Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91FDAD4/C423183077B511ECA5BCE05FC4F9AE02/616435103F3E11EE81024074C4F9AE02.roa
File:                     616435103F3E11EE81024074C4F9AE02.roa (raw, json)
Hash identifier:          rIjstnLA7oqlzAIte1weUL9/6bXimc7BXsGDyH6RUSM=
Subject key identifier:   6D:FE:07:18:FA:60:2F:45:18:64:F5:E1:B2:BC:D0:4E:A9:8E:8A:B1
Certificate issuer:       /CN=A91FDAD4/serialNumber=5430A414AA05B6731DC2D64A70C619C669346A0E
Certificate serial:       0334
Authority key identifier: 54:30:A4:14:AA:05:B6:73:1D:C2:D6:4A:70:C6:19:C6:69:34:6A:0E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/VDCkFKoFtnMdwtZKcMYZxmk0ag4.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91FDAD4/C423183077B511ECA5BCE05FC4F9AE02/616435103F3E11EE81024074C4F9AE02.roa
Signing time:             Tue 05 Mar 2024 02:44:43 +0000
ROA not before:           Tue 05 Mar 2024 02:44:43 +0000
ROA not after:            Thu 01 May 2025 00:00:00 +0000
asID:                     9312
IP address blocks:        2400:8d60:6::/48 maxlen: 48

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91FDAD4/C423183077B511ECA5BCE05FC4F9AE02/VDCkFKoFtnMdwtZKcMYZxmk0ag4.crl
                          rsync://rpki.apnic.net/member_repository/A91FDAD4/C423183077B511ECA5BCE05FC4F9AE02/VDCkFKoFtnMdwtZKcMYZxmk0ag4.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/VDCkFKoFtnMdwtZKcMYZxmk0ag4.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 27 Nov 2024 20:33:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 820 (0x334)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91FDAD4/serialNumber=5430A414AA05B6731DC2D64A70C619C669346A0E
        Validity
            Not Before: Mar  5 02:44:43 2024 GMT
            Not After : May  1 00:00:00 2025 GMT
        Subject: CN=65e6871b-a454
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:fd:5f:82:a7:18:50:4b:dc:9f:da:9a:93:87:
                    59:8f:fb:8c:39:9a:90:c7:0f:2c:4e:83:c9:24:65:
                    91:2a:9e:d3:52:a9:29:ec:e7:28:80:36:fd:e1:53:
                    4d:f0:a6:51:97:87:2e:48:a8:43:c6:36:06:5a:59:
                    98:46:9e:58:cd:f7:de:8b:d5:57:44:b8:52:2e:95:
                    fe:a7:4b:4f:de:a9:60:8e:d6:3f:24:7d:33:ba:1d:
                    c7:e5:dd:82:3a:8b:d0:3b:87:d1:e7:8a:fa:2c:c1:
                    ec:ae:8b:ac:fe:49:ae:02:94:ef:e8:d5:b1:a1:ee:
                    73:6f:61:c5:c8:0b:e2:62:ff:10:4c:ba:ac:e8:21:
                    c6:7d:16:92:5e:0d:c9:66:3a:21:2c:4a:2e:ac:6e:
                    66:09:5c:83:80:5b:d7:01:1a:46:a8:ae:87:5c:79:
                    6c:b6:82:60:74:f5:86:b9:29:26:14:62:26:b4:3b:
                    46:2f:21:a9:74:af:06:9b:6c:44:b2:0c:85:85:a3:
                    1e:82:d8:17:98:49:12:09:50:d0:16:1b:5a:06:71:
                    ca:43:c7:e6:fb:9d:d3:ba:f3:69:49:ed:03:03:e9:
                    d6:62:63:50:9b:63:ab:00:63:30:cf:33:5a:75:17:
                    8a:5b:df:0e:f7:c4:5b:a5:f6:58:4d:6c:0b:01:74:
                    bf:5d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6D:FE:07:18:FA:60:2F:45:18:64:F5:E1:B2:BC:D0:4E:A9:8E:8A:B1
            X509v3 Authority Key Identifier:
                keyid:54:30:A4:14:AA:05:B6:73:1D:C2:D6:4A:70:C6:19:C6:69:34:6A:0E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91FDAD4/C423183077B511ECA5BCE05FC4F9AE02/VDCkFKoFtnMdwtZKcMYZxmk0ag4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/VDCkFKoFtnMdwtZKcMYZxmk0ag4.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91FDAD4/C423183077B511ECA5BCE05FC4F9AE02/616435103F3E11EE81024074C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2400:8d60:6::/48

    Signature Algorithm: sha256WithRSAEncryption
         82:19:07:20:99:26:9e:25:5e:7f:83:3f:bd:11:0c:c4:5e:67:
         9f:3c:3f:c9:43:04:51:ab:f7:68:dd:2c:0c:22:08:0b:5e:78:
         d2:90:c3:e2:f0:bc:a0:db:ee:56:ea:87:13:fc:d4:28:23:7f:
         0f:96:74:9c:3a:a5:9f:d5:21:8b:89:b9:7b:32:88:38:df:bc:
         b5:5a:a9:51:5c:c5:04:5d:e6:dd:a1:45:ff:35:93:8f:dd:91:
         5c:3a:4a:28:9c:87:5b:aa:7d:77:f1:a1:2c:be:24:18:58:5c:
         24:37:a8:33:be:f9:04:d7:42:b2:de:07:c4:35:d4:05:53:75:
         ea:02:88:5e:ba:ae:65:6b:4d:16:04:fa:6c:27:6d:a2:c6:ab:
         c8:61:f6:9b:08:75:db:f5:c3:3f:e4:30:ef:33:a5:40:43:34:
         dc:03:3e:20:e3:cc:b9:b3:fa:bf:40:a3:2e:46:99:12:9e:b2:
         2b:76:bc:78:06:c1:d8:c8:ec:20:a9:98:94:7b:7c:ee:56:dc:
         fa:a5:13:5a:d3:89:73:37:eb:98:11:11:3c:76:8b:8b:0d:ed:
         48:c2:32:10:cb:2a:cd:e9:24:84:7d:0d:ee:85:e4:90:a2:d8:
         8f:e1:34:d1:b2:d2:3b:7f:13:45:f5:47:1f:2a:dd:e2:03:af:
         e5:22:8a:a0
-----BEGIN CERTIFICATE-----
MIIFdDCCBFygAwIBAgICAzQwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RkRBRDQxMTAvBgNVBAUTKDU0MzBBNDE0QUEwNUI2NzMxREMyRDY0QTcwQzYxOUM2
NjkzNDZBMEUwHhcNMjQwMzA1MDI0NDQzWhcNMjUwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NWU2ODcxYi1hNDU0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAt/1fgqcYUEvcn9qak4dZj/uMOZqQxw8sToPJJGWRKp7TUqkp7OcogDb94VNN
8KZRl4cuSKhDxjYGWlmYRp5Yzffei9VXRLhSLpX+p0tP3qlgjtY/JH0zuh3H5d2C
OovQO4fR54r6LMHsrous/kmuApTv6NWxoe5zb2HFyAviYv8QTLqs6CHGfRaSXg3J
ZjohLEourG5mCVyDgFvXARpGqK6HXHlstoJgdPWGuSkmFGImtDtGLyGpdK8Gm2xE
sgyFhaMegtgXmEkSCVDQFhtaBnHKQ8fm+53TuvNpSe0DA+nWYmNQm2OrAGMwzzNa
dReKW98O98RbpfZYTWwLAXS/XQIDAQABo4ICmDCCApQwHQYDVR0OBBYEFG3+Bxj6
YC9FGGT14bK80E6pjoqxMB8GA1UdIwQYMBaAFFQwpBSqBbZzHcLWSnDGGcZpNGoO
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFGREFENC9DNDIzMTgzMDc3
QjUxMUVDQTVCQ0UwNUZDNEY5QUUwMi9WRENrRktvRnRuTWR3dFpLY01ZWnhtazBh
ZzQuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1ZEQ2tGS29GdG5NZHd0WktjTVlaeG1rMGFnNC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RkRBRDQvQzQyMzE4MzA3N0I1MTFFQ0E1QkNFMDVGQzRGOUFFMDIvNjE2NDM1MTAz
RjNFMTFFRTgxMDI0MDc0QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwIgYIKwYBBQUHAQcBAf8E
EzARMA8EAgACMAkDBwAkAI1gAAYwDQYJKoZIhvcNAQELBQADggEBAIIZByCZJp4l
Xn+DP70RDMReZ588P8lDBFGr92jdLAwiCAteeNKQw+LwvKDb7lbqhxP81Cgjfw+W
dJw6pZ/VIYuJuXsyiDjfvLVaqVFcxQRd5t2hRf81k4/dkVw6Siich1uqfXfxoSy+
JBhYXCQ3qDO++QTXQrLeB8Q11AVTdeoCiF66rmVrTRYE+mwnbaLGq8hh9psIddv1
wz/kMO8zpUBDNNwDPiDjzLmz+r9Aoy5GmRKesit2vHgGwdjI7CCpmJR7fO5W3Pql
E1rTiXM365gRETx2i4sN7UjCMhDLKs3pJIR9De6F5JCi2I/hNNGy0jt/E0X1Rx8q
3eIDr+UiiqA=
-----END CERTIFICATE-----
Generated at Thu Nov 21 01:26:07 2024 by rpki-client on console-ams.rpki-client.org