Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91DF0EC/991CEF7E795811EA93AE9646C4F9AE02/0D6FFE56BA3511ECA20A3817C4F9AE02.roa
File:                     0D6FFE56BA3511ECA20A3817C4F9AE02.roa (raw, json)
Hash identifier:          XIqQJTy7dTxA5gKIZ4WEkQ1HDOZ4ukIBJQ8ua1/vbI4=
Subject key identifier:   D2:AB:7E:A1:4F:ED:C7:40:B0:80:E0:81:A5:26:CE:FE:44:D3:F7:7E
Certificate issuer:       /CN=A91DF0EC/serialNumber=DA2B43CC183CA8E0F6A8F6DAA54CDD7306F86228
Certificate serial:       0918
Authority key identifier: DA:2B:43:CC:18:3C:A8:E0:F6:A8:F6:DA:A5:4C:DD:73:06:F8:62:28
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/2itDzBg8qOD2qPbapUzdcwb4Yig.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91DF0EC/991CEF7E795811EA93AE9646C4F9AE02/0D6FFE56BA3511ECA20A3817C4F9AE02.roa
Signing time:             Mon 26 Feb 2024 21:29:30 +0000
ROA not before:           Mon 26 Feb 2024 21:29:30 +0000
ROA not after:            Thu 01 May 2025 00:00:00 +0000
asID:                     59341
IP address blocks:        123.0.30.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91DF0EC/991CEF7E795811EA93AE9646C4F9AE02/2itDzBg8qOD2qPbapUzdcwb4Yig.crl
                          rsync://rpki.apnic.net/member_repository/A91DF0EC/991CEF7E795811EA93AE9646C4F9AE02/2itDzBg8qOD2qPbapUzdcwb4Yig.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/2itDzBg8qOD2qPbapUzdcwb4Yig.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 29 Nov 2024 19:49:51 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2328 (0x918)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91DF0EC/serialNumber=DA2B43CC183CA8E0F6A8F6DAA54CDD7306F86228
        Validity
            Not Before: Feb 26 21:29:30 2024 GMT
            Not After : May  1 00:00:00 2025 GMT
        Subject: CN=65dd02b9-50a4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fa:13:26:c4:77:79:e8:26:c4:e7:14:b4:ad:49:
                    65:63:2f:b1:a3:3a:f5:ae:ad:35:d1:fd:a3:1f:60:
                    4c:4e:bd:33:97:45:4b:79:a8:b7:a1:9a:8d:c6:a3:
                    8f:b7:d8:d0:e8:6c:1d:13:75:4b:04:3e:45:87:0b:
                    60:b0:1d:63:78:f2:8b:80:43:cc:4c:fb:43:65:b5:
                    5c:85:8a:1f:c1:c6:4d:5b:d7:3b:82:5a:e5:51:51:
                    c6:c4:fd:3b:35:17:34:c6:e6:f6:fd:a0:52:24:d3:
                    fc:a9:f8:37:57:cb:33:b3:a7:77:d1:7e:0f:0e:b6:
                    3d:e0:e9:c1:06:cc:94:8e:43:a6:4a:dd:bf:b8:cc:
                    43:c1:0d:43:b4:4f:a2:3d:e6:55:84:7b:42:b9:8c:
                    98:97:43:07:b8:cf:8c:5d:2b:6a:8a:e8:79:33:ea:
                    62:68:72:38:83:0b:20:32:39:9d:1c:a8:92:55:75:
                    0f:73:23:92:73:d0:6f:cc:ff:45:38:5a:18:88:b1:
                    05:16:52:9c:ca:6d:13:54:1d:e7:d5:78:5b:dd:91:
                    1a:73:32:35:0d:72:24:fb:47:83:d5:8c:ab:f2:f8:
                    f1:cc:0a:2f:45:f6:aa:71:f0:94:e4:b3:84:e7:1f:
                    d6:ee:5a:88:3a:39:46:11:08:74:a9:2e:fe:e1:da:
                    62:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D2:AB:7E:A1:4F:ED:C7:40:B0:80:E0:81:A5:26:CE:FE:44:D3:F7:7E
            X509v3 Authority Key Identifier:
                keyid:DA:2B:43:CC:18:3C:A8:E0:F6:A8:F6:DA:A5:4C:DD:73:06:F8:62:28

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91DF0EC/991CEF7E795811EA93AE9646C4F9AE02/2itDzBg8qOD2qPbapUzdcwb4Yig.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/2itDzBg8qOD2qPbapUzdcwb4Yig.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91DF0EC/991CEF7E795811EA93AE9646C4F9AE02/0D6FFE56BA3511ECA20A3817C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  123.0.30.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1b:9c:d2:f3:70:12:fd:64:97:b2:e4:0a:58:3e:d1:e8:f5:5a:
         ef:1b:8b:77:c8:19:52:ae:4b:8f:ef:b1:73:5c:ba:0a:2b:bf:
         c9:2f:61:3d:9d:5a:09:44:ff:d7:95:d5:3a:d8:a5:1f:9e:85:
         4b:f8:50:33:f2:99:9c:f1:c2:13:1f:3d:2f:e6:c0:bd:a6:5a:
         e5:a7:b7:d7:d7:4f:3e:8a:d2:95:22:3b:77:15:a7:27:4c:39:
         28:ad:82:52:53:70:52:b4:e9:ba:f7:d4:12:b8:14:f8:00:78:
         57:33:71:9b:cd:63:03:fd:f2:5c:b1:5f:18:14:96:4b:b8:b8:
         ca:6d:fe:83:d2:25:4e:62:d1:fb:23:af:59:64:dc:03:50:58:
         35:47:f8:35:bc:01:bf:39:60:99:f1:da:e3:b5:39:65:6d:97:
         e6:74:88:82:e8:14:bc:cd:47:0d:b3:45:a1:a3:58:fc:bc:ef:
         b5:35:c9:44:3e:47:5c:56:aa:1d:a6:41:b4:30:8e:a1:ba:a8:
         59:94:4b:4b:b1:16:5c:d4:dd:f9:a6:b3:a4:24:eb:1c:44:de:
         a4:1d:2f:ad:70:72:29:6e:05:1b:0e:0d:66:df:89:83:9e:30:
         40:56:d2:0f:23:19:f2:cb:80:92:e7:28:60:5d:06:23:b3:88:
         42:06:00:8c
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICCRgwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
REYwRUMxMTAvBgNVBAUTKERBMkI0M0NDMTgzQ0E4RTBGNkE4RjZEQUE1NENERDcz
MDZGODYyMjgwHhcNMjQwMjI2MjEyOTMwWhcNMjUwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWRkMDJiOS01MGE0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA+hMmxHd56CbE5xS0rUllYy+xozr1rq010f2jH2BMTr0zl0VLeai3oZqNxqOP
t9jQ6GwdE3VLBD5FhwtgsB1jePKLgEPMTPtDZbVchYofwcZNW9c7glrlUVHGxP07
NRc0xub2/aBSJNP8qfg3V8szs6d30X4PDrY94OnBBsyUjkOmSt2/uMxDwQ1DtE+i
PeZVhHtCuYyYl0MHuM+MXStqiuh5M+piaHI4gwsgMjmdHKiSVXUPcyOSc9BvzP9F
OFoYiLEFFlKcym0TVB3n1Xhb3ZEaczI1DXIk+0eD1Yyr8vjxzAovRfaqcfCU5LOE
5x/W7lqIOjlGEQh0qS7+4dpiPQIDAQABo4IClTCCApEwHQYDVR0OBBYEFNKrfqFP
7cdAsIDggaUmzv5E0/d+MB8GA1UdIwQYMBaAFNorQ8wYPKjg9qj22qVM3XMG+GIo
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFERjBFQy85OTFDRUY3RTc5
NTgxMUVBOTNBRTk2NDZDNEY5QUUwMi8yaXREekJnOHFPRDJxUGJhcFV6ZGN3YjRZ
aWcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzJpdER6Qmc4cU9EMnFQYmFwVXpkY3diNFlpZy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
REYwRUMvOTkxQ0VGN0U3OTU4MTFFQTkzQUU5NjQ2QzRGOUFFMDIvMEQ2RkZFNTZC
QTM1MTFFQ0EyMEEzODE3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAB7AB4wDQYJKoZIhvcNAQELBQADggEBABuc0vNwEv1kl7Lk
Clg+0ej1Wu8bi3fIGVKuS4/vsXNcugorv8kvYT2dWglE/9eV1TrYpR+ehUv4UDPy
mZzxwhMfPS/mwL2mWuWnt9fXTz6K0pUiO3cVpydMOSitglJTcFK06br31BK4FPgA
eFczcZvNYwP98lyxXxgUlku4uMpt/oPSJU5i0fsjr1lk3ANQWDVH+DW8Ab85YJnx
2uO1OWVtl+Z0iILoFLzNRw2zRaGjWPy877U1yUQ+R1xWqh2mQbQwjqG6qFmUS0ux
FlzU3fmms6Qk6xxE3qQdL61wciluBRsODWbfiYOeMEBW0g8jGfLLgJLnKGBdBiOz
iEIGAIw=
-----END CERTIFICATE-----
Generated at Fri Nov 22 22:14:48 2024 by rpki-client on console-ams.rpki-client.org