Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A919EF51/BA3CD4A63D8211EA9F267370C4F9AE02/BC60BC2A63F711EA8CBEB029C4F9AE02.roa
File:                     BC60BC2A63F711EA8CBEB029C4F9AE02.roa (raw, json)
Hash identifier:          lRbBYfJxVayFL3RVUpLG4a+ltohVMNEx8kUndmDOO18=
Subject key identifier:   B7:76:21:E1:81:61:07:F1:B2:45:B3:23:00:9D:18:67:0D:F9:BC:EB
Certificate issuer:       /CN=A919EF51/serialNumber=52D680E045DCE990789E0D7772617C60C36ED18E
Certificate serial:       09E5
Authority key identifier: 52:D6:80:E0:45:DC:E9:90:78:9E:0D:77:72:61:7C:60:C3:6E:D1:8E
Authority info access:    rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/UtaA4EXc6ZB4ng13cmF8YMNu0Y4.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A919EF51/BA3CD4A63D8211EA9F267370C4F9AE02/BC60BC2A63F711EA8CBEB029C4F9AE02.roa
Signing time:             Tue 12 Sep 2023 19:57:42 +0000
ROA not before:           Tue 12 Sep 2023 19:57:42 +0000
ROA not after:            Sun 01 Dec 2024 00:00:00 +0000
asID:                     0
IP address blocks:        2001:7fa:11::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A919EF51/BA3CD4A63D8211EA9F267370C4F9AE02/UtaA4EXc6ZB4ng13cmF8YMNu0Y4.crl
                          rsync://rpki.apnic.net/member_repository/A919EF51/BA3CD4A63D8211EA9F267370C4F9AE02/UtaA4EXc6ZB4ng13cmF8YMNu0Y4.mft
                          rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/UtaA4EXc6ZB4ng13cmF8YMNu0Y4.cer
                          rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/DPzneFf88B852ZpitKpi5hWedvg.crl
                          rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/DPzneFf88B852ZpitKpi5hWedvg.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DPzneFf88B852ZpitKpi5hWedvg.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 02 Apr 2024 14:50:12 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2533 (0x9e5)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A919EF51/serialNumber=52D680E045DCE990789E0D7772617C60C36ED18E
        Validity
            Not Before: Sep 12 19:57:42 2023 GMT
            Not After : Dec  1 00:00:00 2024 GMT
        Subject: CN=6500c2b6-1d0d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:6e:ca:16:74:ea:24:fd:43:53:3b:a4:46:1b:
                    1d:5e:22:e0:8d:37:9f:32:dd:57:dd:cd:c4:d4:cd:
                    09:03:dd:48:02:b8:6c:54:7b:9e:e5:d4:ff:11:b8:
                    fb:df:93:d5:1e:0c:c6:e8:43:29:b8:49:01:64:ce:
                    a5:57:4c:9e:c8:64:0a:bd:48:6a:fb:7d:45:f9:6d:
                    05:96:35:7f:3b:0f:6a:cf:d0:75:f9:32:9c:1e:4c:
                    1e:c9:3c:90:4a:d3:e4:d6:95:f0:f2:a2:b4:66:93:
                    3d:ba:9f:af:e4:e5:8a:d9:23:c6:dd:f1:69:dc:c8:
                    09:54:9e:99:78:fe:23:78:ec:51:d3:84:41:02:94:
                    bf:e8:a5:77:ea:77:3a:8d:7b:f6:e4:9a:95:c1:04:
                    fd:87:4c:f2:00:c7:33:36:b9:77:f3:be:28:ec:ca:
                    0d:ea:80:f6:68:25:94:2f:0e:e0:e6:01:8d:14:bb:
                    9a:da:32:0c:c8:c0:72:d9:1d:d1:9d:ff:2a:48:8d:
                    80:ff:e7:2c:b0:be:f2:5a:e5:f9:a2:2f:b0:f4:62:
                    39:69:0f:11:62:b9:bf:ff:17:a6:d6:c9:02:4d:0f:
                    45:fd:aa:9b:45:0d:73:3b:c0:07:7a:1e:d9:e6:77:
                    1b:00:5d:29:b2:e6:00:7d:b1:18:5d:f9:cc:f0:a3:
                    15:d7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B7:76:21:E1:81:61:07:F1:B2:45:B3:23:00:9D:18:67:0D:F9:BC:EB
            X509v3 Authority Key Identifier:
                keyid:52:D6:80:E0:45:DC:E9:90:78:9E:0D:77:72:61:7C:60:C3:6E:D1:8E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A919EF51/BA3CD4A63D8211EA9F267370C4F9AE02/UtaA4EXc6ZB4ng13cmF8YMNu0Y4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/UtaA4EXc6ZB4ng13cmF8YMNu0Y4.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A919EF51/BA3CD4A63D8211EA9F267370C4F9AE02/BC60BC2A63F711EA8CBEB029C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:7fa:11::/48

    Signature Algorithm: sha256WithRSAEncryption
         9d:a4:e6:21:ef:84:e0:80:c0:81:03:b5:55:09:21:89:f9:91:
         bc:dc:a4:8b:3d:9e:0f:05:cf:76:e3:ed:bf:30:84:b5:b6:82:
         fe:a9:5f:f3:ca:c6:25:37:59:14:65:76:af:fe:86:10:02:5f:
         24:e8:ab:e4:fd:6f:00:05:98:60:01:ab:ff:b2:c1:60:b5:70:
         13:4c:cc:3a:da:9a:ea:13:c1:9e:a6:1b:27:af:c1:bd:cc:e8:
         b0:c4:bd:7e:3a:be:08:4f:3e:c6:80:44:e7:73:b4:54:69:ea:
         98:35:6d:fa:c9:9e:66:2e:cd:dd:b9:d9:ae:74:1e:10:ef:1c:
         36:b1:63:8e:69:1a:a6:0e:09:3c:2e:b7:3f:24:af:cc:7c:c1:
         9c:17:70:fa:de:02:cb:07:65:70:4f:cc:b3:01:28:78:c8:13:
         f2:d3:73:6a:03:96:f7:74:75:0d:f5:4f:7c:62:af:2a:f7:6c:
         27:f6:af:a3:12:8f:c8:4e:9f:84:d4:f2:cf:fb:f4:3a:ff:1b:
         11:a9:18:62:a9:99:50:a7:5a:31:56:46:63:6e:00:c3:ef:df:
         33:7a:e5:92:d3:b1:62:8c:f0:58:d2:6e:56:9c:32:9a:35:83:
         e8:9c:21:e9:86:27:5b:a5:2f:28:c2:18:fd:37:3e:58:c0:07:
         5b:d7:6a:47
-----BEGIN CERTIFICATE-----
MIIFdDCCBFygAwIBAgICCeUwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OUVGNTExMTAvBgNVBAUTKDUyRDY4MEUwNDVEQ0U5OTA3ODlFMEQ3NzcyNjE3QzYw
QzM2RUQxOEUwHhcNMjMwOTEyMTk1NzQyWhcNMjQxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTAwYzJiNi0xZDBkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA0G7KFnTqJP1DUzukRhsdXiLgjTefMt1X3c3E1M0JA91IArhsVHue5dT/Ebj7
35PVHgzG6EMpuEkBZM6lV0yeyGQKvUhq+31F+W0FljV/Ow9qz9B1+TKcHkweyTyQ
StPk1pXw8qK0ZpM9up+v5OWK2SPG3fFp3MgJVJ6ZeP4jeOxR04RBApS/6KV36nc6
jXv25JqVwQT9h0zyAMczNrl3874o7MoN6oD2aCWULw7g5gGNFLua2jIMyMBy2R3R
nf8qSI2A/+cssL7yWuX5oi+w9GI5aQ8RYrm//xem1skCTQ9F/aqbRQ1zO8AHeh7Z
5ncbAF0psuYAfbEYXfnM8KMV1wIDAQABo4ICmDCCApQwHQYDVR0OBBYEFLd2IeGB
YQfxskWzIwCdGGcN+bzrMB8GA1UdIwQYMBaAFFLWgOBF3OmQeJ4Nd3JhfGDDbtGO
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5RUY1MS9CQTNDRDRBNjNE
ODIxMUVBOUYyNjczNzBDNEY5QUUwMi9VdGFBNEVYYzZaQjRuZzEzY21GOFlNTnUw
WTQuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzMjJBNUY0MUQ2NjExRTJBM0YyN0Y3Qzcy
RkQxRkYyL1V0YUE0RVhjNlpCNG5nMTNjbUY4WU1OdTBZNC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OUVGNTEvQkEzQ0Q0QTYzRDgyMTFFQTlGMjY3MzcwQzRGOUFFMDIvQkM2MEJDMkE2
M0Y3MTFFQThDQkVCMDI5QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwIgYIKwYBBQUHAQcBAf8E
EzARMA8EAgACMAkDBwAgAQf6ABEwDQYJKoZIhvcNAQELBQADggEBAJ2k5iHvhOCA
wIEDtVUJIYn5kbzcpIs9ng8Fz3bj7b8whLW2gv6pX/PKxiU3WRRldq/+hhACXyTo
q+T9bwAFmGABq/+ywWC1cBNMzDramuoTwZ6mGyevwb3M6LDEvX46vghPPsaAROdz
tFRp6pg1bfrJnmYuzd252a50HhDvHDaxY45pGqYOCTwutz8kr8x8wZwXcPreAssH
ZXBPzLMBKHjIE/LTc2oDlvd0dQ31T3xiryr3bCf2r6MSj8hOn4TU8s/79Dr/GxGp
GGKpmVCnWjFWRmNuAMPv3zN65ZLTsWKM8FjSblacMpo1g+icIemGJ1ulLyjCGP03
PljAB1vXakc=
-----END CERTIFICATE-----
Generated at Tue Mar 26 21:07:02 2024 by rpki-client on console-fra.rpki-client.org