYNauDjnzDS2KX
eMXivzQNovuHig==
-----END CERTIFICATE-----
Generated at Mon Jun 17 02:30:28 2024 by rpki-client on console-ams.rpki-client.org