Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A911BDA9/36A530F644BD11EFB73DB77BC4F9AE02/723720464ABE11EFA87EE85BC4F9AE02.roa
File:                     723720464ABE11EFA87EE85BC4F9AE02.roa (raw, json)
Hash identifier:          3HXgfR2xDybCR9JbXAm4K9BmBrTeyB6NLob5uNWXRyE=
Subject key identifier:   EC:B1:21:17:6E:88:C5:0B:5C:0D:51:BB:C2:74:62:C9:BC:FE:BB:A0
Certificate issuer:       /CN=A911BDA9/serialNumber=B4E7E344ADCE36D84F1F3ABCCD14B24C1512BBAA
Certificate serial:       07
Authority key identifier: B4:E7:E3:44:AD:CE:36:D8:4F:1F:3A:BC:CD:14:B2:4C:15:12:BB:AA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/tOfjRK3ONthPHzq8zRSyTBUSu6o.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A911BDA9/36A530F644BD11EFB73DB77BC4F9AE02/723720464ABE11EFA87EE85BC4F9AE02.roa
Signing time:             Thu 25 Jul 2024 19:45:29 +0000
ROA not before:           Thu 25 Jul 2024 19:45:29 +0000
ROA not after:            Fri 31 Oct 2025 00:00:00 +0000
asID:                     153169
IP address blocks:        2001:df4:13c0::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A911BDA9/36A530F644BD11EFB73DB77BC4F9AE02/tOfjRK3ONthPHzq8zRSyTBUSu6o.crl
                          rsync://rpki.apnic.net/member_repository/A911BDA9/36A530F644BD11EFB73DB77BC4F9AE02/tOfjRK3ONthPHzq8zRSyTBUSu6o.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/tOfjRK3ONthPHzq8zRSyTBUSu6o.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 02 Dec 2024 04:55:44 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 7 (0x7)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A911BDA9/serialNumber=B4E7E344ADCE36D84F1F3ABCCD14B24C1512BBAA
        Validity
            Not Before: Jul 25 19:45:29 2024 GMT
            Not After : Oct 31 00:00:00 2025 GMT
        Subject: CN=66a2ab59-8747
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:a5:8f:77:67:1e:0e:47:91:77:1f:54:31:36:
                    87:7b:80:ee:3c:f3:b2:71:00:45:75:0b:93:f2:22:
                    8d:e9:0e:71:20:79:ca:36:41:39:7c:f0:ab:47:56:
                    02:aa:f1:1f:c9:d9:32:2a:3d:43:66:95:04:3b:e7:
                    50:d3:8f:c4:67:7e:46:33:21:98:1d:09:d2:c7:99:
                    f2:cd:1e:51:36:cb:9f:c0:37:5a:3d:ef:68:16:6f:
                    2d:44:7f:75:53:69:ea:58:a1:7f:18:ad:62:42:a4:
                    f7:ec:98:f0:e6:73:70:4a:ed:e3:00:b7:a4:63:d7:
                    bd:61:a8:ff:02:3a:47:7a:d2:b5:2c:c0:3c:58:a0:
                    38:b2:29:b8:65:f6:1f:9d:25:9d:32:1c:ca:e5:4d:
                    5d:b5:34:f6:ab:32:20:91:6f:17:ee:44:36:6a:a9:
                    f5:58:3a:da:f5:84:de:8b:b5:da:dd:79:71:52:eb:
                    b0:a0:08:d8:c9:15:05:2a:59:5b:b3:00:9f:de:a7:
                    5a:78:3f:0d:8e:49:01:ad:39:8c:92:79:40:5f:13:
                    ad:ec:00:69:1f:57:05:7c:19:09:c9:19:16:6b:58:
                    33:2b:8e:5d:58:12:6e:97:15:cc:fc:2d:90:7c:e8:
                    a0:ad:6d:b5:d3:98:8d:7f:6c:de:05:1a:9b:7f:cd:
                    71:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EC:B1:21:17:6E:88:C5:0B:5C:0D:51:BB:C2:74:62:C9:BC:FE:BB:A0
            X509v3 Authority Key Identifier:
                keyid:B4:E7:E3:44:AD:CE:36:D8:4F:1F:3A:BC:CD:14:B2:4C:15:12:BB:AA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A911BDA9/36A530F644BD11EFB73DB77BC4F9AE02/tOfjRK3ONthPHzq8zRSyTBUSu6o.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/tOfjRK3ONthPHzq8zRSyTBUSu6o.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A911BDA9/36A530F644BD11EFB73DB77BC4F9AE02/723720464ABE11EFA87EE85BC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:df4:13c0::/48

    Signature Algorithm: sha256WithRSAEncryption
         26:61:31:b6:7d:32:26:c1:0b:5f:f4:52:47:4c:e6:c2:dc:5e:
         a1:fc:37:18:f0:0e:0b:be:28:24:10:b9:77:23:9a:7e:9d:f8:
         11:07:af:43:3e:9a:3a:d9:aa:50:39:2c:17:2f:b9:f5:3e:53:
         fa:e3:c3:a0:e1:56:0b:d5:5f:29:e0:df:dc:03:75:1c:95:27:
         cb:97:c3:a9:5f:3f:ce:e7:f3:ba:74:43:04:74:1f:fb:7f:2f:
         a5:00:5a:f1:93:5d:e6:41:72:62:49:31:29:c5:e3:6a:80:c2:
         ad:2c:44:83:64:cb:7b:4d:66:16:6d:d4:e6:94:ce:e9:c5:8b:
         eb:b2:7b:9d:e8:c1:ac:d0:20:48:ea:f6:54:44:81:06:c8:d8:
         cd:af:a1:bb:84:e8:20:bf:bf:20:1f:35:dc:1f:51:7c:29:1a:
         5f:72:78:46:3f:4f:bd:3c:e4:5f:55:74:25:dc:06:53:38:7b:
         b3:12:27:87:e3:57:d4:1c:b0:ab:f7:1d:13:f9:f8:36:91:f7:
         19:8f:85:42:fa:02:ac:bb:ed:5a:44:6b:4c:c8:85:e6:f3:4b:
         9b:01:cc:b7:38:1c:58:81:5a:18:83:87:8e:fd:f2:0e:a9:bf:
         ef:e2:45:1e:20:a2:14:2f:aa:be:62:21:eb:6a:73:cc:ba:9e:
         53:83:9c:49
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgIBBzANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTEx
QkRBOTExMC8GA1UEBRMoQjRFN0UzNDRBRENFMzZEODRGMUYzQUJDQ0QxNEIyNEMx
NTEyQkJBQTAeFw0yNDA3MjUxOTQ1MjlaFw0yNTEwMzEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY2YTJhYjU5LTg3NDcwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDCpY93Zx4OR5F3H1QxNod7gO4887JxAEV1C5PyIo3pDnEgeco2QTl88KtHVgKq
8R/J2TIqPUNmlQQ751DTj8RnfkYzIZgdCdLHmfLNHlE2y5/AN1o972gWby1Ef3VT
aepYoX8YrWJCpPfsmPDmc3BK7eMAt6Rj171hqP8COkd60rUswDxYoDiyKbhl9h+d
JZ0yHMrlTV21NParMiCRbxfuRDZqqfVYOtr1hN6LtdrdeXFS67CgCNjJFQUqWVuz
AJ/ep1p4Pw2OSQGtOYySeUBfE63sAGkfVwV8GQnJGRZrWDMrjl1YEm6XFcz8LZB8
6KCtbbXTmI1/bN4FGpt/zXF5AgMBAAGjggKYMIIClDAdBgNVHQ4EFgQU7LEhF26I
xQtcDVG7wnRiybz+u6AwHwYDVR0jBBgwFoAUtOfjRK3ONthPHzq8zRSyTBUSu6ow
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTFCREE5LzM2QTUzMEY2NDRC
RDExRUZCNzNEQjc3QkM0RjlBRTAyL3RPZmpSSzNPTnRoUEh6cTh6UlN5VEJVU3U2
by5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvdE9malJLM09OdGhQSHpxOHpSU3lUQlVTdTZvLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEx
QkRBOS8zNkE1MzBGNjQ0QkQxMUVGQjczREI3N0JDNEY5QUUwMi83MjM3MjA0NjRB
QkUxMUVGQTg3RUU4NUJDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAiBggrBgEFBQcBBwEB/wQT
MBEwDwQCAAIwCQMHACABDfQTwDANBgkqhkiG9w0BAQsFAAOCAQEAJmExtn0yJsEL
X/RSR0zmwtxeofw3GPAOC74oJBC5dyOafp34EQevQz6aOtmqUDksFy+59T5T+uPD
oOFWC9VfKeDf3AN1HJUny5fDqV8/zufzunRDBHQf+38vpQBa8ZNd5kFyYkkxKcXj
aoDCrSxEg2TLe01mFm3U5pTO6cWL67J7nejBrNAgSOr2VESBBsjYza+hu4ToIL+/
IB813B9RfCkaX3J4Rj9PvTzkX1V0JdwGUzh7sxInh+NX1Bywq/cdE/n4NpH3GY+F
QvoCrLvtWkRrTMiF5vNLmwHMtzgcWIFaGIOHjv3yDqm/7+JFHiCiFC+qvmIh62pz
zLqeU4OcSQ==
-----END CERTIFICATE-----
Generated at Mon Nov 25 06:04:09 2024 by rpki-client on console-ams.rpki-client.org