Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9149F3E/AC52B7481D8211E2BC6417D708B02CD2/D34236BE7D0511EEB381D02CC4F9AE02.roa
File:                     D34236BE7D0511EEB381D02CC4F9AE02.roa (raw, json)
Hash identifier:          rowBvIqawxIBDAjrerBCpZz930ir2eOmQUO5U3LzEmQ=
Subject key identifier:   B6:32:FF:C8:D8:64:61:AA:28:84:96:55:69:D6:4C:5B:99:4D:9E:18
Certificate issuer:       /CN=A9149F3E/serialNumber=EB389FB339B3908D549A65390C92E15F9DF7C54B
Certificate serial:       391D
Authority key identifier: EB:38:9F:B3:39:B3:90:8D:54:9A:65:39:0C:92:E1:5F:9D:F7:C5:4B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/6zifszmzkI1UmmU5DJLhX533xUs.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9149F3E/AC52B7481D8211E2BC6417D708B02CD2/D34236BE7D0511EEB381D02CC4F9AE02.roa
Signing time:             Fri 04 Jul 2025 14:50:39 +0000
ROA not before:           Fri 04 Jul 2025 14:50:39 +0000
ROA not after:            Mon 31 Aug 2026 00:00:00 +0000
asID:                     21859
IP address blocks:        49.128.198.0/24 maxlen: 24
                          101.55.23.0/24 maxlen: 24
                          112.196.194.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9149F3E/AC52B7481D8211E2BC6417D708B02CD2/6zifszmzkI1UmmU5DJLhX533xUs.crl
                          rsync://rpki.apnic.net/member_repository/A9149F3E/AC52B7481D8211E2BC6417D708B02CD2/6zifszmzkI1UmmU5DJLhX533xUs.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/6zifszmzkI1UmmU5DJLhX533xUs.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 29 Jul 2025 14:22:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 14621 (0x391d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9149F3E, serialNumber=EB389FB339B3908D549A65390C92E15F9DF7C54B
        Validity
            Not Before: Jul  4 14:50:39 2025 GMT
            Not After : Aug 31 00:00:00 2026 GMT
        Subject: CN=6867ea3f-5a52
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f0:23:1e:38:7d:aa:2e:be:af:df:e0:97:cb:71:
                    dc:0b:17:e8:49:be:b7:01:f1:16:eb:9e:d4:61:8f:
                    d5:49:75:24:2f:09:af:3b:27:94:a9:54:6f:6f:34:
                    12:6d:a9:3c:e4:9f:ea:60:cb:25:81:f9:b1:b3:5e:
                    72:eb:4e:fa:71:8c:93:12:ee:c7:b5:d9:88:a6:bb:
                    fa:35:93:70:48:3a:1f:31:6b:c2:b8:b7:3e:0c:d9:
                    68:42:1b:a4:7f:6c:d8:8b:34:5d:29:80:12:52:b4:
                    09:26:a0:d0:61:42:f5:ce:8d:e1:8c:c4:af:dc:c6:
                    89:29:a2:25:ba:e4:be:e3:26:01:8d:b9:a4:fd:c3:
                    a4:c8:4b:bc:e7:0e:01:b7:27:87:34:23:9d:e6:e7:
                    b9:4b:6e:cb:a6:25:da:f4:46:a4:a0:8c:c2:39:62:
                    71:cc:72:8c:9f:3d:0f:7e:9e:ec:cc:c2:46:e5:28:
                    24:58:e4:c6:38:18:29:39:16:ad:a7:6f:29:6a:d8:
                    b0:d3:b2:a0:d0:7d:56:ba:0a:6f:35:82:a3:bc:d9:
                    cf:67:eb:4a:14:15:49:91:98:73:c8:f7:14:08:a4:
                    cf:d0:f1:d2:73:ac:90:09:e6:5a:8c:0a:fd:24:35:
                    29:41:19:12:ea:16:4e:6d:a3:8b:37:94:bf:e3:29:
                    ad:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B6:32:FF:C8:D8:64:61:AA:28:84:96:55:69:D6:4C:5B:99:4D:9E:18
            X509v3 Authority Key Identifier:
                keyid:EB:38:9F:B3:39:B3:90:8D:54:9A:65:39:0C:92:E1:5F:9D:F7:C5:4B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9149F3E/AC52B7481D8211E2BC6417D708B02CD2/6zifszmzkI1UmmU5DJLhX533xUs.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/6zifszmzkI1UmmU5DJLhX533xUs.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9149F3E/AC52B7481D8211E2BC6417D708B02CD2/D34236BE7D0511EEB381D02CC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  49.128.198.0/24
                  101.55.23.0/24
                  112.196.194.0/24

    Signature Algorithm: sha256WithRSAEncryption
         6f:53:b4:01:ce:23:84:d3:36:21:4b:22:0f:17:76:bc:87:a1:
         e4:50:37:bb:3a:f6:1f:bf:33:76:c5:f8:44:ed:ff:f4:49:97:
         5f:e2:33:c3:d5:b5:d8:a7:d5:1c:2a:69:a5:56:58:ca:9b:e9:
         39:78:a3:18:59:d4:ea:a4:a3:19:39:df:55:46:b7:0a:03:a3:
         29:81:81:26:22:ee:84:c3:5c:38:a4:5c:60:99:18:5f:35:89:
         6f:6b:bd:4c:36:9e:81:a0:67:03:7d:2e:3c:54:bc:25:68:ce:
         1e:88:c3:8c:78:68:8b:39:a2:7e:1d:2c:52:07:84:26:4b:a2:
         86:51:e3:30:63:02:12:3a:26:17:5a:09:e0:54:49:cf:a8:01:
         46:2d:13:be:8a:07:64:00:42:53:b2:c1:67:f6:e5:29:72:c4:
         d8:2b:86:f7:4e:8c:07:9d:1c:a6:d7:3e:be:80:30:95:40:31:
         09:5c:03:48:62:55:81:8b:51:53:33:52:59:0f:ba:88:a3:55:
         a1:96:06:de:51:f6:b3:89:db:1f:de:97:98:db:bb:8f:fa:ff:
         73:89:e1:b6:7d:ab:43:2f:39:a9:46:c0:95:b7:d2:7d:2d:59:
         78:a8:d5:d7:7c:39:6e:66:64:fe:06:e3:e1:ab:72:b4:23:78:
         88:28:bf:59
-----BEGIN CERTIFICATE-----
MIIFfTCCBGWgAwIBAgICOR0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDlGM0UxMTAvBgNVBAUTKEVCMzg5RkIzMzlCMzkwOEQ1NDlBNjUzOTBDOTJFMTVG
OURGN0M1NEIwHhcNMjUwNzA0MTQ1MDM5WhcNMjYwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODY3ZWEzZi01YTUyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA8CMeOH2qLr6v3+CXy3HcCxfoSb63AfEW657UYY/VSXUkLwmvOyeUqVRvbzQS
bak85J/qYMslgfmxs15y6076cYyTEu7HtdmIprv6NZNwSDofMWvCuLc+DNloQhuk
f2zYizRdKYASUrQJJqDQYUL1zo3hjMSv3MaJKaIluuS+4yYBjbmk/cOkyEu85w4B
tyeHNCOd5ue5S27LpiXa9EakoIzCOWJxzHKMnz0Pfp7szMJG5SgkWOTGOBgpORat
p28patiw07Kg0H1WugpvNYKjvNnPZ+tKFBVJkZhzyPcUCKTP0PHSc6yQCeZajAr9
JDUpQRkS6hZObaOLN5S/4ymtZQIDAQABo4ICoTCCAp0wHQYDVR0OBBYEFLYy/8jY
ZGGqKISWVWnWTFuZTZ4YMB8GA1UdIwQYMBaAFOs4n7M5s5CNVJplOQyS4V+d98VL
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0OUYzRS9BQzUyQjc0ODFE
ODIxMUUyQkM2NDE3RDcwOEIwMkNEMi82emlmc3ptemtJMVVtbVU1REpMaFg1MzN4
VXMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzZ6aWZzem16a0kxVW1tVTVESkxoWDUzM3hVcy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDlGM0UvQUM1MkI3NDgxRDgyMTFFMkJDNjQxN0Q3MDhCMDJDRDIvRDM0MjM2QkU3
RDA1MTFFRUIzODFEMDJDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwKwYIKwYBBQUHAQcBAf8E
HDAaMBgEAgABMBIDBAAxgMYDBABlNxcDBABwxMIwDQYJKoZIhvcNAQELBQADggEB
AG9TtAHOI4TTNiFLIg8XdryHoeRQN7s69h+/M3bF+ETt//RJl1/iM8PVtdin1Rwq
aaVWWMqb6Tl4oxhZ1Oqkoxk531VGtwoDoymBgSYi7oTDXDikXGCZGF81iW9rvUw2
noGgZwN9LjxUvCVozh6Iw4x4aIs5on4dLFIHhCZLooZR4zBjAhI6JhdaCeBUSc+o
AUYtE76KB2QAQlOywWf25SlyxNgrhvdOjAedHKbXPr6AMJVAMQlcA0hiVYGLUVMz
UlkPuoijVaGWBt5R9rOJ2x/el5jbu4/6/3OJ4bZ9q0MvOalGwJW30n0tWXio1dd8
OW5mZP4G4+GrcrQjeIgov1k=
-----END CERTIFICATE-----
Generated at Wed Jul 23 08:10:21 2025 by rpki-client