Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91EC8F7/8093C308B2A511EE90DEA220C4F9AE02/B0A65A04B2A711EEA3E1C240C4F9AE02.roa
File:                     B0A65A04B2A711EEA3E1C240C4F9AE02.roa (raw, json)
Hash identifier:          hORZ5AISHPiAhkgQPGt4LkQHQaYezLZ+UwdT1yQrlr0=
Subject key identifier:   1E:E8:0C:A5:45:18:AE:A8:54:C4:BF:80:64:D0:D8:C5:E9:57:73:DF
Certificate issuer:       /CN=A91EC8F7/serialNumber=B1927F1382AFC884430C965EAD289BC3BEC64BEC
Certificate serial:       02
Authority key identifier: B1:92:7F:13:82:AF:C8:84:43:0C:96:5E:AD:28:9B:C3:BE:C6:4B:EC
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/sZJ_E4KvyIRDDJZerSibw77GS-w.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91EC8F7/8093C308B2A511EE90DEA220C4F9AE02/B0A65A04B2A711EEA3E1C240C4F9AE02.roa
Signing time:             Sun 14 Jan 2024 06:39:39 +0000
ROA not before:           Sun 14 Jan 2024 06:39:39 +0000
ROA not after:            Mon 31 Mar 2025 00:00:00 +0000
asID:                     152324
IP address blocks:        2001:df3:5f40::/48 maxlen: 51

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91EC8F7/8093C308B2A511EE90DEA220C4F9AE02/sZJ_E4KvyIRDDJZerSibw77GS-w.crl
                          rsync://rpki.apnic.net/member_repository/A91EC8F7/8093C308B2A511EE90DEA220C4F9AE02/sZJ_E4KvyIRDDJZerSibw77GS-w.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/sZJ_E4KvyIRDDJZerSibw77GS-w.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 28 Nov 2024 04:23:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91EC8F7/serialNumber=B1927F1382AFC884430C965EAD289BC3BEC64BEC
        Validity
            Not Before: Jan 14 06:39:39 2024 GMT
            Not After : Mar 31 00:00:00 2025 GMT
        Subject: CN=65a381ab-b042
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bf:25:15:f7:a1:33:e9:ff:de:be:14:61:c8:60:
                    24:e8:d4:b5:ba:62:b5:fc:d5:55:b0:91:a9:f0:82:
                    5b:51:f7:1e:65:07:29:80:30:71:d7:24:b6:0b:54:
                    25:cb:32:b2:da:55:70:b2:ed:8b:a5:ca:59:b6:0d:
                    9e:f1:78:b1:4b:38:28:0a:30:2b:d5:4b:31:3c:33:
                    b2:1a:a4:bd:73:99:bb:bd:dd:24:d7:36:53:da:d8:
                    4b:47:b4:e4:f8:2a:c2:71:c5:3f:4a:40:48:fc:46:
                    2b:e4:4a:da:61:91:05:0c:c6:66:d9:22:89:69:d4:
                    d0:03:bf:57:5c:49:a5:6d:2a:57:6b:50:e6:bf:0d:
                    1f:99:ef:9b:6b:f1:e4:45:ae:37:98:f9:2d:5b:67:
                    2c:59:93:42:51:f0:a8:03:03:11:14:92:bd:27:72:
                    a7:27:4c:8f:d0:09:76:0e:34:76:ea:9c:b6:67:ae:
                    a6:71:63:ee:21:1a:fe:ec:05:c4:85:48:9a:1d:69:
                    7e:6c:65:97:cd:be:87:2d:aa:a1:8a:06:5f:8e:eb:
                    45:c0:02:55:fe:12:6b:40:e5:eb:4f:42:58:1a:61:
                    e7:d5:bc:d2:ad:21:6c:b6:90:e6:22:1f:9e:d5:b7:
                    f0:7c:09:0b:bc:7a:4e:7e:d2:58:67:71:20:f6:57:
                    e8:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:E8:0C:A5:45:18:AE:A8:54:C4:BF:80:64:D0:D8:C5:E9:57:73:DF
            X509v3 Authority Key Identifier:
                keyid:B1:92:7F:13:82:AF:C8:84:43:0C:96:5E:AD:28:9B:C3:BE:C6:4B:EC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91EC8F7/8093C308B2A511EE90DEA220C4F9AE02/sZJ_E4KvyIRDDJZerSibw77GS-w.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/sZJ_E4KvyIRDDJZerSibw77GS-w.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91EC8F7/8093C308B2A511EE90DEA220C4F9AE02/B0A65A04B2A711EEA3E1C240C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:df3:5f40::/48

    Signature Algorithm: sha256WithRSAEncryption
         4c:c5:75:ff:7d:f2:17:1f:7f:66:69:03:a5:88:d4:63:57:fa:
         42:28:64:be:21:75:59:c9:f8:34:6b:b4:18:e3:d5:32:4e:9b:
         38:b8:24:e1:a2:bc:8c:c9:56:b4:6d:c3:74:58:d9:21:10:69:
         d6:7d:13:c3:7f:c7:f5:79:c6:4b:c5:20:7c:14:22:ce:3f:b4:
         f1:0d:0d:25:49:06:fe:c4:14:4c:1b:04:cb:f0:b7:ea:46:04:
         ed:a2:25:6b:a8:55:a9:11:92:77:72:35:e8:32:91:9f:38:77:
         8e:02:2f:35:9e:80:df:74:c4:3e:be:91:f2:01:2d:04:62:5f:
         7b:f2:ba:14:f0:de:19:21:3a:92:bc:50:ae:99:e0:2f:de:ad:
         57:9a:a5:5a:5b:5c:aa:49:65:ab:3b:89:7a:c9:43:03:5a:0a:
         ea:1a:41:02:ab:32:61:9b:3c:dc:09:9f:49:df:10:df:2c:3b:
         e8:21:e5:d8:a7:8a:50:83:95:c9:ee:36:b4:97:62:ee:2a:f3:
         18:1b:37:06:65:4e:2e:ad:c1:39:05:74:37:6e:5a:12:8f:a4:
         43:df:7a:d4:4e:22:06:5d:ce:63:a2:72:3c:14:e2:86:11:3e:
         0b:f4:22:a3:3e:4a:e1:3a:5a:75:b8:da:b0:59:86:b5:69:67:
         4c:cd:3a:4d
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgIBAjANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFF
QzhGNzExMC8GA1UEBRMoQjE5MjdGMTM4MkFGQzg4NDQzMEM5NjVFQUQyODlCQzNC
RUM2NEJFQzAeFw0yNDAxMTQwNjM5MzlaFw0yNTAzMzEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY1YTM4MWFiLWIwNDIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQC/JRX3oTPp/96+FGHIYCTo1LW6YrX81VWwkanwgltR9x5lBymAMHHXJLYLVCXL
MrLaVXCy7Yulylm2DZ7xeLFLOCgKMCvVSzE8M7IapL1zmbu93STXNlPa2EtHtOT4
KsJxxT9KQEj8RivkStphkQUMxmbZIolp1NADv1dcSaVtKldrUOa/DR+Z75tr8eRF
rjeY+S1bZyxZk0JR8KgDAxEUkr0ncqcnTI/QCXYONHbqnLZnrqZxY+4hGv7sBcSF
SJodaX5sZZfNvoctqqGKBl+O60XAAlX+EmtA5etPQlgaYefVvNKtIWy2kOYiH57V
t/B8CQu8ek5+0lhncSD2V+gjAgMBAAGjggKYMIIClDAdBgNVHQ4EFgQUHugMpUUY
rqhUxL+AZNDYxelXc98wHwYDVR0jBBgwFoAUsZJ/E4KvyIRDDJZerSibw77GS+ww
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUVDOEY3LzgwOTNDMzA4QjJB
NTExRUU5MERFQTIyMEM0RjlBRTAyL3NaSl9FNEt2eUlSRERKWmVyU2lidzc3R1Mt
dy5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvc1pKX0U0S3Z5SVJEREpaZXJTaWJ3NzdHUy13LmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFF
QzhGNy84MDkzQzMwOEIyQTUxMUVFOTBERUEyMjBDNEY5QUUwMi9CMEE2NUEwNEIy
QTcxMUVFQTNFMUMyNDBDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAiBggrBgEFBQcBBwEB/wQT
MBEwDwQCAAIwCQMHACABDfNfQDANBgkqhkiG9w0BAQsFAAOCAQEATMV1/33yFx9/
ZmkDpYjUY1f6QihkviF1Wcn4NGu0GOPVMk6bOLgk4aK8jMlWtG3DdFjZIRBp1n0T
w3/H9XnGS8UgfBQizj+08Q0NJUkG/sQUTBsEy/C36kYE7aIla6hVqRGSd3I16DKR
nzh3jgIvNZ6A33TEPr6R8gEtBGJfe/K6FPDeGSE6krxQrpngL96tV5qlWltcqkll
qzuJeslDA1oK6hpBAqsyYZs83AmfSd8Q3yw76CHl2KeKUIOVye42tJdi7irzGBs3
BmVOLq3BOQV0N25aEo+kQ9961E4iBl3OY6JyPBTihhE+C/Qioz5K4TpadbjasFmG
tWlnTM06TQ==
-----END CERTIFICATE-----
Generated at Thu Nov 21 05:06:07 2024 by rpki-client on console-fra.rpki-client.org