Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9197CBD/3E400698B11411EE95E74365C4F9AE02/BD16D2BCB11411EE9B803C66C4F9AE02.roa
File:                     BD16D2BCB11411EE9B803C66C4F9AE02.roa (raw, json)
Hash identifier:          sbXLUP+ySv876OX4drz/OH3VKKGNMGx7S1G0hlILvsQ=
Subject key identifier:   95:27:29:55:7D:E5:D6:2E:3C:DF:48:DD:5C:37:09:3C:46:40:D6:01
Certificate issuer:       /CN=A9197CBD/serialNumber=167D6EC32AD0B35815F28847ADD7970EB67F2DBA
Certificate serial:       02
Authority key identifier: 16:7D:6E:C3:2A:D0:B3:58:15:F2:88:47:AD:D7:97:0E:B6:7F:2D:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Fn1uwyrQs1gV8ohHrdeXDrZ_Lbo.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9197CBD/3E400698B11411EE95E74365C4F9AE02/BD16D2BCB11411EE9B803C66C4F9AE02.roa
Signing time:             Fri 12 Jan 2024 06:35:12 +0000
ROA not before:           Fri 12 Jan 2024 06:35:12 +0000
ROA not after:            Thu 01 May 2025 00:00:00 +0000
asID:                     152327
IP address blocks:        2001:df3:5ec0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9197CBD/3E400698B11411EE95E74365C4F9AE02/Fn1uwyrQs1gV8ohHrdeXDrZ_Lbo.crl
                          rsync://rpki.apnic.net/member_repository/A9197CBD/3E400698B11411EE95E74365C4F9AE02/Fn1uwyrQs1gV8ohHrdeXDrZ_Lbo.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Fn1uwyrQs1gV8ohHrdeXDrZ_Lbo.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 20 Jun 2024 07:03:41 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9197CBD/serialNumber=167D6EC32AD0B35815F28847ADD7970EB67F2DBA
        Validity
            Not Before: Jan 12 06:35:12 2024 GMT
            Not After : May  1 00:00:00 2025 GMT
        Subject: CN=65a0dda0-7ee5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a5:aa:76:ae:03:f7:3f:94:54:4e:91:ac:a7:f2:
                    91:22:8f:9e:fc:a4:25:97:a4:a3:10:52:7a:1b:4a:
                    f8:17:eb:02:18:5b:16:5c:f8:0f:ef:af:70:a7:07:
                    91:b9:b4:79:10:6d:f5:dc:cf:ad:c9:22:7b:61:1a:
                    0c:6b:84:14:92:03:39:f9:b6:5d:cd:5f:9a:18:ea:
                    1f:90:14:a2:6f:af:9c:3d:75:ce:19:3f:87:79:dd:
                    6f:08:d1:35:5b:01:15:d3:46:8e:cd:70:0e:2b:31:
                    0f:bb:6c:89:cf:76:e0:a9:1f:ac:7b:b0:74:05:49:
                    5f:80:e6:9a:76:7e:13:fd:2e:cf:d2:03:87:e1:f0:
                    30:6a:d1:eb:a2:e7:b3:86:87:3a:b6:7b:44:71:4b:
                    e2:ed:0c:0d:a3:ec:50:a8:a8:62:62:b0:96:a7:f5:
                    de:45:6a:7d:12:74:d4:a3:53:5d:6f:f5:5a:19:ec:
                    d0:54:e4:09:a6:73:55:33:31:d4:3f:a5:8e:bd:87:
                    01:07:cd:db:05:86:02:ea:b1:64:46:30:46:62:c4:
                    b8:09:51:b9:b0:dd:9f:16:cc:dc:f7:9f:74:ba:7c:
                    1c:13:d9:05:d7:e8:1f:6a:5a:8d:e7:7a:98:c0:85:
                    28:9a:15:04:62:72:81:1a:90:09:cc:9f:f2:40:2a:
                    62:dd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                95:27:29:55:7D:E5:D6:2E:3C:DF:48:DD:5C:37:09:3C:46:40:D6:01
            X509v3 Authority Key Identifier:
                keyid:16:7D:6E:C3:2A:D0:B3:58:15:F2:88:47:AD:D7:97:0E:B6:7F:2D:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9197CBD/3E400698B11411EE95E74365C4F9AE02/Fn1uwyrQs1gV8ohHrdeXDrZ_Lbo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Fn1uwyrQs1gV8ohHrdeXDrZ_Lbo.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9197CBD/3E400698B11411EE95E74365C4F9AE02/BD16D2BCB11411EE9B803C66C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:df3:5ec0::/48

    Signature Algorithm: sha256WithRSAEncryption
         9b:7c:7a:f4:7b:94:42:7a:90:8a:e9:df:16:cb:d2:69:00:82:
         da:d4:c2:fd:54:56:dd:01:ec:b2:bc:1f:dc:1c:5c:01:b5:be:
         ba:d9:9d:23:01:91:c7:26:ce:ac:65:74:97:75:67:f9:64:41:
         31:cb:e0:7c:9c:82:61:2f:16:c7:8e:e8:91:f6:4f:14:86:68:
         60:a2:6f:a0:33:bb:58:a3:5c:15:cc:4d:4a:5e:54:1e:0b:20:
         01:95:ec:70:4c:c3:ce:d6:98:3e:98:b2:79:72:b6:db:60:62:
         71:13:2e:8b:22:b4:a7:49:32:c9:fc:d4:56:a8:61:4d:75:ce:
         73:47:bd:13:cf:4a:c3:d1:3b:69:78:c6:56:70:73:00:17:67:
         74:0c:9f:7f:7d:cf:37:a7:af:19:59:49:8d:f0:c9:f3:5f:ee:
         f5:fb:7d:ef:2b:14:d2:e1:d3:03:5f:c8:39:83:74:2f:4b:33:
         ca:13:cc:05:61:58:a2:5c:81:a2:71:4a:d1:bc:43:eb:c7:8d:
         12:4b:89:d5:a2:19:5d:01:1e:86:8f:f2:fa:30:a6:a8:37:e9:
         06:ed:c5:e7:fd:41:9b:98:e0:0e:06:77:eb:7b:e4:0b:2c:e0:
         17:57:fb:4f:28:d8:1c:79:68:7c:83:be:2f:a4:c0:7e:ec:c0:
         7f:eb:b6:d9
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgIBAjANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTE5
N0NCRDExMC8GA1UEBRMoMTY3RDZFQzMyQUQwQjM1ODE1RjI4ODQ3QURENzk3MEVC
NjdGMkRCQTAeFw0yNDAxMTIwNjM1MTJaFw0yNTA1MDEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY1YTBkZGEwLTdlZTUwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQClqnauA/c/lFROkayn8pEij578pCWXpKMQUnobSvgX6wIYWxZc+A/vr3CnB5G5
tHkQbfXcz63JInthGgxrhBSSAzn5tl3NX5oY6h+QFKJvr5w9dc4ZP4d53W8I0TVb
ARXTRo7NcA4rMQ+7bInPduCpH6x7sHQFSV+A5pp2fhP9Ls/SA4fh8DBq0eui57OG
hzq2e0RxS+LtDA2j7FCoqGJisJan9d5Fan0SdNSjU11v9VoZ7NBU5Ammc1UzMdQ/
pY69hwEHzdsFhgLqsWRGMEZixLgJUbmw3Z8WzNz3n3S6fBwT2QXX6B9qWo3nepjA
hSiaFQRicoEakAnMn/JAKmLdAgMBAAGjggKYMIIClDAdBgNVHQ4EFgQUlScpVX3l
1i4830jdXDcJPEZA1gEwHwYDVR0jBBgwFoAUFn1uwyrQs1gV8ohHrdeXDrZ/Lbow
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTk3Q0JELzNFNDAwNjk4QjEx
NDExRUU5NUU3NDM2NUM0RjlBRTAyL0ZuMXV3eXJRczFnVjhvaEhyZGVYRHJaX0xi
by5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvRm4xdXd5clFzMWdWOG9oSHJkZVhEclpfTGJvLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5
N0NCRC8zRTQwMDY5OEIxMTQxMUVFOTVFNzQzNjVDNEY5QUUwMi9CRDE2RDJCQ0Ix
MTQxMUVFOUI4MDNDNjZDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAiBggrBgEFBQcBBwEB/wQT
MBEwDwQCAAIwCQMHACABDfNewDANBgkqhkiG9w0BAQsFAAOCAQEAm3x69HuUQnqQ
iunfFsvSaQCC2tTC/VRW3QHssrwf3BxcAbW+utmdIwGRxybOrGV0l3Vn+WRBMcvg
fJyCYS8Wx47okfZPFIZoYKJvoDO7WKNcFcxNSl5UHgsgAZXscEzDztaYPpiyeXK2
22BicRMuiyK0p0kyyfzUVqhhTXXOc0e9E89Kw9E7aXjGVnBzABdndAyff33PN6ev
GVlJjfDJ81/u9ft97ysU0uHTA1/IOYN0L0szyhPMBWFYolyBonFK0bxD68eNEkuJ
1aIZXQEeho/y+jCmqDfpBu3F5/1Bm5jgDgZ363vkCyzgF1f7TyjYHHlofIO+L6TA
fuzAf+u22Q==
-----END CERTIFICATE-----
Generated at Thu Jun 13 08:42:05 2024 by rpki-client on console-fra.rpki-client.org