Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91E6304/19E4DF06DB0711EC9922D70FC4F9AE02/01607012DD3711EC9EF48256C4F9AE02.roa
File:                     01607012DD3711EC9EF48256C4F9AE02.roa (raw, json)
Hash identifier:          QLeyWCOS0ejUmvqxNgtY00ABwaPF7nAJcwZO189a2Jo=
Subject key identifier:   F5:8E:9D:03:F7:CD:50:D1:C2:52:B2:16:F0:54:8B:92:35:93:B6:BC
Certificate issuer:       /CN=A91E6304/serialNumber=2596AED0C0CB3BCFE31804B239CF4657712E276A
Certificate serial:       01F1
Authority key identifier: 25:96:AE:D0:C0:CB:3B:CF:E3:18:04:B2:39:CF:46:57:71:2E:27:6A
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/JZau0MDLO8_jGASyOc9GV3EuJ2o.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91E6304/19E4DF06DB0711EC9922D70FC4F9AE02/01607012DD3711EC9EF48256C4F9AE02.roa
Signing time:             Fri 13 Oct 2023 03:14:40 +0000
ROA not before:           Fri 13 Oct 2023 03:14:40 +0000
ROA not after:            Mon 30 Dec 2024 00:00:00 +0000
asID:                     16509
IP address blocks:        2407:30c0:100::/43 maxlen: 48
                          2407:30c0:120::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91E6304/19E4DF06DB0711EC9922D70FC4F9AE02/JZau0MDLO8_jGASyOc9GV3EuJ2o.crl
                          rsync://rpki.apnic.net/member_repository/A91E6304/19E4DF06DB0711EC9922D70FC4F9AE02/JZau0MDLO8_jGASyOc9GV3EuJ2o.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/JZau0MDLO8_jGASyOc9GV3EuJ2o.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 05 Apr 2024 02:50:27 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 497 (0x1f1)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E6304/serialNumber=2596AED0C0CB3BCFE31804B239CF4657712E276A
        Validity
            Not Before: Oct 13 03:14:40 2023 GMT
            Not After : Dec 30 00:00:00 2024 GMT
        Subject: CN=6528b620-475b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d9:a1:41:56:23:e1:2a:a5:29:43:52:17:c9:5d:
                    48:42:91:ec:c9:aa:16:80:50:ff:dd:d0:f6:57:1e:
                    a7:ca:b4:ca:fa:a3:0d:96:37:70:2d:cc:54:0d:45:
                    ab:ee:7f:63:b8:13:2c:7d:ea:17:4a:6d:bc:4f:73:
                    4d:72:23:ba:2b:5b:06:de:8b:2f:c2:89:55:87:5c:
                    8f:92:5d:c7:1b:bc:0a:01:f6:fc:de:55:86:0a:f4:
                    20:0b:56:bf:52:e3:bd:70:61:16:6f:70:1a:54:e5:
                    2f:46:3f:21:93:ae:ed:6d:40:80:3b:54:41:9a:55:
                    41:fe:22:9c:47:25:50:28:a6:72:fc:3c:ef:f7:fa:
                    a5:0b:2e:bd:39:60:d8:ea:36:51:0e:d2:f0:96:bc:
                    7d:b9:9d:57:dd:cc:b1:d8:27:7f:02:25:1f:f8:4f:
                    71:55:ee:d1:f8:8e:a1:d3:4c:7f:fd:1d:a4:bf:ad:
                    b7:ff:ce:5b:cd:45:16:09:ab:72:5d:dc:b1:ab:38:
                    c1:80:58:3b:d6:50:b9:b6:3b:3b:c7:a0:92:3c:79:
                    09:3b:8c:c2:93:3d:d4:c3:41:24:a2:b9:60:78:68:
                    c9:cc:d6:7a:60:c6:2b:c3:4e:f2:e5:f5:67:8e:ba:
                    4b:ad:86:84:fd:5a:b1:82:41:72:82:64:ed:44:52:
                    7f:57
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F5:8E:9D:03:F7:CD:50:D1:C2:52:B2:16:F0:54:8B:92:35:93:B6:BC
            X509v3 Authority Key Identifier:
                keyid:25:96:AE:D0:C0:CB:3B:CF:E3:18:04:B2:39:CF:46:57:71:2E:27:6A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91E6304/19E4DF06DB0711EC9922D70FC4F9AE02/JZau0MDLO8_jGASyOc9GV3EuJ2o.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/JZau0MDLO8_jGASyOc9GV3EuJ2o.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91E6304/19E4DF06DB0711EC9922D70FC4F9AE02/01607012DD3711EC9EF48256C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2407:30c0:100::-2407:30c0:120:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         c5:99:7a:2b:b9:9a:18:94:52:94:06:9a:34:0d:81:cf:31:47:
         42:0a:c7:ff:ed:16:87:fd:6c:b6:ba:85:c8:5d:40:2e:4c:21:
         7d:bf:de:32:42:98:0a:e7:ac:f0:dc:76:09:3b:94:40:f1:e7:
         37:c4:5c:7c:ff:13:cb:a6:27:d1:b2:ff:98:d6:a4:80:35:54:
         ae:c8:ac:d8:8a:3e:ae:73:e1:62:54:7d:8c:9c:55:10:86:01:
         e6:c7:bd:db:40:4f:5f:b7:dc:27:b0:4e:87:4b:6e:76:f7:79:
         0b:50:6b:b7:b0:f2:e5:62:9c:d1:8b:ff:01:10:a6:4d:3e:54:
         45:b0:7e:43:75:de:fc:7a:ca:2e:b7:e8:12:51:f8:3d:88:ce:
         49:76:47:a5:fe:cb:de:e1:7c:97:4e:89:9d:ef:3a:df:e2:6d:
         99:7c:56:2e:09:73:91:e5:95:98:00:ac:37:fa:10:61:1b:15:
         44:d8:a9:34:e5:3f:97:a0:91:95:a9:1c:57:f0:59:1c:39:c4:
         bd:5a:84:50:d0:13:82:26:33:9d:7e:39:51:d1:30:3a:07:fd:
         67:55:1b:f2:2a:e2:04:f8:ed:32:2c:46:51:f3:62:88:f4:c2:
         2e:31:7f:85:00:db:63:58:94:86:cf:5b:3b:04:a1:9a:98:c6:
         22:16:3f:43
-----BEGIN CERTIFICATE-----
MIIFfjCCBGagAwIBAgICAfEwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RTYzMDQxMTAvBgNVBAUTKDI1OTZBRUQwQzBDQjNCQ0ZFMzE4MDRCMjM5Q0Y0NjU3
NzEyRTI3NkEwHhcNMjMxMDEzMDMxNDQwWhcNMjQxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02NTI4YjYyMC00NzViMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA2aFBViPhKqUpQ1IXyV1IQpHsyaoWgFD/3dD2Vx6nyrTK+qMNljdwLcxUDUWr
7n9juBMsfeoXSm28T3NNciO6K1sG3osvwolVh1yPkl3HG7wKAfb83lWGCvQgC1a/
UuO9cGEWb3AaVOUvRj8hk67tbUCAO1RBmlVB/iKcRyVQKKZy/Dzv9/qlCy69OWDY
6jZRDtLwlrx9uZ1X3cyx2Cd/AiUf+E9xVe7R+I6h00x//R2kv623/85bzUUWCaty
XdyxqzjBgFg71lC5tjs7x6CSPHkJO4zCkz3Uw0EkorlgeGjJzNZ6YMYrw07y5fVn
jrpLrYaE/VqxgkFygmTtRFJ/VwIDAQABo4ICojCCAp4wHQYDVR0OBBYEFPWOnQP3
zVDRwlKyFvBUi5I1k7a8MB8GA1UdIwQYMBaAFCWWrtDAyzvP4xgEsjnPRldxLidq
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFNjMwNC8xOUU0REYwNkRC
MDcxMUVDOTkyMkQ3MEZDNEY5QUUwMi9KWmF1ME1ETE84X2pHQVN5T2M5R1YzRXVK
Mm8uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0paYXUwTURMTzhfakdBU3lPYzlHVjNFdUoyby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RTYzMDQvMTlFNERGMDZEQjA3MTFFQzk5MjJENzBGQzRGOUFFMDIvMDE2MDcwMTJE
RDM3MTFFQzlFRjQ4MjU2QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLAYIKwYBBQUHAQcBAf8E
HTAbMBkEAgACMBMwEQMGACQHMMABAwcAJAcwwAEgMA0GCSqGSIb3DQEBCwUAA4IB
AQDFmXoruZoYlFKUBpo0DYHPMUdCCsf/7RaH/Wy2uoXIXUAuTCF9v94yQpgK56zw
3HYJO5RA8ec3xFx8/xPLpifRsv+Y1qSANVSuyKzYij6uc+FiVH2MnFUQhgHmx73b
QE9ft9wnsE6HS25293kLUGu3sPLlYpzRi/8BEKZNPlRFsH5Ddd78esout+gSUfg9
iM5Jdkel/sve4XyXTomd7zrf4m2ZfFYuCXOR5ZWYAKw3+hBhGxVE2Kk05T+XoJGV
qRxX8FkcOcS9WoRQ0BOCJjOdfjlR0TA6B/1nVRvyKuIE+O0yLEZR82KI9MIuMX+F
ANtjWJSGz1s7BKGamMYiFj9D
-----END CERTIFICATE-----
Generated at Fri Mar 29 04:42:27 2024 by rpki-client on console-ams.rpki-client.org