Route Origin Authorization

$ rpki-client -vvf rpki.sub.apnic.net/repository/A91905300000/8/323430303a656261303a3a2f33322d3438203d3e2039383838.roa
File:                     323430303a656261303a3a2f33322d3438203d3e2039383838.roa (raw, json)
Hash identifier:          ifqo402YCWZhthXxmH57e5fXENAG2Rz9TPSmdb/L2jw=
Subject key identifier:   AB:85:70:7A:DF:8E:5E:75:35:C1:51:AA:13:44:84:90:53:5F:E8:5A
Certificate issuer:       /CN=A91F73F50000/serialNumber=6F204BC2AA0DE1A4001F9ACDEA099255CE7214FB
Certificate serial:       5DD504621996C74D72CA384CB0C65D6984D7A410
Authority key identifier: 6F:20:4B:C2:AA:0D:E1:A4:00:1F:9A:CD:EA:09:92:55:CE:72:14:FB
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/byBLwqoN4aQAH5rN6gmSVc5yFPs.cer
Subject info access:      rsync://rpki.sub.apnic.net/repository/A91905300000/8/323430303a656261303a3a2f33322d3438203d3e2039383838.roa
Signing time:             Mon 19 Feb 2024 02:42:40 +0000
ROA not before:           Mon 19 Feb 2024 02:37:40 +0000
ROA not after:            Mon 17 Feb 2025 02:42:40 +0000
asID:                     9888
IP address blocks:        2400:eba0::/32 maxlen: 48

Validation:               Failed, unable to get certificate CRL

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            5d:d5:04:62:19:96:c7:4d:72:ca:38:4c:b0:c6:5d:69:84:d7:a4:10
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F73F50000/serialNumber=6F204BC2AA0DE1A4001F9ACDEA099255CE7214FB
        Validity
            Not Before: Feb 19 02:37:40 2024 GMT
            Not After : Feb 17 02:42:40 2025 GMT
        Subject: CN=AB85707ADF8E5E7535C151AA13448490535FE85A
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:44:7d:75:9e:c2:d0:18:35:84:84:b2:f8:26:
                    ac:16:b8:82:0d:39:ef:be:13:d7:89:c6:5b:49:78:
                    33:a6:14:d4:74:04:c3:5d:c1:22:e1:6c:c4:8d:61:
                    bd:4e:45:6b:cb:76:01:88:f3:a3:2d:1f:91:23:c7:
                    ce:69:a4:6e:5b:4f:76:6b:e6:a2:33:5d:5f:6a:8e:
                    0c:ad:a2:a1:87:01:89:2f:c4:3d:69:5a:77:de:50:
                    04:2d:a3:59:a3:96:70:16:36:dd:47:4e:06:af:0d:
                    4e:3b:c3:33:1b:d6:14:ec:38:11:c4:75:2f:5a:b3:
                    dd:45:f7:1d:d8:86:4c:b5:8b:73:34:ef:cb:e6:a6:
                    32:1c:13:43:15:5c:51:5d:9f:6a:4c:84:b0:d9:3b:
                    ae:90:e7:1e:cb:43:36:bb:6c:03:30:0f:ad:f1:e4:
                    e4:8e:65:01:f6:cf:c4:b1:88:da:37:9b:a8:e6:35:
                    66:d5:0a:04:0a:f0:68:f7:73:e0:bf:fb:d3:ef:f1:
                    bd:29:9f:82:68:55:a2:ec:5c:d5:59:99:74:ae:13:
                    49:b1:e9:2f:3c:7a:3b:94:0d:27:0f:0c:5f:06:ea:
                    fd:a0:ed:65:f7:cf:8d:e6:09:85:28:02:15:b2:be:
                    dc:1e:30:09:bb:fb:75:f6:e3:c1:f8:f2:ac:ed:66:
                    69:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                AB:85:70:7A:DF:8E:5E:75:35:C1:51:AA:13:44:84:90:53:5F:E8:5A
            X509v3 Authority Key Identifier:
                keyid:6F:20:4B:C2:AA:0D:E1:A4:00:1F:9A:CD:EA:09:92:55:CE:72:14:FB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.sub.apnic.net/repository/A91905300000/8/6F204BC2AA0DE1A4001F9ACDEA099255CE7214FB.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/byBLwqoN4aQAH5rN6gmSVc5yFPs.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.sub.apnic.net/repository/A91905300000/8/323430303a656261303a3a2f33322d3438203d3e2039383838.roa

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv6:
                  2400:eba0::/32

    Signature Algorithm: sha256WithRSAEncryption
         4f:c8:57:0e:a1:f9:ff:fe:f9:24:f0:99:e1:16:e9:d9:08:a1:
         ad:f3:77:c1:a1:d6:0c:65:35:bf:7e:32:c8:df:93:6e:59:7f:
         ec:09:33:1d:aa:b6:17:14:6d:90:dd:41:23:01:26:e3:1b:b6:
         a5:91:1d:ab:6a:7c:b7:49:22:ad:76:5f:63:73:ae:e0:b4:42:
         ed:51:68:ce:36:61:1b:13:4e:44:fa:f8:05:54:2a:91:43:ae:
         58:ef:a6:fb:92:f9:f5:48:12:73:20:bb:2f:c0:ed:7e:27:b0:
         1f:bc:fd:64:bf:03:5c:d2:47:74:83:b8:7c:c1:e0:99:5a:8d:
         6e:ae:97:31:e6:b7:bb:82:c9:33:89:29:58:ef:b1:11:0e:05:
         41:9e:12:85:5b:92:93:aa:76:be:d4:ef:dc:2d:af:95:0b:63:
         dc:01:02:bd:a3:0a:9b:11:c5:09:73:e5:3b:10:04:7c:df:7d:
         bc:64:98:6b:a8:3a:6b:94:c7:55:a9:6a:d3:0f:5d:b5:91:2a:
         07:bf:cf:d2:9e:2c:cf:d3:ec:d9:bc:0d:a2:37:3d:77:de:2a:
         f5:27:1d:35:fd:46:ba:d7:bf:0e:b4:42:f8:9e:41:60:33:bc:
         8b:98:9b:e3:85:82:c1:de:14:70:f5:0c:57:db:a2:ba:83:8a:
         2e:0c:67:78
-----BEGIN CERTIFICATE-----
MIIFGzCCBAOgAwIBAgIUXdUEYhmWx01yyjhMsMZdaYTXpBAwDQYJKoZIhvcNAQEL
BQAwSjEVMBMGA1UEAxMMQTkxRjczRjUwMDAwMTEwLwYDVQQFEyg2RjIwNEJDMkFB
MERFMUE0MDAxRjlBQ0RFQTA5OTI1NUNFNzIxNEZCMB4XDTI0MDIxOTAyMzc0MFoX
DTI1MDIxNzAyNDI0MFowMzExMC8GA1UEAxMoQUI4NTcwN0FERjhFNUU3NTM1QzE1
MUFBMTM0NDg0OTA1MzVGRTg1QTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAONEfXWewtAYNYSEsvgmrBa4gg05774T14nGW0l4M6YU1HQEw13BIuFsxI1h
vU5Fa8t2AYjzoy0fkSPHzmmkbltPdmvmojNdX2qODK2ioYcBiS/EPWlad95QBC2j
WaOWcBY23UdOBq8NTjvDMxvWFOw4EcR1L1qz3UX3HdiGTLWLczTvy+amMhwTQxVc
UV2fakyEsNk7rpDnHstDNrtsAzAPrfHk5I5lAfbPxLGI2jebqOY1ZtUKBArwaPdz
4L/70+/xvSmfgmhVouxc1VmZdK4TSbHpLzx6O5QNJw8MXwbq/aDtZffPjeYJhSgC
FbK+3B4wCbv7dfbjwfjyrO1maUMCAwEAAaOCAg4wggIKMB0GA1UdDgQWBBSrhXB6
345edTXBUaoTRISQU1/oWjAfBgNVHSMEGDAWgBRvIEvCqg3hpAAfms3qCZJVznIU
+zAOBgNVHQ8BAf8EBAMCB4AwcgYDVR0fBGswaTBnoGWgY4ZhcnN5bmM6Ly9ycGtp
LnN1Yi5hcG5pYy5uZXQvcmVwb3NpdG9yeS9BOTE5MDUzMDAwMDAvOC82RjIwNEJD
MkFBMERFMUE0MDAxRjlBQ0RFQTA5OTI1NUNFNzIxNEZCLmNybDB+BggrBgEFBQcB
AQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBraS5hcG5pYy5uZXQvcmVwb3Np
dG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3MkZEMUZGMi9ieUJMd3FvTjRh
UUFINXJONmdtU1ZjNXlGUHMuY2VyMIGHBggrBgEFBQcBCwR7MHkwdwYIKwYBBQUH
MAuGa3JzeW5jOi8vcnBraS5zdWIuYXBuaWMubmV0L3JlcG9zaXRvcnkvQTkxOTA1
MzAwMDAwLzgvMzIzNDMwMzAzYTY1NjI2MTMwM2EzYTJmMzMzMjJkMzQzODIwM2Qz
ZTIwMzkzODM4Mzgucm9hMBgGA1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwIAYIKwYB
BQUHAQcBAf8EETAPMA0EAgACMAcDBQAkAOugMA0GCSqGSIb3DQEBCwUAA4IBAQBP
yFcOofn//vkk8JnhFunZCKGt83fBodYMZTW/fjLI35NuWX/sCTMdqrYXFG2Q3UEj
ASbjG7alkR2rany3SSKtdl9jc67gtELtUWjONmEbE05E+vgFVCqRQ65Y76b7kvn1
SBJzILsvwO1+J7AfvP1kvwNc0kd0g7h8weCZWo1urpcx5re7gskziSlY77ERDgVB
nhKFW5KTqna+1O/cLa+VC2PcAQK9owqbEcUJc+U7EAR83328ZJhrqDprlMdVqWrT
D121kSoHv8/SnizP0+zZvA2iNz133ir1Jx01/Ua6178OtEL4nkFgM7yLmJvjhYLB
3hRw9QxX26K6g4ouDGd4
-----END CERTIFICATE-----
Generated at Thu Jun 6 18:04:24 2024 by rpki-client on console-fra.rpki-client.org