Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91B625F/22D91F7211CE11EB8AD05A2BC4F9AE02/F255E05612DB11EBBE14D853C4F9AE02.roa
File:                     F255E05612DB11EBBE14D853C4F9AE02.roa (raw, json)
Hash identifier:          Rn2RY2KvZWLWrXubluwgWCKN//O/t5ln1nPe/3YiWc4=
Subject key identifier:   00:E5:91:23:50:FD:B3:71:D5:D6:27:7E:57:9A:04:55:0C:FE:4D:7A
Certificate issuer:       /CN=A91B625F/serialNumber=E155B82A87D28E877602F994F8FFD3E744AAF480
Certificate serial:       06CD
Authority key identifier: E1:55:B8:2A:87:D2:8E:87:76:02:F9:94:F8:FF:D3:E7:44:AA:F4:80
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/4VW4KofSjod2AvmU-P_T50Sq9IA.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91B625F/22D91F7211CE11EB8AD05A2BC4F9AE02/F255E05612DB11EBBE14D853C4F9AE02.roa
Signing time:             Mon 20 Nov 2023 22:50:25 +0000
ROA not before:           Mon 20 Nov 2023 22:50:25 +0000
ROA not after:            Fri 31 Jan 2025 00:00:00 +0000
asID:                     209557
IP address blocks:        2406:9dc0:40::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91B625F/22D91F7211CE11EB8AD05A2BC4F9AE02/4VW4KofSjod2AvmU-P_T50Sq9IA.crl
                          rsync://rpki.apnic.net/member_repository/A91B625F/22D91F7211CE11EB8AD05A2BC4F9AE02/4VW4KofSjod2AvmU-P_T50Sq9IA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/4VW4KofSjod2AvmU-P_T50Sq9IA.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 23 Jul 2024 22:23:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1741 (0x6cd)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91B625F/serialNumber=E155B82A87D28E877602F994F8FFD3E744AAF480
        Validity
            Not Before: Nov 20 22:50:25 2023 GMT
            Not After : Jan 31 00:00:00 2025 GMT
        Subject: CN=655be2b1-93b8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:7d:2e:82:ef:be:8f:56:6f:1c:5b:7e:c1:ca:
                    14:52:08:17:b3:b3:85:86:f6:22:58:72:ed:89:9e:
                    60:cb:26:0c:39:09:af:db:fb:c7:70:9d:70:00:3d:
                    10:e1:79:76:9e:f5:9e:3e:f4:f7:5a:7f:ab:87:c8:
                    14:40:d5:fd:5a:2d:b9:44:89:f5:45:4d:05:5e:92:
                    50:4f:33:85:ba:58:14:24:7f:a6:80:c2:05:dc:a6:
                    a1:cd:9a:15:b9:8f:cd:7b:c3:cc:47:8b:51:55:8e:
                    bc:4b:9d:54:54:59:df:e0:86:5f:20:9e:d6:78:61:
                    d4:7c:1f:35:35:68:cd:fc:49:c2:12:d1:9a:a2:a1:
                    7f:26:67:90:53:e4:f7:e0:64:33:08:c1:ac:4c:a7:
                    83:5b:92:ce:f2:00:94:6c:c5:57:0e:71:e2:90:d5:
                    79:1d:74:60:00:1c:44:00:3e:f0:cd:bf:52:65:7f:
                    6e:d0:e0:35:51:5b:4b:f7:a1:ef:c0:9b:8e:b6:bd:
                    71:d6:97:29:d4:e6:69:26:f8:5f:33:ff:08:ad:4a:
                    ac:2b:de:49:6b:06:b1:6b:23:e3:ed:2b:50:79:22:
                    37:64:f7:74:15:54:3e:10:e7:ef:df:d6:f4:0d:18:
                    7d:32:f4:b2:2c:07:30:bd:df:93:a7:52:f9:26:ef:
                    bd:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:E5:91:23:50:FD:B3:71:D5:D6:27:7E:57:9A:04:55:0C:FE:4D:7A
            X509v3 Authority Key Identifier:
                keyid:E1:55:B8:2A:87:D2:8E:87:76:02:F9:94:F8:FF:D3:E7:44:AA:F4:80

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91B625F/22D91F7211CE11EB8AD05A2BC4F9AE02/4VW4KofSjod2AvmU-P_T50Sq9IA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/4VW4KofSjod2AvmU-P_T50Sq9IA.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B625F/22D91F7211CE11EB8AD05A2BC4F9AE02/F255E05612DB11EBBE14D853C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2406:9dc0:40::/44

    Signature Algorithm: sha256WithRSAEncryption
         42:22:f9:22:e4:69:ce:c9:34:8e:66:7b:1a:89:cf:f7:3d:76:
         84:34:67:c0:9f:42:14:52:6d:e2:ce:f8:9a:f4:ba:f5:db:01:
         e9:76:e7:83:d4:c3:8a:fb:77:b7:98:4c:8e:4a:10:21:d7:44:
         98:87:07:db:43:ae:72:12:8d:8a:03:08:c6:ad:39:82:c6:95:
         54:93:33:78:cd:8d:4a:d9:60:7d:5c:9c:57:73:3b:40:7a:5f:
         d2:3e:3f:ad:0c:8d:ad:fb:e9:e9:b4:57:34:56:97:cf:d7:f0:
         c1:03:08:85:2a:06:30:0b:c0:59:f8:67:2e:59:c6:02:99:76:
         ed:31:7b:77:5a:34:31:04:5b:b3:10:26:ef:fe:29:b9:7b:21:
         51:8c:21:f2:a5:c4:1c:8f:6c:7b:35:b8:51:aa:f2:35:18:00:
         25:45:60:76:3b:ce:40:7b:74:bf:f5:dd:9d:a1:a7:2a:2b:b8:
         e9:b9:e7:46:91:37:10:c8:d0:07:5a:b3:d6:40:31:74:a2:5f:
         92:e1:06:41:e8:b3:ca:5d:12:75:58:99:eb:7b:10:1f:10:bc:
         47:ca:00:13:aa:81:dc:71:78:2f:22:25:00:87:96:81:7c:61:
         8c:7a:c2:91:03:d0:d9:73:22:cf:a3:5c:dc:e4:9a:4f:7e:79:
         8c:ab:78:4e
-----BEGIN CERTIFICATE-----
MIIFdDCCBFygAwIBAgICBs0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QjYyNUYxMTAvBgNVBAUTKEUxNTVCODJBODdEMjhFODc3NjAyRjk5NEY4RkZEM0U3
NDRBQUY0ODAwHhcNMjMxMTIwMjI1MDI1WhcNMjUwMTMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTViZTJiMS05M2I4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEArH0ugu++j1ZvHFt+wcoUUggXs7OFhvYiWHLtiZ5gyyYMOQmv2/vHcJ1wAD0Q
4Xl2nvWePvT3Wn+rh8gUQNX9Wi25RIn1RU0FXpJQTzOFulgUJH+mgMIF3KahzZoV
uY/Ne8PMR4tRVY68S51UVFnf4IZfIJ7WeGHUfB81NWjN/EnCEtGaoqF/JmeQU+T3
4GQzCMGsTKeDW5LO8gCUbMVXDnHikNV5HXRgABxEAD7wzb9SZX9u0OA1UVtL96Hv
wJuOtr1x1pcp1OZpJvhfM/8IrUqsK95JawaxayPj7StQeSI3ZPd0FVQ+EOfv39b0
DRh9MvSyLAcwvd+Tp1L5Ju+9vQIDAQABo4ICmDCCApQwHQYDVR0OBBYEFADlkSNQ
/bNx1dYnfleaBFUM/k16MB8GA1UdIwQYMBaAFOFVuCqH0o6HdgL5lPj/0+dEqvSA
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCNjI1Ri8yMkQ5MUY3MjEx
Q0UxMUVCOEFEMDVBMkJDNEY5QUUwMi80Vlc0S29mU2pvZDJBdm1VLVBfVDUwU3E5
SUEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzRWVzRLb2ZTam9kMkF2bVUtUF9UNTBTcTlJQS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QjYyNUYvMjJEOTFGNzIxMUNFMTFFQjhBRDA1QTJCQzRGOUFFMDIvRjI1NUUwNTYx
MkRCMTFFQkJFMTREODUzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwIgYIKwYBBQUHAQcBAf8E
EzARMA8EAgACMAkDBwQkBp3AAEAwDQYJKoZIhvcNAQELBQADggEBAEIi+SLkac7J
NI5mexqJz/c9doQ0Z8CfQhRSbeLO+Jr0uvXbAel254PUw4r7d7eYTI5KECHXRJiH
B9tDrnISjYoDCMatOYLGlVSTM3jNjUrZYH1cnFdzO0B6X9I+P60Mja376em0VzRW
l8/X8MEDCIUqBjALwFn4Zy5ZxgKZdu0xe3daNDEEW7MQJu/+Kbl7IVGMIfKlxByP
bHs1uFGq8jUYACVFYHY7zkB7dL/13Z2hpyoruOm550aRNxDI0Adas9ZAMXSiX5Lh
BkHos8pdEnVYmet7EB8QvEfKABOqgdxxeC8iJQCHloF8YYx6wpED0NlzIs+jXNzk
mk9+eYyreE4=
-----END CERTIFICATE-----
Generated at Wed Jul 17 01:06:58 2024 by rpki-client on console-ams.rpki-client.org