Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91D51A0/7C53910C7F8411EC80518E51C4F9AE02/D46B2C087F8711EC81E76A59C4F9AE02.roa
File:                     D46B2C087F8711EC81E76A59C4F9AE02.roa (raw, json)
Hash identifier:          2EXYCICBvAeJltk6VH8XYxe2JtqWcKEjv0iqiczQGfw=
Subject key identifier:   4B:0B:F6:98:30:0B:25:C9:93:CD:D6:E1:71:2D:5B:1A:44:50:AA:53
Certificate issuer:       /CN=A91D51A0/serialNumber=C6EABEB93E1D06E2C32E1C4CBE147CFB39992539
Certificate serial:       0331
Authority key identifier: C6:EA:BE:B9:3E:1D:06:E2:C3:2E:1C:4C:BE:14:7C:FB:39:99:25:39
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xuq-uT4dBuLDLhxMvhR8-zmZJTk.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91D51A0/7C53910C7F8411EC80518E51C4F9AE02/D46B2C087F8711EC81E76A59C4F9AE02.roa
Signing time:             Fri 01 Mar 2024 03:05:07 +0000
ROA not before:           Fri 01 Mar 2024 03:05:07 +0000
ROA not after:            Thu 01 May 2025 00:00:00 +0000
asID:                     149476
IP address blocks:        2400:54a0::/48 maxlen: 48
                          2400:54a0:1004::/48 maxlen: 48
                          2400:54a0:1030::/48 maxlen: 48
                          2400:54a0:2040::/44 maxlen: 44

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91D51A0/7C53910C7F8411EC80518E51C4F9AE02/xuq-uT4dBuLDLhxMvhR8-zmZJTk.crl
                          rsync://rpki.apnic.net/member_repository/A91D51A0/7C53910C7F8411EC80518E51C4F9AE02/xuq-uT4dBuLDLhxMvhR8-zmZJTk.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xuq-uT4dBuLDLhxMvhR8-zmZJTk.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 27 Nov 2024 20:33:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 817 (0x331)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91D51A0/serialNumber=C6EABEB93E1D06E2C32E1C4CBE147CFB39992539
        Validity
            Not Before: Mar  1 03:05:07 2024 GMT
            Not After : May  1 00:00:00 2025 GMT
        Subject: CN=65e145e3-cf1b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d4:ea:9c:b6:74:a1:3c:74:99:26:d4:9f:d1:2d:
                    5b:64:14:00:88:b1:bd:cb:ca:18:07:45:5d:84:61:
                    62:d0:8f:7c:a2:bb:4c:e4:eb:3e:25:b3:89:d0:e9:
                    94:ff:7a:c6:3e:80:d3:f2:f8:ad:1d:2c:f0:a8:6c:
                    fe:e7:d5:05:b1:9c:c1:1c:a6:e5:3d:c5:ef:1c:62:
                    42:d1:4a:31:01:96:76:ad:f1:ff:e9:87:06:1c:59:
                    fd:3a:b4:56:ce:67:88:e6:3f:4d:c7:71:9d:5b:31:
                    33:bf:1b:a5:b8:18:cd:b2:b8:07:d0:91:40:58:3d:
                    cf:43:43:93:f6:f6:07:b4:86:29:d7:e8:e2:4d:0d:
                    cc:d2:75:bc:18:76:3d:b6:36:68:8e:87:e0:46:d5:
                    51:d9:98:5e:f7:be:f4:9f:4d:50:4c:eb:c3:3f:22:
                    8e:d2:8d:fc:4a:ed:36:9a:9d:10:c4:d6:af:f3:f6:
                    da:3e:de:88:3d:07:10:6e:cc:6e:a5:14:e8:8b:00:
                    f3:38:a2:44:dd:be:f9:6e:52:34:53:8b:d7:fe:33:
                    80:03:70:89:0d:d3:81:28:50:ba:f9:7e:4e:8f:96:
                    df:da:2d:78:dd:04:e4:63:d7:74:e0:55:af:fa:03:
                    cd:a2:fd:b9:d9:e0:4d:4f:7a:5d:10:12:76:65:ae:
                    9c:ed
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4B:0B:F6:98:30:0B:25:C9:93:CD:D6:E1:71:2D:5B:1A:44:50:AA:53
            X509v3 Authority Key Identifier:
                keyid:C6:EA:BE:B9:3E:1D:06:E2:C3:2E:1C:4C:BE:14:7C:FB:39:99:25:39

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91D51A0/7C53910C7F8411EC80518E51C4F9AE02/xuq-uT4dBuLDLhxMvhR8-zmZJTk.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xuq-uT4dBuLDLhxMvhR8-zmZJTk.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91D51A0/7C53910C7F8411EC80518E51C4F9AE02/D46B2C087F8711EC81E76A59C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2400:54a0::/48
                  2400:54a0:1004::/48
                  2400:54a0:1030::/48
                  2400:54a0:2040::/44

    Signature Algorithm: sha256WithRSAEncryption
         6f:03:9f:16:8e:af:52:26:a2:76:d2:4d:d9:bc:7f:68:2b:f3:
         03:bc:4f:60:bd:5f:53:6d:e2:4f:77:a8:4a:73:9d:10:59:ce:
         d7:61:53:e8:8c:d0:b4:ef:65:53:2a:91:2b:a5:7f:2f:0c:de:
         36:fb:a8:bb:67:95:66:59:63:83:e5:98:b3:5c:d1:4d:89:cf:
         3d:0e:99:76:ab:79:b8:73:30:72:d9:c4:d4:63:ae:97:6d:00:
         a8:81:aa:26:9b:59:ba:d3:26:4b:c6:24:a6:7e:f3:fe:23:9a:
         ee:0d:9d:2f:7d:f4:f3:5f:96:79:5b:9b:f5:3a:84:c5:8f:c1:
         c7:09:10:be:6f:3b:27:73:3f:f5:90:1f:1f:8f:cc:9e:0a:3c:
         5d:8f:bb:ad:77:43:e4:44:d3:78:b6:bf:74:d7:f6:0c:22:5e:
         24:1e:df:8d:1d:e8:6c:74:88:08:a0:f8:df:ca:d0:fa:c4:03:
         c0:fd:3d:ff:e1:6b:30:74:ab:f5:71:be:1c:f3:7c:fa:d2:8a:
         8c:f3:f0:65:c6:5a:39:1e:b3:5b:36:b4:97:10:70:b5:9c:5e:
         f6:5b:97:7e:a4:c2:d6:1f:ec:b7:32:25:6e:bf:e6:7a:eb:71:
         4a:4b:de:8e:38:da:8e:cc:08:43:27:08:1e:00:36:fa:5d:b5:
         50:28:09:37
-----BEGIN CERTIFICATE-----
MIIFjzCCBHegAwIBAgICAzEwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RDUxQTAxMTAvBgNVBAUTKEM2RUFCRUI5M0UxRDA2RTJDMzJFMUM0Q0JFMTQ3Q0ZC
Mzk5OTI1MzkwHhcNMjQwMzAxMDMwNTA3WhcNMjUwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWUxNDVlMy1jZjFiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA1OqctnShPHSZJtSf0S1bZBQAiLG9y8oYB0VdhGFi0I98ortM5Os+JbOJ0OmU
/3rGPoDT8vitHSzwqGz+59UFsZzBHKblPcXvHGJC0UoxAZZ2rfH/6YcGHFn9OrRW
zmeI5j9Nx3GdWzEzvxuluBjNsrgH0JFAWD3PQ0OT9vYHtIYp1+jiTQ3M0nW8GHY9
tjZojofgRtVR2Zhe9770n01QTOvDPyKO0o38Su02mp0QxNav8/baPt6IPQcQbsxu
pRToiwDzOKJE3b75blI0U4vX/jOAA3CJDdOBKFC6+X5Oj5bf2i143QTkY9d04FWv
+gPNov252eBNT3pdEBJ2Za6c7QIDAQABo4ICszCCAq8wHQYDVR0OBBYEFEsL9pgw
CyXJk83W4XEtWxpEUKpTMB8GA1UdIwQYMBaAFMbqvrk+HQbiwy4cTL4UfPs5mSU5
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFENTFBMC83QzUzOTEwQzdG
ODQxMUVDODA1MThFNTFDNEY5QUUwMi94dXEtdVQ0ZEJ1TERMaHhNdmhSOC16bVpK
VGsuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3h1cS11VDRkQnVMRExoeE12aFI4LXptWkpUay5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RDUxQTAvN0M1MzkxMEM3Rjg0MTFFQzgwNTE4RTUxQzRGOUFFMDIvRDQ2QjJDMDg3
Rjg3MTFFQzgxRTc2QTU5QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwPQYIKwYBBQUHAQcBAf8E
LjAsMCoEAgACMCQDBwAkAFSgAAADBwAkAFSgEAQDBwAkAFSgEDADBwQkAFSgIEAw
DQYJKoZIhvcNAQELBQADggEBAG8DnxaOr1ImonbSTdm8f2gr8wO8T2C9X1Nt4k93
qEpznRBZztdhU+iM0LTvZVMqkSulfy8M3jb7qLtnlWZZY4PlmLNc0U2Jzz0OmXar
ebhzMHLZxNRjrpdtAKiBqiabWbrTJkvGJKZ+8/4jmu4NnS999PNflnlbm/U6hMWP
wccJEL5vOydzP/WQHx+PzJ4KPF2Pu613Q+RE03i2v3TX9gwiXiQe340d6Gx0iAig
+N/K0PrEA8D9Pf/hazB0q/VxvhzzfPrSiozz8GXGWjkes1s2tJcQcLWcXvZbl36k
wtYf7LcyJW6/5nrrcUpL3o442o7MCEMnCB4ANvpdtVAoCTc=
-----END CERTIFICATE-----
Generated at Thu Nov 21 01:31:58 2024 by rpki-client on console-fra.rpki-client.org