Route Origin Authorization

$ rpki-client -vvf rpki.apernet.io/repo/APERNET/1/323430363a343434303a31303a3a2f34342d3438203d3e20313432363431.roa
File:                     323430363a343434303a31303a3a2f34342d3438203d3e20313432363431.roa (raw, json)
Hash identifier:          kephFAfMBUWrp4aoQeSmcgT2sE6soRtS1tegFMCEkDE=
Subject key identifier:   61:FD:ED:5D:65:32:79:24:3E:88:70:CB:F1:59:EB:4A:2E:BE:44:B4
Certificate issuer:       /CN=FCB1805FA7AE22D565E0A502D08D37EB2BD837A7
Certificate serial:       42BF4CA9D1862D6A5225435B93895B819BDB6FF3
Authority key identifier: FC:B1:80:5F:A7:AE:22:D5:65:E0:A5:02:D0:8D:37:EB:2B:D8:37:A7
Authority info access:    rsync://sakuya.nat.moe/repo/NATOCA/1/FCB1805FA7AE22D565E0A502D08D37EB2BD837A7.cer
Subject info access:      rsync://rpki.apernet.io/repo/APERNET/1/323430363a343434303a31303a3a2f34342d3438203d3e20313432363431.roa
Signing time:             Wed 14 May 2025 18:00:00 +0000
ROA not before:           Wed 14 May 2025 17:55:00 +0000
ROA not after:            Thu 14 May 2026 18:00:00 +0000
asID:                     142641
IP address blocks:        2406:4440:10::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.apernet.io/repo/APERNET/1/FCB1805FA7AE22D565E0A502D08D37EB2BD837A7.crl
                          rsync://rpki.apernet.io/repo/APERNET/1/FCB1805FA7AE22D565E0A502D08D37EB2BD837A7.mft
                          rsync://sakuya.nat.moe/repo/NATOCA/1/FCB1805FA7AE22D565E0A502D08D37EB2BD837A7.cer
                          rsync://sakuya.nat.moe/repo/NATOCA/1/5A179648B3EF2369DCE7BDB58140FF7DC7060ABF.crl
                          rsync://sakuya.nat.moe/repo/NATOCA/1/5A179648B3EF2369DCE7BDB58140FF7DC7060ABF.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/WheWSLPvI2nc5721gUD_fccGCr8.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 06 Jun 2025 05:30:00 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            42:bf:4c:a9:d1:86:2d:6a:52:25:43:5b:93:89:5b:81:9b:db:6f:f3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=FCB1805FA7AE22D565E0A502D08D37EB2BD837A7
        Validity
            Not Before: May 14 17:55:00 2025 GMT
            Not After : May 14 18:00:00 2026 GMT
        Subject: CN=3082010A0282010100C92D7CD4D5BA119B9BBB6D9EACFDE65511002418E57E185A90321EECD65566BBECEC9A0F826127682CC0F2D81A2D2A8317CD1B43C6B503C623B8B6134387260813147EF01CB4E90C8DDA637D3878CD21DE61C87FFD8F65F0ADB501E627F8C122B1D9800239463DF5D2CAFB9D085FC39D6BB1B792CDDBD2BB05F6BE5A715DEFC51103012385A35A94B59DAB1D9D354FD341D1DCCDFAAE487D4197BB8D63C22579889D3CBFA3C24B533AAF8E4AC6CAB47E3CD24503218A0FDFE1F6B8B95E9783C94537C4CD63792B080F6C4A41442B1D7D2892BACF34F62D967E01C5F12516B839324B05BACD15D9793269CFCCD38AB1DE3733D0CB66AA81C796B5B7477FF368C10203010001
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:2d:7c:d4:d5:ba:11:9b:9b:bb:6d:9e:ac:fd:
                    e6:55:11:00:24:18:e5:7e:18:5a:90:32:1e:ec:d6:
                    55:66:bb:ec:ec:9a:0f:82:61:27:68:2c:c0:f2:d8:
                    1a:2d:2a:83:17:cd:1b:43:c6:b5:03:c6:23:b8:b6:
                    13:43:87:26:08:13:14:7e:f0:1c:b4:e9:0c:8d:da:
                    63:7d:38:78:cd:21:de:61:c8:7f:fd:8f:65:f0:ad:
                    b5:01:e6:27:f8:c1:22:b1:d9:80:02:39:46:3d:f5:
                    d2:ca:fb:9d:08:5f:c3:9d:6b:b1:b7:92:cd:db:d2:
                    bb:05:f6:be:5a:71:5d:ef:c5:11:03:01:23:85:a3:
                    5a:94:b5:9d:ab:1d:9d:35:4f:d3:41:d1:dc:cd:fa:
                    ae:48:7d:41:97:bb:8d:63:c2:25:79:88:9d:3c:bf:
                    a3:c2:4b:53:3a:af:8e:4a:c6:ca:b4:7e:3c:d2:45:
                    03:21:8a:0f:df:e1:f6:b8:b9:5e:97:83:c9:45:37:
                    c4:cd:63:79:2b:08:0f:6c:4a:41:44:2b:1d:7d:28:
                    92:ba:cf:34:f6:2d:96:7e:01:c5:f1:25:16:b8:39:
                    32:4b:05:ba:cd:15:d9:79:32:69:cf:cc:d3:8a:b1:
                    de:37:33:d0:cb:66:aa:81:c7:96:b5:b7:47:7f:f3:
                    68:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:FD:ED:5D:65:32:79:24:3E:88:70:CB:F1:59:EB:4A:2E:BE:44:B4
            X509v3 Authority Key Identifier:
                keyid:FC:B1:80:5F:A7:AE:22:D5:65:E0:A5:02:D0:8D:37:EB:2B:D8:37:A7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apernet.io/repo/APERNET/1/FCB1805FA7AE22D565E0A502D08D37EB2BD837A7.crl

            Authority Information Access:
                CA Issuers - URI:rsync://sakuya.nat.moe/repo/NATOCA/1/FCB1805FA7AE22D565E0A502D08D37EB2BD837A7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apernet.io/repo/APERNET/1/323430363a343434303a31303a3a2f34342d3438203d3e20313432363431.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:4440:10::/44

    Signature Algorithm: sha256WithRSAEncryption
         ca:28:43:f0:56:4d:73:f7:93:1e:06:c9:a9:5b:65:f7:05:92:
         ba:8e:49:31:86:98:2c:2c:c9:4a:07:3a:d2:f9:e8:3e:72:68:
         21:bd:31:76:98:7c:f3:d9:fc:57:00:c9:0f:ff:04:8f:52:17:
         cb:95:ee:82:15:3b:70:fd:ca:29:f8:1d:a8:6a:c6:ec:e0:67:
         e1:c6:4f:5e:44:ea:58:d6:0c:04:8b:5b:f8:4d:1f:d0:91:eb:
         18:ff:7f:b0:04:4b:61:f1:b0:17:06:17:96:39:99:22:b7:43:
         45:7c:7d:aa:78:6d:4f:c4:b9:30:69:a9:1c:d9:28:68:a5:61:
         56:c3:4a:3f:9a:3f:1d:c7:8a:0b:68:63:2f:28:b8:4a:e1:32:
         81:67:d8:2a:56:8b:7b:cd:b1:37:f6:43:23:65:68:fa:88:ce:
         d1:9f:dd:ca:05:68:42:d6:c6:62:64:37:87:71:1b:1f:a6:23:
         49:bb:f6:f9:bb:a0:48:b8:5d:a7:48:43:43:fb:1a:73:9d:b4:
         85:d3:ed:71:5c:3d:a6:23:2c:50:d9:2f:8e:b5:e8:98:68:68:
         70:3d:38:d1:38:cf:de:bd:86:d6:ed:d0:b2:98:c0:8a:73:c1:
         39:78:20:8b:ca:4e:78:bf:12:5b:8f:27:72:df:f3:94:d9:eb:
         22:6b:3f:26
-----BEGIN CERTIFICATE-----
MIIG3zCCBcegAwIBAgIUQr9MqdGGLWpSJUNbk4lbgZvbb/MwDQYJKoZIhvcNAQEL
BQAwMzExMC8GA1UEAxMoRkNCMTgwNUZBN0FFMjJENTY1RTBBNTAyRDA4RDM3RUIy
QkQ4MzdBNzAeFw0yNTA1MTQxNzU1MDBaFw0yNjA1MTQxODAwMDBaMIICLTGCAikw
ggIlBgNVBAMTggIcMzA4MjAxMEEwMjgyMDEwMTAwQzkyRDdDRDRENUJBMTE5QjlC
QkI2RDlFQUNGREU2NTUxMTAwMjQxOEU1N0UxODVBOTAzMjFFRUNENjU1NjZCQkVD
RUM5QTBGODI2MTI3NjgyQ0MwRjJEODFBMkQyQTgzMTdDRDFCNDNDNkI1MDNDNjIz
QjhCNjEzNDM4NzI2MDgxMzE0N0VGMDFDQjRFOTBDOEREQTYzN0QzODc4Q0QyMURF
NjFDODdGRkQ4RjY1RjBBREI1MDFFNjI3RjhDMTIyQjFEOTgwMDIzOTQ2M0RGNUQy
Q0FGQjlEMDg1RkMzOUQ2QkIxQjc5MkNEREJEMkJCMDVGNkJFNUE3MTVERUZDNTEx
MDMwMTIzODVBMzVBOTRCNTlEQUIxRDlEMzU0RkQzNDFEMURDQ0RGQUFFNDg3RDQx
OTdCQjhENjNDMjI1Nzk4ODlEM0NCRkEzQzI0QjUzM0FBRjhFNEFDNkNBQjQ3RTND
RDI0NTAzMjE4QTBGREZFMUY2QjhCOTVFOTc4M0M5NDUzN0M0Q0Q2Mzc5MkIwODBG
NkM0QTQxNDQyQjFEN0QyODkyQkFDRjM0RjYyRDk2N0UwMUM1RjEyNTE2QjgzOTMy
NEIwNUJBQ0QxNUQ5NzkzMjY5Q0ZDQ0QzOEFCMURFMzczM0QwQ0I2NkFBODFDNzk2
QjVCNzQ3N0ZGMzY4QzEwMjAzMDEwMDAxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
MIIBCgKCAQEAyS181NW6EZubu22erP3mVREAJBjlfhhakDIe7NZVZrvs7JoPgmEn
aCzA8tgaLSqDF80bQ8a1A8YjuLYTQ4cmCBMUfvActOkMjdpjfTh4zSHeYch//Y9l
8K21AeYn+MEisdmAAjlGPfXSyvudCF/DnWuxt5LN29K7Bfa+WnFd78URAwEjhaNa
lLWdqx2dNU/TQdHczfquSH1Bl7uNY8IleYidPL+jwktTOq+OSsbKtH480kUDIYoP
3+H2uLlel4PJRTfEzWN5KwgPbEpBRCsdfSiSus809i2WfgHF8SUWuDkySwW6zRXZ
eTJpz8zTirHeNzPQy2aqgceWtbdHf/NowQIDAQABo4IB7TCCAekwHQYDVR0OBBYE
FGH97V1lMnkkPohwy/FZ60ouvkS0MB8GA1UdIwQYMBaAFPyxgF+nriLVZeClAtCN
N+sr2DenMA4GA1UdDwEB/wQEAwIHgDBkBgNVHR8EXTBbMFmgV6BVhlNyc3luYzov
L3Jwa2kuYXBlcm5ldC5pby9yZXBvL0FQRVJORVQvMS9GQ0IxODA1RkE3QUUyMkQ1
NjVFMEE1MDJEMDhEMzdFQjJCRDgzN0E3LmNybDBtBggrBgEFBQcBAQRhMF8wXQYI
KwYBBQUHMAKGUXJzeW5jOi8vc2FrdXlhLm5hdC5tb2UvcmVwby9OQVRPQ0EvMS9G
Q0IxODA1RkE3QUUyMkQ1NjVFMEE1MDJEMDhEMzdFQjJCRDgzN0E3LmNlcjCBgwYI
KwYBBQUHAQsEdzB1MHMGCCsGAQUFBzALhmdyc3luYzovL3Jwa2kuYXBlcm5ldC5p
by9yZXBvL0FQRVJORVQvMS8zMjM0MzAzNjNhMzQzNDM0MzAzYTMxMzAzYTNhMmYz
NDM0MmQzNDM4MjAzZDNlMjAzMTM0MzIzNjM0MzEucm9hMBgGA1UdIAEB/wQOMAww
CgYIKwYBBQUHDgIwIgYIKwYBBQUHAQcBAf8EEzARMA8EAgACMAkDBwQkBkRAABAw
DQYJKoZIhvcNAQELBQADggEBAMooQ/BWTXP3kx4GyalbZfcFkrqOSTGGmCwsyUoH
OtL56D5yaCG9MXaYfPPZ/FcAyQ//BI9SF8uV7oIVO3D9yin4HahqxuzgZ+HGT15E
6ljWDASLW/hNH9CR6xj/f7AES2HxsBcGF5Y5mSK3Q0V8fap4bU/EuTBpqRzZKGil
YVbDSj+aPx3HigtoYy8ouErhMoFn2CpWi3vNsTf2QyNlaPqIztGf3coFaELWxmJk
N4dxGx+mI0m79vm7oEi4XadIQ0P7GnOdtIXT7XFcPaYjLFDZL4616JhoaHA9ONE4
z969htbt0LKYwIpzwTl4IIvKTni/EluPJ3Lf85TZ6yJrPyY=
-----END CERTIFICATE-----