Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9123D9C/455942D650B211E9B5DB6A6BC4F9AE02/9DE197A2168511EAB282BB44C4F9AE02.roa
File:                     9DE197A2168511EAB282BB44C4F9AE02.roa (raw, json)
Hash identifier:          3WEuTkpxymDOhPpNtxE7OCAK0vRrg/LDsaux5yYOx7s=
Subject key identifier:   C7:C9:A7:10:41:DC:CE:37:BE:A7:FC:59:9C:50:8A:6A:E0:24:AA:21
Certificate issuer:       /CN=A9123D9C/serialNumber=5B2CF0FB62F160F1838AEE3E6CDE07544DFF8BFF
Certificate serial:       0F5D
Authority key identifier: 5B:2C:F0:FB:62:F1:60:F1:83:8A:EE:3E:6C:DE:07:54:4D:FF:8B:FF
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Wyzw-2LxYPGDiu4-bN4HVE3_i_8.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9123D9C/455942D650B211E9B5DB6A6BC4F9AE02/9DE197A2168511EAB282BB44C4F9AE02.roa
Signing time:             Thu 08 Feb 2024 18:16:03 +0000
ROA not before:           Thu 08 Feb 2024 18:16:03 +0000
ROA not after:            Thu 01 May 2025 00:00:00 +0000
asID:                     138946
IP address blocks:        2404:9ec0:6::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9123D9C/455942D650B211E9B5DB6A6BC4F9AE02/Wyzw-2LxYPGDiu4-bN4HVE3_i_8.crl
                          rsync://rpki.apnic.net/member_repository/A9123D9C/455942D650B211E9B5DB6A6BC4F9AE02/Wyzw-2LxYPGDiu4-bN4HVE3_i_8.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Wyzw-2LxYPGDiu4-bN4HVE3_i_8.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 29 Nov 2024 17:31:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3933 (0xf5d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9123D9C/serialNumber=5B2CF0FB62F160F1838AEE3E6CDE07544DFF8BFF
        Validity
            Not Before: Feb  8 18:16:03 2024 GMT
            Not After : May  1 00:00:00 2025 GMT
        Subject: CN=65c51a62-7823
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:9b:f0:d4:cf:c4:dd:36:5e:40:3c:5b:f7:af:
                    f4:17:a1:36:86:69:02:e8:39:10:8f:c6:96:52:b2:
                    ce:4e:a7:9c:26:b7:b3:d9:7d:89:d8:c0:2b:43:a8:
                    ce:0d:2d:25:c9:af:52:cd:4e:a8:45:af:65:68:30:
                    c4:c4:2c:66:2e:b7:07:b8:c6:1f:5a:84:cd:78:0c:
                    73:e0:a8:94:28:78:ec:29:b0:41:d4:cd:c6:cd:a3:
                    9f:34:f9:dd:2c:74:d0:05:e4:2c:41:f6:ca:fc:73:
                    c9:14:a3:81:d3:d5:f2:a8:71:6a:45:63:d3:e9:88:
                    40:e4:90:93:20:e4:7f:ec:47:4a:22:a2:f9:8d:c3:
                    60:86:7a:fe:10:93:29:b7:6f:c1:ea:3f:a3:94:1c:
                    7d:8f:bb:94:3e:bb:52:5a:e2:c7:ff:73:a1:06:85:
                    7b:59:4d:62:a5:da:fb:7b:16:d4:f9:b7:f5:c0:2a:
                    94:6b:69:ba:15:bc:ea:11:48:09:a1:02:c2:96:6c:
                    50:60:ec:bf:01:f6:db:93:2e:25:a4:a2:28:ca:d3:
                    3d:44:15:d8:00:5b:5b:1e:ab:35:33:c3:2a:f5:d8:
                    ce:dc:3e:02:69:87:12:e4:2f:8d:79:82:81:84:fb:
                    4a:4c:48:7c:9b:60:37:34:45:69:37:48:23:05:43:
                    9e:eb
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:C9:A7:10:41:DC:CE:37:BE:A7:FC:59:9C:50:8A:6A:E0:24:AA:21
            X509v3 Authority Key Identifier:
                keyid:5B:2C:F0:FB:62:F1:60:F1:83:8A:EE:3E:6C:DE:07:54:4D:FF:8B:FF

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9123D9C/455942D650B211E9B5DB6A6BC4F9AE02/Wyzw-2LxYPGDiu4-bN4HVE3_i_8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Wyzw-2LxYPGDiu4-bN4HVE3_i_8.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9123D9C/455942D650B211E9B5DB6A6BC4F9AE02/9DE197A2168511EAB282BB44C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2404:9ec0:6::/48

    Signature Algorithm: sha256WithRSAEncryption
         6d:38:63:f8:81:42:b6:a0:aa:77:cf:80:18:35:f4:8f:49:87:
         e7:ff:6c:a4:a4:24:7e:14:16:4e:91:16:8d:b6:bc:8d:95:c4:
         81:d7:ff:e7:dc:75:2f:33:d9:d4:5f:8b:cf:c9:08:a7:87:99:
         16:3f:f3:eb:cb:48:6b:8a:4f:e7:1c:50:8c:94:b8:a2:c9:dc:
         be:a2:f9:72:aa:cc:47:2d:0c:6e:d4:cf:fa:3a:bd:c2:ec:c6:
         44:10:02:b7:09:e0:13:9f:5a:1a:ab:5b:6a:89:51:d6:1a:86:
         44:dd:75:ec:46:00:dc:71:c6:36:03:7f:43:ac:f1:9c:9e:90:
         5d:62:49:83:9e:5e:d8:17:0d:c7:55:32:8b:29:d0:7f:c3:fc:
         bd:52:51:73:de:25:e4:0e:5d:c9:f2:5f:ed:61:58:57:4b:88:
         5d:97:61:b0:e1:7e:d3:15:eb:6b:8c:06:0f:e6:13:0f:65:ee:
         88:8a:9a:03:bf:f7:31:24:31:1a:d7:88:4e:dc:97:e3:ac:67:
         92:89:9a:61:5b:b9:53:85:9e:f9:c3:e8:3c:b4:27:80:46:e6:
         a2:f9:2b:53:f2:24:d3:80:07:34:a8:53:e7:42:75:88:4e:20:
         45:45:ad:bf:af:d6:b0:bb:f2:a6:a6:4f:47:c6:c0:82:b7:53:
         83:fc:f2:f8
-----BEGIN CERTIFICATE-----
MIIFdDCCBFygAwIBAgICD10wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MjNEOUMxMTAvBgNVBAUTKDVCMkNGMEZCNjJGMTYwRjE4MzhBRUUzRTZDREUwNzU0
NERGRjhCRkYwHhcNMjQwMjA4MTgxNjAzWhcNMjUwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWM1MWE2Mi03ODIzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAvpvw1M/E3TZeQDxb96/0F6E2hmkC6DkQj8aWUrLOTqecJrez2X2J2MArQ6jO
DS0lya9SzU6oRa9laDDExCxmLrcHuMYfWoTNeAxz4KiUKHjsKbBB1M3GzaOfNPnd
LHTQBeQsQfbK/HPJFKOB09XyqHFqRWPT6YhA5JCTIOR/7EdKIqL5jcNghnr+EJMp
t2/B6j+jlBx9j7uUPrtSWuLH/3OhBoV7WU1ipdr7exbU+bf1wCqUa2m6FbzqEUgJ
oQLClmxQYOy/Afbbky4lpKIoytM9RBXYAFtbHqs1M8Mq9djO3D4CaYcS5C+NeYKB
hPtKTEh8m2A3NEVpN0gjBUOe6wIDAQABo4ICmDCCApQwHQYDVR0OBBYEFMfJpxBB
3M43vqf8WZxQimrgJKohMB8GA1UdIwQYMBaAFFss8Pti8WDxg4ruPmzeB1RN/4v/
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEyM0Q5Qy80NTU5NDJENjUw
QjIxMUU5QjVEQjZBNkJDNEY5QUUwMi9XeXp3LTJMeFlQR0RpdTQtYk40SFZFM19p
XzguY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1d5enctMkx4WVBHRGl1NC1iTjRIVkUzX2lfOC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MjNEOUMvNDU1OTQyRDY1MEIyMTFFOUI1REI2QTZCQzRGOUFFMDIvOURFMTk3QTIx
Njg1MTFFQUIyODJCQjQ0QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwIgYIKwYBBQUHAQcBAf8E
EzARMA8EAgACMAkDBwAkBJ7AAAYwDQYJKoZIhvcNAQELBQADggEBAG04Y/iBQrag
qnfPgBg19I9Jh+f/bKSkJH4UFk6RFo22vI2VxIHX/+fcdS8z2dRfi8/JCKeHmRY/
8+vLSGuKT+ccUIyUuKLJ3L6i+XKqzEctDG7Uz/o6vcLsxkQQArcJ4BOfWhqrW2qJ
UdYahkTddexGANxxxjYDf0Os8ZyekF1iSYOeXtgXDcdVMosp0H/D/L1SUXPeJeQO
XcnyX+1hWFdLiF2XYbDhftMV62uMBg/mEw9l7oiKmgO/9zEkMRrXiE7cl+OsZ5KJ
mmFbuVOFnvnD6Dy0J4BG5qL5K1PyJNOABzSoU+dCdYhOIEVFrb+v1rC78qamT0fG
wIK3U4P88vg=
-----END CERTIFICATE-----
Generated at Fri Nov 22 19:44:56 2024 by rpki-client on console-fra.rpki-client.org