Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91E6D5D/9DCB68E01D8811E294B955E108B02CD2/4FF339D8F01D11EB8C4B505BC4F9AE02.roa
File:                     4FF339D8F01D11EB8C4B505BC4F9AE02.roa (raw, json)
Hash identifier:          lUSkfM8no2xfTGte69CevOTlI+fNmBMGYFU4oTpDtRs=
Subject key identifier:   36:90:2F:03:0B:F3:7A:9B:AA:25:7D:D7:1F:A0:72:5E:61:BF:E0:5A
Certificate issuer:       /CN=A91E6D5D/serialNumber=64A665816AEFED73B3075007DA5337AC7DEC4B81
Certificate serial:       1916
Authority key identifier: 64:A6:65:81:6A:EF:ED:73:B3:07:50:07:DA:53:37:AC:7D:EC:4B:81
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ZKZlgWrv7XOzB1AH2lM3rH3sS4E.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91E6D5D/9DCB68E01D8811E294B955E108B02CD2/4FF339D8F01D11EB8C4B505BC4F9AE02.roa
Signing time:             Thu 06 Apr 2023 14:50:34 +0000
ROA not before:           Thu 06 Apr 2023 14:50:34 +0000
ROA not after:            Wed 29 May 2024 00:00:00 +0000
asID:                     399077
IP address blocks:        116.51.24.128/25 maxlen: 25

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91E6D5D/9DCB68E01D8811E294B955E108B02CD2/ZKZlgWrv7XOzB1AH2lM3rH3sS4E.crl
                          rsync://rpki.apnic.net/member_repository/A91E6D5D/9DCB68E01D8811E294B955E108B02CD2/ZKZlgWrv7XOzB1AH2lM3rH3sS4E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ZKZlgWrv7XOzB1AH2lM3rH3sS4E.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 04 Apr 2024 14:34:01 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 6422 (0x1916)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E6D5D/serialNumber=64A665816AEFED73B3075007DA5337AC7DEC4B81
        Validity
            Not Before: Apr  6 14:50:34 2023 GMT
            Not After : May 29 00:00:00 2024 GMT
        Subject: CN=642edc3a-6549
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:22:31:c1:31:d4:a7:32:65:c9:5f:c6:b6:2a:
                    7c:07:35:5d:95:4b:a2:9c:70:22:5a:ff:09:db:00:
                    a8:35:4f:94:28:b6:27:7a:18:ee:96:aa:b0:ca:2d:
                    31:8e:66:cd:a1:ff:2b:c0:03:40:01:09:b8:53:8c:
                    48:be:92:2a:fd:9b:4d:6a:db:b3:6c:7f:2c:2a:42:
                    01:81:e6:93:c5:be:fd:50:69:bc:e6:69:02:3c:8b:
                    b3:81:37:78:ff:26:7b:d2:6a:3b:2e:aa:59:cf:4c:
                    79:35:7c:20:8b:b1:91:fc:79:39:20:1f:bc:4c:d4:
                    75:62:27:0f:02:61:93:9d:c5:f5:6f:af:2d:70:95:
                    c2:6d:93:51:ce:78:32:99:0c:b9:6f:53:2a:61:cf:
                    87:0d:14:29:74:5c:c7:75:a3:59:0e:9f:d9:a1:f1:
                    bd:aa:e2:b9:03:76:44:8e:d1:b0:ce:cd:2c:ed:76:
                    c8:63:33:88:55:eb:c7:03:6b:c6:7d:b8:12:b9:53:
                    94:9e:83:17:79:e2:59:ec:01:d2:2e:1e:62:f1:c3:
                    e1:6a:64:ae:ed:7d:7c:d1:94:b8:c0:24:99:92:12:
                    4c:8e:ce:20:29:26:da:73:53:f3:e6:8e:2c:c9:29:
                    9a:4d:2f:b3:27:ae:f9:6e:81:af:cd:36:ec:ef:85:
                    81:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                36:90:2F:03:0B:F3:7A:9B:AA:25:7D:D7:1F:A0:72:5E:61:BF:E0:5A
            X509v3 Authority Key Identifier:
                keyid:64:A6:65:81:6A:EF:ED:73:B3:07:50:07:DA:53:37:AC:7D:EC:4B:81

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91E6D5D/9DCB68E01D8811E294B955E108B02CD2/ZKZlgWrv7XOzB1AH2lM3rH3sS4E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ZKZlgWrv7XOzB1AH2lM3rH3sS4E.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91E6D5D/9DCB68E01D8811E294B955E108B02CD2/4FF339D8F01D11EB8C4B505BC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  116.51.24.128/25

    Signature Algorithm: sha256WithRSAEncryption
         6c:99:c4:65:7b:5b:3f:c2:a6:ab:35:05:b4:d6:be:4e:59:7f:
         58:46:ea:13:27:68:b7:3e:46:d0:ca:2c:a9:5a:ae:56:68:49:
         db:3e:89:f0:b5:cf:b9:25:22:df:8a:d1:62:da:5f:d8:94:a9:
         c9:7a:59:86:06:16:d1:ee:cd:6b:83:52:9c:7e:1f:cf:65:c6:
         67:f2:f6:68:7d:73:c1:cc:b5:d2:ca:17:5b:9e:07:63:c8:7e:
         6d:c9:f7:cd:e8:a2:15:a1:28:dc:05:0d:e9:73:0a:0d:bc:60:
         e9:d0:90:62:7f:ce:a9:e1:37:58:14:0f:fb:ce:bd:f7:68:dd:
         af:d8:b2:57:54:c8:d5:20:61:97:94:0a:69:73:97:31:f8:09:
         02:23:3a:cb:0d:e3:c3:8e:58:9b:1c:55:5b:f1:19:c6:4b:a8:
         b9:65:a6:c5:48:96:92:26:a3:f7:60:94:cf:52:e0:4b:1e:61:
         ea:8b:b9:dc:74:5b:dc:58:a5:6b:75:c8:50:ff:d7:df:94:69:
         8f:30:4b:b4:56:4f:d3:ad:43:55:1b:2d:69:29:5d:d9:4c:90:
         fc:14:d5:52:aa:6f:52:c6:00:51:85:8c:2f:09:db:d7:99:03:
         53:a2:63:3f:d2:5d:9a:8e:de:e5:75:67:e5:59:4f:db:d0:0b:
         43:02:0f:7e
-----BEGIN CERTIFICATE-----
MIIFcjCCBFqgAwIBAgICGRYwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RTZENUQxMTAvBgNVBAUTKDY0QTY2NTgxNkFFRkVENzNCMzA3NTAwN0RBNTMzN0FD
N0RFQzRCODEwHhcNMjMwNDA2MTQ1MDM0WhcNMjQwNTI5MDAwMDAwWjAYMRYwFAYD
VQQDEw02NDJlZGMzYS02NTQ5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA7yIxwTHUpzJlyV/Gtip8BzVdlUuinHAiWv8J2wCoNU+UKLYnehjulqqwyi0x
jmbNof8rwANAAQm4U4xIvpIq/ZtNatuzbH8sKkIBgeaTxb79UGm85mkCPIuzgTd4
/yZ70mo7LqpZz0x5NXwgi7GR/Hk5IB+8TNR1YicPAmGTncX1b68tcJXCbZNRzngy
mQy5b1MqYc+HDRQpdFzHdaNZDp/ZofG9quK5A3ZEjtGwzs0s7XbIYzOIVevHA2vG
fbgSuVOUnoMXeeJZ7AHSLh5i8cPhamSu7X180ZS4wCSZkhJMjs4gKSbac1Pz5o4s
ySmaTS+zJ675boGvzTbs74WB/QIDAQABo4ICljCCApIwHQYDVR0OBBYEFDaQLwML
83qbqiV91x+gcl5hv+BaMB8GA1UdIwQYMBaAFGSmZYFq7+1zswdQB9pTN6x97EuB
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFNkQ1RC85RENCNjhFMDFE
ODgxMUUyOTRCOTU1RTEwOEIwMkNEMi9aS1psZ1dydjdYT3pCMUFIMmxNM3JIM3NT
NEUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1pLWmxnV3J2N1hPekIxQUgybE0zckgzc1M0RS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RTZENUQvOURDQjY4RTAxRDg4MTFFMjk0Qjk1NUUxMDhCMDJDRDIvNEZGMzM5RDhG
MDFEMTFFQjhDNEI1MDVCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwIAYIKwYBBQUHAQcBAf8E
ETAPMA0EAgABMAcDBQd0MxiAMA0GCSqGSIb3DQEBCwUAA4IBAQBsmcRle1s/wqar
NQW01r5OWX9YRuoTJ2i3PkbQyiypWq5WaEnbPonwtc+5JSLfitFi2l/YlKnJelmG
BhbR7s1rg1Kcfh/PZcZn8vZofXPBzLXSyhdbngdjyH5tyffN6KIVoSjcBQ3pcwoN
vGDp0JBif86p4TdYFA/7zr33aN2v2LJXVMjVIGGXlAppc5cx+AkCIzrLDePDjlib
HFVb8RnGS6i5ZabFSJaSJqP3YJTPUuBLHmHqi7ncdFvcWKVrdchQ/9fflGmPMEu0
Vk/TrUNVGy1pKV3ZTJD8FNVSqm9SxgBRhYwvCdvXmQNTomM/0l2ajt7ldWflWU/b
0AtDAg9+
-----END CERTIFICATE-----
Generated at Thu Mar 28 16:07:44 2024 by rpki-client on console-ams.rpki-client.org