Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9137ABC/713D9FB01D7811E282868DC408B02CD2/261E0ECA9FCF11EF84CA7C1EC4F9AE02.roa
File:                     261E0ECA9FCF11EF84CA7C1EC4F9AE02.roa (raw, json)
Hash identifier:          mOF/4ijjwP6ovF6e3U9wDqWUj6rkqo2eHqqOfwlEs+U=
Subject key identifier:   92:72:05:D8:9B:F3:4F:D0:F7:5A:5E:18:45:C5:78:48:45:11:0E:57
Certificate issuer:       /CN=A9137ABC/serialNumber=61BF3ED4C3BFBC0916EF9480AAFF222A437AF02C
Certificate serial:       39D2
Authority key identifier: 61:BF:3E:D4:C3:BF:BC:09:16:EF:94:80:AA:FF:22:2A:43:7A:F0:2C
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Yb8-1MO_vAkW75SAqv8iKkN68Cw.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9137ABC/713D9FB01D7811E282868DC408B02CD2/261E0ECA9FCF11EF84CA7C1EC4F9AE02.roa
Signing time:             Mon 14 Jul 2025 14:50:39 +0000
ROA not before:           Mon 14 Jul 2025 14:50:39 +0000
ROA not after:            Wed 30 Sep 2026 00:00:00 +0000
asID:                     140689
IP address blocks:        110.170.145.0/24 maxlen: 24
                          210.86.199.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9137ABC/713D9FB01D7811E282868DC408B02CD2/Yb8-1MO_vAkW75SAqv8iKkN68Cw.crl
                          rsync://rpki.apnic.net/member_repository/A9137ABC/713D9FB01D7811E282868DC408B02CD2/Yb8-1MO_vAkW75SAqv8iKkN68Cw.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Yb8-1MO_vAkW75SAqv8iKkN68Cw.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 29 Jul 2025 14:20:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 14802 (0x39d2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9137ABC, serialNumber=61BF3ED4C3BFBC0916EF9480AAFF222A437AF02C
        Validity
            Not Before: Jul 14 14:50:39 2025 GMT
            Not After : Sep 30 00:00:00 2026 GMT
        Subject: CN=6875193f-7b6b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:f7:45:c6:63:5f:96:ba:4d:ad:a1:a8:4b:86:
                    e9:cf:91:aa:1d:bd:15:13:c7:6d:82:15:b2:f0:9d:
                    ce:8c:16:97:1b:52:bf:28:db:b7:e0:0c:b0:e0:97:
                    41:a0:53:2c:68:75:88:54:c1:6e:b4:66:b1:9a:d5:
                    ad:80:32:cb:4c:08:7d:22:12:2c:58:9f:01:2b:b8:
                    84:13:4c:88:d0:ea:d7:0a:0a:74:6d:27:3d:54:d7:
                    23:0d:05:87:25:50:68:10:8c:e8:99:05:e5:69:6c:
                    fd:bb:89:81:80:a2:6b:f7:26:b7:de:cb:5b:78:66:
                    b3:0b:b0:e9:5c:ba:27:1c:3c:cf:96:cd:d3:99:85:
                    18:20:3f:75:44:ff:c9:ca:d0:60:78:a0:44:be:9d:
                    80:50:41:cf:09:e0:c9:83:cd:5b:d3:a3:51:82:49:
                    29:f5:cd:61:ef:d2:1f:63:25:30:20:8a:dc:7c:82:
                    71:6f:63:48:e4:b7:84:b9:52:17:b2:15:89:82:c0:
                    17:2c:b4:35:85:3c:bb:d2:70:8a:0a:ad:e9:63:66:
                    0d:03:15:20:c6:2a:99:5d:c9:eb:5b:fa:2d:bd:cf:
                    65:a6:3b:93:7e:ae:bb:88:88:ec:20:d4:c1:4e:27:
                    56:0f:14:9b:90:17:e9:1e:c9:18:5b:e8:af:bc:0e:
                    dd:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                92:72:05:D8:9B:F3:4F:D0:F7:5A:5E:18:45:C5:78:48:45:11:0E:57
            X509v3 Authority Key Identifier:
                keyid:61:BF:3E:D4:C3:BF:BC:09:16:EF:94:80:AA:FF:22:2A:43:7A:F0:2C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9137ABC/713D9FB01D7811E282868DC408B02CD2/Yb8-1MO_vAkW75SAqv8iKkN68Cw.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Yb8-1MO_vAkW75SAqv8iKkN68Cw.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9137ABC/713D9FB01D7811E282868DC408B02CD2/261E0ECA9FCF11EF84CA7C1EC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  110.170.145.0/24
                  210.86.199.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b4:82:e7:bf:51:00:82:f6:a9:ce:73:e0:14:b5:bc:cb:2c:9f:
         0f:f2:d9:b9:3f:50:08:83:d7:7a:15:f2:26:7c:26:ea:50:ee:
         7b:b6:21:79:40:4a:9e:c6:d6:9c:c6:5c:31:59:3e:f1:24:8d:
         28:2c:d4:a0:ec:6d:fa:2d:ce:80:e0:3e:54:a5:3f:50:50:32:
         88:21:92:43:82:d1:0b:56:08:2f:18:70:25:8c:19:7b:66:2e:
         ca:07:a2:28:30:bd:9e:34:54:d0:4c:77:fa:3a:4c:b7:51:9e:
         02:ba:82:38:7c:59:ac:69:9b:8b:e9:6a:f3:68:8f:2c:ab:f0:
         a3:36:24:e7:bd:e5:9b:3e:fa:50:d4:74:6e:54:c3:a6:f6:87:
         9a:71:20:88:a5:95:3b:d6:ed:8e:72:74:a2:83:39:1d:93:1c:
         61:9f:83:69:f6:0a:06:15:c6:37:8e:59:7d:f3:d8:b6:d8:66:
         fe:d2:ce:e2:cb:7e:43:0e:41:60:52:26:1e:61:c1:c5:d9:69:
         fe:c0:e2:a8:34:6c:65:3c:cc:94:e3:9b:1d:4f:97:57:94:a9:
         90:7b:ed:65:43:7c:e4:08:2c:c0:8a:5f:2a:5b:24:7d:f9:28:
         2d:1a:c8:dd:7f:69:3f:b9:d8:d4:f4:b3:38:d6:84:b2:bf:7b:
         ad:bb:97:ae
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICOdIwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MzdBQkMxMTAvBgNVBAUTKDYxQkYzRUQ0QzNCRkJDMDkxNkVGOTQ4MEFBRkYyMjJB
NDM3QUYwMkMwHhcNMjUwNzE0MTQ1MDM5WhcNMjYwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODc1MTkzZi03YjZiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAy/dFxmNflrpNraGoS4bpz5GqHb0VE8dtghWy8J3OjBaXG1K/KNu34Ayw4JdB
oFMsaHWIVMFutGaxmtWtgDLLTAh9IhIsWJ8BK7iEE0yI0OrXCgp0bSc9VNcjDQWH
JVBoEIzomQXlaWz9u4mBgKJr9ya33stbeGazC7DpXLonHDzPls3TmYUYID91RP/J
ytBgeKBEvp2AUEHPCeDJg81b06NRgkkp9c1h79IfYyUwIIrcfIJxb2NI5LeEuVIX
shWJgsAXLLQ1hTy70nCKCq3pY2YNAxUgxiqZXcnrW/otvc9lpjuTfq67iIjsINTB
TidWDxSbkBfpHskYW+ivvA7d8QIDAQABo4ICmzCCApcwHQYDVR0OBBYEFJJyBdib
80/Q91peGEXFeEhFEQ5XMB8GA1UdIwQYMBaAFGG/PtTDv7wJFu+UgKr/IipDevAs
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEzN0FCQy83MTNEOUZCMDFE
NzgxMUUyODI4NjhEQzQwOEIwMkNEMi9ZYjgtMU1PX3ZBa1c3NVNBcXY4aUtrTjY4
Q3cuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1liOC0xTU9fdkFrVzc1U0FxdjhpS2tONjhDdy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MzdBQkMvNzEzRDlGQjAxRDc4MTFFMjgyODY4REM0MDhCMDJDRDIvMjYxRTBFQ0E5
RkNGMTFFRjg0Q0E3QzFFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBABuqpEDBADSVscwDQYJKoZIhvcNAQELBQADggEBALSC579R
AIL2qc5z4BS1vMssnw/y2bk/UAiD13oV8iZ8JupQ7nu2IXlASp7G1pzGXDFZPvEk
jSgs1KDsbfotzoDgPlSlP1BQMoghkkOC0QtWCC8YcCWMGXtmLsoHoigwvZ40VNBM
d/o6TLdRngK6gjh8Waxpm4vpavNojyyr8KM2JOe95Zs++lDUdG5Uw6b2h5pxIIil
lTvW7Y5ydKKDOR2THGGfg2n2CgYVxjeOWX3z2LbYZv7SzuLLfkMOQWBSJh5hwcXZ
af7A4qg0bGU8zJTjmx1Pl1eUqZB77WVDfOQILMCKXypbJH35KC0ayN1/aT+52NT0
szjWhLK/e627l64=
-----END CERTIFICATE-----
Generated at Wed Jul 23 02:25:27 2025 by rpki-client