Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91EB2B8/3F44CBAE2F4D11ED8F5A6A64C4F9AE02/A3F9947EED6311EDB69EB62AC4F9AE02.roa
File:                     A3F9947EED6311EDB69EB62AC4F9AE02.roa (raw, json)
Hash identifier:          zbL4htzrpIAG5UxUchXPeyZMm3yrhEOpZfzVE21N5XY=
Subject key identifier:   8A:18:D6:EE:85:D7:59:33:2A:67:62:A0:1A:96:11:B6:68:72:A0:90
Certificate issuer:       /CN=A91EB2B8/serialNumber=A69700E78D0C812AD2E2C114C82C655A0ACD447F
Certificate serial:       014B
Authority key identifier: A6:97:00:E7:8D:0C:81:2A:D2:E2:C1:14:C8:2C:65:5A:0A:CD:44:7F
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ppcA540MgSrS4sEUyCxlWgrNRH8.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91EB2B8/3F44CBAE2F4D11ED8F5A6A64C4F9AE02/A3F9947EED6311EDB69EB62AC4F9AE02.roa
Signing time:             Thu 08 Feb 2024 02:57:12 +0000
ROA not before:           Thu 08 Feb 2024 02:57:12 +0000
ROA not after:            Sat 31 Aug 2024 00:00:00 +0000
asID:                     139057
IP address blocks:        2407:2440:1::/48 maxlen: 48
                          2407:2440:2::/48 maxlen: 48
                          2407:2440:3::/48 maxlen: 48
                          2407:2440:4::/48 maxlen: 48
                          2407:2440:5::/48 maxlen: 48
                          2407:2440:6::/48 maxlen: 48
                          2407:2440:7::/48 maxlen: 48
                          2407:2440:8::/48 maxlen: 48
                          2407:2440:9::/48 maxlen: 48
                          2407:2440:a::/48 maxlen: 48
                          2407:2440:b::/48 maxlen: 48
                          2407:2440:c::/48 maxlen: 48
                          2407:2440:d::/48 maxlen: 48
                          2407:2440:e::/48 maxlen: 48
                          2407:2440:f::/48 maxlen: 48
                          2407:2440:10::/48 maxlen: 48
                          2407:2440:11::/48 maxlen: 48
                          2407:2440:12::/48 maxlen: 48
                          2407:2440:13::/48 maxlen: 48
                          2407:2440:14::/48 maxlen: 48
                          2407:2440:15::/48 maxlen: 48
                          2407:2440:16::/48 maxlen: 48
                          2407:2440:17::/48 maxlen: 48
                          2407:2440:18::/48 maxlen: 48
                          2407:2440:19::/48 maxlen: 48
                          2407:2440:1e::/48 maxlen: 48
                          2407:2440:1f::/48 maxlen: 48
                          2407:2440:20::/48 maxlen: 48
                          2407:2440:22::/48 maxlen: 48
                          2407:2440:23::/48 maxlen: 48
                          2407:2440:25::/48 maxlen: 48
                          2407:2440:28::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91EB2B8/3F44CBAE2F4D11ED8F5A6A64C4F9AE02/ppcA540MgSrS4sEUyCxlWgrNRH8.crl
                          rsync://rpki.apnic.net/member_repository/A91EB2B8/3F44CBAE2F4D11ED8F5A6A64C4F9AE02/ppcA540MgSrS4sEUyCxlWgrNRH8.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ppcA540MgSrS4sEUyCxlWgrNRH8.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 10 Mar 2024 02:50:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 331 (0x14b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91EB2B8/serialNumber=A69700E78D0C812AD2E2C114C82C655A0ACD447F
        Validity
            Not Before: Feb  8 02:57:12 2024 GMT
            Not After : Aug 31 00:00:00 2024 GMT
        Subject: CN=65c44307-48e3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:22:1c:e2:6c:a9:c2:1f:25:0a:10:69:0f:5e:
                    bc:5e:b6:b0:c2:84:31:b8:de:4d:03:f7:b2:a0:50:
                    8f:d7:ec:9f:7c:73:e7:39:f8:a3:82:8e:6b:21:d5:
                    45:3c:3b:3a:92:00:87:1a:fd:1e:49:a1:0c:73:75:
                    b5:dd:b8:c5:95:45:0f:c3:87:54:c9:e1:eb:e9:d8:
                    e1:2a:3f:89:01:e3:2c:92:55:c9:49:8e:a4:45:2e:
                    1b:4c:92:b0:2f:84:bf:b3:8a:66:cd:f7:5c:2c:9b:
                    0d:57:5b:0b:f2:b7:f6:5c:54:ec:91:03:bd:18:34:
                    80:cb:36:26:ff:8f:c0:84:09:65:bc:9e:95:2c:19:
                    f9:b7:b4:bc:e2:1c:e0:33:64:96:88:11:37:ce:ca:
                    a6:1a:87:0a:09:15:d1:4c:be:30:7d:40:64:25:99:
                    28:a5:e9:ba:7a:b2:6d:c1:6f:bc:e5:e5:68:82:19:
                    8b:9d:82:dc:f3:12:c1:1f:18:63:6b:cc:c2:a2:50:
                    06:83:b5:cc:84:b9:59:e1:3e:6b:11:60:6f:89:37:
                    99:27:8a:7a:75:f2:1e:82:d8:36:ec:11:24:cf:fc:
                    fd:4d:80:a3:54:bf:06:dd:ea:5e:49:f2:62:41:5c:
                    f3:e7:52:a5:80:bb:de:d0:11:5d:30:88:c0:71:fd:
                    d4:17
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8A:18:D6:EE:85:D7:59:33:2A:67:62:A0:1A:96:11:B6:68:72:A0:90
            X509v3 Authority Key Identifier:
                keyid:A6:97:00:E7:8D:0C:81:2A:D2:E2:C1:14:C8:2C:65:5A:0A:CD:44:7F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91EB2B8/3F44CBAE2F4D11ED8F5A6A64C4F9AE02/ppcA540MgSrS4sEUyCxlWgrNRH8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ppcA540MgSrS4sEUyCxlWgrNRH8.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91EB2B8/3F44CBAE2F4D11ED8F5A6A64C4F9AE02/A3F9947EED6311EDB69EB62AC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2407:2440:1::-2407:2440:19:ffff:ffff:ffff:ffff:ffff
                  2407:2440:1e::-2407:2440:20:ffff:ffff:ffff:ffff:ffff
                  2407:2440:22::/47
                  2407:2440:25::/48
                  2407:2440:28::/48

    Signature Algorithm: sha256WithRSAEncryption
         77:c7:73:f2:6b:a0:50:01:dd:5f:4f:b7:60:72:32:ec:c5:3b:
         73:ae:bd:eb:82:05:95:40:9e:4e:94:f9:d9:b0:e5:66:2f:4c:
         af:b0:4d:d9:d3:2c:f3:af:53:fc:74:26:99:29:98:41:f2:57:
         21:9b:f4:64:6f:c1:d6:ed:b1:16:6f:72:97:bc:e8:a8:8e:85:
         90:28:65:1c:1e:85:bf:06:3a:ba:0d:ef:60:91:52:d2:29:57:
         ba:c3:e0:09:b7:44:7e:31:9b:7b:90:4c:82:b5:cf:50:b7:47:
         6e:47:e2:19:6d:26:90:7c:0f:17:eb:ca:9a:54:ff:93:53:93:
         e2:95:57:43:95:f3:23:f9:55:49:ea:ec:24:df:1a:e7:35:19:
         c3:a8:5b:22:97:af:ec:d9:6d:08:de:47:17:4e:03:8c:78:6c:
         83:5f:1f:31:d7:36:aa:ab:c0:81:2a:a8:b2:7e:39:d6:82:65:
         85:36:33:01:0b:58:4f:f3:59:85:f9:0a:94:5f:3d:94:ac:e6:
         7e:0c:9b:ed:88:42:9c:94:11:9d:55:35:65:69:8c:cc:d0:be:
         90:9f:ad:d4:42:70:47:d5:74:17:51:cf:a7:5a:42:b8:dd:f4:
         5c:d0:66:14:be:a0:e2:06:18:6b:7a:6e:64:3f:4a:f2:19:47:
         02:70:32:6f
-----BEGIN CERTIFICATE-----
MIIFrjCCBJagAwIBAgICAUswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RUIyQjgxMTAvBgNVBAUTKEE2OTcwMEU3OEQwQzgxMkFEMkUyQzExNEM4MkM2NTVB
MEFDRDQ0N0YwHhcNMjQwMjA4MDI1NzEyWhcNMjQwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWM0NDMwNy00OGUzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAriIc4mypwh8lChBpD168XrawwoQxuN5NA/eyoFCP1+yffHPnOfijgo5rIdVF
PDs6kgCHGv0eSaEMc3W13bjFlUUPw4dUyeHr6djhKj+JAeMsklXJSY6kRS4bTJKw
L4S/s4pmzfdcLJsNV1sL8rf2XFTskQO9GDSAyzYm/4/AhAllvJ6VLBn5t7S84hzg
M2SWiBE3zsqmGocKCRXRTL4wfUBkJZkopem6erJtwW+85eVoghmLnYLc8xLBHxhj
a8zColAGg7XMhLlZ4T5rEWBviTeZJ4p6dfIegtg27BEkz/z9TYCjVL8G3epeSfJi
QVzz51KlgLve0BFdMIjAcf3UFwIDAQABo4IC0jCCAs4wHQYDVR0OBBYEFIoY1u6F
11kzKmdioBqWEbZocqCQMB8GA1UdIwQYMBaAFKaXAOeNDIEq0uLBFMgsZVoKzUR/
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFQjJCOC8zRjQ0Q0JBRTJG
NEQxMUVEOEY1QTZBNjRDNEY5QUUwMi9wcGNBNTQwTWdTclM0c0VVeUN4bFdnck5S
SDguY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3BwY0E1NDBNZ1NyUzRzRVV5Q3hsV2dyTlJIOC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RUIyQjgvM0Y0NENCQUUyRjREMTFFRDhGNUE2QTY0QzRGOUFFMDIvQTNGOTk0N0VF
RDYzMTFFREI2OUVCNjJBQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwXAYIKwYBBQUHAQcBAf8E
TTBLMEkEAgACMEMwEgMHACQHJEAAAQMHASQHJEAAGDASAwcBJAckQAAeAwcAJAck
QAAgAwcBJAckQAAiAwcAJAckQAAlAwcAJAckQAAoMA0GCSqGSIb3DQEBCwUAA4IB
AQB3x3Pya6BQAd1fT7dgcjLsxTtzrr3rggWVQJ5OlPnZsOVmL0yvsE3Z0yzzr1P8
dCaZKZhB8lchm/Rkb8HW7bEWb3KXvOiojoWQKGUcHoW/Bjq6De9gkVLSKVe6w+AJ
t0R+MZt7kEyCtc9Qt0duR+IZbSaQfA8X68qaVP+TU5PilVdDlfMj+VVJ6uwk3xrn
NRnDqFsil6/s2W0I3kcXTgOMeGyDXx8x1zaqq8CBKqiyfjnWgmWFNjMBC1hP81mF
+QqUXz2UrOZ+DJvtiEKclBGdVTVlaYzM0L6Qn63UQnBH1XQXUc+nWkK43fRc0GYU
vqDiBhhrem5kP0ryGUcCcDJv
-----END CERTIFICATE-----
Generated at Sun Mar 3 05:16:05 2024 by rpki-client on console-ams.rpki-client.org