Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A915ADC4/61415F58A9F711EE8EB48D22C4F9AE02/AFC9F5324A0F11EF9E51BD7CC4F9AE02.roa
File:                     AFC9F5324A0F11EF9E51BD7CC4F9AE02.roa (raw, json)
Hash identifier:          +DFbuZzGxszdyJtAe1BcKeDGzlcNhntBmdYrhogMeeI=
Subject key identifier:   3F:43:24:7E:B3:FB:C0:38:30:BD:F5:70:4D:24:16:8B:11:D1:87:E1
Certificate issuer:       /CN=A915ADC4/serialNumber=1DD1CBBC5DF5BDFABBB3ADAF12B00256B7F18D12
Certificate serial:       99
Authority key identifier: 1D:D1:CB:BC:5D:F5:BD:FA:BB:B3:AD:AF:12:B0:02:56:B7:F1:8D:12
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/HdHLvF31vfq7s62vErACVrfxjRI.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A915ADC4/61415F58A9F711EE8EB48D22C4F9AE02/AFC9F5324A0F11EF9E51BD7CC4F9AE02.roa
Signing time:             Wed 24 Jul 2024 23:01:27 +0000
ROA not before:           Wed 24 Jul 2024 23:01:27 +0000
ROA not after:            Thu 01 May 2025 00:00:00 +0000
asID:                     152300
IP address blocks:        2401:72a0::/32 maxlen: 40
                          2402:ca40::/32 maxlen: 40

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A915ADC4/61415F58A9F711EE8EB48D22C4F9AE02/HdHLvF31vfq7s62vErACVrfxjRI.crl
                          rsync://rpki.apnic.net/member_repository/A915ADC4/61415F58A9F711EE8EB48D22C4F9AE02/HdHLvF31vfq7s62vErACVrfxjRI.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/HdHLvF31vfq7s62vErACVrfxjRI.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 28 Nov 2024 04:19:09 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 153 (0x99)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A915ADC4/serialNumber=1DD1CBBC5DF5BDFABBB3ADAF12B00256B7F18D12
        Validity
            Not Before: Jul 24 23:01:27 2024 GMT
            Not After : May  1 00:00:00 2025 GMT
        Subject: CN=66a187c7-c36e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ca:d0:0f:8f:07:05:e9:46:f0:57:24:a8:df:5d:
                    40:0a:10:bd:e9:97:8e:e6:59:e5:41:8c:4d:f7:4e:
                    37:8e:bc:88:78:3f:23:36:b1:57:01:35:dc:37:e5:
                    4f:cf:c4:df:2b:ad:05:0e:09:38:18:f8:d2:ee:1b:
                    da:77:d3:81:8b:9f:40:dd:f9:1b:20:6e:ef:8a:a8:
                    d3:27:2e:da:3e:d5:e7:e7:76:e0:ac:2e:65:5a:4f:
                    52:de:99:ff:e1:56:1c:67:3e:52:c8:d7:46:80:d9:
                    38:ab:18:3f:fe:62:ee:02:6a:5b:f5:60:82:4c:9d:
                    a0:be:1f:09:ec:79:35:61:24:6a:01:a2:d8:2f:7a:
                    09:83:aa:ef:d1:a8:d0:70:ec:87:9f:2e:6d:37:79:
                    11:f5:8e:fe:04:54:a9:87:e2:e1:eb:ba:2e:2e:2e:
                    e4:d8:e8:7f:2d:41:dd:43:dc:f9:49:b7:fc:2b:09:
                    b0:b4:e6:db:4a:8a:f5:9c:8f:2b:3e:1b:69:0b:50:
                    cd:bb:f8:48:0e:46:28:ab:80:ec:4a:49:ad:ce:ca:
                    e5:97:8e:06:8b:ce:d7:4f:f0:26:8b:ed:4c:c6:d8:
                    4f:61:c3:e5:9d:d2:08:4d:e0:f6:e6:e9:a4:b2:97:
                    f6:4c:77:3e:2b:e1:f5:b0:69:00:c0:6d:4a:40:4d:
                    22:f3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                3F:43:24:7E:B3:FB:C0:38:30:BD:F5:70:4D:24:16:8B:11:D1:87:E1
            X509v3 Authority Key Identifier:
                keyid:1D:D1:CB:BC:5D:F5:BD:FA:BB:B3:AD:AF:12:B0:02:56:B7:F1:8D:12

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A915ADC4/61415F58A9F711EE8EB48D22C4F9AE02/HdHLvF31vfq7s62vErACVrfxjRI.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/HdHLvF31vfq7s62vErACVrfxjRI.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A915ADC4/61415F58A9F711EE8EB48D22C4F9AE02/AFC9F5324A0F11EF9E51BD7CC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2401:72a0::/32
                  2402:ca40::/32

    Signature Algorithm: sha256WithRSAEncryption
         25:6d:5c:c9:0d:ea:2b:28:41:57:d2:44:03:07:76:9a:97:9a:
         0b:0d:28:da:bb:96:63:26:47:d0:dc:91:c9:e8:fe:4f:9c:1e:
         19:9c:51:14:e7:f9:dd:89:6c:4b:a0:31:91:31:06:69:9f:88:
         43:a0:fe:f7:45:89:5f:2c:b2:4f:12:15:e4:2c:76:59:1f:d3:
         fc:d2:34:e4:bb:17:c3:a8:13:6b:ff:3b:da:77:5c:b6:8e:3b:
         3b:f0:e3:71:e7:30:49:e8:03:35:e5:84:8e:af:5a:43:58:d9:
         a0:8e:af:a9:60:d9:16:ce:7a:c9:8a:fc:0e:2e:54:bf:2a:c0:
         df:92:c6:5e:c2:0e:da:fe:e0:31:ce:38:54:fd:6c:7c:14:16:
         ad:f4:0a:a2:8c:5a:a8:26:bc:ab:14:3b:21:b8:b5:53:be:4a:
         0a:00:f2:df:84:0b:6e:60:a2:4e:94:0b:59:b3:c4:9f:e4:95:
         d5:56:bf:4b:46:22:fe:2c:73:c0:7a:3e:24:15:86:47:9f:ab:
         22:ca:74:63:06:60:c0:e2:1c:00:de:61:4a:d1:a8:77:19:ea:
         cb:d1:74:8e:6e:28:42:4a:21:ab:bc:12:da:5e:f5:50:d1:37:
         84:e7:aa:9c:ab:82:5b:19:1b:ab:fe:c3:0a:bb:87:b3:82:39:
         27:73:3f:9d
-----BEGIN CERTIFICATE-----
MIIFeTCCBGGgAwIBAgICAJkwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NUFEQzQxMTAvBgNVBAUTKDFERDFDQkJDNURGNUJERkFCQkIzQURBRjEyQjAwMjU2
QjdGMThEMTIwHhcNMjQwNzI0MjMwMTI3WhcNMjUwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NmExODdjNy1jMzZlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAytAPjwcF6UbwVySo311AChC96ZeO5lnlQYxN9043jryIeD8jNrFXATXcN+VP
z8TfK60FDgk4GPjS7hvad9OBi59A3fkbIG7viqjTJy7aPtXn53bgrC5lWk9S3pn/
4VYcZz5SyNdGgNk4qxg//mLuAmpb9WCCTJ2gvh8J7Hk1YSRqAaLYL3oJg6rv0ajQ
cOyHny5tN3kR9Y7+BFSph+Lh67ouLi7k2Oh/LUHdQ9z5Sbf8KwmwtObbSor1nI8r
PhtpC1DNu/hIDkYoq4DsSkmtzsrll44Gi87XT/Ami+1MxthPYcPlndIITeD25umk
spf2THc+K+H1sGkAwG1KQE0i8wIDAQABo4ICnTCCApkwHQYDVR0OBBYEFD9DJH6z
+8A4ML31cE0kFosR0YfhMB8GA1UdIwQYMBaAFB3Ry7xd9b36u7OtrxKwAla38Y0S
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1QURDNC82MTQxNUY1OEE5
RjcxMUVFOEVCNDhEMjJDNEY5QUUwMi9IZEhMdkYzMXZmcTdzNjJ2RXJBQ1ZyZnhq
UkkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0hkSEx2RjMxdmZxN3M2MnZFckFDVnJmeGpSSS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NUFEQzQvNjE0MTVGNThBOUY3MTFFRThFQjQ4RDIyQzRGOUFFMDIvQUZDOUY1MzI0
QTBGMTFFRjlFNTFCRDdDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJwYIKwYBBQUHAQcBAf8E
GDAWMBQEAgACMA4DBQAkAXKgAwUAJALKQDANBgkqhkiG9w0BAQsFAAOCAQEAJW1c
yQ3qKyhBV9JEAwd2mpeaCw0o2ruWYyZH0NyRyej+T5weGZxRFOf53YlsS6AxkTEG
aZ+IQ6D+90WJXyyyTxIV5Cx2WR/T/NI05LsXw6gTa/872ndcto47O/DjcecwSegD
NeWEjq9aQ1jZoI6vqWDZFs56yYr8Di5UvyrA35LGXsIO2v7gMc44VP1sfBQWrfQK
ooxaqCa8qxQ7Ibi1U75KCgDy34QLbmCiTpQLWbPEn+SV1Va/S0Yi/ixzwHo+JBWG
R5+rIsp0YwZgwOIcAN5hStGodxnqy9F0jm4oQkohq7wS2l71UNE3hOeqnKuCWxkb
q/7DCruHs4I5J3M/nQ==
-----END CERTIFICATE-----
Generated at Thu Nov 21 05:37:05 2024 by rpki-client on console-ams.rpki-client.org