Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9137ABC/713D9FB01D7811E282868DC408B02CD2/3426848A1E0111E9A590C837C4F9AE02.roa
File:                     3426848A1E0111E9A590C837C4F9AE02.roa (raw, json)
Hash identifier:          qmHd7qpVZUAsDqp4UGZtSVEa1ga0pFl3h3bbDNHcsA8=
Subject key identifier:   83:8B:5D:82:BB:D5:8B:4A:86:C8:2E:CE:BB:C8:9F:8A:9B:5E:F0:E2
Certificate issuer:       /CN=A9137ABC/serialNumber=61BF3ED4C3BFBC0916EF9480AAFF222A437AF02C
Certificate serial:       39B4
Authority key identifier: 61:BF:3E:D4:C3:BF:BC:09:16:EF:94:80:AA:FF:22:2A:43:7A:F0:2C
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Yb8-1MO_vAkW75SAqv8iKkN68Cw.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9137ABC/713D9FB01D7811E282868DC408B02CD2/3426848A1E0111E9A590C837C4F9AE02.roa
Signing time:             Mon 14 Jul 2025 14:50:14 +0000
ROA not before:           Mon 14 Jul 2025 14:50:14 +0000
ROA not after:            Wed 30 Sep 2026 00:00:00 +0000
asID:                     132009
IP address blocks:        58.97.77.0/24 maxlen: 24
                          171.102.204.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9137ABC/713D9FB01D7811E282868DC408B02CD2/Yb8-1MO_vAkW75SAqv8iKkN68Cw.crl
                          rsync://rpki.apnic.net/member_repository/A9137ABC/713D9FB01D7811E282868DC408B02CD2/Yb8-1MO_vAkW75SAqv8iKkN68Cw.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Yb8-1MO_vAkW75SAqv8iKkN68Cw.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 29 Jul 2025 14:20:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 14772 (0x39b4)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9137ABC, serialNumber=61BF3ED4C3BFBC0916EF9480AAFF222A437AF02C
        Validity
            Not Before: Jul 14 14:50:14 2025 GMT
            Not After : Sep 30 00:00:00 2026 GMT
        Subject: CN=68751926-150f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:f7:2d:5c:ec:f5:69:0b:9e:a9:8b:9a:53:db:
                    4e:58:7b:1b:b3:86:53:d5:63:1b:52:ea:12:b1:45:
                    5d:27:a2:b3:94:50:1a:34:b1:84:dd:21:1d:db:bc:
                    db:e5:a4:24:05:38:e8:15:c0:82:d4:cd:85:11:47:
                    3a:ec:30:20:94:7e:2e:04:4c:d3:0d:62:b0:48:96:
                    b3:ad:47:d2:7c:3d:65:48:a0:f9:0c:18:db:02:3c:
                    55:b3:14:cc:3e:35:c3:9d:4a:74:c4:cb:fa:14:fe:
                    26:38:23:cf:6e:5f:f6:1f:71:8f:09:98:d1:91:18:
                    a3:a2:46:bc:d6:05:f6:d9:b7:0f:32:5f:72:03:25:
                    6d:02:44:8d:f5:3c:b3:98:68:60:87:ea:6c:b0:a4:
                    e8:2f:ca:1d:d6:c6:43:06:16:dd:79:a7:ac:9f:f3:
                    51:fc:d5:d6:5b:b5:fc:8d:b8:b1:f1:08:56:42:07:
                    23:10:17:b3:c8:46:59:7c:14:c8:48:99:41:4a:f3:
                    36:44:67:84:d6:79:9a:98:28:5f:fe:ee:97:10:c4:
                    49:9d:52:02:e6:7c:b8:ba:73:09:7e:08:ef:b6:d1:
                    59:a6:ff:d1:29:d2:20:a8:c2:5f:10:39:6c:2c:df:
                    7c:09:cb:07:57:a1:85:db:82:71:4b:c0:82:8f:c4:
                    f0:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                83:8B:5D:82:BB:D5:8B:4A:86:C8:2E:CE:BB:C8:9F:8A:9B:5E:F0:E2
            X509v3 Authority Key Identifier:
                keyid:61:BF:3E:D4:C3:BF:BC:09:16:EF:94:80:AA:FF:22:2A:43:7A:F0:2C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9137ABC/713D9FB01D7811E282868DC408B02CD2/Yb8-1MO_vAkW75SAqv8iKkN68Cw.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Yb8-1MO_vAkW75SAqv8iKkN68Cw.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9137ABC/713D9FB01D7811E282868DC408B02CD2/3426848A1E0111E9A590C837C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  58.97.77.0/24
                  171.102.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         95:11:06:d6:b3:f2:e6:73:1d:e2:22:d4:79:ea:cb:57:65:41:
         ac:ed:b9:e4:9c:eb:74:33:86:18:04:06:5e:53:cf:df:dc:3a:
         af:d2:93:85:9f:9b:f2:58:0c:af:97:5e:19:da:58:e0:52:2a:
         20:d6:4a:7d:49:0e:2c:7d:da:9c:ba:34:cd:73:62:a1:cb:1f:
         55:e4:1b:c8:63:62:c2:17:1a:f8:70:8b:af:e2:ae:22:ed:d9:
         13:c0:ef:69:b9:b7:7b:bf:80:e2:a4:40:37:22:78:39:a1:a1:
         d8:1e:34:76:00:d1:c5:48:3a:6d:93:b5:d2:16:e6:85:5a:33:
         24:66:ca:8d:1f:89:6d:67:64:10:73:20:33:02:5e:af:ed:a2:
         47:2b:56:12:52:4e:74:d9:87:ff:ea:39:87:12:81:61:1c:81:
         0c:82:43:7f:50:83:09:15:b9:56:28:02:fc:c6:d9:a1:aa:c6:
         77:87:17:8f:93:fd:9e:72:a1:d7:8c:cb:83:f2:04:36:e0:7f:
         b1:f6:56:36:71:45:5b:51:0e:25:ec:d3:f0:12:70:df:05:de:
         56:45:aa:f1:c5:b9:46:3b:9c:4a:7a:71:80:71:a1:39:f7:cb:
         e0:13:bf:67:f3:fe:ad:a8:f2:26:7a:fe:d7:1f:b5:19:ef:3e:
         e4:09:97:cd
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICObQwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MzdBQkMxMTAvBgNVBAUTKDYxQkYzRUQ0QzNCRkJDMDkxNkVGOTQ4MEFBRkYyMjJB
NDM3QUYwMkMwHhcNMjUwNzE0MTQ1MDE0WhcNMjYwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODc1MTkyNi0xNTBmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAtfctXOz1aQueqYuaU9tOWHsbs4ZT1WMbUuoSsUVdJ6KzlFAaNLGE3SEd27zb
5aQkBTjoFcCC1M2FEUc67DAglH4uBEzTDWKwSJazrUfSfD1lSKD5DBjbAjxVsxTM
PjXDnUp0xMv6FP4mOCPPbl/2H3GPCZjRkRijoka81gX22bcPMl9yAyVtAkSN9Tyz
mGhgh+pssKToL8od1sZDBhbdeaesn/NR/NXWW7X8jbix8QhWQgcjEBezyEZZfBTI
SJlBSvM2RGeE1nmamChf/u6XEMRJnVIC5ny4unMJfgjvttFZpv/RKdIgqMJfEDls
LN98CcsHV6GF24JxS8CCj8TwyQIDAQABo4ICmzCCApcwHQYDVR0OBBYEFIOLXYK7
1YtKhsguzrvIn4qbXvDiMB8GA1UdIwQYMBaAFGG/PtTDv7wJFu+UgKr/IipDevAs
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEzN0FCQy83MTNEOUZCMDFE
NzgxMUUyODI4NjhEQzQwOEIwMkNEMi9ZYjgtMU1PX3ZBa1c3NVNBcXY4aUtrTjY4
Q3cuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1liOC0xTU9fdkFrVzc1U0FxdjhpS2tONjhDdy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MzdBQkMvNzEzRDlGQjAxRDc4MTFFMjgyODY4REM0MDhCMDJDRDIvMzQyNjg0OEEx
RTAxMTFFOUE1OTBDODM3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBAA6YU0DBACrZswwDQYJKoZIhvcNAQELBQADggEBAJURBtaz
8uZzHeIi1Hnqy1dlQaztueSc63QzhhgEBl5Tz9/cOq/Sk4Wfm/JYDK+XXhnaWOBS
KiDWSn1JDix92py6NM1zYqHLH1XkG8hjYsIXGvhwi6/iriLt2RPA72m5t3u/gOKk
QDcieDmhodgeNHYA0cVIOm2TtdIW5oVaMyRmyo0fiW1nZBBzIDMCXq/tokcrVhJS
TnTZh//qOYcSgWEcgQyCQ39QgwkVuVYoAvzG2aGqxneHF4+T/Z5yodeMy4PyBDbg
f7H2VjZxRVtRDiXs0/AScN8F3lZFqvHFuUY7nEp6cYBxoTn3y+ATv2fz/q2o8iZ6
/tcftRnvPuQJl80=
-----END CERTIFICATE-----
Generated at Wed Jul 23 02:14:48 2025 by rpki-client