Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91FA69F/C665DF2233A311EFA5B49B23C4F9AE02/4FAF60B433A411EFB7A29C24C4F9AE02.roa
File:                     4FAF60B433A411EFB7A29C24C4F9AE02.roa (raw, json)
Hash identifier:          LD7B5+XzyaE0f/ths6DbB5WXZXs6tAf0rdqOWz9N/kI=
Subject key identifier:   6B:F9:A8:41:28:1C:56:E6:63:D8:0C:EF:B0:EE:1E:24:FC:CA:F0:E3
Certificate issuer:       /CN=A91FA69F/serialNumber=784EC0F0FF9D6D80DC9F7DCE39149FC60F961499
Certificate serial:       02
Authority key identifier: 78:4E:C0:F0:FF:9D:6D:80:DC:9F:7D:CE:39:14:9F:C6:0F:96:14:99
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/eE7A8P-dbYDcn33OORSfxg-WFJk.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91FA69F/C665DF2233A311EFA5B49B23C4F9AE02/4FAF60B433A411EFB7A29C24C4F9AE02.roa
Signing time:             Wed 26 Jun 2024 10:10:28 +0000
ROA not before:           Wed 26 Jun 2024 10:10:28 +0000
ROA not after:            Tue 30 Sep 2025 00:00:00 +0000
asID:                     153037
IP address blocks:        2001:df3:fa40::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91FA69F/C665DF2233A311EFA5B49B23C4F9AE02/eE7A8P-dbYDcn33OORSfxg-WFJk.crl
                          rsync://rpki.apnic.net/member_repository/A91FA69F/C665DF2233A311EFA5B49B23C4F9AE02/eE7A8P-dbYDcn33OORSfxg-WFJk.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/eE7A8P-dbYDcn33OORSfxg-WFJk.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 28 Nov 2024 05:18:20 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91FA69F/serialNumber=784EC0F0FF9D6D80DC9F7DCE39149FC60F961499
        Validity
            Not Before: Jun 26 10:10:28 2024 GMT
            Not After : Sep 30 00:00:00 2025 GMT
        Subject: CN=667be913-b45b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:34:63:91:5a:83:e5:95:03:d8:d4:b6:c1:2e:
                    54:f8:81:56:07:df:59:c9:2d:41:b2:a4:19:88:c2:
                    ed:73:2f:93:d2:dd:68:49:f7:d8:b7:fe:b4:34:c9:
                    47:f6:6f:a1:d6:17:89:2f:06:62:9e:ee:53:69:76:
                    1f:72:fd:11:87:c8:f6:46:27:3e:da:88:e2:09:5c:
                    ff:a1:bb:89:84:16:fe:87:23:a0:27:9d:96:94:fb:
                    f6:c5:cb:3e:b2:af:41:e8:d1:44:a1:ba:28:7e:18:
                    84:43:61:37:75:fd:0e:08:f5:f6:17:dd:39:8c:1a:
                    14:9b:4d:a2:c1:55:06:33:62:9b:5e:88:2d:f3:15:
                    cf:88:9c:6f:0a:78:27:e5:fc:d7:aa:c9:9b:44:f6:
                    5e:0f:15:10:25:8f:b1:98:5e:0a:e7:a9:75:31:ae:
                    63:1d:b3:f8:9e:93:c3:bf:72:65:8f:c4:af:17:52:
                    29:fe:25:91:cd:3e:e3:1a:3c:c2:13:48:c9:6e:61:
                    15:e5:2b:c8:2e:c2:3c:59:38:8d:4c:60:e0:e9:a4:
                    cf:04:81:e0:63:ae:f6:ac:85:8d:cd:12:d5:d0:81:
                    af:10:91:37:0f:e9:75:fa:1c:0f:3f:51:44:2c:57:
                    84:13:16:49:e1:b8:e0:c1:2b:ec:03:2c:cd:02:37:
                    2f:53
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6B:F9:A8:41:28:1C:56:E6:63:D8:0C:EF:B0:EE:1E:24:FC:CA:F0:E3
            X509v3 Authority Key Identifier:
                keyid:78:4E:C0:F0:FF:9D:6D:80:DC:9F:7D:CE:39:14:9F:C6:0F:96:14:99

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91FA69F/C665DF2233A311EFA5B49B23C4F9AE02/eE7A8P-dbYDcn33OORSfxg-WFJk.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/eE7A8P-dbYDcn33OORSfxg-WFJk.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91FA69F/C665DF2233A311EFA5B49B23C4F9AE02/4FAF60B433A411EFB7A29C24C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:df3:fa40::/48

    Signature Algorithm: sha256WithRSAEncryption
         3b:e6:fe:2d:55:5e:ff:af:98:e0:34:2f:28:67:76:f2:19:cb:
         5e:58:cc:2d:0f:6a:3b:eb:e5:17:b2:2b:fa:37:b6:ce:fe:fe:
         0a:44:15:e6:c4:43:c1:34:5d:1b:5d:ee:8e:d2:b1:f7:60:11:
         9d:1d:18:3b:16:3d:e6:b9:15:66:de:d9:8b:e6:66:69:b8:d5:
         04:48:67:1c:2d:84:3a:f4:43:7d:47:b7:9b:4f:75:c3:87:be:
         99:f4:e2:b8:19:fb:45:21:0c:d1:7b:b6:93:82:2b:29:8d:5f:
         6a:4b:1d:10:09:1c:c9:87:7e:12:d3:00:20:33:67:1f:c3:ce:
         73:86:dc:f8:14:75:38:9a:d8:d2:45:9d:a5:a2:43:1f:c8:79:
         da:cb:29:05:f7:40:fa:ef:5d:66:ad:4d:5a:1a:c3:eb:73:c3:
         f1:18:d2:87:8d:54:4a:cd:a9:30:ae:3a:df:d1:92:08:cf:fb:
         33:b6:1e:f1:e8:b4:90:d1:35:10:a6:7c:a6:15:fc:e8:e2:cb:
         c2:47:fc:0c:2b:b3:7a:95:47:9d:c7:3c:f3:70:14:41:2c:3f:
         72:7c:eb:2e:80:77:31:83:6e:cc:c7:5c:e6:87:e4:04:43:dd:
         58:69:64:59:b9:f9:34:54:d1:36:85:a9:25:59:e4:ed:c0:27:
         1d:2c:bd:ad
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgIBAjANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFG
QTY5RjExMC8GA1UEBRMoNzg0RUMwRjBGRjlENkQ4MERDOUY3RENFMzkxNDlGQzYw
Rjk2MTQ5OTAeFw0yNDA2MjYxMDEwMjhaFw0yNTA5MzAwMDAwMDBaMBgxFjAUBgNV
BAMTDTY2N2JlOTEzLWI0NWIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDcNGORWoPllQPY1LbBLlT4gVYH31nJLUGypBmIwu1zL5PS3WhJ99i3/rQ0yUf2
b6HWF4kvBmKe7lNpdh9y/RGHyPZGJz7aiOIJXP+hu4mEFv6HI6AnnZaU+/bFyz6y
r0Ho0UShuih+GIRDYTd1/Q4I9fYX3TmMGhSbTaLBVQYzYpteiC3zFc+InG8KeCfl
/NeqyZtE9l4PFRAlj7GYXgrnqXUxrmMds/iek8O/cmWPxK8XUin+JZHNPuMaPMIT
SMluYRXlK8guwjxZOI1MYODppM8EgeBjrvashY3NEtXQga8QkTcP6XX6HA8/UUQs
V4QTFknhuODBK+wDLM0CNy9TAgMBAAGjggKYMIIClDAdBgNVHQ4EFgQUa/moQSgc
VuZj2AzvsO4eJPzK8OMwHwYDVR0jBBgwFoAUeE7A8P+dbYDcn33OORSfxg+WFJkw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUZBNjlGL0M2NjVERjIyMzNB
MzExRUZBNUI0OUIyM0M0RjlBRTAyL2VFN0E4UC1kYllEY24zM09PUlNmeGctV0ZK
ay5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvZUU3QThQLWRiWURjbjMzT09SU2Z4Zy1XRkprLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFG
QTY5Ri9DNjY1REYyMjMzQTMxMUVGQTVCNDlCMjNDNEY5QUUwMi80RkFGNjBCNDMz
QTQxMUVGQjdBMjlDMjRDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAiBggrBgEFBQcBBwEB/wQT
MBEwDwQCAAIwCQMHACABDfP6QDANBgkqhkiG9w0BAQsFAAOCAQEAO+b+LVVe/6+Y
4DQvKGd28hnLXljMLQ9qO+vlF7Ir+je2zv7+CkQV5sRDwTRdG13ujtKx92ARnR0Y
OxY95rkVZt7Zi+ZmabjVBEhnHC2EOvRDfUe3m091w4e+mfTiuBn7RSEM0Xu2k4Ir
KY1faksdEAkcyYd+EtMAIDNnH8POc4bc+BR1OJrY0kWdpaJDH8h52sspBfdA+u9d
Zq1NWhrD63PD8RjSh41USs2pMK4639GSCM/7M7Ye8ei0kNE1EKZ8phX86OLLwkf8
DCuzepVHncc883AUQSw/cnzrLoB3MYNuzMdc5ofkBEPdWGlkWbn5NFTRNoWpJVnk
7cAnHSy9rQ==
-----END CERTIFICATE-----
Generated at Thu Nov 21 07:40:40 2024 by rpki-client on console-ams.rpki-client.org