Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91618BC/ED7B62AC5D8711EC9C1D702CC4F9AE02/49FBE75A5DDC11ECBEA38D83C4F9AE02.roa
File:                     49FBE75A5DDC11ECBEA38D83C4F9AE02.roa (raw, json)
Hash identifier:          81N7rS4mpV/9LQx26PrwjCYkXjjpLFvCQujLdJo94mo=
Subject key identifier:   FB:A4:23:AC:70:FD:2C:B8:BD:E7:98:4D:87:85:EE:20:8C:99:64:02
Certificate issuer:       /CN=A91618BC/serialNumber=1AEBCD82D7028343B745AD406739CDB92D4DFB77
Certificate serial:       03B0
Authority key identifier: 1A:EB:CD:82:D7:02:83:43:B7:45:AD:40:67:39:CD:B9:2D:4D:FB:77
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/GuvNgtcCg0O3Ra1AZznNuS1N-3c.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91618BC/ED7B62AC5D8711EC9C1D702CC4F9AE02/49FBE75A5DDC11ECBEA38D83C4F9AE02.roa
Signing time:             Wed 31 Jan 2024 03:05:25 +0000
ROA not before:           Wed 31 Jan 2024 03:05:25 +0000
ROA not after:            Mon 31 Mar 2025 00:00:00 +0000
asID:                     41378
IP address blocks:        2407:9240:2700::/40 maxlen: 40

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91618BC/ED7B62AC5D8711EC9C1D702CC4F9AE02/GuvNgtcCg0O3Ra1AZznNuS1N-3c.crl
                          rsync://rpki.apnic.net/member_repository/A91618BC/ED7B62AC5D8711EC9C1D702CC4F9AE02/GuvNgtcCg0O3Ra1AZznNuS1N-3c.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/GuvNgtcCg0O3Ra1AZznNuS1N-3c.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 03 Apr 2024 02:31:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 944 (0x3b0)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91618BC/serialNumber=1AEBCD82D7028343B745AD406739CDB92D4DFB77
        Validity
            Not Before: Jan 31 03:05:25 2024 GMT
            Not After : Mar 31 00:00:00 2025 GMT
        Subject: CN=65b9b8f5-a541
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:df:69:ef:97:36:34:ee:5e:fc:36:b3:3c:96:2b:
                    9a:02:96:83:cc:82:d9:05:f0:7f:74:88:0f:11:fa:
                    d5:a0:5f:5d:19:64:06:6b:52:f1:c2:4b:27:ba:76:
                    dc:35:17:b0:bb:42:fe:b5:7b:f2:97:6f:7c:15:87:
                    32:50:93:26:0f:45:55:ed:dd:cc:31:85:cd:3e:cb:
                    7f:51:3e:c2:91:3a:76:10:14:88:f9:b8:6b:26:63:
                    e7:9c:da:2f:c3:2e:ca:1c:7a:7f:53:45:51:ce:e7:
                    d4:95:95:7d:10:b6:dc:a6:3d:eb:f6:e9:a0:8c:87:
                    f9:28:10:cc:8d:f1:36:bb:2d:ea:1f:bf:10:6d:77:
                    15:59:e5:c0:02:4b:47:5c:b3:db:9b:1e:f4:6b:9c:
                    09:df:61:5f:2c:42:6d:1d:0c:b8:0a:18:ba:92:68:
                    55:bf:6e:ce:32:57:04:7f:59:a3:9c:d5:6a:dd:a5:
                    48:94:d6:a8:b2:66:ff:9b:7d:d0:df:d5:00:c2:b2:
                    c9:dd:37:c4:ff:05:b5:b8:a0:5e:9a:6b:71:52:99:
                    aa:cf:d5:56:27:bc:67:68:46:f8:dd:0a:00:f0:1b:
                    b9:12:65:09:02:30:05:9f:29:e7:2a:a9:b9:af:05:
                    fe:7a:0b:e2:55:78:e7:b8:a9:28:f3:a1:35:5d:00:
                    ae:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FB:A4:23:AC:70:FD:2C:B8:BD:E7:98:4D:87:85:EE:20:8C:99:64:02
            X509v3 Authority Key Identifier:
                keyid:1A:EB:CD:82:D7:02:83:43:B7:45:AD:40:67:39:CD:B9:2D:4D:FB:77

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91618BC/ED7B62AC5D8711EC9C1D702CC4F9AE02/GuvNgtcCg0O3Ra1AZznNuS1N-3c.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/GuvNgtcCg0O3Ra1AZznNuS1N-3c.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91618BC/ED7B62AC5D8711EC9C1D702CC4F9AE02/49FBE75A5DDC11ECBEA38D83C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2407:9240:2700::/40

    Signature Algorithm: sha256WithRSAEncryption
         18:58:50:5e:92:9e:d2:bd:7f:31:a3:7c:f5:a4:ca:76:68:60:
         de:4c:69:37:1d:0a:a1:2c:29:48:02:76:8f:58:49:b0:21:bc:
         14:99:4c:1f:3a:33:2d:55:e3:5b:7f:4c:5e:0e:c2:87:c9:e3:
         17:d0:c1:5b:fd:50:ad:65:3a:13:0d:37:e6:e8:ae:91:60:90:
         b2:31:66:af:1b:b2:88:33:b3:2a:d9:97:da:d1:31:bd:eb:f5:
         18:3b:7e:a5:0f:2b:00:49:30:1f:50:eb:dc:c6:32:6d:62:8b:
         cf:12:ce:bd:68:41:f7:2b:f5:55:fb:b6:27:81:fc:2f:43:e1:
         c4:8a:93:3f:3b:51:b0:c0:8e:d5:fb:94:77:8c:6c:3e:ad:04:
         b3:1b:52:f1:70:7f:6e:00:69:81:ce:66:c5:9f:2e:d1:e4:1b:
         74:c6:53:29:06:54:1a:ea:85:6a:87:fa:be:3c:97:07:c5:a7:
         b0:86:5d:26:e1:34:4b:92:dc:85:fa:8a:5c:ab:20:a6:fe:a4:
         51:d4:aa:d7:58:47:fb:f3:e8:13:b6:c8:66:b8:8b:7e:58:4b:
         63:e4:53:63:99:54:b8:fb:d1:2c:69:20:52:09:35:1d:67:97:
         50:a4:f2:65:ad:8d:42:a2:af:92:a5:52:a0:9f:ee:5f:6f:5b:
         8d:f5:a1:3d
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgICA7AwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NjE4QkMxMTAvBgNVBAUTKDFBRUJDRDgyRDcwMjgzNDNCNzQ1QUQ0MDY3MzlDREI5
MkQ0REZCNzcwHhcNMjQwMTMxMDMwNTI1WhcNMjUwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWI5YjhmNS1hNTQxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA32nvlzY07l78NrM8liuaApaDzILZBfB/dIgPEfrVoF9dGWQGa1Lxwksnunbc
NRewu0L+tXvyl298FYcyUJMmD0VV7d3MMYXNPst/UT7CkTp2EBSI+bhrJmPnnNov
wy7KHHp/U0VRzufUlZV9ELbcpj3r9umgjIf5KBDMjfE2uy3qH78QbXcVWeXAAktH
XLPbmx70a5wJ32FfLEJtHQy4Chi6kmhVv27OMlcEf1mjnNVq3aVIlNaosmb/m33Q
39UAwrLJ3TfE/wW1uKBemmtxUpmqz9VWJ7xnaEb43QoA8Bu5EmUJAjAFnynnKqm5
rwX+egviVXjnuKko86E1XQCuyQIDAQABo4IClzCCApMwHQYDVR0OBBYEFPukI6xw
/Sy4veeYTYeF7iCMmWQCMB8GA1UdIwQYMBaAFBrrzYLXAoNDt0WtQGc5zbktTft3
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE2MThCQy9FRDdCNjJBQzVE
ODcxMUVDOUMxRDcwMkNDNEY5QUUwMi9HdXZOZ3RjQ2cwTzNSYTFBWnpuTnVTMU4t
M2MuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0d1dk5ndGNDZzBPM1JhMUFaem5OdVMxTi0zYy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NjE4QkMvRUQ3QjYyQUM1RDg3MTFFQzlDMUQ3MDJDQzRGOUFFMDIvNDlGQkU3NUE1
RERDMTFFQ0JFQTM4RDgzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwIQYIKwYBBQUHAQcBAf8E
EjAQMA4EAgACMAgDBgAkB5JAJzANBgkqhkiG9w0BAQsFAAOCAQEAGFhQXpKe0r1/
MaN89aTKdmhg3kxpNx0KoSwpSAJ2j1hJsCG8FJlMHzozLVXjW39MXg7Ch8njF9DB
W/1QrWU6Ew035uiukWCQsjFmrxuyiDOzKtmX2tExvev1GDt+pQ8rAEkwH1Dr3MYy
bWKLzxLOvWhB9yv1Vfu2J4H8L0PhxIqTPztRsMCO1fuUd4xsPq0EsxtS8XB/bgBp
gc5mxZ8u0eQbdMZTKQZUGuqFaof6vjyXB8WnsIZdJuE0S5LchfqKXKsgpv6kUdSq
11hH+/PoE7bIZriLflhLY+RTY5lUuPvRLGkgUgk1HWeXUKTyZa2NQqKvkqVSoJ/u
X29bjfWhPQ==
-----END CERTIFICATE-----
Generated at Wed Mar 27 05:24:18 2024 by rpki-client on console-fra.rpki-client.org