Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91CFD5A/2375B306B94511EEBB818834C4F9AE02/D60B1BCCB9AF11EE97EEDB49C4F9AE02.roa
File:                     D60B1BCCB9AF11EE97EEDB49C4F9AE02.roa (raw, json)
Hash identifier:          QpULv6uFKq+BY+XNVo382twuIiH4SmOeV3C43PcYja8=
Subject key identifier:   48:8E:72:40:77:4E:1B:E7:3F:A8:D7:D4:35:DA:E9:EB:90:52:7F:5F
Certificate issuer:       /CN=A91CFD5A/serialNumber=4A8A395E556CC7F19AAE6AB06AFF067944956B46
Certificate serial:       4F
Authority key identifier: 4A:8A:39:5E:55:6C:C7:F1:9A:AE:6A:B0:6A:FF:06:79:44:95:6B:46
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Soo5XlVsx_Garmqwav8GeUSVa0Y.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91CFD5A/2375B306B94511EEBB818834C4F9AE02/D60B1BCCB9AF11EE97EEDB49C4F9AE02.roa
Signing time:             Tue 11 Jun 2024 18:48:50 +0000
ROA not before:           Tue 11 Jun 2024 18:48:50 +0000
ROA not after:            Thu 01 May 2025 00:00:00 +0000
asID:                     152342
IP address blocks:        2001:df3:6540::/48 maxlen: 48
                          2001:df3:6540::/49 maxlen: 49
                          2001:df3:6540:8000::/49 maxlen: 49

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91CFD5A/2375B306B94511EEBB818834C4F9AE02/Soo5XlVsx_Garmqwav8GeUSVa0Y.crl
                          rsync://rpki.apnic.net/member_repository/A91CFD5A/2375B306B94511EEBB818834C4F9AE02/Soo5XlVsx_Garmqwav8GeUSVa0Y.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Soo5XlVsx_Garmqwav8GeUSVa0Y.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 30 Nov 2024 02:50:13 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 79 (0x4f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91CFD5A/serialNumber=4A8A395E556CC7F19AAE6AB06AFF067944956B46
        Validity
            Not Before: Jun 11 18:48:50 2024 GMT
            Not After : May  1 00:00:00 2025 GMT
        Subject: CN=66689c11-2b40
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c1:e7:2e:e9:42:8f:02:85:76:97:7d:ca:59:ff:
                    f8:11:75:22:d8:63:08:e7:91:e0:35:3e:a1:15:09:
                    5a:44:dc:ec:88:0b:ba:7b:1c:5e:85:53:09:bc:43:
                    5d:b8:1a:08:26:2c:04:f3:3c:aa:4d:32:b8:7b:97:
                    44:85:0a:bf:a5:22:4a:74:3e:55:02:27:f1:db:52:
                    a6:60:38:17:ad:d9:d8:a1:b1:30:f7:26:a5:70:8b:
                    b3:2d:be:5b:b1:4c:dc:77:eb:3a:ff:0d:91:7c:02:
                    59:b0:15:00:17:27:ae:29:60:a6:a0:9b:d1:90:84:
                    9e:c2:4d:65:5e:41:7b:da:65:d7:f2:ed:df:8b:6d:
                    a3:44:86:a3:a9:2b:ca:47:51:f3:30:c5:80:f5:8b:
                    ba:86:eb:3f:6e:c9:ae:40:27:5a:76:77:de:65:96:
                    c2:67:1d:c1:9f:77:b0:e5:be:7f:6f:01:fc:42:6f:
                    a5:e1:f7:56:36:ad:ad:8d:64:8c:62:42:be:85:8d:
                    bf:c3:99:18:ad:7f:5a:e5:21:e8:ac:a0:da:fc:c6:
                    4e:f2:b0:fe:b5:eb:db:7d:9b:4d:4d:3b:cb:35:dd:
                    0f:79:67:78:db:25:35:46:2c:98:83:4a:e0:88:8a:
                    df:fa:ae:c5:ff:29:25:b9:3c:90:4a:d4:5e:c8:dd:
                    bf:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                48:8E:72:40:77:4E:1B:E7:3F:A8:D7:D4:35:DA:E9:EB:90:52:7F:5F
            X509v3 Authority Key Identifier:
                keyid:4A:8A:39:5E:55:6C:C7:F1:9A:AE:6A:B0:6A:FF:06:79:44:95:6B:46

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91CFD5A/2375B306B94511EEBB818834C4F9AE02/Soo5XlVsx_Garmqwav8GeUSVa0Y.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Soo5XlVsx_Garmqwav8GeUSVa0Y.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91CFD5A/2375B306B94511EEBB818834C4F9AE02/D60B1BCCB9AF11EE97EEDB49C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:df3:6540::/48

    Signature Algorithm: sha256WithRSAEncryption
         48:8f:a7:e2:b7:19:f8:d3:96:78:6f:63:2e:27:19:f8:97:e9:
         18:01:58:a1:0e:18:17:b8:9a:96:c4:1e:c1:fb:a7:0a:be:2c:
         b4:17:78:ca:9f:48:3a:0f:a0:b1:7b:38:b5:0e:8c:a7:dc:e3:
         8c:51:e2:e7:54:ca:d4:5c:c0:7b:39:b2:6d:cd:d4:42:52:a9:
         0c:73:a4:c4:cc:51:83:c2:a8:9a:5f:ab:1c:c9:80:8d:9c:47:
         27:0f:01:6a:4b:f1:a5:bb:8d:5d:38:18:c4:d6:bd:e8:9c:3d:
         73:57:6b:01:f2:71:09:08:71:0c:61:0f:9c:5b:5e:b3:a2:59:
         e8:c0:03:eb:65:63:98:5c:f2:41:eb:fe:4c:86:67:c7:93:44:
         a8:b5:cf:35:dc:a4:f8:e4:07:8a:e5:d9:8a:91:af:b3:7c:f6:
         ae:32:a8:41:00:57:31:18:69:47:7f:d0:87:44:b3:05:7a:b8:
         40:a8:c7:cc:59:bb:73:63:4a:ac:62:04:ab:e5:d3:6a:5d:f9:
         bb:87:9b:e8:cf:6c:08:a9:ab:b5:52:d2:ad:6e:e3:8d:2f:a5:
         35:28:07:fd:55:a7:68:3b:bf:27:e2:d1:0a:49:29:3e:a0:c2:
         c2:17:1d:b1:25:4f:db:de:d8:af:6f:37:96:fa:cc:e9:47:c6:
         19:1c:81:e4
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgIBTzANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFD
RkQ1QTExMC8GA1UEBRMoNEE4QTM5NUU1NTZDQzdGMTlBQUU2QUIwNkFGRjA2Nzk0
NDk1NkI0NjAeFw0yNDA2MTExODQ4NTBaFw0yNTA1MDEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY2Njg5YzExLTJiNDAwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDB5y7pQo8ChXaXfcpZ//gRdSLYYwjnkeA1PqEVCVpE3OyIC7p7HF6FUwm8Q124
GggmLATzPKpNMrh7l0SFCr+lIkp0PlUCJ/HbUqZgOBet2dihsTD3JqVwi7Mtvlux
TNx36zr/DZF8AlmwFQAXJ64pYKagm9GQhJ7CTWVeQXvaZdfy7d+LbaNEhqOpK8pH
UfMwxYD1i7qG6z9uya5AJ1p2d95llsJnHcGfd7Dlvn9vAfxCb6Xh91Y2ra2NZIxi
Qr6Fjb/DmRitf1rlIeisoNr8xk7ysP6169t9m01NO8s13Q95Z3jbJTVGLJiDSuCI
it/6rsX/KSW5PJBK1F7I3b95AgMBAAGjggKYMIIClDAdBgNVHQ4EFgQUSI5yQHdO
G+c/qNfUNdrp65BSf18wHwYDVR0jBBgwFoAUSoo5XlVsx/Garmqwav8GeUSVa0Yw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUNGRDVBLzIzNzVCMzA2Qjk0
NTExRUVCQjgxODgzNEM0RjlBRTAyL1NvbzVYbFZzeF9HYXJtcXdhdjhHZVVTVmEw
WS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvU29vNVhsVnN4X0dhcm1xd2F2OEdlVVNWYTBZLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFD
RkQ1QS8yMzc1QjMwNkI5NDUxMUVFQkI4MTg4MzRDNEY5QUUwMi9ENjBCMUJDQ0I5
QUYxMUVFOTdFRURCNDlDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAiBggrBgEFBQcBBwEB/wQT
MBEwDwQCAAIwCQMHACABDfNlQDANBgkqhkiG9w0BAQsFAAOCAQEASI+n4rcZ+NOW
eG9jLicZ+JfpGAFYoQ4YF7ialsQewfunCr4stBd4yp9IOg+gsXs4tQ6Mp9zjjFHi
51TK1FzAezmybc3UQlKpDHOkxMxRg8Koml+rHMmAjZxHJw8BakvxpbuNXTgYxNa9
6Jw9c1drAfJxCQhxDGEPnFtes6JZ6MAD62VjmFzyQev+TIZnx5NEqLXPNdyk+OQH
iuXZipGvs3z2rjKoQQBXMRhpR3/Qh0SzBXq4QKjHzFm7c2NKrGIEq+XTal35u4eb
6M9sCKmrtVLSrW7jjS+lNSgH/VWnaDu/J+LRCkkpPqDCwhcdsSVP297Yr283lvrM
6UfGGRyB5A==
-----END CERTIFICATE-----
Generated at Sat Nov 23 06:13:23 2024 by rpki-client on console-ams.rpki-client.org