Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9157DAE/61666C0ED68911E8B6811433C4F9AE02/1F8378E6BCBD11EBAC9A4744C4F9AE02.roa
File:                     1F8378E6BCBD11EBAC9A4744C4F9AE02.roa (raw, json)
Hash identifier:          kVem8HgOEZ3vRlY7BKH9onUoK64q4pGUgOU+9R9c588=
Subject key identifier:   DB:F3:29:95:8F:19:5B:21:2B:C7:A7:C9:10:67:D1:E7:AA:76:15:99
Certificate issuer:       /CN=A9157DAE/serialNumber=E1B807AC2B7455FBB1E316068D1D0171260BB1C7
Certificate serial:       11E3
Authority key identifier: E1:B8:07:AC:2B:74:55:FB:B1:E3:16:06:8D:1D:01:71:26:0B:B1:C7
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/4bgHrCt0Vfux4xYGjR0BcSYLscc.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9157DAE/61666C0ED68911E8B6811433C4F9AE02/1F8378E6BCBD11EBAC9A4744C4F9AE02.roa
Signing time:             Fri 08 Dec 2023 17:45:00 +0000
ROA not before:           Fri 08 Dec 2023 17:45:00 +0000
ROA not after:            Fri 31 Jan 2025 00:00:00 +0000
asID:                     395092
IP address blocks:        2403:cfc0:1006::/48 maxlen: 48
                          2403:cfc0:100c::/48 maxlen: 48
                          2403:cfc0:1110::/44 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9157DAE/61666C0ED68911E8B6811433C4F9AE02/4bgHrCt0Vfux4xYGjR0BcSYLscc.crl
                          rsync://rpki.apnic.net/member_repository/A9157DAE/61666C0ED68911E8B6811433C4F9AE02/4bgHrCt0Vfux4xYGjR0BcSYLscc.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/4bgHrCt0Vfux4xYGjR0BcSYLscc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 04 Apr 2024 17:46:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4579 (0x11e3)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9157DAE/serialNumber=E1B807AC2B7455FBB1E316068D1D0171260BB1C7
        Validity
            Not Before: Dec  8 17:45:00 2023 GMT
            Not After : Jan 31 00:00:00 2025 GMT
        Subject: CN=6573561c-327b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:df:82:4e:bc:fc:ed:97:1e:f4:5b:09:15:59:
                    2b:2c:ff:f4:79:27:f7:81:7d:f2:8b:75:30:0e:31:
                    72:95:a6:86:48:1b:0f:a5:81:f1:c0:f5:3f:c9:8c:
                    cf:da:d3:57:b1:f0:62:ff:c3:92:a1:05:d8:49:8e:
                    18:11:76:3b:f2:9f:1d:0b:10:b7:21:c1:6a:e6:1b:
                    a9:78:31:6c:07:42:a2:dc:ef:e4:6f:02:40:68:80:
                    54:c8:c3:76:c1:f2:a4:6b:0a:cc:ad:63:5c:68:bb:
                    ec:f2:d4:38:ed:1b:89:d9:16:75:6c:f2:d2:00:ce:
                    2d:80:56:02:6a:db:06:78:61:cc:a1:c2:23:ea:2f:
                    04:64:8a:0f:24:6a:e5:de:75:dd:09:eb:6b:c7:90:
                    0e:4a:a7:00:f0:b0:8a:77:b8:44:05:53:d5:f4:98:
                    9c:1a:9a:c0:54:af:c6:68:83:3c:ff:52:a7:b0:13:
                    48:32:80:3b:23:f1:25:70:f9:26:d8:79:20:94:92:
                    ab:5d:5d:8e:67:e9:5f:35:60:76:e6:97:f0:84:91:
                    da:14:7f:42:fd:eb:b6:8d:63:cd:72:09:c4:c9:16:
                    35:01:27:41:cc:b9:1e:51:42:76:69:69:ae:c3:e7:
                    5f:27:e1:ce:aa:5a:4e:6a:b8:ab:e6:1c:c6:30:d3:
                    b6:d5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                DB:F3:29:95:8F:19:5B:21:2B:C7:A7:C9:10:67:D1:E7:AA:76:15:99
            X509v3 Authority Key Identifier:
                keyid:E1:B8:07:AC:2B:74:55:FB:B1:E3:16:06:8D:1D:01:71:26:0B:B1:C7

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9157DAE/61666C0ED68911E8B6811433C4F9AE02/4bgHrCt0Vfux4xYGjR0BcSYLscc.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/4bgHrCt0Vfux4xYGjR0BcSYLscc.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9157DAE/61666C0ED68911E8B6811433C4F9AE02/1F8378E6BCBD11EBAC9A4744C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2403:cfc0:1006::/48
                  2403:cfc0:100c::/48
                  2403:cfc0:1110::/44

    Signature Algorithm: sha256WithRSAEncryption
         0f:13:8e:0a:d4:26:18:5e:da:19:8f:b1:fe:7f:cd:93:0e:e4:
         06:ba:e1:06:2e:2c:13:99:c9:46:3b:5b:86:3b:5f:54:12:d7:
         66:2e:6a:06:89:4b:63:4a:4d:c4:f1:bd:5b:83:ef:65:64:67:
         56:55:4f:4c:c1:f8:8d:3b:1b:45:39:e1:90:14:c8:b8:b6:5d:
         e2:cc:7b:29:97:ee:99:2c:55:c1:65:e0:6d:63:11:bf:08:11:
         84:ff:b6:2e:cb:e9:07:c3:d1:9a:6b:1c:66:3f:c0:2c:af:04:
         2e:20:65:de:ac:22:78:6a:0a:36:14:2d:8a:83:5f:84:bf:57:
         ab:48:61:d0:5a:e9:14:52:64:e3:31:fa:dc:5a:67:bf:c2:1e:
         a3:96:cc:03:9f:79:2e:0f:86:de:ed:6d:08:f5:b5:f2:ee:32:
         c4:39:00:25:3c:7f:fe:d7:7d:0c:cf:26:e3:22:50:c3:f5:0b:
         23:9c:a3:f7:34:cd:06:eb:1f:f9:20:01:b8:6b:19:73:20:56:
         d7:6d:ea:d1:43:53:8e:a6:cd:2f:3a:c8:72:45:d1:64:f6:fe:
         48:6f:52:25:12:a3:a1:36:92:6b:6c:53:a6:3b:6b:c8:ad:70:
         dd:f5:a2:82:a9:70:24:6e:cd:f1:9a:65:e3:23:9b:db:b2:3e:
         b2:48:be:7b
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgICEeMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NTdEQUUxMTAvBgNVBAUTKEUxQjgwN0FDMkI3NDU1RkJCMUUzMTYwNjhEMUQwMTcx
MjYwQkIxQzcwHhcNMjMxMjA4MTc0NTAwWhcNMjUwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTczNTYxYy0zMjdiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAt9+CTrz87Zce9FsJFVkrLP/0eSf3gX3yi3UwDjFylaaGSBsPpYHxwPU/yYzP
2tNXsfBi/8OSoQXYSY4YEXY78p8dCxC3IcFq5hupeDFsB0Ki3O/kbwJAaIBUyMN2
wfKkawrMrWNcaLvs8tQ47RuJ2RZ1bPLSAM4tgFYCatsGeGHMocIj6i8EZIoPJGrl
3nXdCetrx5AOSqcA8LCKd7hEBVPV9JicGprAVK/GaIM8/1KnsBNIMoA7I/ElcPkm
2HkglJKrXV2OZ+lfNWB25pfwhJHaFH9C/eu2jWPNcgnEyRY1ASdBzLkeUUJ2aWmu
w+dfJ+HOqlpOarir5hzGMNO21QIDAQABo4ICqjCCAqYwHQYDVR0OBBYEFNvzKZWP
GVshK8enyRBn0eeqdhWZMB8GA1UdIwQYMBaAFOG4B6wrdFX7seMWBo0dAXEmC7HH
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1N0RBRS82MTY2NkMwRUQ2
ODkxMUU4QjY4MTE0MzNDNEY5QUUwMi80YmdIckN0MFZmdXg0eFlHalIwQmNTWUxz
Y2MuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzRiZ0hyQ3QwVmZ1eDR4WUdqUjBCY1NZTHNjYy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NTdEQUUvNjE2NjZDMEVENjg5MTFFOEI2ODExNDMzQzRGOUFFMDIvMUY4Mzc4RTZC
Q0JEMTFFQkFDOUE0NzQ0QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNAYIKwYBBQUHAQcBAf8E
JTAjMCEEAgACMBsDBwAkA8/AEAYDBwAkA8/AEAwDBwQkA8/AERAwDQYJKoZIhvcN
AQELBQADggEBAA8TjgrUJhhe2hmPsf5/zZMO5Aa64QYuLBOZyUY7W4Y7X1QS12Yu
agaJS2NKTcTxvVuD72VkZ1ZVT0zB+I07G0U54ZAUyLi2XeLMeymX7pksVcFl4G1j
Eb8IEYT/ti7L6QfD0ZprHGY/wCyvBC4gZd6sInhqCjYULYqDX4S/V6tIYdBa6RRS
ZOMx+txaZ7/CHqOWzAOfeS4Pht7tbQj1tfLuMsQ5ACU8f/7XfQzPJuMiUMP1CyOc
o/c0zQbrH/kgAbhrGXMgVtdt6tFDU46mzS86yHJF0WT2/khvUiUSo6E2kmtsU6Y7
a8itcN31ooKpcCRuzfGaZeMjm9uyPrJIvns=
-----END CERTIFICATE-----
Generated at Thu Mar 28 18:54:05 2024 by rpki-client on console-ams.rpki-client.org