Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/1C57CEAC70E911E2B36D4B6B2979BB20/0F351304620A11F0A687343BC4F9AE02.roa
File:                     0F351304620A11F0A687343BC4F9AE02.roa (raw, json)
Hash identifier:          44KF2MhjUqFe+Cr25J/07Qs6+ZGpqIeMapBNAXZwYME=
Subject key identifier:   39:47:26:FC:A2:25:F3:36:CE:62:AD:C6:29:ED:17:5C:78:5A:68:61
Certificate issuer:       /CN=A918EDB2/serialNumber=A7AE474416B0E8AD3A89E86774A640FEBE6973F9
Certificate serial:       1F07
Authority key identifier: A7:AE:47:44:16:B0:E8:AD:3A:89:E8:67:74:A6:40:FE:BE:69:73:F9
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/p65HRBaw6K06iehndKZA_r5pc_k.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A918EDB2/1C57CEAC70E911E2B36D4B6B2979BB20/0F351304620A11F0A687343BC4F9AE02.roa
Signing time:             Wed 16 Jul 2025 05:59:39 +0000
ROA not before:           Wed 16 Jul 2025 05:59:39 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     151122
IP address blocks:        165.101.10.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A918EDB2/1C57CEAC70E911E2B36D4B6B2979BB20/p65HRBaw6K06iehndKZA_r5pc_k.crl
                          rsync://rpki.apnic.net/member_repository/A918EDB2/1C57CEAC70E911E2B36D4B6B2979BB20/p65HRBaw6K06iehndKZA_r5pc_k.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/p65HRBaw6K06iehndKZA_r5pc_k.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 29 Jul 2025 15:26:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 7943 (0x1f07)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A918EDB2, serialNumber=A7AE474416B0E8AD3A89E86774A640FEBE6973F9
        Validity
            Not Before: Jul 16 05:59:39 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=68773fcb-bd48
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f4:de:86:a3:66:90:bd:9b:98:bf:ca:7f:ae:d0:
                    12:6b:ca:33:0b:3f:02:52:71:64:58:1b:f8:5e:8f:
                    b4:18:f8:4a:53:4f:ed:f9:96:6f:c0:7a:21:bb:8c:
                    45:1d:86:91:d2:1a:30:35:90:a9:1a:14:16:51:ab:
                    b2:d8:3e:fd:65:7a:7a:6b:9a:ce:cd:d0:97:b9:7f:
                    8d:93:f2:f7:b6:70:59:12:67:a1:14:8b:e1:71:7c:
                    b7:2a:f0:65:0d:cb:57:85:c8:6f:86:df:1c:9d:2f:
                    9a:c4:1d:fc:b6:46:45:49:29:ef:91:07:87:d0:64:
                    72:7f:40:5e:4e:e2:28:14:49:30:0b:bf:fa:1b:31:
                    d2:b7:b6:bf:01:f2:61:98:bf:e7:fd:16:c6:6c:33:
                    75:2c:71:80:ed:fe:87:91:6a:fd:6a:e0:89:73:df:
                    d7:bc:95:04:5f:d2:90:e2:f7:1a:f2:fb:31:ef:ae:
                    fb:55:36:6c:8d:f4:9d:1e:e9:5e:96:36:39:f2:25:
                    19:70:e5:24:bd:62:8c:c1:33:99:95:8b:56:c2:0f:
                    e1:1b:3f:a4:24:dd:51:53:31:c8:3b:65:5b:af:47:
                    6c:ef:12:e5:b8:43:9d:e7:f2:16:1d:de:e8:07:87:
                    bf:33:c3:9d:a9:65:eb:8f:35:45:b6:33:71:4d:58:
                    62:75
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                39:47:26:FC:A2:25:F3:36:CE:62:AD:C6:29:ED:17:5C:78:5A:68:61
            X509v3 Authority Key Identifier:
                keyid:A7:AE:47:44:16:B0:E8:AD:3A:89:E8:67:74:A6:40:FE:BE:69:73:F9

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A918EDB2/1C57CEAC70E911E2B36D4B6B2979BB20/p65HRBaw6K06iehndKZA_r5pc_k.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/p65HRBaw6K06iehndKZA_r5pc_k.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/1C57CEAC70E911E2B36D4B6B2979BB20/0F351304620A11F0A687343BC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  165.101.10.0/24

    Signature Algorithm: sha256WithRSAEncryption
         29:be:d7:14:7f:f8:9d:74:ee:e5:a3:cb:fc:32:04:c6:1f:ac:
         11:fa:e5:b2:a4:25:b4:01:04:a9:64:e4:01:3a:e8:9d:16:56:
         4e:f2:df:cf:34:90:c1:f4:a2:8b:47:ea:7e:7a:23:24:96:9b:
         97:4e:a1:fe:bc:c1:17:59:d0:52:ce:83:f0:18:4c:83:4c:ca:
         a8:65:85:ae:43:3b:1a:bf:9d:50:7e:aa:de:ed:a0:fd:76:54:
         a4:4d:6d:1e:0d:9a:86:54:fe:01:5d:8d:e7:a7:bb:73:2d:32:
         81:9f:b6:99:33:df:03:29:ab:02:af:0b:b3:91:69:02:2d:4b:
         d7:b2:c8:da:b9:f8:8d:95:23:9c:b0:13:5e:7e:f7:af:42:9a:
         57:ca:c7:60:6e:b9:26:93:24:5b:de:36:05:06:89:bf:dd:17:
         43:0e:ed:85:38:59:f8:28:c0:b1:f2:ed:71:fa:dd:56:65:f2:
         d0:e0:fb:d9:27:e5:25:4c:81:13:ba:9c:b1:61:16:0a:ec:cd:
         67:f7:be:be:f2:c3:44:ee:ab:e9:85:9f:9d:c7:95:b1:99:d1:
         87:88:81:de:e4:c6:28:ca:24:95:64:d5:df:ba:14:93:ae:a4:
         da:ce:ff:ba:62:b4:59:5d:be:01:2b:c8:c1:db:aa:ed:0b:d5:
         17:0a:d9:e0
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICHwcwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OEVEQjIxMTAvBgNVBAUTKEE3QUU0NzQ0MTZCMEU4QUQzQTg5RTg2Nzc0QTY0MEZF
QkU2OTczRjkwHhcNMjUwNzE2MDU1OTM5WhcNMjYwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODc3M2ZjYi1iZDQ4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA9N6Go2aQvZuYv8p/rtASa8ozCz8CUnFkWBv4Xo+0GPhKU0/t+ZZvwHohu4xF
HYaR0howNZCpGhQWUauy2D79ZXp6a5rOzdCXuX+Nk/L3tnBZEmehFIvhcXy3KvBl
DctXhchvht8cnS+axB38tkZFSSnvkQeH0GRyf0BeTuIoFEkwC7/6GzHSt7a/AfJh
mL/n/RbGbDN1LHGA7f6HkWr9auCJc9/XvJUEX9KQ4vca8vsx7677VTZsjfSdHule
ljY58iUZcOUkvWKMwTOZlYtWwg/hGz+kJN1RUzHIO2Vbr0ds7xLluEOd5/IWHd7o
B4e/M8OdqWXrjzVFtjNxTVhidQIDAQABo4IClTCCApEwHQYDVR0OBBYEFDlHJvyi
JfM2zmKtxintF1x4WmhhMB8GA1UdIwQYMBaAFKeuR0QWsOitOonoZ3SmQP6+aXP5
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4RURCMi8xQzU3Q0VBQzcw
RTkxMUUyQjM2RDRCNkIyOTc5QkIyMC9wNjVIUkJhdzZLMDZpZWhuZEtaQV9yNXBj
X2suY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL3A2NUhSQmF3NkswNmllaG5kS1pBX3I1cGNfay5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OEVEQjIvMUM1N0NFQUM3MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvMEYzNTEzMDQ2
MjBBMTFGMEE2ODczNDNCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAClZQowDQYJKoZIhvcNAQELBQADggEBACm+1xR/+J107uWj
y/wyBMYfrBH65bKkJbQBBKlk5AE66J0WVk7y3880kMH0ootH6n56IySWm5dOof68
wRdZ0FLOg/AYTINMyqhlha5DOxq/nVB+qt7toP12VKRNbR4NmoZU/gFdjeenu3Mt
MoGftpkz3wMpqwKvC7ORaQItS9eyyNq5+I2VI5ywE15+969CmlfKx2BuuSaTJFve
NgUGib/dF0MO7YU4WfgowLHy7XH63VZl8tDg+9kn5SVMgRO6nLFhFgrszWf3vr7y
w0Tuq+mFn53HlbGZ0YeIgd7kxijKJJVk1d+6FJOupNrO/7pitFldvgEryMHbqu0L
1RcK2eA=
-----END CERTIFICATE-----
Generated at Wed Jul 23 02:30:02 2025 by rpki-client