Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91582D9/0EDA6D5ECDDA11E7BDEA8C2BC4F9AE02/654665EA197611F09D2B1C76C4F9AE02.roa
File:                     654665EA197611F09D2B1C76C4F9AE02.roa (raw, json)
Hash identifier:          hgO4m8NBFvCWTk/xZ7lTPgH3uo1aBC3KP8OdcPsjkbo=
Subject key identifier:   7F:F7:E1:FB:CB:7A:B7:B5:87:8B:CE:1F:F0:FD:C9:57:BA:41:F1:2B
Certificate issuer:       /CN=A91582D9/serialNumber=5282A4642AF7D35799291BBA447EA14251A4D5FC
Certificate serial:       0862
Authority key identifier: 52:82:A4:64:2A:F7:D3:57:99:29:1B:BA:44:7E:A1:42:51:A4:D5:FC
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/UoKkZCr301eZKRu6RH6hQlGk1fw.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91582D9/0EDA6D5ECDDA11E7BDEA8C2BC4F9AE02/654665EA197611F09D2B1C76C4F9AE02.roa
Signing time:             Wed 16 Jul 2025 16:55:19 +0000
ROA not before:           Wed 16 Jul 2025 16:55:19 +0000
ROA not after:            Thu 30 Jul 2026 00:00:00 +0000
asID:                     58889
IP address blocks:        45.64.136.0/24 maxlen: 24
                          45.64.138.0/24 maxlen: 24
                          45.64.139.0/24 maxlen: 24
                          2401:1980::/32 maxlen: 40
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91582D9/0EDA6D5ECDDA11E7BDEA8C2BC4F9AE02/UoKkZCr301eZKRu6RH6hQlGk1fw.crl
                          rsync://rpki.apnic.net/member_repository/A91582D9/0EDA6D5ECDDA11E7BDEA8C2BC4F9AE02/UoKkZCr301eZKRu6RH6hQlGk1fw.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/UoKkZCr301eZKRu6RH6hQlGk1fw.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 29 Jul 2025 16:42:57 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2146 (0x862)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91582D9, serialNumber=5282A4642AF7D35799291BBA447EA14251A4D5FC
        Validity
            Not Before: Jul 16 16:55:19 2025 GMT
            Not After : Jul 30 00:00:00 2026 GMT
        Subject: CN=6877d977-c486
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b8:e6:83:bf:9a:44:95:50:c1:aa:07:88:7c:b7:
                    5e:8b:f2:8a:63:bb:c2:ef:75:3e:28:cb:62:ff:a0:
                    ef:a0:5d:77:86:35:a4:78:73:84:62:3f:1c:9f:9f:
                    9f:37:98:76:39:bd:2b:d2:95:c0:98:b2:45:83:64:
                    37:88:77:ca:a4:02:1a:12:65:b7:7d:4b:da:93:cf:
                    b6:f2:64:68:ee:20:2b:7d:90:85:64:51:14:ed:b2:
                    12:d8:96:ed:0a:88:16:83:6b:5c:49:30:05:18:dd:
                    a2:04:d0:0f:70:c1:99:a9:50:f7:1c:d5:19:3f:06:
                    ee:21:ea:d9:05:96:d3:82:8a:f0:7f:98:19:a0:45:
                    be:1f:ed:a8:8b:3c:d8:82:5d:47:33:cb:57:ea:37:
                    52:f9:0a:89:fb:d8:80:1d:84:d5:e7:90:ca:43:ad:
                    24:4c:21:03:4e:40:d2:1b:a5:72:dc:44:c2:72:f6:
                    cf:a8:9e:b5:97:b4:f7:fc:bf:8c:ea:3c:3b:38:c9:
                    1c:04:ec:67:7f:87:1c:fe:63:df:7d:5d:7e:6d:92:
                    f4:4d:4d:10:69:bd:1f:42:1d:6c:8e:37:28:71:10:
                    96:28:61:91:7a:2a:ee:e8:ab:67:8a:b7:ae:bd:1f:
                    b7:33:bd:3b:cf:ed:38:aa:07:af:2a:74:f5:87:3a:
                    3a:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7F:F7:E1:FB:CB:7A:B7:B5:87:8B:CE:1F:F0:FD:C9:57:BA:41:F1:2B
            X509v3 Authority Key Identifier:
                keyid:52:82:A4:64:2A:F7:D3:57:99:29:1B:BA:44:7E:A1:42:51:A4:D5:FC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91582D9/0EDA6D5ECDDA11E7BDEA8C2BC4F9AE02/UoKkZCr301eZKRu6RH6hQlGk1fw.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/UoKkZCr301eZKRu6RH6hQlGk1fw.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91582D9/0EDA6D5ECDDA11E7BDEA8C2BC4F9AE02/654665EA197611F09D2B1C76C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.64.136.0/24
                  45.64.138.0/23
                IPv6:
                  2401:1980::/32

    Signature Algorithm: sha256WithRSAEncryption
         b0:b5:9c:96:e0:6b:90:84:f5:24:4a:61:27:58:0e:81:34:81:
         ff:ff:b1:b0:55:7d:52:8a:a1:72:81:31:9d:52:db:3a:24:3a:
         da:4b:7d:50:11:8c:68:ce:36:6b:5a:66:fa:dd:a2:33:eb:80:
         20:1b:33:2e:94:a5:67:41:66:4f:46:34:32:f6:f1:b5:53:fd:
         b3:3f:34:6b:e1:69:34:f0:95:1d:a8:87:89:84:74:8c:89:35:
         d9:6b:23:d7:dd:d0:0b:26:0f:94:f8:0c:e4:ed:ae:cc:32:ec:
         44:40:1f:c7:04:57:a3:26:0d:6a:16:3d:f7:99:3b:68:58:2d:
         da:89:fd:f8:b9:50:c8:2c:c6:a8:2b:da:d8:fc:b5:09:c9:49:
         0d:d9:bc:44:2e:73:d3:b4:76:7a:4e:28:68:cc:3c:3b:a9:63:
         84:fc:fd:55:ef:f4:62:a9:13:df:42:b9:80:09:50:80:23:bb:
         4a:99:5f:54:4b:0b:81:ee:4a:4c:f5:bb:18:02:f4:9b:6e:8d:
         05:56:07:16:d7:f7:e8:cc:07:5b:6d:17:3d:4d:b9:ec:99:c5:
         38:63:b5:ed:58:93:d3:12:f3:bb:e2:67:fb:87:93:8f:fb:b8:
         5c:8c:c0:67:98:1c:70:ac:81:fa:89:0f:b8:20:c6:f0:10:67:
         a0:90:b2:06
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgICCGIwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NTgyRDkxMTAvBgNVBAUTKDUyODJBNDY0MkFGN0QzNTc5OTI5MUJCQTQ0N0VBMTQy
NTFBNEQ1RkMwHhcNMjUwNzE2MTY1NTE5WhcNMjYwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODc3ZDk3Ny1jNDg2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAuOaDv5pElVDBqgeIfLdei/KKY7vC73U+KMti/6DvoF13hjWkeHOEYj8cn5+f
N5h2Ob0r0pXAmLJFg2Q3iHfKpAIaEmW3fUvak8+28mRo7iArfZCFZFEU7bIS2Jbt
CogWg2tcSTAFGN2iBNAPcMGZqVD3HNUZPwbuIerZBZbTgorwf5gZoEW+H+2oizzY
gl1HM8tX6jdS+QqJ+9iAHYTV55DKQ60kTCEDTkDSG6Vy3ETCcvbPqJ61l7T3/L+M
6jw7OMkcBOxnf4cc/mPffV1+bZL0TU0Qab0fQh1sjjcocRCWKGGReiru6Ktnireu
vR+3M707z+04qgevKnT1hzo6KwIDAQABo4ICqjCCAqYwHQYDVR0OBBYEFH/34fvL
ere1h4vOH/D9yVe6QfErMB8GA1UdIwQYMBaAFFKCpGQq99NXmSkbukR+oUJRpNX8
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1ODJEOS8wRURBNkQ1RUNE
REExMUU3QkRFQThDMkJDNEY5QUUwMi9Vb0trWkNyMzAxZVpLUnU2Ukg2aFFsR2sx
ZncuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1VvS2taQ3IzMDFlWktSdTZSSDZoUWxHazFmdy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NTgyRDkvMEVEQTZENUVDRERBMTFFN0JERUE4QzJCQzRGOUFFMDIvNjU0NjY1RUEx
OTc2MTFGMDlEMkIxQzc2QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNAYIKwYBBQUHAQcBAf8E
JTAjMBIEAgABMAwDBAAtQIgDBAEtQIowDQQCAAIwBwMFACQBGYAwDQYJKoZIhvcN
AQELBQADggEBALC1nJbga5CE9SRKYSdYDoE0gf//sbBVfVKKoXKBMZ1S2zokOtpL
fVARjGjONmtaZvrdojPrgCAbMy6UpWdBZk9GNDL28bVT/bM/NGvhaTTwlR2oh4mE
dIyJNdlrI9fd0AsmD5T4DOTtrswy7ERAH8cEV6MmDWoWPfeZO2hYLdqJ/fi5UMgs
xqgr2tj8tQnJSQ3ZvEQuc9O0dnpOKGjMPDupY4T8/VXv9GKpE99CuYAJUIAju0qZ
X1RLC4HuSkz1uxgC9JtujQVWBxbX9+jMB1ttFz1NueyZxThjte1Yk9MS87viZ/uH
k4/7uFyMwGeYHHCsgfqJD7ggxvAQZ6CQsgY=
-----END CERTIFICATE-----
Generated at Wed Jul 23 02:06:20 2025 by rpki-client