Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91187FD/55ED6A1610A011EE93493C52C4F9AE02/F95B12AEBF7111EE806CB182C4F9AE02.roa
File:                     F95B12AEBF7111EE806CB182C4F9AE02.roa (raw, json)
Hash identifier:          Br7cxnel2bKrqbecypJbMhOgmv6ySKR2YnjsqUVdIDA=
Subject key identifier:   BA:76:B8:50:E8:00:EF:50:2D:FC:45:77:9E:52:49:AB:30:B0:B0:8B
Certificate issuer:       /CN=A91187FD/serialNumber=68852AB7F2714FCF54D75F0AAE3068ADC38B35CC
Certificate serial:       B9
Authority key identifier: 68:85:2A:B7:F2:71:4F:CF:54:D7:5F:0A:AE:30:68:AD:C3:8B:35:CC
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/aIUqt_JxT89U118KrjBorcOLNcw.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91187FD/55ED6A1610A011EE93493C52C4F9AE02/F95B12AEBF7111EE806CB182C4F9AE02.roa
Signing time:             Tue 30 Jan 2024 13:17:53 +0000
ROA not before:           Tue 30 Jan 2024 13:17:53 +0000
ROA not after:            Mon 30 Sep 2024 00:00:00 +0000
asID:                     151062
IP address blocks:        2401:3fa0:120::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91187FD/55ED6A1610A011EE93493C52C4F9AE02/aIUqt_JxT89U118KrjBorcOLNcw.crl
                          rsync://rpki.apnic.net/member_repository/A91187FD/55ED6A1610A011EE93493C52C4F9AE02/aIUqt_JxT89U118KrjBorcOLNcw.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/aIUqt_JxT89U118KrjBorcOLNcw.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 24 May 2024 06:44:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 185 (0xb9)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91187FD/serialNumber=68852AB7F2714FCF54D75F0AAE3068ADC38B35CC
        Validity
            Not Before: Jan 30 13:17:53 2024 GMT
            Not After : Sep 30 00:00:00 2024 GMT
        Subject: CN=65b8f701-af60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c6:11:eb:d1:98:b2:77:ed:1e:21:44:f7:48:dd:
                    54:e4:fc:2c:62:02:37:4a:6c:3c:71:88:6a:de:d4:
                    1a:6d:43:1f:d4:40:23:f6:ec:ec:8a:5f:ee:67:0f:
                    7e:e6:45:87:e3:03:c1:f2:be:1b:be:11:38:a0:8d:
                    86:5d:c5:e7:76:70:2f:ce:18:e7:d9:3e:80:0d:44:
                    d5:e9:8c:de:75:ae:38:96:35:e8:f2:85:81:b3:63:
                    38:c4:22:69:02:48:c6:29:ec:07:98:24:b9:92:aa:
                    87:74:c8:d9:5a:b9:2c:e9:ac:ac:b2:f9:6a:2c:70:
                    8f:11:8a:92:72:45:66:df:37:d8:6a:0c:9d:31:e7:
                    e6:c0:75:bf:16:fe:6c:fb:83:0d:a9:6d:9b:a6:68:
                    93:c7:61:3f:33:56:16:d2:e1:91:48:19:fa:a1:17:
                    c8:72:ed:f4:5a:7c:4a:99:f5:3d:7c:b1:c0:32:28:
                    1f:f9:84:e7:10:ae:bc:98:73:aa:c4:cd:52:ee:8f:
                    63:38:3f:ee:a3:af:79:e5:75:ac:70:ad:a3:d8:c2:
                    8d:c5:6a:3f:b5:70:ec:c8:6d:48:60:7a:2f:b3:51:
                    8c:6f:09:cf:43:5c:15:32:f6:57:17:9e:fd:0d:c7:
                    e9:d7:12:c5:e0:e6:11:1a:fb:ca:2a:3d:4e:00:94:
                    aa:29
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BA:76:B8:50:E8:00:EF:50:2D:FC:45:77:9E:52:49:AB:30:B0:B0:8B
            X509v3 Authority Key Identifier:
                keyid:68:85:2A:B7:F2:71:4F:CF:54:D7:5F:0A:AE:30:68:AD:C3:8B:35:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91187FD/55ED6A1610A011EE93493C52C4F9AE02/aIUqt_JxT89U118KrjBorcOLNcw.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/aIUqt_JxT89U118KrjBorcOLNcw.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91187FD/55ED6A1610A011EE93493C52C4F9AE02/F95B12AEBF7111EE806CB182C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2401:3fa0:120::/44

    Signature Algorithm: sha256WithRSAEncryption
         4f:52:f9:9e:cf:85:63:26:e6:05:79:f2:eb:32:99:b2:45:97:
         04:8e:8e:a8:02:11:bd:11:5a:ea:d7:39:b2:8c:20:97:c2:20:
         91:85:81:9f:f8:ea:f1:17:66:79:c4:04:5e:44:99:52:c7:79:
         16:7e:ac:60:9f:1a:4d:3b:b4:ca:fd:f8:23:57:aa:8c:22:6a:
         c9:e8:48:60:de:b3:3e:62:11:76:ea:7f:a9:24:c6:10:90:85:
         16:5c:f2:e9:88:9c:93:a6:8d:c3:c4:0f:e2:0d:ac:c5:f2:3c:
         cc:1b:81:52:da:6f:c3:05:1f:21:61:1c:e1:a4:95:c5:b7:e6:
         1b:fd:cd:82:0a:e9:3a:61:18:5b:5a:6c:ad:69:b8:fc:36:54:
         ae:29:c2:a9:85:81:2f:63:3c:28:99:4b:e7:82:19:c9:bf:7a:
         1b:c8:ed:41:e1:f9:b2:10:4b:b4:45:c3:22:cc:49:13:a0:31:
         9e:ec:68:7b:62:7c:82:ce:59:cc:02:68:9e:5b:e7:23:c5:ec:
         6e:5b:55:c6:5b:cc:87:35:e4:2e:15:7c:5b:6d:c7:3a:fa:10:
         f4:92:4c:c8:f4:43:25:a7:1c:46:8c:b6:cf:2d:b4:c7:e6:97:
         81:b2:3c:c0:23:54:ec:5c:5a:af:7d:ff:63:69:62:b9:52:69:
         e0:88:cc:3d
-----BEGIN CERTIFICATE-----
MIIFdDCCBFygAwIBAgICALkwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MTg3RkQxMTAvBgNVBAUTKDY4ODUyQUI3RjI3MTRGQ0Y1NEQ3NUYwQUFFMzA2OEFE
QzM4QjM1Q0MwHhcNMjQwMTMwMTMxNzUzWhcNMjQwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWI4ZjcwMS1hZjYwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAxhHr0Ziyd+0eIUT3SN1U5PwsYgI3Smw8cYhq3tQabUMf1EAj9uzsil/uZw9+
5kWH4wPB8r4bvhE4oI2GXcXndnAvzhjn2T6ADUTV6Yzeda44ljXo8oWBs2M4xCJp
AkjGKewHmCS5kqqHdMjZWrks6ayssvlqLHCPEYqSckVm3zfYagydMefmwHW/Fv5s
+4MNqW2bpmiTx2E/M1YW0uGRSBn6oRfIcu30WnxKmfU9fLHAMigf+YTnEK68mHOq
xM1S7o9jOD/uo6955XWscK2j2MKNxWo/tXDsyG1IYHovs1GMbwnPQ1wVMvZXF579
Dcfp1xLF4OYRGvvKKj1OAJSqKQIDAQABo4ICmDCCApQwHQYDVR0OBBYEFLp2uFDo
AO9QLfxFd55SSaswsLCLMB8GA1UdIwQYMBaAFGiFKrfycU/PVNdfCq4waK3DizXM
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTExODdGRC81NUVENkExNjEw
QTAxMUVFOTM0OTNDNTJDNEY5QUUwMi9hSVVxdF9KeFQ4OVUxMThLcmpCb3JjT0xO
Y3cuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2FJVXF0X0p4VDg5VTExOEtyakJvcmNPTE5jdy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MTg3RkQvNTVFRDZBMTYxMEEwMTFFRTkzNDkzQzUyQzRGOUFFMDIvRjk1QjEyQUVC
RjcxMTFFRTgwNkNCMTgyQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwIgYIKwYBBQUHAQcBAf8E
EzARMA8EAgACMAkDBwQkAT+gASAwDQYJKoZIhvcNAQELBQADggEBAE9S+Z7PhWMm
5gV58usymbJFlwSOjqgCEb0RWurXObKMIJfCIJGFgZ/46vEXZnnEBF5EmVLHeRZ+
rGCfGk07tMr9+CNXqowiasnoSGDesz5iEXbqf6kkxhCQhRZc8umInJOmjcPED+IN
rMXyPMwbgVLab8MFHyFhHOGklcW35hv9zYIK6TphGFtabK1puPw2VK4pwqmFgS9j
PCiZS+eCGcm/ehvI7UHh+bIQS7RFwyLMSROgMZ7saHtifILOWcwCaJ5b5yPF7G5b
VcZbzIc15C4VfFttxzr6EPSSTMj0QyWnHEaMts8ttMfml4GyPMAjVOxcWq99/2Np
YrlSaeCIzD0=
-----END CERTIFICATE-----
Generated at Fri May 17 08:13:47 2024 by rpki-client on console-fra.rpki-client.org