Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A917ED5C/B56422D0860811EA92999571C4F9AE02/84E5AEAE9DBB11ECAEF71E5FC4F9AE02.roa
File:                     84E5AEAE9DBB11ECAEF71E5FC4F9AE02.roa (raw, json)
Hash identifier:          Z2Km0H2WB3ZoumyrnJG/RRHKORajEEK1LSTb5jvBoKc=
Subject key identifier:   58:52:DF:9C:64:CC:70:84:8F:28:49:7C:66:9D:5A:58:0B:8E:5C:D0
Certificate issuer:       /CN=A917ED5C/serialNumber=6FD2E1FE04EAFF9027CE5313150BE84DE11CA1A5
Certificate serial:       0A6E
Authority key identifier: 6F:D2:E1:FE:04:EA:FF:90:27:CE:53:13:15:0B:E8:4D:E1:1C:A1:A5
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/b9Lh_gTq_5AnzlMTFQvoTeEcoaU.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A917ED5C/B56422D0860811EA92999571C4F9AE02/84E5AEAE9DBB11ECAEF71E5FC4F9AE02.roa
Signing time:             Sun 14 May 2023 22:15:12 +0000
ROA not before:           Sun 14 May 2023 22:15:12 +0000
ROA not after:            Tue 30 Jul 2024 00:00:00 +0000
asID:                     20473
IP address blocks:        2406:840:9888::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A917ED5C/B56422D0860811EA92999571C4F9AE02/b9Lh_gTq_5AnzlMTFQvoTeEcoaU.crl
                          rsync://rpki.apnic.net/member_repository/A917ED5C/B56422D0860811EA92999571C4F9AE02/b9Lh_gTq_5AnzlMTFQvoTeEcoaU.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/b9Lh_gTq_5AnzlMTFQvoTeEcoaU.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 21 May 2023 20:18:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2670 (0xa6e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A917ED5C/serialNumber=6FD2E1FE04EAFF9027CE5313150BE84DE11CA1A5
        Validity
            Not Before: May 14 22:15:12 2023 GMT
            Not After : Jul 30 00:00:00 2024 GMT
        Subject: CN=64615d70-1630
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:91:07:c2:31:1a:2c:f9:e7:e3:ee:b2:96:3e:
                    52:c5:6a:94:3e:b3:71:fa:ec:1b:42:8c:3d:a4:f0:
                    3a:85:7d:2f:14:ee:71:aa:bd:6c:90:ab:47:ca:60:
                    0f:f2:01:94:4c:b5:43:d9:e4:58:0f:8b:21:7c:97:
                    f6:2d:01:df:a2:f6:09:cf:92:ae:c1:bc:5d:13:66:
                    4d:51:71:58:a2:7c:2f:a9:92:c1:53:78:be:d2:36:
                    83:25:4f:67:9d:09:8e:20:e2:b0:0b:fe:85:b4:81:
                    e3:30:b7:35:37:13:f9:2e:f7:ad:9e:15:c8:6f:48:
                    52:19:b8:f2:22:45:7e:00:30:f1:52:31:45:5d:ea:
                    33:b7:86:d3:2e:f1:89:c5:d1:94:3b:24:2b:9e:ad:
                    e3:60:b9:d2:17:22:58:e4:0e:2c:e5:0b:b9:f0:40:
                    c5:a6:e6:97:1c:2c:7f:6c:5d:53:be:7a:80:d0:b6:
                    a7:26:ed:14:33:49:27:be:d8:97:db:8f:c7:08:7d:
                    32:b7:94:0a:3a:06:61:3b:25:1f:ef:48:a1:13:45:
                    06:21:1a:ab:bd:ba:7c:18:f3:30:f5:0a:63:1c:17:
                    c1:0c:01:28:8f:dc:78:f2:15:25:ee:95:74:6e:b2:
                    b0:e3:ac:28:eb:64:81:08:b5:ce:8b:bf:d0:73:5c:
                    c5:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier: 
                58:52:DF:9C:64:CC:70:84:8F:28:49:7C:66:9D:5A:58:0B:8E:5C:D0
            X509v3 Authority Key Identifier: 
                keyid:6F:D2:E1:FE:04:EA:FF:90:27:CE:53:13:15:0B:E8:4D:E1:1C:A1:A5

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points: 

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A917ED5C/B56422D0860811EA92999571C4F9AE02/b9Lh_gTq_5AnzlMTFQvoTeEcoaU.crl

            Authority Information Access: 
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/b9Lh_gTq_5AnzlMTFQvoTeEcoaU.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access: 
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A917ED5C/B56422D0860811EA92999571C4F9AE02/84E5AEAE9DBB11ECAEF71E5FC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:840:9888::/48

    Signature Algorithm: sha256WithRSAEncryption
         01:32:db:74:79:ec:2e:e0:6e:2f:bd:84:90:d9:d1:cc:8d:53:
         d6:25:ae:f3:2b:2a:98:86:57:b9:6d:ff:5a:da:f5:bf:78:52:
         e9:98:a9:ca:71:80:86:b2:51:d6:9b:5c:1a:ca:ce:55:35:c5:
         ec:b9:fc:b0:bf:1d:a5:1d:5f:15:84:8d:56:af:23:9b:84:b0:
         a4:aa:8c:53:be:6c:b6:78:31:2f:8e:35:b5:79:3d:c4:90:4c:
         c9:1d:67:8e:d9:96:c2:e2:82:18:da:0a:09:49:d2:d9:cf:88:
         52:d7:09:ee:0c:ca:f2:6d:1c:ed:7b:e1:4f:c4:14:32:9f:9c:
         35:65:b7:b2:f3:7b:d3:f6:55:53:76:6d:40:ef:e7:a9:a8:07:
         52:8c:7b:b0:28:21:9e:54:44:a0:0e:17:e1:e3:4c:a6:0b:c0:
         c5:11:8f:cb:69:24:b6:a7:4e:d2:e7:6b:ff:58:76:50:a2:f2:
         ae:ff:4d:c7:c1:23:e8:a5:90:4c:40:8e:29:b1:b5:18:60:34:
         e4:ad:91:2c:da:19:2e:3b:7f:54:39:01:8d:55:78:b9:79:90:
         eb:5f:6a:8d:18:d5:3f:4f:03:b3:d3:0b:78:d6:73:13:c1:44:
         22:73:d9:a6:ba:65:82:bd:7d:bd:8b:ae:74:33:dd:76:a0:3e:
         d8:16:da:9f
-----BEGIN CERTIFICATE-----
MIIFdDCCBFygAwIBAgICCm4wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
N0VENUMxMTAvBgNVBAUTKDZGRDJFMUZFMDRFQUZGOTAyN0NFNTMxMzE1MEJFODRE
RTExQ0ExQTUwHhcNMjMwNTE0MjIxNTEyWhcNMjQwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NDYxNWQ3MC0xNjMwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAzpEHwjEaLPnn4+6ylj5SxWqUPrNx+uwbQow9pPA6hX0vFO5xqr1skKtHymAP
8gGUTLVD2eRYD4shfJf2LQHfovYJz5KuwbxdE2ZNUXFYonwvqZLBU3i+0jaDJU9n
nQmOIOKwC/6FtIHjMLc1NxP5LvetnhXIb0hSGbjyIkV+ADDxUjFFXeozt4bTLvGJ
xdGUOyQrnq3jYLnSFyJY5A4s5Qu58EDFpuaXHCx/bF1TvnqA0LanJu0UM0knvtiX
24/HCH0yt5QKOgZhOyUf70ihE0UGIRqrvbp8GPMw9QpjHBfBDAEoj9x48hUl7pV0
brKw46wo62SBCLXOi7/Qc1zFFwIDAQABo4ICmDCCApQwHQYDVR0OBBYEFFhS35xk
zHCEjyhJfGadWlgLjlzQMB8GA1UdIwQYMBaAFG/S4f4E6v+QJ85TExUL6E3hHKGl
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3RUQ1Qy9CNTY0MjJEMDg2
MDgxMUVBOTI5OTk1NzFDNEY5QUUwMi9iOUxoX2dUcV81QW56bE1URlF2b1RlRWNv
YVUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2I5TGhfZ1RxXzVBbnpsTVRGUXZvVGVFY29hVS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
N0VENUMvQjU2NDIyRDA4NjA4MTFFQTkyOTk5NTcxQzRGOUFFMDIvODRFNUFFQUU5
REJCMTFFQ0FFRjcxRTVGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwIgYIKwYBBQUHAQcBAf8E
EzARMA8EAgACMAkDBwAkBghAmIgwDQYJKoZIhvcNAQELBQADggEBAAEy23R57C7g
bi+9hJDZ0cyNU9YlrvMrKpiGV7lt/1ra9b94UumYqcpxgIayUdabXBrKzlU1xey5
/LC/HaUdXxWEjVavI5uEsKSqjFO+bLZ4MS+ONbV5PcSQTMkdZ47ZlsLighjaCglJ
0tnPiFLXCe4MyvJtHO174U/EFDKfnDVlt7Lze9P2VVN2bUDv56moB1KMe7AoIZ5U
RKAOF+HjTKYLwMURj8tpJLanTtLna/9YdlCi8q7/TcfBI+ilkExAjimxtRhgNOSt
kSzaGS47f1Q5AY1VeLl5kOtfao0Y1T9PA7PTC3jWcxPBRCJz2aa6ZYK9fb2LrnQz
3XagPtgW2p8=
-----END CERTIFICATE-----
Generated at Sun May 14 22:45:35 2023 by rpki-client on console-ams.rpki-client.org