Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9149F3E/AC52B7481D8211E2BC6417D708B02CD2/4F698B525F5011EFA66ADA2CC4F9AE02.roa
File:                     4F698B525F5011EFA66ADA2CC4F9AE02.roa (raw, json)
Hash identifier:          2UAmCqv65l0EyrJ8vogZ6XvweSD9Dk8E2FEP81jdWxE=
Subject key identifier:   8B:2B:79:BB:F5:3E:BF:EB:49:61:8A:05:31:B0:64:C1:4B:50:A9:EA
Certificate issuer:       /CN=A9149F3E/serialNumber=EB389FB339B3908D549A65390C92E15F9DF7C54B
Certificate serial:       3917
Authority key identifier: EB:38:9F:B3:39:B3:90:8D:54:9A:65:39:0C:92:E1:5F:9D:F7:C5:4B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/6zifszmzkI1UmmU5DJLhX533xUs.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9149F3E/AC52B7481D8211E2BC6417D708B02CD2/4F698B525F5011EFA66ADA2CC4F9AE02.roa
Signing time:             Fri 04 Jul 2025 14:50:34 +0000
ROA not before:           Fri 04 Jul 2025 14:50:34 +0000
ROA not after:            Mon 31 Aug 2026 00:00:00 +0000
asID:                     17876
IP address blocks:        210.112.195.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9149F3E/AC52B7481D8211E2BC6417D708B02CD2/6zifszmzkI1UmmU5DJLhX533xUs.crl
                          rsync://rpki.apnic.net/member_repository/A9149F3E/AC52B7481D8211E2BC6417D708B02CD2/6zifszmzkI1UmmU5DJLhX533xUs.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/6zifszmzkI1UmmU5DJLhX533xUs.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 29 Jul 2025 14:22:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 14615 (0x3917)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9149F3E, serialNumber=EB389FB339B3908D549A65390C92E15F9DF7C54B
        Validity
            Not Before: Jul  4 14:50:34 2025 GMT
            Not After : Aug 31 00:00:00 2026 GMT
        Subject: CN=6867ea3a-8d96
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:ee:74:ed:f3:c9:d4:d0:b5:91:55:cb:e5:b1:
                    4f:5f:ea:fa:75:03:9d:ff:26:e4:4f:cd:ff:95:b9:
                    46:d8:e8:5f:f5:63:4f:84:d8:05:15:a4:86:ce:bd:
                    74:9e:00:49:dd:ec:dc:23:9c:8f:c7:af:c1:85:9e:
                    8e:1f:1b:67:7e:a6:94:ad:5d:a5:4c:6c:43:57:08:
                    84:bf:5b:5c:ed:50:5a:c7:2f:0c:f4:5a:d4:f4:14:
                    e9:e8:a8:b0:98:60:5c:65:43:69:32:72:7b:f5:21:
                    b7:97:b9:b7:85:ed:2b:29:b4:cf:d6:88:b8:37:f9:
                    7e:55:7c:53:63:57:87:15:ed:cd:a1:d7:8d:95:d3:
                    d3:14:27:ff:55:b8:1c:ae:3b:73:57:06:bf:ba:e2:
                    ae:87:a1:02:65:68:c9:dd:49:e1:ce:56:15:b3:4b:
                    96:02:84:9b:81:79:b3:cf:05:ba:3f:2e:e1:42:20:
                    54:f7:5a:6e:03:51:a2:91:60:78:2b:7c:d4:5e:49:
                    48:43:51:f4:30:f2:a0:02:c4:9b:2b:24:6f:c6:a0:
                    b7:82:4b:ed:e7:b0:76:66:cf:c1:3f:f9:44:90:03:
                    28:ce:4e:c9:14:c5:92:7c:02:c1:46:2b:c4:54:d6:
                    29:b0:fa:2c:71:d3:e9:86:d7:4e:af:5f:b0:f2:95:
                    22:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:2B:79:BB:F5:3E:BF:EB:49:61:8A:05:31:B0:64:C1:4B:50:A9:EA
            X509v3 Authority Key Identifier:
                keyid:EB:38:9F:B3:39:B3:90:8D:54:9A:65:39:0C:92:E1:5F:9D:F7:C5:4B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9149F3E/AC52B7481D8211E2BC6417D708B02CD2/6zifszmzkI1UmmU5DJLhX533xUs.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/6zifszmzkI1UmmU5DJLhX533xUs.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9149F3E/AC52B7481D8211E2BC6417D708B02CD2/4F698B525F5011EFA66ADA2CC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  210.112.195.0/24

    Signature Algorithm: sha256WithRSAEncryption
         3e:e1:7d:01:0a:13:ba:91:a8:dd:86:9c:0a:38:71:20:ec:70:
         6d:39:60:37:c4:8c:9d:f6:a1:10:b7:9e:20:fd:74:b8:17:84:
         db:31:ce:ea:54:0d:10:e0:c0:50:10:24:8d:b6:4a:99:3e:58:
         c3:9c:67:9b:65:73:d5:7e:bc:8a:87:2a:a8:4d:41:c9:76:cf:
         1d:92:f6:e9:29:39:7c:b8:b9:78:aa:bc:6b:d5:6f:00:38:c6:
         61:9b:66:77:66:04:80:c9:94:65:0f:09:b5:fa:aa:e2:ae:2d:
         fa:b0:a9:a1:0d:ef:76:b6:3f:03:94:fd:e3:37:36:57:25:a8:
         3b:72:79:21:d8:6f:bb:fc:e3:af:c2:89:45:80:64:79:44:da:
         fc:eb:66:d5:27:b2:dd:91:8f:e7:f3:80:7e:ad:90:fd:c0:49:
         e9:01:b1:90:f5:e7:f6:ed:d6:04:ce:c9:35:36:9c:cd:22:24:
         30:e2:46:22:6b:a0:82:62:75:60:0f:a4:bc:33:e5:3c:1f:53:
         d7:58:fe:39:31:d9:61:c2:3d:66:6d:bf:25:2e:cd:30:c7:5f:
         35:74:11:22:9d:a8:60:2d:15:16:c4:53:0e:7d:07:e1:41:e2:
         29:37:a5:9d:1e:61:da:e2:cf:2c:0b:68:e3:af:e3:86:1b:b6:
         e6:7f:fc:83
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICORcwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDlGM0UxMTAvBgNVBAUTKEVCMzg5RkIzMzlCMzkwOEQ1NDlBNjUzOTBDOTJFMTVG
OURGN0M1NEIwHhcNMjUwNzA0MTQ1MDM0WhcNMjYwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODY3ZWEzYS04ZDk2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAve507fPJ1NC1kVXL5bFPX+r6dQOd/ybkT83/lblG2Ohf9WNPhNgFFaSGzr10
ngBJ3ezcI5yPx6/BhZ6OHxtnfqaUrV2lTGxDVwiEv1tc7VBaxy8M9FrU9BTp6Kiw
mGBcZUNpMnJ79SG3l7m3he0rKbTP1oi4N/l+VXxTY1eHFe3NodeNldPTFCf/Vbgc
rjtzVwa/uuKuh6ECZWjJ3UnhzlYVs0uWAoSbgXmzzwW6Py7hQiBU91puA1GikWB4
K3zUXklIQ1H0MPKgAsSbKyRvxqC3gkvt57B2Zs/BP/lEkAMozk7JFMWSfALBRivE
VNYpsPoscdPphtdOr1+w8pUirQIDAQABo4IClTCCApEwHQYDVR0OBBYEFIsrebv1
Pr/rSWGKBTGwZMFLUKnqMB8GA1UdIwQYMBaAFOs4n7M5s5CNVJplOQyS4V+d98VL
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0OUYzRS9BQzUyQjc0ODFE
ODIxMUUyQkM2NDE3RDcwOEIwMkNEMi82emlmc3ptemtJMVVtbVU1REpMaFg1MzN4
VXMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzZ6aWZzem16a0kxVW1tVTVESkxoWDUzM3hVcy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDlGM0UvQUM1MkI3NDgxRDgyMTFFMkJDNjQxN0Q3MDhCMDJDRDIvNEY2OThCNTI1
RjUwMTFFRkE2NkFEQTJDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADScMMwDQYJKoZIhvcNAQELBQADggEBAD7hfQEKE7qRqN2G
nAo4cSDscG05YDfEjJ32oRC3niD9dLgXhNsxzupUDRDgwFAQJI22Spk+WMOcZ5tl
c9V+vIqHKqhNQcl2zx2S9ukpOXy4uXiqvGvVbwA4xmGbZndmBIDJlGUPCbX6quKu
LfqwqaEN73a2PwOU/eM3NlclqDtyeSHYb7v846/CiUWAZHlE2vzrZtUnst2Rj+fz
gH6tkP3ASekBsZD15/bt1gTOyTU2nM0iJDDiRiJroIJidWAPpLwz5TwfU9dY/jkx
2WHCPWZtvyUuzTDHXzV0ESKdqGAtFRbEUw59B+FB4ik3pZ0eYdrizywLaOOv44Yb
tuZ//IM=
-----END CERTIFICATE-----
Generated at Wed Jul 23 02:11:19 2025 by rpki-client