Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91676D4/E17ECE2EE2E611EBB7596A75C4F9AE02/BB8B992A1B6011F0AFD7AF11C4F9AE02.roa
File:                     BB8B992A1B6011F0AFD7AF11C4F9AE02.roa (raw, json)
Hash identifier:          P10bmZyQ9VOb7m2Vh8TJf/lLVkjy1QP/hu7mglhB5DI=
Subject key identifier:   96:8E:7B:5C:C2:EF:53:A4:FE:C9:DF:32:79:DE:3E:13:93:02:8D:17
Certificate issuer:       /CN=A91676D4/serialNumber=835A6C96B20924C7E5D8F12F06DB9DD23E252F5D
Certificate serial:       05AB
Authority key identifier: 83:5A:6C:96:B2:09:24:C7:E5:D8:F1:2F:06:DB:9D:D2:3E:25:2F:5D
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/g1pslrIJJMfl2PEvBtud0j4lL10.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91676D4/E17ECE2EE2E611EBB7596A75C4F9AE02/BB8B992A1B6011F0AFD7AF11C4F9AE02.roa
Signing time:             Sat 19 Jul 2025 00:05:31 +0000
ROA not before:           Sat 19 Jul 2025 00:05:31 +0000
ROA not after:            Mon 31 Aug 2026 00:00:00 +0000
asID:                     7473
IP address blocks:        101.234.31.0/24 maxlen: 24
                          101.234.32.0/24 maxlen: 24
                          101.234.33.0/24 maxlen: 24
                          101.234.34.0/24 maxlen: 24
                          101.234.40.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91676D4/E17ECE2EE2E611EBB7596A75C4F9AE02/g1pslrIJJMfl2PEvBtud0j4lL10.crl
                          rsync://rpki.apnic.net/member_repository/A91676D4/E17ECE2EE2E611EBB7596A75C4F9AE02/g1pslrIJJMfl2PEvBtud0j4lL10.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/g1pslrIJJMfl2PEvBtud0j4lL10.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 27 Jul 2025 23:26:56 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1451 (0x5ab)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91676D4, serialNumber=835A6C96B20924C7E5D8F12F06DB9DD23E252F5D
        Validity
            Not Before: Jul 19 00:05:31 2025 GMT
            Not After : Aug 31 00:00:00 2026 GMT
        Subject: CN=687ae14b-58a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a2:bb:ea:81:f2:1c:59:c5:92:2a:8e:67:13:22:
                    05:12:f0:b8:5f:12:4d:be:a9:d0:1d:a7:97:60:ee:
                    29:f9:04:98:e4:2f:bf:8a:a8:39:2c:7c:fa:94:4c:
                    8e:31:6e:12:4d:2f:ab:09:d1:89:f0:57:d2:85:fe:
                    d7:e0:03:ef:ba:61:c4:8c:2a:ef:ca:8a:41:25:5f:
                    b3:d8:e8:56:8a:c3:2f:33:87:e2:02:00:60:20:ac:
                    c9:89:b8:a8:8e:66:5e:c3:09:62:15:41:78:6f:bb:
                    49:2a:1a:1f:6e:b2:30:f9:0b:7b:1d:11:60:29:e5:
                    c8:0a:8d:dc:81:bd:7e:b9:85:b3:8b:65:a8:e0:6c:
                    58:82:9a:80:f8:42:9a:66:5a:fe:78:45:3c:d8:42:
                    ba:66:d4:67:b1:ae:87:0a:ad:b4:3d:00:28:dd:89:
                    2f:0e:9c:3b:6d:cb:0e:0f:cf:a0:e9:7e:41:53:f6:
                    fb:e5:55:0b:3a:46:46:24:65:06:7c:42:7a:e7:c8:
                    d3:3a:44:70:67:ac:58:99:5d:23:9c:db:a4:d9:4f:
                    ab:ef:34:5e:8f:02:02:d7:ea:94:07:df:cf:d5:ce:
                    b4:0c:f6:3e:2d:f7:fb:ac:6b:fb:6c:34:69:b5:5f:
                    5c:f7:d2:34:30:87:e0:48:a2:5f:76:d6:02:64:3f:
                    76:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:8E:7B:5C:C2:EF:53:A4:FE:C9:DF:32:79:DE:3E:13:93:02:8D:17
            X509v3 Authority Key Identifier:
                keyid:83:5A:6C:96:B2:09:24:C7:E5:D8:F1:2F:06:DB:9D:D2:3E:25:2F:5D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91676D4/E17ECE2EE2E611EBB7596A75C4F9AE02/g1pslrIJJMfl2PEvBtud0j4lL10.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/g1pslrIJJMfl2PEvBtud0j4lL10.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91676D4/E17ECE2EE2E611EBB7596A75C4F9AE02/BB8B992A1B6011F0AFD7AF11C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  101.234.31.0-101.234.34.255
                  101.234.40.0/24

    Signature Algorithm: sha256WithRSAEncryption
         cf:1c:4c:60:61:9b:4d:21:b2:6a:a9:f2:fa:e1:24:f5:94:4e:
         7f:d3:08:ef:f7:fb:ac:cb:8e:58:11:9c:ca:61:9d:0a:9e:1f:
         18:e4:e1:4e:59:6d:d7:ff:f9:76:5f:87:30:8e:9c:b0:dc:9d:
         0f:b0:5b:b2:13:2e:5c:1a:89:1f:99:27:60:7f:4b:65:ad:9f:
         f4:7a:cd:b7:1b:1e:97:88:c3:f2:bf:6b:2b:e7:e2:c1:a0:c8:
         89:a9:64:0f:e3:f6:85:a2:12:2b:8c:7c:f1:25:ff:0f:fd:c2:
         cd:f3:4d:ca:f4:e9:68:34:53:12:a1:95:d3:14:44:88:01:bd:
         68:13:f8:93:42:48:e1:1a:4d:8a:32:79:d9:e6:fe:d3:ca:fd:
         aa:9c:e4:a1:5a:eb:26:b6:d5:40:a0:7e:2f:07:8f:3f:53:35:
         8b:0d:30:a4:dc:1a:57:b7:80:28:e2:10:73:d9:12:f6:4b:60:
         f9:eb:6c:cf:08:9e:6f:92:b1:e9:08:d8:10:6d:03:17:94:0d:
         ea:7a:f5:03:2e:e5:02:1e:3a:bd:08:70:d5:da:82:e5:48:2b:
         96:e5:c8:93:12:3d:be:d2:e7:71:4b:50:9c:58:cd:46:a2:e6:
         94:07:5c:43:48:70:0c:fd:de:08:7a:19:e0:bc:53:21:73:d7:
         8f:39:16:97
-----BEGIN CERTIFICATE-----
MIIFfzCCBGegAwIBAgICBaswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Njc2RDQxMTAvBgNVBAUTKDgzNUE2Qzk2QjIwOTI0QzdFNUQ4RjEyRjA2REI5REQy
M0UyNTJGNUQwHhcNMjUwNzE5MDAwNTMxWhcNMjYwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODdhZTE0Yi01OGExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAorvqgfIcWcWSKo5nEyIFEvC4XxJNvqnQHaeXYO4p+QSY5C+/iqg5LHz6lEyO
MW4STS+rCdGJ8FfShf7X4APvumHEjCrvyopBJV+z2OhWisMvM4fiAgBgIKzJibio
jmZewwliFUF4b7tJKhofbrIw+Qt7HRFgKeXICo3cgb1+uYWzi2Wo4GxYgpqA+EKa
Zlr+eEU82EK6ZtRnsa6HCq20PQAo3YkvDpw7bcsOD8+g6X5BU/b75VULOkZGJGUG
fEJ658jTOkRwZ6xYmV0jnNuk2U+r7zRejwIC1+qUB9/P1c60DPY+Lff7rGv7bDRp
tV9c99I0MIfgSKJfdtYCZD92owIDAQABo4ICozCCAp8wHQYDVR0OBBYEFJaOe1zC
71Ok/snfMnnePhOTAo0XMB8GA1UdIwQYMBaAFINabJayCSTH5djxLwbbndI+JS9d
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE2NzZENC9FMTdFQ0UyRUUy
RTYxMUVCQjc1OTZBNzVDNEY5QUUwMi9nMXBzbHJJSkpNZmwyUEV2QnR1ZDBqNGxM
MTAuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2cxcHNscklKSk1mbDJQRXZCdHVkMGo0bEwxMC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Njc2RDQvRTE3RUNFMkVFMkU2MTFFQkI3NTk2QTc1QzRGOUFFMDIvQkI4Qjk5MkEx
QjYwMTFGMEFGRDdBRjExQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwLQYIKwYBBQUHAQcBAf8E
HjAcMBoEAgABMBQwDAMEAGXqHwMEAGXqIgMEAGXqKDANBgkqhkiG9w0BAQsFAAOC
AQEAzxxMYGGbTSGyaqny+uEk9ZROf9MI7/f7rMuOWBGcymGdCp4fGOThTllt1//5
dl+HMI6csNydD7BbshMuXBqJH5knYH9LZa2f9HrNtxsel4jD8r9rK+fiwaDIialk
D+P2haISK4x88SX/D/3CzfNNyvTpaDRTEqGV0xREiAG9aBP4k0JI4RpNijJ52eb+
08r9qpzkoVrrJrbVQKB+LwePP1M1iw0wpNwaV7eAKOIQc9kS9ktg+etszwieb5Kx
6QjYEG0DF5QN6nr1Ay7lAh46vQhw1dqC5UgrluXIkxI9vtLncUtQnFjNRqLmlAdc
Q0hwDP3eCHoZ4LxTIXPXjzkWlw==
-----END CERTIFICATE-----
Generated at Mon Jul 21 18:13:19 2025 by rpki-client