Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91498A4/ECF30A9E905311EB9CA8721DC4F9AE02/A7A77B96911111EBA69D2641C4F9AE02.roa
File:                     A7A77B96911111EBA69D2641C4F9AE02.roa (raw, json)
Hash identifier:          VESDtzqVBQrTGjrRN3bP0bonHePhKHgrwV/FIae5l4Y=
Subject key identifier:   24:F1:E9:64:B2:9E:22:9E:9B:25:4B:0C:CC:05:F0:23:80:FB:B5:F1
Certificate issuer:       /CN=A91498A4/serialNumber=3A33A5DADC373726417DDD56E46790FF84BBCED1
Certificate serial:       065C
Authority key identifier: 3A:33:A5:DA:DC:37:37:26:41:7D:DD:56:E4:67:90:FF:84:BB:CE:D1
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/OjOl2tw3NyZBfd1W5GeQ_4S7ztE.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91498A4/ECF30A9E905311EB9CA8721DC4F9AE02/A7A77B96911111EBA69D2641C4F9AE02.roa
Signing time:             Wed 16 Jul 2025 23:03:29 +0000
ROA not before:           Wed 16 Jul 2025 23:03:29 +0000
ROA not after:            Wed 30 Sep 2026 00:00:00 +0000
asID:                     9723
IP address blocks:        203.31.82.0/24 maxlen: 24
                          210.56.152.0/24 maxlen: 24
                          210.56.153.0/24 maxlen: 24
                          210.56.154.0/24 maxlen: 24
                          210.56.155.0/24 maxlen: 24
                          210.56.156.0/24 maxlen: 24
                          210.56.157.0/24 maxlen: 24
                          210.56.158.0/24 maxlen: 24
                          210.56.159.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91498A4/ECF30A9E905311EB9CA8721DC4F9AE02/OjOl2tw3NyZBfd1W5GeQ_4S7ztE.crl
                          rsync://rpki.apnic.net/member_repository/A91498A4/ECF30A9E905311EB9CA8721DC4F9AE02/OjOl2tw3NyZBfd1W5GeQ_4S7ztE.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/OjOl2tw3NyZBfd1W5GeQ_4S7ztE.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 25 Jul 2025 22:51:05 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1628 (0x65c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91498A4, serialNumber=3A33A5DADC373726417DDD56E46790FF84BBCED1
        Validity
            Not Before: Jul 16 23:03:29 2025 GMT
            Not After : Sep 30 00:00:00 2026 GMT
        Subject: CN=68782fc1-acf2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e3:5f:5c:1d:95:9d:8c:5c:2d:00:d7:18:fb:ca:
                    af:52:f3:d2:25:bf:fd:49:1e:1e:0d:0a:64:e9:c4:
                    e6:90:f5:c8:d9:02:33:bc:76:6e:3c:ae:f4:28:86:
                    c9:7c:75:34:02:a9:c8:05:29:16:7d:cb:cf:2f:f7:
                    0a:26:67:1b:91:08:61:a1:16:21:a0:68:4a:65:9a:
                    af:04:ab:1c:3d:14:7d:c0:34:f9:2b:96:70:8f:ca:
                    5e:d9:9b:6e:6f:4f:06:63:d2:0b:5a:57:90:2a:b6:
                    88:d7:3f:54:05:68:49:4c:6d:8f:f4:d3:71:ce:80:
                    96:1a:44:55:ec:fe:60:03:53:cb:d0:c8:97:b4:42:
                    ac:83:51:16:21:1b:08:29:e8:87:07:8f:3a:e9:8c:
                    44:76:7a:0c:df:b2:8f:d6:6e:99:bf:78:5a:f2:02:
                    49:21:b3:a5:b9:85:f4:b1:1a:6c:a1:c7:93:f8:55:
                    a5:32:1d:c1:84:13:ee:02:cd:ea:52:7b:cb:a5:78:
                    64:a2:6d:b7:5a:0b:00:30:57:6f:d1:9d:36:36:31:
                    52:e6:56:ed:55:d4:00:0f:ca:bd:82:13:31:1c:09:
                    e4:0f:ac:d4:84:b3:29:24:45:87:a9:56:b3:72:a6:
                    09:42:b4:ee:5b:3b:1c:ca:57:5e:a7:a7:57:b0:a9:
                    64:83
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                24:F1:E9:64:B2:9E:22:9E:9B:25:4B:0C:CC:05:F0:23:80:FB:B5:F1
            X509v3 Authority Key Identifier:
                keyid:3A:33:A5:DA:DC:37:37:26:41:7D:DD:56:E4:67:90:FF:84:BB:CE:D1

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91498A4/ECF30A9E905311EB9CA8721DC4F9AE02/OjOl2tw3NyZBfd1W5GeQ_4S7ztE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/OjOl2tw3NyZBfd1W5GeQ_4S7ztE.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91498A4/ECF30A9E905311EB9CA8721DC4F9AE02/A7A77B96911111EBA69D2641C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.31.82.0/24
                  210.56.152.0/21

    Signature Algorithm: sha256WithRSAEncryption
         2f:ad:28:e0:02:a1:57:e3:34:00:5c:a9:b1:da:a0:ab:a3:8a:
         52:6e:bf:23:70:26:63:3e:86:d2:f4:8b:63:40:43:85:31:a7:
         c9:d8:52:30:65:a4:c0:72:1e:39:b1:7a:20:b1:4c:44:02:aa:
         b0:5e:ca:7c:00:fa:0b:18:96:3c:40:5a:82:d3:0e:d1:1e:cd:
         1e:5e:ed:3f:46:6f:f3:06:55:94:e7:3d:16:f0:24:1a:fc:fa:
         0c:54:ff:f6:e2:b6:9c:42:e1:56:8a:5e:66:c1:74:29:2d:24:
         15:68:6f:ce:b2:7d:5a:ff:de:d2:62:71:58:9a:cd:bb:8a:d8:
         f1:ba:37:5b:8d:38:78:84:e9:e9:da:9d:77:bc:03:d1:92:b4:
         92:d3:86:5d:cb:4d:3f:da:fe:d5:0d:c6:98:8d:fb:fb:05:2b:
         cb:a1:9b:b6:5a:fd:46:5d:f6:49:63:34:78:94:71:d3:87:83:
         17:23:e0:c9:6c:a2:7d:71:9c:c2:ee:6e:69:1c:6d:3b:ed:74:
         5a:26:9c:a9:0e:96:72:23:c2:bb:ff:10:fa:39:e8:dc:a8:20:
         f5:9b:9d:76:42:3e:1c:8e:9a:6a:d2:8c:75:10:68:ad:71:c5:
         17:f2:42:d9:66:63:11:fc:97:b2:54:4b:d8:5e:8c:01:73:a5:
         26:c9:02:3f
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICBlwwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDk4QTQxMTAvBgNVBAUTKDNBMzNBNURBREMzNzM3MjY0MTdEREQ1NkU0Njc5MEZG
ODRCQkNFRDEwHhcNMjUwNzE2MjMwMzI5WhcNMjYwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODc4MmZjMS1hY2YyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA419cHZWdjFwtANcY+8qvUvPSJb/9SR4eDQpk6cTmkPXI2QIzvHZuPK70KIbJ
fHU0AqnIBSkWfcvPL/cKJmcbkQhhoRYhoGhKZZqvBKscPRR9wDT5K5Zwj8pe2Ztu
b08GY9ILWleQKraI1z9UBWhJTG2P9NNxzoCWGkRV7P5gA1PL0MiXtEKsg1EWIRsI
KeiHB4866YxEdnoM37KP1m6Zv3ha8gJJIbOluYX0sRpsoceT+FWlMh3BhBPuAs3q
UnvLpXhkom23WgsAMFdv0Z02NjFS5lbtVdQAD8q9ghMxHAnkD6zUhLMpJEWHqVaz
cqYJQrTuWzscyldep6dXsKlkgwIDAQABo4ICmzCCApcwHQYDVR0OBBYEFCTx6WSy
niKemyVLDMwF8COA+7XxMB8GA1UdIwQYMBaAFDozpdrcNzcmQX3dVuRnkP+Eu87R
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0OThBNC9FQ0YzMEE5RTkw
NTMxMUVCOUNBODcyMURDNEY5QUUwMi9Pak9sMnR3M055WkJmZDFXNUdlUV80Uzd6
dEUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL09qT2wydHczTnlaQmZkMVc1R2VRXzRTN3p0RS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDk4QTQvRUNGMzBBOUU5MDUzMTFFQjlDQTg3MjFEQzRGOUFFMDIvQTdBNzdCOTY5
MTExMTFFQkE2OUQyNjQxQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBADLH1IDBAPSOJgwDQYJKoZIhvcNAQELBQADggEBAC+tKOAC
oVfjNABcqbHaoKujilJuvyNwJmM+htL0i2NAQ4Uxp8nYUjBlpMByHjmxeiCxTEQC
qrBeynwA+gsYljxAWoLTDtEezR5e7T9Gb/MGVZTnPRbwJBr8+gxU//bitpxC4VaK
XmbBdCktJBVob86yfVr/3tJicViazbuK2PG6N1uNOHiE6enanXe8A9GStJLThl3L
TT/a/tUNxpiN+/sFK8uhm7Za/UZd9kljNHiUcdOHgxcj4Mlson1xnMLubmkcbTvt
dFomnKkOlnIjwrv/EPo56NyoIPWbnXZCPhyOmmrSjHUQaK1xxRfyQtlmYxH8l7JU
S9hejAFzpSbJAj8=
-----END CERTIFICATE-----
Generated at Sun Jul 20 11:40:20 2025 by rpki-client