Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A915B536/E4C88972EB7411EABA0A9E48C4F9AE02/FF0025F80B7811EEB2EFC643C4F9AE02.roa
File:                     FF0025F80B7811EEB2EFC643C4F9AE02.roa (raw, json)
Hash identifier:          jtwXRDg4ifzB5YeF9ItYPDeteiV3n1oUq/L6Q79DerA=
Subject key identifier:   64:15:ED:EF:E7:23:F0:F1:58:7C:96:F8:B6:0A:D2:D5:74:41:F7:97
Certificate issuer:       /CN=A915B536/serialNumber=8210D43756654B10705D5AB3F37BF01A78B78C47
Certificate serial:       075A
Authority key identifier: 82:10:D4:37:56:65:4B:10:70:5D:5A:B3:F3:7B:F0:1A:78:B7:8C:47
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ghDUN1ZlSxBwXVqz83vwGni3jEc.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A915B536/E4C88972EB7411EABA0A9E48C4F9AE02/FF0025F80B7811EEB2EFC643C4F9AE02.roa
Signing time:             Wed 10 Apr 2024 23:01:37 +0000
ROA not before:           Wed 10 Apr 2024 23:01:37 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     45220
IP address blocks:        2001:dd8:2::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A915B536/E4C88972EB7411EABA0A9E48C4F9AE02/ghDUN1ZlSxBwXVqz83vwGni3jEc.crl
                          rsync://rpki.apnic.net/member_repository/A915B536/E4C88972EB7411EABA0A9E48C4F9AE02/ghDUN1ZlSxBwXVqz83vwGni3jEc.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ghDUN1ZlSxBwXVqz83vwGni3jEc.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 29 Nov 2024 20:43:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1882 (0x75a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A915B536/serialNumber=8210D43756654B10705D5AB3F37BF01A78B78C47
        Validity
            Not Before: Apr 10 23:01:37 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=66171a51-8f84
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a1:ac:cc:bc:0a:42:c9:71:1c:a3:0e:6c:c5:7f:
                    0d:80:f4:9f:b7:d1:30:33:68:66:18:00:f5:08:aa:
                    38:e8:27:34:44:9f:d0:03:75:71:dc:15:1b:da:f2:
                    d4:19:6d:1d:ce:36:0e:85:c6:cd:0e:3d:71:94:af:
                    6b:d8:0f:52:6f:5f:59:45:89:78:f3:2e:ae:0f:b9:
                    3b:09:b2:c0:c3:91:a4:dd:5b:0d:87:b0:88:b1:28:
                    90:30:9d:0b:f1:81:89:bf:bc:73:98:cc:49:ed:a4:
                    32:fb:3d:9c:7a:9f:af:b7:5c:e8:c1:63:81:f4:79:
                    42:cf:ee:c6:84:d1:31:16:f5:0e:85:3d:93:0c:45:
                    6e:be:f1:d2:2c:87:b7:e6:04:0c:27:c6:af:2b:90:
                    f1:71:50:8d:72:8c:f2:25:89:e9:5f:c4:37:39:bf:
                    11:75:2a:0f:b1:39:d8:f4:19:f7:48:c7:8b:8c:95:
                    9b:1e:28:cb:e3:39:24:78:0e:f2:7e:e6:06:21:b7:
                    f2:0a:e3:b7:16:3b:70:52:38:fe:e1:3f:4c:1e:f6:
                    d8:21:45:3e:89:69:be:a2:77:36:23:18:01:5a:28:
                    bf:88:28:1f:ce:c1:0b:ed:e3:b8:c7:5e:c7:90:11:
                    2c:b0:1e:eb:58:23:95:93:30:60:d3:02:55:b5:ce:
                    44:0f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                64:15:ED:EF:E7:23:F0:F1:58:7C:96:F8:B6:0A:D2:D5:74:41:F7:97
            X509v3 Authority Key Identifier:
                keyid:82:10:D4:37:56:65:4B:10:70:5D:5A:B3:F3:7B:F0:1A:78:B7:8C:47

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A915B536/E4C88972EB7411EABA0A9E48C4F9AE02/ghDUN1ZlSxBwXVqz83vwGni3jEc.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ghDUN1ZlSxBwXVqz83vwGni3jEc.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A915B536/E4C88972EB7411EABA0A9E48C4F9AE02/FF0025F80B7811EEB2EFC643C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:dd8:2::/48

    Signature Algorithm: sha256WithRSAEncryption
         27:87:67:b9:0e:13:82:a0:4e:b3:0e:25:ab:91:db:f4:e5:4f:
         82:14:f1:1f:28:78:d9:54:5f:9c:75:3b:73:52:a1:d7:b7:7d:
         6f:b7:06:cf:a6:73:86:4b:3d:95:88:5a:c6:46:bd:c7:ea:c9:
         27:8f:97:54:26:c0:d9:be:7c:3d:09:a2:23:af:10:5e:a7:7c:
         5e:a0:2b:c4:27:ea:7a:19:d0:3c:c1:7f:f6:e9:b1:82:39:c1:
         25:47:c8:eb:73:4c:57:2f:c4:f9:21:2d:6e:de:ff:eb:f0:4a:
         78:4a:5a:bf:09:0b:ba:fc:4d:62:ef:77:6d:4f:59:b5:38:c4:
         64:b0:01:74:7a:5d:16:af:c4:dd:5f:2e:95:40:1d:1c:83:d8:
         7d:1b:57:17:ff:9c:5e:b6:01:34:b7:80:98:a9:e7:b7:92:0a:
         45:88:c5:07:d2:e3:3e:80:8b:48:00:66:e5:a2:c3:18:a7:c4:
         05:00:27:04:2c:cd:0d:22:b4:71:13:17:1b:96:a2:95:c0:bc:
         a2:f5:e5:9c:07:c5:a8:dc:6a:a9:54:a1:c3:bb:0a:5d:ec:6b:
         05:58:40:6e:d3:e4:45:3a:45:9d:ad:52:2a:0f:7b:cb:68:a4:
         f4:6a:9c:19:9e:2d:90:65:e6:ab:ac:48:a7:2e:3c:c7:b2:b6:
         60:74:d4:c2
-----BEGIN CERTIFICATE-----
MIIFdDCCBFygAwIBAgICB1owDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NUI1MzYxMTAvBgNVBAUTKDgyMTBENDM3NTY2NTRCMTA3MDVENUFCM0YzN0JGMDFB
NzhCNzhDNDcwHhcNMjQwNDEwMjMwMTM3WhcNMjUwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjE3MWE1MS04Zjg0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAoazMvApCyXEcow5sxX8NgPSft9EwM2hmGAD1CKo46Cc0RJ/QA3Vx3BUb2vLU
GW0dzjYOhcbNDj1xlK9r2A9Sb19ZRYl48y6uD7k7CbLAw5Gk3VsNh7CIsSiQMJ0L
8YGJv7xzmMxJ7aQy+z2cep+vt1zowWOB9HlCz+7GhNExFvUOhT2TDEVuvvHSLIe3
5gQMJ8avK5DxcVCNcozyJYnpX8Q3Ob8RdSoPsTnY9Bn3SMeLjJWbHijL4zkkeA7y
fuYGIbfyCuO3FjtwUjj+4T9MHvbYIUU+iWm+onc2IxgBWii/iCgfzsEL7eO4x17H
kBEssB7rWCOVkzBg0wJVtc5EDwIDAQABo4ICmDCCApQwHQYDVR0OBBYEFGQV7e/n
I/DxWHyW+LYK0tV0QfeXMB8GA1UdIwQYMBaAFIIQ1DdWZUsQcF1as/N78Bp4t4xH
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1QjUzNi9FNEM4ODk3MkVC
NzQxMUVBQkEwQTlFNDhDNEY5QUUwMi9naERVTjFabFN4QndYVnF6ODN2d0duaTNq
RWMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2doRFVOMVpsU3hCd1hWcXo4M3Z3R25pM2pFYy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NUI1MzYvRTRDODg5NzJFQjc0MTFFQUJBMEE5RTQ4QzRGOUFFMDIvRkYwMDI1Rjgw
Qjc4MTFFRUIyRUZDNjQzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwIgYIKwYBBQUHAQcBAf8E
EzARMA8EAgACMAkDBwAgAQ3YAAIwDQYJKoZIhvcNAQELBQADggEBACeHZ7kOE4Kg
TrMOJauR2/TlT4IU8R8oeNlUX5x1O3NSode3fW+3Bs+mc4ZLPZWIWsZGvcfqySeP
l1QmwNm+fD0JoiOvEF6nfF6gK8Qn6noZ0DzBf/bpsYI5wSVHyOtzTFcvxPkhLW7e
/+vwSnhKWr8JC7r8TWLvd21PWbU4xGSwAXR6XRavxN1fLpVAHRyD2H0bVxf/nF62
ATS3gJip57eSCkWIxQfS4z6Ai0gAZuWiwxinxAUAJwQszQ0itHETFxuWopXAvKL1
5ZwHxajcaqlUocO7Cl3sawVYQG7T5EU6RZ2tUioPe8topPRqnBmeLZBl5qusSKcu
PMeytmB01MI=
-----END CERTIFICATE-----
Generated at Fri Nov 22 22:14:28 2024 by rpki-client on console-ams.rpki-client.org