Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91F1ADD/DFAD9A1CF13211EB8AB4D44AC4F9AE02/06729B36D8B011EEB5C9AD7AC4F9AE02.roa
File:                     06729B36D8B011EEB5C9AD7AC4F9AE02.roa (raw, json)
Hash identifier:          IcWvDvyoSVOByNJk3J7qEysmig3xjiTsoHpr6v9+elI=
Subject key identifier:   97:8F:10:18:2D:AC:BB:83:9B:D1:61:F7:24:98:1B:FA:CC:4D:06:87
Certificate issuer:       /CN=A91F1ADD/serialNumber=95460D1585021D39EAD7DD5BB2B553BF474AC943
Certificate serial:       047B
Authority key identifier: 95:46:0D:15:85:02:1D:39:EA:D7:DD:5B:B2:B5:53:BF:47:4A:C9:43
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/lUYNFYUCHTnq191bsrVTv0dKyUM.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91F1ADD/DFAD9A1CF13211EB8AB4D44AC4F9AE02/06729B36D8B011EEB5C9AD7AC4F9AE02.roa
Signing time:             Sat 02 Mar 2024 16:15:03 +0000
ROA not before:           Sat 02 Mar 2024 16:15:03 +0000
ROA not after:            Sun 02 Mar 2025 00:00:00 +0000
asID:                     138497
IP address blocks:        2404:18c0::/32 maxlen: 32

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91F1ADD/DFAD9A1CF13211EB8AB4D44AC4F9AE02/lUYNFYUCHTnq191bsrVTv0dKyUM.crl
                          rsync://rpki.apnic.net/member_repository/A91F1ADD/DFAD9A1CF13211EB8AB4D44AC4F9AE02/lUYNFYUCHTnq191bsrVTv0dKyUM.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/lUYNFYUCHTnq191bsrVTv0dKyUM.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 29 Nov 2024 20:43:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1147 (0x47b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F1ADD/serialNumber=95460D1585021D39EAD7DD5BB2B553BF474AC943
        Validity
            Not Before: Mar  2 16:15:03 2024 GMT
            Not After : Mar  2 00:00:00 2025 GMT
        Subject: CN=65e35087-24f6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:d7:4b:96:49:67:89:ff:12:05:8c:0d:7f:e9:
                    ce:68:4b:c9:b2:02:1b:29:c5:ad:5c:d9:e0:d7:65:
                    a1:d4:0c:e0:00:c3:89:0c:db:54:52:69:14:fc:bf:
                    5f:56:01:b3:36:b8:6a:95:50:cf:eb:91:9d:77:17:
                    26:76:ab:75:4f:93:4b:41:20:54:77:76:c3:97:d5:
                    6b:aa:1e:2d:4d:99:9b:f2:72:83:16:75:57:09:46:
                    fb:21:76:04:b4:32:be:2c:4e:0a:f6:ba:d9:a3:0d:
                    fc:dc:ba:09:f3:98:19:b2:0d:0f:df:04:9d:c7:80:
                    64:2c:ac:23:03:7b:47:ae:54:88:28:f9:41:9c:4e:
                    cd:dc:0d:cb:ec:a0:99:45:68:99:eb:88:e9:ae:47:
                    14:3d:fc:89:5b:6e:61:6b:3c:c9:a5:cb:e4:c6:a2:
                    14:8d:26:3d:f4:67:78:39:7b:79:49:a6:40:cf:57:
                    b2:c8:b9:8a:de:9f:ff:4b:de:82:c7:f3:8c:ae:80:
                    3a:2b:34:f7:3c:8b:59:fd:c1:97:4c:6a:09:fe:40:
                    3e:0c:52:bd:2b:af:85:92:84:58:57:82:7c:ff:23:
                    bc:94:51:19:ca:1a:23:f0:c6:be:6a:88:21:de:a6:
                    be:fc:13:ee:e6:71:cc:a1:f3:a2:b5:27:7c:b3:c1:
                    c5:63
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                97:8F:10:18:2D:AC:BB:83:9B:D1:61:F7:24:98:1B:FA:CC:4D:06:87
            X509v3 Authority Key Identifier:
                keyid:95:46:0D:15:85:02:1D:39:EA:D7:DD:5B:B2:B5:53:BF:47:4A:C9:43

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91F1ADD/DFAD9A1CF13211EB8AB4D44AC4F9AE02/lUYNFYUCHTnq191bsrVTv0dKyUM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/lUYNFYUCHTnq191bsrVTv0dKyUM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91F1ADD/DFAD9A1CF13211EB8AB4D44AC4F9AE02/06729B36D8B011EEB5C9AD7AC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2404:18c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         57:33:1f:59:44:13:20:ca:7f:61:8e:64:20:d8:60:6f:70:b1:
         de:e8:e5:05:b2:c0:49:ad:9d:4f:13:5f:9b:75:55:ae:75:9f:
         8b:c1:bd:b3:72:6a:26:d0:59:e1:a1:74:18:32:71:fb:36:d2:
         ee:69:4d:6f:e5:e0:4a:71:44:84:25:bf:7f:c8:ae:7e:60:36:
         69:7f:d3:a4:9c:69:74:87:6a:a4:d4:81:28:93:d4:80:c5:38:
         cd:9b:59:36:59:09:37:a9:44:bd:42:e2:6d:81:df:c4:f6:8a:
         24:ca:af:b2:07:d2:30:85:d9:84:b0:89:2a:e7:c9:61:1d:3e:
         91:b0:f8:28:75:46:74:4a:c2:70:d0:c5:3f:74:f1:81:95:17:
         2f:0f:60:f3:e1:3a:c8:e9:01:b3:da:4d:fd:00:af:ba:1c:bc:
         0e:9b:83:17:85:39:6d:59:f0:16:29:e9:56:1a:6d:03:41:46:
         55:b2:aa:00:5b:11:e3:2a:a2:7d:38:6a:3b:84:65:f3:58:8e:
         28:75:60:1b:81:ad:cd:b4:f4:b2:0d:51:6b:57:18:e3:b4:b6:
         4c:e3:4a:9a:dc:e1:3b:32:24:ee:bd:70:68:bb:bf:f4:52:2b:
         aa:2e:f2:cc:8c:1c:e0:4b:4c:5a:89:ed:0b:ea:c0:7a:a9:ab:
         bc:8b:5c:b9
-----BEGIN CERTIFICATE-----
MIIFcjCCBFqgAwIBAgICBHswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RjFBREQxMTAvBgNVBAUTKDk1NDYwRDE1ODUwMjFEMzlFQUQ3REQ1QkIyQjU1M0JG
NDc0QUM5NDMwHhcNMjQwMzAyMTYxNTAzWhcNMjUwMzAyMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWUzNTA4Ny0yNGY2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA3NdLlklnif8SBYwNf+nOaEvJsgIbKcWtXNng12Wh1AzgAMOJDNtUUmkU/L9f
VgGzNrhqlVDP65Gddxcmdqt1T5NLQSBUd3bDl9Vrqh4tTZmb8nKDFnVXCUb7IXYE
tDK+LE4K9rrZow383LoJ85gZsg0P3wSdx4BkLKwjA3tHrlSIKPlBnE7N3A3L7KCZ
RWiZ64jprkcUPfyJW25hazzJpcvkxqIUjSY99Gd4OXt5SaZAz1eyyLmK3p//S96C
x/OMroA6KzT3PItZ/cGXTGoJ/kA+DFK9K6+FkoRYV4J8/yO8lFEZyhoj8Ma+aogh
3qa+/BPu5nHMofOitSd8s8HFYwIDAQABo4ICljCCApIwHQYDVR0OBBYEFJePEBgt
rLuDm9Fh9ySYG/rMTQaHMB8GA1UdIwQYMBaAFJVGDRWFAh056tfdW7K1U79HSslD
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGMUFERC9ERkFEOUExQ0Yx
MzIxMUVCOEFCNEQ0NEFDNEY5QUUwMi9sVVlORllVQ0hUbnExOTFic3JWVHYwZEt5
VU0uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2xVWU5GWVVDSFRucTE5MWJzclZUdjBkS3lVTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RjFBREQvREZBRDlBMUNGMTMyMTFFQjhBQjRENDRBQzRGOUFFMDIvMDY3MjlCMzZE
OEIwMTFFRUI1QzlBRDdBQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwIAYIKwYBBQUHAQcBAf8E
ETAPMA0EAgACMAcDBQAkBBjAMA0GCSqGSIb3DQEBCwUAA4IBAQBXMx9ZRBMgyn9h
jmQg2GBvcLHe6OUFssBJrZ1PE1+bdVWudZ+Lwb2zcmom0FnhoXQYMnH7NtLuaU1v
5eBKcUSEJb9/yK5+YDZpf9OknGl0h2qk1IEok9SAxTjNm1k2WQk3qUS9QuJtgd/E
9ookyq+yB9IwhdmEsIkq58lhHT6RsPgodUZ0SsJw0MU/dPGBlRcvD2Dz4TrI6QGz
2k39AK+6HLwOm4MXhTltWfAWKelWGm0DQUZVsqoAWxHjKqJ9OGo7hGXzWI4odWAb
ga3NtPSyDVFrVxjjtLZM40qa3OE7MiTuvXBou7/0UiuqLvLMjBzgS0xaie0L6sB6
qau8i1y5
-----END CERTIFICATE-----
Generated at Sat Nov 23 00:49:38 2024 by rpki-client on console-fra.rpki-client.org