Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A917F4A6/3B67AD8E63B711F088DDF365C4F9AE02/90F60DFE63B711F0B5918E66C4F9AE02.roa
File:                     90F60DFE63B711F0B5918E66C4F9AE02.roa (raw, json)
Hash identifier:          lywazMdLQZ0rBOXkYhNggr86pJ03TRLPWTLqfJbXC1Q=
Subject key identifier:   D9:6E:49:83:1B:F9:FE:BB:0A:8A:7A:83:30:9D:99:7B:7E:C3:CC:1C
Certificate issuer:       /CN=A917F4A6/serialNumber=737582EC4E8FE39DF42C0DC229BA37D1B6B3865A
Certificate serial:       06
Authority key identifier: 73:75:82:EC:4E:8F:E3:9D:F4:2C:0D:C2:29:BA:37:D1:B6:B3:86:5A
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/c3WC7E6P4530LA3CKbo30bazhlo.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A917F4A6/3B67AD8E63B711F088DDF365C4F9AE02/90F60DFE63B711F0B5918E66C4F9AE02.roa
Signing time:             Fri 18 Jul 2025 09:23:18 +0000
ROA not before:           Fri 18 Jul 2025 09:23:18 +0000
ROA not after:            Thu 30 Jul 2026 00:00:00 +0000
asID:                     153773
IP address blocks:        36.255.76.0/24 maxlen: 24
                          36.255.77.0/24 maxlen: 24
                          36.255.78.0/24 maxlen: 24
                          36.255.79.0/24 maxlen: 24
                          2401:fce0:10::/48 maxlen: 48
                          2401:fce0:11::/48 maxlen: 48
                          2401:fce0:12::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A917F4A6/3B67AD8E63B711F088DDF365C4F9AE02/c3WC7E6P4530LA3CKbo30bazhlo.crl
                          rsync://rpki.apnic.net/member_repository/A917F4A6/3B67AD8E63B711F088DDF365C4F9AE02/c3WC7E6P4530LA3CKbo30bazhlo.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/c3WC7E6P4530LA3CKbo30bazhlo.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 26 Jul 2025 08:31:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 6 (0x6)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A917F4A6, serialNumber=737582EC4E8FE39DF42C0DC229BA37D1B6B3865A
        Validity
            Not Before: Jul 18 09:23:18 2025 GMT
            Not After : Jul 30 00:00:00 2026 GMT
        Subject: CN=687a1286-8286
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ae:d3:e1:c0:44:ca:02:af:96:98:e0:78:e7:73:
                    f4:9d:93:c8:42:00:0c:da:8a:67:53:69:7a:e0:22:
                    a4:b1:23:c7:66:61:fc:ea:96:79:46:c0:01:21:38:
                    a2:40:8c:a1:e7:25:b8:a0:f7:41:d1:b0:e1:96:2c:
                    7c:b5:6a:20:e8:9b:30:3b:b4:eb:e0:65:f8:f3:09:
                    f3:76:b4:92:79:d5:4a:09:ed:f2:46:e7:73:c9:94:
                    de:72:e3:c3:dd:4f:64:8e:95:f8:eb:10:09:b3:fa:
                    59:5c:ba:40:19:cb:09:c1:db:2f:74:ef:1b:db:c3:
                    6e:42:3a:11:f4:5b:23:dc:60:e2:28:75:ef:53:9a:
                    40:16:7d:1a:1f:0c:66:7f:6b:48:95:91:f7:07:c1:
                    b1:bd:c8:60:40:09:e0:f2:ab:92:51:7a:c4:0d:0f:
                    bf:5b:85:5a:e3:11:6b:ec:a0:57:a4:c6:37:d9:73:
                    c6:fc:62:b8:aa:16:d8:ee:bb:d8:a8:e8:63:6f:e9:
                    8f:29:be:e1:14:4c:40:e8:84:61:a6:a2:b3:73:41:
                    b2:98:1d:05:9e:53:2f:c0:c5:7c:c2:14:54:1d:a3:
                    6a:7b:81:1c:ae:38:e9:7c:b3:5c:6e:f7:7b:9e:93:
                    46:3b:de:2d:64:22:c8:91:90:66:43:29:3d:16:da:
                    a1:9d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D9:6E:49:83:1B:F9:FE:BB:0A:8A:7A:83:30:9D:99:7B:7E:C3:CC:1C
            X509v3 Authority Key Identifier:
                keyid:73:75:82:EC:4E:8F:E3:9D:F4:2C:0D:C2:29:BA:37:D1:B6:B3:86:5A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A917F4A6/3B67AD8E63B711F088DDF365C4F9AE02/c3WC7E6P4530LA3CKbo30bazhlo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/c3WC7E6P4530LA3CKbo30bazhlo.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A917F4A6/3B67AD8E63B711F088DDF365C4F9AE02/90F60DFE63B711F0B5918E66C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  36.255.76.0/22
                IPv6:
                  2401:fce0:10::-2401:fce0:12:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         32:8b:7a:d0:c7:e0:0d:5f:d4:be:e8:d3:c1:9a:eb:a7:bb:77:
         c0:3a:34:1b:e9:3c:eb:4a:c9:f4:d5:6a:a5:b8:55:72:18:18:
         db:dc:97:e1:77:ae:80:c8:ea:94:ba:b4:6c:b0:a7:26:ae:b0:
         05:87:0f:6e:b4:a6:32:da:5a:21:8f:cc:d1:33:78:35:9f:45:
         9d:84:8c:6e:3e:c3:ab:bf:3d:80:b9:d9:63:a4:98:27:8d:51:
         77:1c:fc:26:4a:99:26:52:42:e1:f2:9b:4c:10:29:48:14:d0:
         ad:fe:d1:28:8c:06:da:7e:29:39:17:51:c7:92:e7:b3:a8:9f:
         f7:45:f1:02:5b:f0:2d:2c:d1:b9:04:14:f0:5f:5a:61:56:15:
         3b:a8:fe:f1:9b:ef:70:5f:a5:53:a2:04:49:e1:68:8c:ef:76:
         e4:58:14:e0:bb:7e:33:c8:f4:c6:f6:6c:e5:49:6c:cc:22:41:
         47:17:bf:e9:a7:c3:0d:9d:7c:04:f1:62:af:a7:2b:4b:f4:1e:
         44:76:ac:bf:e4:b6:e9:64:cd:dd:46:48:53:8c:fb:c9:8f:aa:
         7c:99:5b:ed:6b:78:3f:d1:c6:ab:29:60:af:cb:55:b3:28:34:
         5e:75:db:38:be:22:64:94:3f:ba:e0:b5:d3:74:1d:e0:d1:ce:
         fa:f8:54:42
-----BEGIN CERTIFICATE-----
MIIFjDCCBHSgAwIBAgIBBjANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTE3
RjRBNjExMC8GA1UEBRMoNzM3NTgyRUM0RThGRTM5REY0MkMwREMyMjlCQTM3RDFC
NkIzODY1QTAeFw0yNTA3MTgwOTIzMThaFw0yNjA3MzAwMDAwMDBaMBgxFjAUBgNV
BAMTDTY4N2ExMjg2LTgyODYwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCu0+HARMoCr5aY4Hjnc/Sdk8hCAAzaimdTaXrgIqSxI8dmYfzqlnlGwAEhOKJA
jKHnJbig90HRsOGWLHy1aiDomzA7tOvgZfjzCfN2tJJ51UoJ7fJG53PJlN5y48Pd
T2SOlfjrEAmz+llcukAZywnB2y907xvbw25COhH0WyPcYOIode9TmkAWfRofDGZ/
a0iVkfcHwbG9yGBACeDyq5JResQND79bhVrjEWvsoFekxjfZc8b8YriqFtjuu9io
6GNv6Y8pvuEUTEDohGGmorNzQbKYHQWeUy/AxXzCFFQdo2p7gRyuOOl8s1xu93ue
k0Y73i1kIsiRkGZDKT0W2qGdAgMBAAGjggKxMIICrTAdBgNVHQ4EFgQU2W5Jgxv5
/rsKinqDMJ2Ze37DzBwwHwYDVR0jBBgwFoAUc3WC7E6P4530LA3CKbo30bazhlow
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTdGNEE2LzNCNjdBRDhFNjNC
NzExRjA4OERERjM2NUM0RjlBRTAyL2MzV0M3RTZQNDUzMExBM0NLYm8zMGJhemhs
by5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvYzNXQzdFNlA0NTMwTEEzQ0tibzMwYmF6aGxvLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3
RjRBNi8zQjY3QUQ4RTYzQjcxMUYwODhEREYzNjVDNEY5QUUwMi85MEY2MERGRTYz
QjcxMUYwQjU5MThFNjZDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDA7BggrBgEFBQcBBwEB/wQs
MCowDAQCAAEwBgMEAiT/TDAaBAIAAjAUMBIDBwQkAfzgABADBwAkAfzgABIwDQYJ
KoZIhvcNAQELBQADggEBADKLetDH4A1f1L7o08Ga66e7d8A6NBvpPOtKyfTVaqW4
VXIYGNvcl+F3roDI6pS6tGywpyausAWHD260pjLaWiGPzNEzeDWfRZ2EjG4+w6u/
PYC52WOkmCeNUXcc/CZKmSZSQuHym0wQKUgU0K3+0SiMBtp+KTkXUceS57Oon/dF
8QJb8C0s0bkEFPBfWmFWFTuo/vGb73BfpVOiBEnhaIzvduRYFOC7fjPI9Mb2bOVJ
bMwiQUcXv+mnww2dfATxYq+nK0v0HkR2rL/ktulkzd1GSFOM+8mPqnyZW+1reD/R
xqspYK/LVbMoNF512zi+ImSUP7rgtdN0HeDRzvr4VEI=
-----END CERTIFICATE-----
Generated at Sun Jul 20 10:55:26 2025 by rpki-client