Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A912BA82/FBDDAC24CE5A11EE8C3BD03AC4F9AE02/6198218AEB3311EEA75DE77DC4F9AE02.roa
File:                     6198218AEB3311EEA75DE77DC4F9AE02.roa (raw, json)
Hash identifier:          bPf9OeOoi06Rnw8uv3TpDzvZ9rbymPD0sd16mNTyii0=
Subject key identifier:   40:EE:AC:E8:98:67:79:97:2C:60:E7:CC:D9:21:47:58:69:23:91:79
Certificate issuer:       /CN=A912BA82/serialNumber=AFB8FFE1E8686296B996C63AA902EA9C128F48FE
Certificate serial:       18
Authority key identifier: AF:B8:FF:E1:E8:68:62:96:B9:96:C6:3A:A9:02:EA:9C:12:8F:48:FE
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/r7j_4ehoYpa5lsY6qQLqnBKPSP4.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A912BA82/FBDDAC24CE5A11EE8C3BD03AC4F9AE02/6198218AEB3311EEA75DE77DC4F9AE02.roa
Signing time:             Tue 26 Mar 2024 05:40:41 +0000
ROA not before:           Tue 26 Mar 2024 05:40:41 +0000
ROA not after:            Thu 01 May 2025 00:00:00 +0000
asID:                     148968
IP address blocks:        2401:76e0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A912BA82/FBDDAC24CE5A11EE8C3BD03AC4F9AE02/r7j_4ehoYpa5lsY6qQLqnBKPSP4.crl
                          rsync://rpki.apnic.net/member_repository/A912BA82/FBDDAC24CE5A11EE8C3BD03AC4F9AE02/r7j_4ehoYpa5lsY6qQLqnBKPSP4.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/r7j_4ehoYpa5lsY6qQLqnBKPSP4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 20 Jun 2024 07:03:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 24 (0x18)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A912BA82/serialNumber=AFB8FFE1E8686296B996C63AA902EA9C128F48FE
        Validity
            Not Before: Mar 26 05:40:41 2024 GMT
            Not After : May  1 00:00:00 2025 GMT
        Subject: CN=66025fd9-2aa0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ed:c2:43:62:09:41:50:31:74:2e:07:d9:f4:12:
                    a5:b2:5b:7c:5a:40:af:04:e6:10:ff:f2:85:ad:3f:
                    a3:ca:24:59:00:0b:a6:d2:72:39:bc:63:f8:a4:da:
                    70:93:ab:f1:0e:39:20:9b:a6:e1:26:03:83:84:55:
                    78:df:03:c3:b7:7c:04:00:ca:58:99:09:fb:78:4a:
                    56:f5:e5:f5:b3:1b:0f:39:eb:81:b8:d4:29:1a:d1:
                    e9:72:72:29:f9:a3:7b:83:98:af:03:04:70:ba:22:
                    c4:46:24:e6:ba:40:4d:3b:bf:3c:de:8a:0d:89:c9:
                    cf:4a:c0:9d:1f:13:e0:cf:61:b6:22:ae:9a:11:6c:
                    05:e3:98:9f:71:3d:be:d8:1d:0c:d0:2b:8e:98:9b:
                    e1:6f:97:12:82:dc:da:4a:66:23:0d:e4:be:86:a9:
                    5f:04:b9:0d:ec:f0:6a:ca:e2:cf:fd:4d:93:c4:d7:
                    b6:f8:36:9a:33:db:4c:42:bb:ab:32:b1:af:93:bb:
                    9d:4d:08:b8:90:8c:70:09:3d:a5:77:ef:25:43:40:
                    bd:03:e7:d4:a0:67:af:7b:19:6e:1b:7a:72:07:11:
                    fe:c4:f5:ff:97:54:28:f7:cb:f3:5a:42:a9:2e:ed:
                    a9:65:58:ef:ce:d2:5b:ef:ac:41:5e:e0:28:93:99:
                    8f:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                40:EE:AC:E8:98:67:79:97:2C:60:E7:CC:D9:21:47:58:69:23:91:79
            X509v3 Authority Key Identifier:
                keyid:AF:B8:FF:E1:E8:68:62:96:B9:96:C6:3A:A9:02:EA:9C:12:8F:48:FE

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A912BA82/FBDDAC24CE5A11EE8C3BD03AC4F9AE02/r7j_4ehoYpa5lsY6qQLqnBKPSP4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/r7j_4ehoYpa5lsY6qQLqnBKPSP4.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A912BA82/FBDDAC24CE5A11EE8C3BD03AC4F9AE02/6198218AEB3311EEA75DE77DC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2401:76e0::/32

    Signature Algorithm: sha256WithRSAEncryption
         7a:01:ee:37:9f:df:4c:73:3c:57:c7:24:90:72:de:f9:b8:52:
         c7:a5:f7:4a:d7:0d:de:30:34:f6:ce:4d:2a:74:8d:14:b5:ae:
         76:0a:3b:01:74:eb:7c:06:55:05:48:69:59:ca:29:3a:f3:40:
         3e:97:b6:cf:07:b9:6e:30:23:ef:ce:37:66:a0:e2:a1:1e:5a:
         38:53:85:4f:93:53:c8:30:4f:ab:f8:a5:aa:f0:02:64:b7:be:
         45:f2:16:c2:87:81:56:f7:b5:b4:ce:52:4a:59:7d:e8:8e:56:
         1f:bb:41:14:fe:a3:3c:e4:16:a0:5e:c4:10:4e:6d:dc:33:2a:
         c0:b1:ea:5c:67:07:dd:c1:51:32:39:c2:7c:17:64:2c:92:0c:
         88:83:f2:44:ee:ad:aa:c1:84:86:b8:32:b1:4f:ee:c0:e6:6b:
         ff:2e:81:de:c5:32:de:fc:80:7b:b9:46:fe:5f:ae:47:4d:d9:
         eb:5c:c1:56:cb:d5:79:c7:d9:a5:db:fb:be:39:3b:5f:ef:ae:
         48:72:8e:1c:ba:71:15:fe:ca:03:db:6c:be:e8:03:29:93:25:
         d2:29:ed:50:ea:e0:6c:4e:f5:95:52:fd:90:ed:55:df:dc:9b:
         ae:b9:3b:03:ad:ee:c1:c3:29:fe:85:32:f6:43:a7:24:7d:f7:
         68:4a:b6:7f
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgIBGDANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTEy
QkE4MjExMC8GA1UEBRMoQUZCOEZGRTFFODY4NjI5NkI5OTZDNjNBQTkwMkVBOUMx
MjhGNDhGRTAeFw0yNDAzMjYwNTQwNDFaFw0yNTA1MDEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY2MDI1ZmQ5LTJhYTAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDtwkNiCUFQMXQuB9n0EqWyW3xaQK8E5hD/8oWtP6PKJFkAC6bScjm8Y/ik2nCT
q/EOOSCbpuEmA4OEVXjfA8O3fAQAyliZCft4Slb15fWzGw8564G41Cka0elycin5
o3uDmK8DBHC6IsRGJOa6QE07vzzeig2Jyc9KwJ0fE+DPYbYirpoRbAXjmJ9xPb7Y
HQzQK46Ym+FvlxKC3NpKZiMN5L6GqV8EuQ3s8GrK4s/9TZPE17b4Npoz20xCu6sy
sa+Tu51NCLiQjHAJPaV37yVDQL0D59SgZ697GW4benIHEf7E9f+XVCj3y/NaQqku
7allWO/O0lvvrEFe4CiTmY+zAgMBAAGjggKWMIICkjAdBgNVHQ4EFgQUQO6s6Jhn
eZcsYOfM2SFHWGkjkXkwHwYDVR0jBBgwFoAUr7j/4ehoYpa5lsY6qQLqnBKPSP4w
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTJCQTgyL0ZCRERBQzI0Q0U1
QTExRUU4QzNCRDAzQUM0RjlBRTAyL3I3al80ZWhvWXBhNWxzWTZxUUxxbkJLUFNQ
NC5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvcjdqXzRlaG9ZcGE1bHNZNnFRTHFuQktQU1A0LmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEy
QkE4Mi9GQkREQUMyNENFNUExMUVFOEMzQkQwM0FDNEY5QUUwMi82MTk4MjE4QUVC
MzMxMUVFQTc1REU3N0RDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAgBggrBgEFBQcBBwEB/wQR
MA8wDQQCAAIwBwMFACQBduAwDQYJKoZIhvcNAQELBQADggEBAHoB7jef30xzPFfH
JJBy3vm4Usel90rXDd4wNPbOTSp0jRS1rnYKOwF063wGVQVIaVnKKTrzQD6Xts8H
uW4wI+/ON2ag4qEeWjhThU+TU8gwT6v4parwAmS3vkXyFsKHgVb3tbTOUkpZfeiO
Vh+7QRT+ozzkFqBexBBObdwzKsCx6lxnB93BUTI5wnwXZCySDIiD8kTurarBhIa4
MrFP7sDma/8ugd7FMt78gHu5Rv5frkdN2etcwVbL1XnH2aXb+745O1/vrkhyjhy6
cRX+ygPbbL7oAymTJdIp7VDq4GxO9ZVS/ZDtVd/cm665OwOt7sHDKf6FMvZDpyR9
92hKtn8=
-----END CERTIFICATE-----
Generated at Thu Jun 13 10:58:36 2024 by rpki-client on console-ams.rpki-client.org