Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9137ABC/713D9FB01D7811E282868DC408B02CD2/4A63A29461AF11EAB55FB65CC4F9AE02.roa
File:                     4A63A29461AF11EAB55FB65CC4F9AE02.roa (raw, json)
Hash identifier:          rsZ4nibeJcPWGF9I1uHwYnEkXT+LARMUjYgBOtcXDwA=
Subject key identifier:   6C:4B:99:9B:21:5D:87:9C:9A:0F:FD:C8:2E:98:6E:4B:A0:FE:DB:93
Certificate issuer:       /CN=A9137ABC/serialNumber=61BF3ED4C3BFBC0916EF9480AAFF222A437AF02C
Certificate serial:       39EE
Authority key identifier: 61:BF:3E:D4:C3:BF:BC:09:16:EF:94:80:AA:FF:22:2A:43:7A:F0:2C
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Yb8-1MO_vAkW75SAqv8iKkN68Cw.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9137ABC/713D9FB01D7811E282868DC408B02CD2/4A63A29461AF11EAB55FB65CC4F9AE02.roa
Signing time:             Mon 14 Jul 2025 14:51:02 +0000
ROA not before:           Mon 14 Jul 2025 14:51:02 +0000
ROA not after:            Wed 30 Sep 2026 00:00:00 +0000
asID:                     36040
IP address blocks:        2001:fb0:109f:12::/64 maxlen: 64
                          2001:fb0:109f:14::/64 maxlen: 64
                          2001:fb0:109f:18::/64 maxlen: 64
                          2001:fb0:109f:19::/64 maxlen: 64
                          2001:fb0:109f:8007::/64 maxlen: 64
                          2001:fb0:109f:8009::/64 maxlen: 64
                          2001:fb0:109f:8010::/64 maxlen: 64
                          2001:fb0:109f:8013::/64 maxlen: 64
                          2001:fb0:109f:8014::/64 maxlen: 64
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9137ABC/713D9FB01D7811E282868DC408B02CD2/Yb8-1MO_vAkW75SAqv8iKkN68Cw.crl
                          rsync://rpki.apnic.net/member_repository/A9137ABC/713D9FB01D7811E282868DC408B02CD2/Yb8-1MO_vAkW75SAqv8iKkN68Cw.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Yb8-1MO_vAkW75SAqv8iKkN68Cw.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 27 Jul 2025 14:20:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 14830 (0x39ee)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9137ABC, serialNumber=61BF3ED4C3BFBC0916EF9480AAFF222A437AF02C
        Validity
            Not Before: Jul 14 14:51:02 2025 GMT
            Not After : Sep 30 00:00:00 2026 GMT
        Subject: CN=68751955-efa9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:17:ee:6d:17:55:bf:df:ca:aa:b8:cf:8d:a6:
                    01:b0:27:f2:74:53:86:2f:f4:28:ca:34:2a:4a:b9:
                    12:5e:de:53:8a:75:5a:55:2e:b9:36:d8:6c:49:0f:
                    1f:ef:9a:87:94:f4:0f:53:56:63:60:2f:e7:84:83:
                    e5:ba:db:af:e1:7c:c2:41:94:96:40:7f:18:18:f6:
                    0f:50:45:93:22:c1:58:49:1a:47:99:75:1d:e3:dd:
                    f2:79:96:7c:84:15:d8:31:b6:bc:a5:16:cd:e6:1c:
                    b4:da:b0:59:0d:25:0d:9d:eb:30:db:30:26:9b:9c:
                    4d:ef:0e:57:70:64:e7:e5:05:2c:f3:35:1a:be:54:
                    c7:58:dc:22:e2:c3:4c:f6:15:10:4d:42:9c:37:9a:
                    ff:ca:e6:61:a6:d4:cf:75:a6:a2:4e:9d:68:c8:99:
                    18:62:d8:63:03:c1:f2:53:c2:23:c5:08:05:e3:41:
                    f3:2d:08:94:e7:1d:af:df:a6:ff:84:d0:f3:0e:f5:
                    b9:e1:65:c0:44:19:ff:7f:f2:1b:46:7b:cd:8b:87:
                    c6:81:f3:1f:e8:95:44:cf:27:5c:9c:6b:94:63:0c:
                    9d:e9:65:cf:f7:29:29:1d:0e:11:84:81:6b:65:b3:
                    4a:e1:a9:5d:c7:42:91:37:2a:96:84:b2:e8:c7:1d:
                    15:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:4B:99:9B:21:5D:87:9C:9A:0F:FD:C8:2E:98:6E:4B:A0:FE:DB:93
            X509v3 Authority Key Identifier:
                keyid:61:BF:3E:D4:C3:BF:BC:09:16:EF:94:80:AA:FF:22:2A:43:7A:F0:2C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9137ABC/713D9FB01D7811E282868DC408B02CD2/Yb8-1MO_vAkW75SAqv8iKkN68Cw.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Yb8-1MO_vAkW75SAqv8iKkN68Cw.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9137ABC/713D9FB01D7811E282868DC408B02CD2/4A63A29461AF11EAB55FB65CC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2001:fb0:109f:12::/64
                  2001:fb0:109f:14::/64
                  2001:fb0:109f:18::/63
                  2001:fb0:109f:8007::/64
                  2001:fb0:109f:8009::/64
                  2001:fb0:109f:8010::/64
                  2001:fb0:109f:8013::-2001:fb0:109f:8014:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         57:27:3e:55:41:68:28:9f:10:d1:9e:25:fd:c2:01:66:38:42:
         49:1a:45:ff:cb:a4:0b:d3:0b:b5:2f:f5:7d:78:91:ce:cf:14:
         fb:78:2f:72:30:a2:a2:02:3b:c1:c3:6e:17:a5:78:db:9b:b9:
         ee:0a:e1:fc:90:d5:b8:40:4e:64:8a:ae:a4:78:2f:fe:3a:59:
         47:14:bf:1b:d6:59:41:ce:93:86:a5:e5:fb:c4:ea:04:5b:8d:
         ad:c8:f7:8b:9e:d5:8e:7d:49:a2:9c:af:d3:93:15:81:aa:a7:
         19:9f:fc:0a:59:8f:d5:cd:63:77:49:29:8f:85:b0:f9:ec:d0:
         0e:b2:24:cc:28:99:70:11:cf:34:c1:aa:15:46:1e:be:ab:87:
         ad:b4:6c:39:f2:92:db:c9:2d:c0:6a:49:65:72:ed:6d:59:73:
         ee:3b:77:52:c5:dc:45:03:c4:05:44:80:0f:01:d4:f2:f3:8c:
         30:50:4f:f2:ea:c5:63:c2:be:aa:a1:5f:66:6e:1e:ee:2f:d2:
         f3:cd:a7:06:8a:ff:6f:67:42:cd:a9:1a:6f:ff:31:79:49:f8:
         ff:cb:37:e4:39:fb:a9:e4:74:d8:2e:cb:c8:57:a2:a0:a0:c5:
         00:a3:fd:51:c4:c2:3c:bb:43:79:e6:0f:a4:a3:df:88:39:0c:
         a0:b8:65:14
-----BEGIN CERTIFICATE-----
MIIFxTCCBK2gAwIBAgICOe4wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MzdBQkMxMTAvBgNVBAUTKDYxQkYzRUQ0QzNCRkJDMDkxNkVGOTQ4MEFBRkYyMjJB
NDM3QUYwMkMwHhcNMjUwNzE0MTQ1MTAyWhcNMjYwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODc1MTk1NS1lZmE5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA0hfubRdVv9/KqrjPjaYBsCfydFOGL/QoyjQqSrkSXt5TinVaVS65NthsSQ8f
75qHlPQPU1ZjYC/nhIPlutuv4XzCQZSWQH8YGPYPUEWTIsFYSRpHmXUd493yeZZ8
hBXYMba8pRbN5hy02rBZDSUNnesw2zAmm5xN7w5XcGTn5QUs8zUavlTHWNwi4sNM
9hUQTUKcN5r/yuZhptTPdaaiTp1oyJkYYthjA8HyU8IjxQgF40HzLQiU5x2v36b/
hNDzDvW54WXARBn/f/IbRnvNi4fGgfMf6JVEzydcnGuUYwyd6WXP9ykpHQ4RhIFr
ZbNK4aldx0KRNyqWhLLoxx0ViwIDAQABo4IC6TCCAuUwHQYDVR0OBBYEFGxLmZsh
XYecmg/9yC6Ybkug/tuTMB8GA1UdIwQYMBaAFGG/PtTDv7wJFu+UgKr/IipDevAs
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEzN0FCQy83MTNEOUZCMDFE
NzgxMUUyODI4NjhEQzQwOEIwMkNEMi9ZYjgtMU1PX3ZBa1c3NVNBcXY4aUtrTjY4
Q3cuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1liOC0xTU9fdkFrVzc1U0FxdjhpS2tONjhDdy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MzdBQkMvNzEzRDlGQjAxRDc4MTFFMjgyODY4REM0MDhCMDJDRDIvNEE2M0EyOTQ2
MUFGMTFFQUI1NUZCNjVDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwcwYIKwYBBQUHAQcBAf8E
ZDBiMGAEAgACMFoDCQAgAQ+wEJ8AEgMJACABD7AQnwAUAwkBIAEPsBCfABgDCQAg
AQ+wEJ+ABwMJACABD7AQn4AJAwkAIAEPsBCfgBAwFgMJACABD7AQn4ATAwkAIAEP
sBCfgBQwDQYJKoZIhvcNAQELBQADggEBAFcnPlVBaCifENGeJf3CAWY4QkkaRf/L
pAvTC7Uv9X14kc7PFPt4L3IwoqICO8HDbheleNubue4K4fyQ1bhATmSKrqR4L/46
WUcUvxvWWUHOk4al5fvE6gRbja3I94ue1Y59SaKcr9OTFYGqpxmf/ApZj9XNY3dJ
KY+FsPns0A6yJMwomXARzzTBqhVGHr6rh620bDnyktvJLcBqSWVy7W1Zc+47d1LF
3EUDxAVEgA8B1PLzjDBQT/LqxWPCvqqhX2ZuHu4v0vPNpwaK/29nQs2pGm//MXlJ
+P/LN+Q5+6nkdNguy8hXoqCgxQCj/VHEwjy7Q3nmD6Sj34g5DKC4ZRQ=
-----END CERTIFICATE-----
Generated at Sun Jul 20 22:28:50 2025 by rpki-client