Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A917AC8C/89966DCAEBB911EC99E5610EC4F9AE02/EB756434EBBD11ECB3DAFE39C4F9AE02.roa
File:                     EB756434EBBD11ECB3DAFE39C4F9AE02.roa (raw, json)
Hash identifier:          p7DfcJLtfReLVrBGXB4FbSfycVhB9b+HJk7nBadO6Xo=
Subject key identifier:   9B:CB:A1:35:11:F4:A7:06:6C:58:56:60:1D:0B:8E:B2:12:74:AA:C7
Certificate issuer:       /CN=A917AC8C/serialNumber=563F32948EBC1B390F32A0AA3F3614785AFCE7C2
Certificate serial:       016C
Authority key identifier: 56:3F:32:94:8E:BC:1B:39:0F:32:A0:AA:3F:36:14:78:5A:FC:E7:C2
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Vj8ylI68GzkPMqCqPzYUeFr858I.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A917AC8C/89966DCAEBB911EC99E5610EC4F9AE02/EB756434EBBD11ECB3DAFE39C4F9AE02.roa
Signing time:             Wed 05 Jul 2023 02:51:58 +0000
ROA not before:           Wed 05 Jul 2023 02:51:58 +0000
ROA not after:            Mon 30 Sep 2024 00:00:00 +0000
asID:                     149867
IP address blocks:        2001:df0:d440::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A917AC8C/89966DCAEBB911EC99E5610EC4F9AE02/Vj8ylI68GzkPMqCqPzYUeFr858I.crl
                          rsync://rpki.apnic.net/member_repository/A917AC8C/89966DCAEBB911EC99E5610EC4F9AE02/Vj8ylI68GzkPMqCqPzYUeFr858I.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Vj8ylI68GzkPMqCqPzYUeFr858I.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 20 Jun 2024 02:50:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 364 (0x16c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A917AC8C/serialNumber=563F32948EBC1B390F32A0AA3F3614785AFCE7C2
        Validity
            Not Before: Jul  5 02:51:58 2023 GMT
            Not After : Sep 30 00:00:00 2024 GMT
        Subject: CN=64a4dace-dd05
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e4:5a:c9:d1:df:de:29:7e:6f:fd:26:e4:2b:34:
                    0e:68:31:96:65:5c:b0:6a:11:c6:36:75:0f:f5:7d:
                    4c:d3:17:20:99:2b:e6:48:bd:c6:87:b7:e1:aa:34:
                    f1:01:b3:eb:8d:89:4c:dc:02:ab:41:79:91:1e:8d:
                    7c:fc:61:fc:0f:00:69:ab:ba:22:c1:8a:72:29:1d:
                    33:9b:9b:bc:fc:fd:04:f7:8c:bc:e7:5c:3f:2b:83:
                    6f:aa:04:1f:d5:7d:e4:98:e0:aa:e8:77:17:b8:d3:
                    dc:a7:87:91:b4:6f:ef:41:75:4b:69:6e:92:74:2e:
                    a1:2b:84:ca:ee:a4:e9:27:f2:2c:56:8e:bc:ab:1b:
                    76:f9:0e:69:5a:4c:57:d6:f3:eb:04:ec:74:77:aa:
                    d3:c2:7c:c9:fe:6d:57:09:7c:26:be:10:28:20:20:
                    58:68:69:2b:aa:fc:41:aa:24:fc:1b:3b:82:ea:01:
                    3e:e8:d2:fe:8d:8c:65:f2:19:4a:09:29:f1:66:e7:
                    a8:64:f0:1f:8f:32:de:95:23:c4:c2:6d:6a:b9:f2:
                    13:fb:6a:32:c3:28:21:f5:2e:e6:46:82:93:73:d0:
                    b0:ec:6f:77:93:9d:28:88:11:79:30:03:70:b6:a7:
                    8f:a6:23:1a:e2:1c:3f:70:51:39:1f:70:d6:d3:0f:
                    b7:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9B:CB:A1:35:11:F4:A7:06:6C:58:56:60:1D:0B:8E:B2:12:74:AA:C7
            X509v3 Authority Key Identifier:
                keyid:56:3F:32:94:8E:BC:1B:39:0F:32:A0:AA:3F:36:14:78:5A:FC:E7:C2

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A917AC8C/89966DCAEBB911EC99E5610EC4F9AE02/Vj8ylI68GzkPMqCqPzYUeFr858I.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Vj8ylI68GzkPMqCqPzYUeFr858I.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A917AC8C/89966DCAEBB911EC99E5610EC4F9AE02/EB756434EBBD11ECB3DAFE39C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:df0:d440::/48

    Signature Algorithm: sha256WithRSAEncryption
         38:bb:ed:43:cf:71:42:66:67:26:90:d4:f0:7b:ad:cf:96:91:
         27:6b:ce:40:b7:29:3e:31:69:32:d4:4b:d2:4f:74:02:4d:96:
         3b:55:7a:d7:65:6d:93:ee:e6:ba:23:be:7e:4e:71:ea:f5:21:
         d4:74:24:c2:7e:94:93:24:c9:2d:95:6c:73:cb:84:40:50:74:
         56:29:d5:76:8a:5e:53:86:83:de:9a:11:80:58:96:42:2a:05:
         90:da:fc:41:75:fa:77:c6:5f:41:af:04:35:09:76:4f:38:a7:
         cc:84:06:97:b2:69:f3:bd:3c:00:fc:ea:c3:71:e1:91:5b:cd:
         83:b1:9c:7e:ac:37:d0:00:58:31:ce:4b:30:8d:60:06:bc:4e:
         26:95:9e:29:56:0b:e7:2a:56:0d:21:48:da:82:6f:79:85:3e:
         4a:fe:b5:4c:5e:a8:34:40:74:5f:ff:30:00:0a:ea:24:4d:5c:
         eb:9b:cb:89:59:84:3d:0e:1a:95:9f:0c:fe:97:86:66:e9:67:
         69:a9:ef:e6:db:b2:0e:fb:7e:4b:c3:31:99:38:30:de:3e:87:
         83:2f:f0:b5:09:bb:60:68:90:aa:05:31:8c:2a:65:c7:79:6b:
         c9:83:7e:2c:4c:f5:3b:21:a2:53:34:9d:94:74:a2:96:e9:3b:
         73:31:6f:dd
-----BEGIN CERTIFICATE-----
MIIFdDCCBFygAwIBAgICAWwwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
N0FDOEMxMTAvBgNVBAUTKDU2M0YzMjk0OEVCQzFCMzkwRjMyQTBBQTNGMzYxNDc4
NUFGQ0U3QzIwHhcNMjMwNzA1MDI1MTU4WhcNMjQwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NGE0ZGFjZS1kZDA1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA5FrJ0d/eKX5v/SbkKzQOaDGWZVywahHGNnUP9X1M0xcgmSvmSL3Gh7fhqjTx
AbPrjYlM3AKrQXmRHo18/GH8DwBpq7oiwYpyKR0zm5u8/P0E94y851w/K4NvqgQf
1X3kmOCq6HcXuNPcp4eRtG/vQXVLaW6SdC6hK4TK7qTpJ/IsVo68qxt2+Q5pWkxX
1vPrBOx0d6rTwnzJ/m1XCXwmvhAoICBYaGkrqvxBqiT8GzuC6gE+6NL+jYxl8hlK
CSnxZueoZPAfjzLelSPEwm1qufIT+2oywygh9S7mRoKTc9Cw7G93k50oiBF5MANw
tqePpiMa4hw/cFE5H3DW0w+3/wIDAQABo4ICmDCCApQwHQYDVR0OBBYEFJvLoTUR
9KcGbFhWYB0LjrISdKrHMB8GA1UdIwQYMBaAFFY/MpSOvBs5DzKgqj82FHha/OfC
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3QUM4Qy84OTk2NkRDQUVC
QjkxMUVDOTlFNTYxMEVDNEY5QUUwMi9Wajh5bEk2OEd6a1BNcUNxUHpZVWVGcjg1
OEkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1ZqOHlsSTY4R3prUE1xQ3FQellVZUZyODU4SS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
N0FDOEMvODk5NjZEQ0FFQkI5MTFFQzk5RTU2MTBFQzRGOUFFMDIvRUI3NTY0MzRF
QkJEMTFFQ0IzREFGRTM5QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwIgYIKwYBBQUHAQcBAf8E
EzARMA8EAgACMAkDBwAgAQ3w1EAwDQYJKoZIhvcNAQELBQADggEBADi77UPPcUJm
ZyaQ1PB7rc+WkSdrzkC3KT4xaTLUS9JPdAJNljtVetdlbZPu5rojvn5Ocer1IdR0
JMJ+lJMkyS2VbHPLhEBQdFYp1XaKXlOGg96aEYBYlkIqBZDa/EF1+nfGX0GvBDUJ
dk84p8yEBpeyafO9PAD86sNx4ZFbzYOxnH6sN9AAWDHOSzCNYAa8TiaVnilWC+cq
Vg0hSNqCb3mFPkr+tUxeqDRAdF//MAAK6iRNXOuby4lZhD0OGpWfDP6XhmbpZ2mp
7+bbsg77fkvDMZk4MN4+h4Mv8LUJu2BokKoFMYwqZcd5a8mDfixM9TsholM0nZR0
opbpO3Mxb90=
-----END CERTIFICATE-----
Generated at Thu Jun 13 05:09:22 2024 by rpki-client on console-ams.rpki-client.org