Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A912F535/61980A54BA6611EEBC39626EC4F9AE02/DC3455AAEC3A11EE8CC3B820C4F9AE02.roa
File:                     DC3455AAEC3A11EE8CC3B820C4F9AE02.roa (raw, json)
Hash identifier:          T9OAvqcKR2Vcyhqmt37QjmwF8bQbuv/XSOzyEwce7MA=
Subject key identifier:   B4:DF:57:E6:18:5C:5F:DF:66:50:B1:83:DD:2F:D5:1F:3F:07:4B:58
Certificate issuer:       /CN=A912F535/serialNumber=EAD646355D75936CB93ED6BADB790A87FE15374A
Certificate serial:       46
Authority key identifier: EA:D6:46:35:5D:75:93:6C:B9:3E:D6:BA:DB:79:0A:87:FE:15:37:4A
Authority info access:    rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/6tZGNV11k2y5Pta623kKh_4VN0o.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A912F535/61980A54BA6611EEBC39626EC4F9AE02/DC3455AAEC3A11EE8CC3B820C4F9AE02.roa
Signing time:             Wed 15 May 2024 08:43:05 +0000
ROA not before:           Wed 15 May 2024 08:43:05 +0000
ROA not after:            Wed 30 Jul 2025 00:00:00 +0000
asID:                     140224
IP address blocks:        83.229.40.0/21 maxlen: 21
                          83.229.40.0/23 maxlen: 23
                          83.229.42.0/23 maxlen: 23
                          83.229.44.0/23 maxlen: 23
                          83.229.46.0/23 maxlen: 23

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A912F535/61980A54BA6611EEBC39626EC4F9AE02/6tZGNV11k2y5Pta623kKh_4VN0o.crl
                          rsync://rpki.apnic.net/member_repository/A912F535/61980A54BA6611EEBC39626EC4F9AE02/6tZGNV11k2y5Pta623kKh_4VN0o.mft
                          rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/6tZGNV11k2y5Pta623kKh_4VN0o.cer
                          rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/DPzneFf88B852ZpitKpi5hWedvg.crl
                          rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/DPzneFf88B852ZpitKpi5hWedvg.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DPzneFf88B852ZpitKpi5hWedvg.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 28 Nov 2024 02:50:30 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 70 (0x46)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A912F535/serialNumber=EAD646355D75936CB93ED6BADB790A87FE15374A
        Validity
            Not Before: May 15 08:43:05 2024 GMT
            Not After : Jul 30 00:00:00 2025 GMT
        Subject: CN=66447599-828c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:e8:6c:27:c5:4f:1e:e6:9c:c1:9a:20:83:13:
                    55:14:4c:05:5e:93:1c:35:41:f5:58:a5:5c:0f:d6:
                    4f:c1:08:eb:8d:c7:7e:4a:b1:a4:30:bf:20:aa:7e:
                    b3:c6:16:dd:57:f5:ce:3b:79:eb:9c:89:c3:15:22:
                    88:0d:51:e4:9a:df:d6:4a:4d:b3:bd:57:a5:e1:52:
                    e5:96:e4:7f:6c:b2:c8:f5:f9:f9:35:12:a4:4f:a2:
                    de:6a:40:ef:7c:a5:14:6f:e0:e2:5f:49:0c:07:d4:
                    92:c9:bb:93:c1:b0:e0:cc:5d:1d:74:0e:78:58:7c:
                    ba:35:fb:b7:0c:2b:9f:0e:09:89:04:73:78:4a:91:
                    69:13:58:fd:32:a8:6f:81:9a:8e:be:34:2c:f5:b0:
                    aa:b8:8f:c0:0d:9b:a9:a7:f7:e9:9e:92:4a:a1:48:
                    7a:2d:d5:5e:83:30:51:4e:99:2a:5a:c5:fa:ce:f7:
                    a7:dc:93:00:02:72:ac:9f:07:3b:51:e4:f6:dd:6c:
                    20:fa:de:bb:6a:af:23:84:05:60:aa:6c:37:08:7f:
                    ae:87:80:7c:a1:cf:91:53:ee:ae:0b:9a:6e:4a:c1:
                    ea:8b:1a:da:ea:ff:d8:10:8e:39:35:af:0b:2e:04:
                    dd:92:b7:c4:26:a3:00:57:8c:71:15:5c:44:94:db:
                    3f:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B4:DF:57:E6:18:5C:5F:DF:66:50:B1:83:DD:2F:D5:1F:3F:07:4B:58
            X509v3 Authority Key Identifier:
                keyid:EA:D6:46:35:5D:75:93:6C:B9:3E:D6:BA:DB:79:0A:87:FE:15:37:4A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A912F535/61980A54BA6611EEBC39626EC4F9AE02/6tZGNV11k2y5Pta623kKh_4VN0o.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/6tZGNV11k2y5Pta623kKh_4VN0o.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A912F535/61980A54BA6611EEBC39626EC4F9AE02/DC3455AAEC3A11EE8CC3B820C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  83.229.40.0/21

    Signature Algorithm: sha256WithRSAEncryption
         68:b4:bc:5a:2e:4c:d8:3a:e3:aa:a4:d0:a0:5a:8c:6d:48:a1:
         bd:f3:0e:7f:cc:1e:d3:19:cd:9d:22:a9:6c:ef:36:c6:56:c1:
         4f:b3:63:2f:7a:1f:d8:9e:c5:01:cd:d8:fc:a9:a0:76:d5:c0:
         94:10:37:98:28:b0:a3:7b:65:c4:4f:7f:39:c7:26:51:5b:63:
         3c:b1:20:9f:1d:66:c3:21:d1:d2:08:85:6c:c7:6a:6c:e8:7e:
         f2:f1:de:4f:c0:4a:93:19:c3:11:01:8b:6f:5f:b3:84:75:e3:
         15:ba:b7:44:af:d0:e2:21:98:55:d9:de:19:f4:e2:b7:e9:c6:
         cb:4a:7a:b2:14:c6:2a:67:b2:b2:08:f9:7c:48:c1:e9:32:d4:
         32:45:c2:b8:f9:e0:a4:57:bb:09:e2:25:54:ae:6f:50:2b:9e:
         fe:39:3a:c7:ab:03:fa:14:2b:74:d3:dc:c0:fa:e7:4f:d2:d3:
         7b:6a:ca:61:77:c6:2b:53:d3:dd:4e:58:16:1d:88:72:38:85:
         d6:9c:3c:e0:59:1c:67:c3:99:39:ca:a4:a4:be:7e:91:cd:f8:
         49:ec:7c:14:ac:ff:53:db:07:c1:51:98:5c:6e:b9:e1:e1:c5:
         56:53:8c:87:5e:9b:29:b2:29:a4:b8:8c:ed:fb:bd:c9:f1:cd:
         ff:a6:13:37
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgIBRjANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTEy
RjUzNTExMC8GA1UEBRMoRUFENjQ2MzU1RDc1OTM2Q0I5M0VENkJBREI3OTBBODdG
RTE1Mzc0QTAeFw0yNDA1MTUwODQzMDVaFw0yNTA3MzAwMDAwMDBaMBgxFjAUBgNV
BAMTDTY2NDQ3NTk5LTgyOGMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQC16GwnxU8e5pzBmiCDE1UUTAVekxw1QfVYpVwP1k/BCOuNx35KsaQwvyCqfrPG
Ft1X9c47eeucicMVIogNUeSa39ZKTbO9V6XhUuWW5H9sssj1+fk1EqRPot5qQO98
pRRv4OJfSQwH1JLJu5PBsODMXR10DnhYfLo1+7cMK58OCYkEc3hKkWkTWP0yqG+B
mo6+NCz1sKq4j8ANm6mn9+mekkqhSHot1V6DMFFOmSpaxfrO96fckwACcqyfBztR
5PbdbCD63rtqryOEBWCqbDcIf66HgHyhz5FT7q4Lmm5KweqLGtrq/9gQjjk1rwsu
BN2St8QmowBXjHEVXESU2z99AgMBAAGjggKVMIICkTAdBgNVHQ4EFgQUtN9X5hhc
X99mULGD3S/VHz8HS1gwHwYDVR0jBBgwFoAU6tZGNV11k2y5Pta623kKh/4VN0ow
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTJGNTM1LzYxOTgwQTU0QkE2
NjExRUVCQzM5NjI2RUM0RjlBRTAyLzZ0WkdOVjExazJ5NVB0YTYyM2tLaF80Vk4w
by5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjMyMkE1RjQxRDY2MTFFMkEzRjI3RjdDNzJG
RDFGRjIvNnRaR05WMTFrMnk1UHRhNjIza0toXzRWTjBvLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEy
RjUzNS82MTk4MEE1NEJBNjYxMUVFQkMzOTYyNkVDNEY5QUUwMi9EQzM0NTVBQUVD
M0ExMUVFOENDM0I4MjBDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEA1PlKDANBgkqhkiG9w0BAQsFAAOCAQEAaLS8Wi5M2DrjqqTQ
oFqMbUihvfMOf8we0xnNnSKpbO82xlbBT7NjL3of2J7FAc3Y/KmgdtXAlBA3mCiw
o3tlxE9/OccmUVtjPLEgnx1mwyHR0giFbMdqbOh+8vHeT8BKkxnDEQGLb1+zhHXj
Fbq3RK/Q4iGYVdneGfTit+nGy0p6shTGKmeysgj5fEjB6TLUMkXCuPngpFe7CeIl
VK5vUCue/jk6x6sD+hQrdNPcwPrnT9LTe2rKYXfGK1PT3U5YFh2IcjiF1pw84Fkc
Z8OZOcqkpL5+kc34Sex8FKz/U9sHwVGYXG654eHFVlOMh16bKbIppLiM7fu9yfHN
/6YTNw==
-----END CERTIFICATE-----
Generated at Thu Nov 21 06:50:13 2024 by rpki-client on console-fra.rpki-client.org