Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9137ABC/713D9FB01D7811E282868DC408B02CD2/8BA4EE8C839911EA8A5C6383C4F9AE02.roa
File:                     8BA4EE8C839911EA8A5C6383C4F9AE02.roa (raw, json)
Hash identifier:          5rmilWIZ6+OnnU5ba0CqfP+pAHzXQ0GuwKK4lErx2BA=
Subject key identifier:   51:7B:41:67:11:5D:97:28:12:66:2C:C2:F0:2A:51:EE:6D:E0:A0:04
Certificate issuer:       /CN=A9137ABC/serialNumber=61BF3ED4C3BFBC0916EF9480AAFF222A437AF02C
Certificate serial:       39B8
Authority key identifier: 61:BF:3E:D4:C3:BF:BC:09:16:EF:94:80:AA:FF:22:2A:43:7A:F0:2C
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Yb8-1MO_vAkW75SAqv8iKkN68Cw.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9137ABC/713D9FB01D7811E282868DC408B02CD2/8BA4EE8C839911EA8A5C6383C4F9AE02.roa
Signing time:             Mon 14 Jul 2025 14:50:17 +0000
ROA not before:           Mon 14 Jul 2025 14:50:17 +0000
ROA not after:            Wed 30 Sep 2026 00:00:00 +0000
asID:                     132201
IP address blocks:        110.170.123.0/24 maxlen: 24
                          203.144.135.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9137ABC/713D9FB01D7811E282868DC408B02CD2/Yb8-1MO_vAkW75SAqv8iKkN68Cw.crl
                          rsync://rpki.apnic.net/member_repository/A9137ABC/713D9FB01D7811E282868DC408B02CD2/Yb8-1MO_vAkW75SAqv8iKkN68Cw.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Yb8-1MO_vAkW75SAqv8iKkN68Cw.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 29 Jul 2025 14:20:31 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 14776 (0x39b8)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9137ABC, serialNumber=61BF3ED4C3BFBC0916EF9480AAFF222A437AF02C
        Validity
            Not Before: Jul 14 14:50:17 2025 GMT
            Not After : Sep 30 00:00:00 2026 GMT
        Subject: CN=68751929-6eae
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:de:1e:ae:09:9b:d2:0e:64:3f:0f:ce:07:c4:
                    c6:cd:74:a6:7e:e7:49:a6:c7:12:a3:14:bd:ad:40:
                    88:39:f4:48:87:34:b3:cd:1d:10:ee:a4:75:0f:73:
                    ce:67:0c:27:2d:ed:e7:46:b3:b9:88:a9:c6:b9:7e:
                    d8:11:7c:5e:46:7f:73:73:c3:db:28:f7:8b:7c:0f:
                    93:47:19:fc:d0:bd:e5:b5:31:2d:aa:bd:ce:ed:c7:
                    7d:f0:d3:e6:47:07:7b:6c:a6:4b:5e:07:02:a1:4e:
                    f1:ed:4d:0d:43:a3:97:c4:db:b0:cf:84:9a:58:38:
                    23:1f:c6:94:fc:35:c4:b4:1b:b5:7d:ac:6d:5f:59:
                    1d:ec:16:51:88:55:45:9e:59:70:5b:bd:c3:92:49:
                    9f:7a:4c:86:9d:59:2d:a5:ad:4f:b0:cb:98:fb:7a:
                    a7:3e:fc:12:d7:58:69:ca:75:d9:d6:9b:f2:06:c2:
                    48:53:52:3e:4b:e6:05:33:f8:85:0d:99:39:98:33:
                    be:49:22:c5:2e:77:16:f2:80:0d:28:5b:c1:5c:12:
                    70:47:85:a6:e2:4d:21:e0:71:92:48:ad:93:44:28:
                    0b:aa:7a:8b:a1:83:b8:31:ac:54:a8:55:aa:86:77:
                    d7:d3:15:7e:db:c0:49:3d:32:1c:d7:5a:02:41:fe:
                    05:c1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                51:7B:41:67:11:5D:97:28:12:66:2C:C2:F0:2A:51:EE:6D:E0:A0:04
            X509v3 Authority Key Identifier:
                keyid:61:BF:3E:D4:C3:BF:BC:09:16:EF:94:80:AA:FF:22:2A:43:7A:F0:2C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9137ABC/713D9FB01D7811E282868DC408B02CD2/Yb8-1MO_vAkW75SAqv8iKkN68Cw.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Yb8-1MO_vAkW75SAqv8iKkN68Cw.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9137ABC/713D9FB01D7811E282868DC408B02CD2/8BA4EE8C839911EA8A5C6383C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  110.170.123.0/24
                  203.144.135.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b2:8a:f7:f1:15:de:36:c3:d9:62:60:46:8b:65:a1:06:c0:87:
         f7:56:a5:b1:38:07:f6:09:47:3e:4f:2f:3b:0d:dd:34:57:3c:
         7c:e5:f5:47:18:78:44:78:a8:4c:9d:74:8a:4e:ef:38:e1:9c:
         0c:33:9a:8f:f1:69:fc:4e:6e:87:01:1d:7b:89:11:9f:7b:9d:
         20:f9:c1:9c:68:af:65:2b:8c:2b:d9:1a:33:ae:a7:e6:b1:3b:
         e4:64:c5:f3:50:e7:90:3a:ac:4d:ec:96:d9:56:0e:cd:a2:aa:
         1a:19:40:ab:66:5f:36:d2:0f:2d:fd:43:60:0a:bd:3d:c9:6c:
         cc:0b:c6:65:de:54:21:9c:4d:b5:4e:94:46:e2:d9:cd:5d:56:
         77:6b:b0:4a:30:d6:aa:e5:93:41:a1:48:3f:41:e2:a2:9d:d8:
         59:fc:7a:0f:8b:d1:c4:24:bb:40:e7:d3:14:6c:5d:1a:57:d9:
         29:bc:f6:61:ae:b0:81:41:06:a8:b8:fe:e6:0a:82:5e:dc:59:
         39:7e:d1:16:2f:58:f5:80:35:07:0e:8d:0c:14:9c:33:a5:68:
         ce:1a:e7:6c:27:28:d3:d1:e2:d9:4a:02:86:e0:70:2e:8a:8a:
         99:ba:1f:85:e2:2c:f1:76:e5:d7:ed:8a:25:85:4d:1a:d4:b8:
         4d:c7:de:be
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICObgwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MzdBQkMxMTAvBgNVBAUTKDYxQkYzRUQ0QzNCRkJDMDkxNkVGOTQ4MEFBRkYyMjJB
NDM3QUYwMkMwHhcNMjUwNzE0MTQ1MDE3WhcNMjYwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODc1MTkyOS02ZWFlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA0t4ergmb0g5kPw/OB8TGzXSmfudJpscSoxS9rUCIOfRIhzSzzR0Q7qR1D3PO
ZwwnLe3nRrO5iKnGuX7YEXxeRn9zc8PbKPeLfA+TRxn80L3ltTEtqr3O7cd98NPm
Rwd7bKZLXgcCoU7x7U0NQ6OXxNuwz4SaWDgjH8aU/DXEtBu1faxtX1kd7BZRiFVF
nllwW73DkkmfekyGnVktpa1PsMuY+3qnPvwS11hpynXZ1pvyBsJIU1I+S+YFM/iF
DZk5mDO+SSLFLncW8oANKFvBXBJwR4Wm4k0h4HGSSK2TRCgLqnqLoYO4MaxUqFWq
hnfX0xV+28BJPTIc11oCQf4FwQIDAQABo4ICmzCCApcwHQYDVR0OBBYEFFF7QWcR
XZcoEmYswvAqUe5t4KAEMB8GA1UdIwQYMBaAFGG/PtTDv7wJFu+UgKr/IipDevAs
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEzN0FCQy83MTNEOUZCMDFE
NzgxMUUyODI4NjhEQzQwOEIwMkNEMi9ZYjgtMU1PX3ZBa1c3NVNBcXY4aUtrTjY4
Q3cuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1liOC0xTU9fdkFrVzc1U0FxdjhpS2tONjhDdy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MzdBQkMvNzEzRDlGQjAxRDc4MTFFMjgyODY4REM0MDhCMDJDRDIvOEJBNEVFOEM4
Mzk5MTFFQThBNUM2MzgzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBABuqnsDBADLkIcwDQYJKoZIhvcNAQELBQADggEBALKK9/EV
3jbD2WJgRotloQbAh/dWpbE4B/YJRz5PLzsN3TRXPHzl9UcYeER4qEyddIpO7zjh
nAwzmo/xafxObocBHXuJEZ97nSD5wZxor2UrjCvZGjOup+axO+RkxfNQ55A6rE3s
ltlWDs2iqhoZQKtmXzbSDy39Q2AKvT3JbMwLxmXeVCGcTbVOlEbi2c1dVndrsEow
1qrlk0GhSD9B4qKd2Fn8eg+L0cQku0Dn0xRsXRpX2Sm89mGusIFBBqi4/uYKgl7c
WTl+0RYvWPWANQcOjQwUnDOlaM4a52wnKNPR4tlKAobgcC6Kipm6H4XiLPF25dft
iiWFTRrUuE3H3r4=
-----END CERTIFICATE-----
Generated at Wed Jul 23 02:14:50 2025 by rpki-client