Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91DC31B/D0ECCD48893D11EB916DF022C4F9AE02/2AECA58494EE11EE84F9D73CC4F9AE02.roa
File:                     2AECA58494EE11EE84F9D73CC4F9AE02.roa (raw, json)
Hash identifier:          I8a2tYdChMy0m+hYeHyoEloBcDOZ+JhPIXTugtfIp8g=
Subject key identifier:   96:02:5D:18:05:29:5D:DE:DE:81:B3:C8:3E:74:C0:7B:F9:14:7F:FB
Certificate issuer:       /CN=A91DC31B/serialNumber=8B8AD5CA1C3E8B8CF468B5F496A91ABB0E48CFA8
Certificate serial:       0760
Authority key identifier: 8B:8A:D5:CA:1C:3E:8B:8C:F4:68:B5:F4:96:A9:1A:BB:0E:48:CF:A8
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/i4rVyhw-i4z0aLX0lqkauw5Iz6g.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91DC31B/D0ECCD48893D11EB916DF022C4F9AE02/2AECA58494EE11EE84F9D73CC4F9AE02.roa
Signing time:             Tue 08 Jul 2025 11:22:08 +0000
ROA not before:           Tue 08 Jul 2025 11:22:08 +0000
ROA not after:            Tue 31 Mar 2026 00:00:00 +0000
asID:                     19551
IP address blocks:        166.81.2.0/24 maxlen: 24
                          166.81.5.0/24 maxlen: 24
                          166.81.6.0/24 maxlen: 24
                          166.81.32.0/24 maxlen: 24
                          166.81.33.0/24 maxlen: 24
                          166.81.34.0/24 maxlen: 24
                          166.81.39.0/24 maxlen: 24
                          166.81.40.0/24 maxlen: 24
                          166.81.51.0/24 maxlen: 24
                          166.81.52.0/24 maxlen: 24
                          166.81.53.0/24 maxlen: 24
                          166.81.54.0/24 maxlen: 24
                          166.81.56.0/24 maxlen: 24
                          166.81.57.0/24 maxlen: 24
                          166.81.61.0/24 maxlen: 24
                          166.81.62.0/24 maxlen: 24
                          166.81.63.0/24 maxlen: 24
                          166.81.81.0/24 maxlen: 24
                          166.81.83.0/24 maxlen: 24
                          166.81.84.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91DC31B/D0ECCD48893D11EB916DF022C4F9AE02/i4rVyhw-i4z0aLX0lqkauw5Iz6g.crl
                          rsync://rpki.apnic.net/member_repository/A91DC31B/D0ECCD48893D11EB916DF022C4F9AE02/i4rVyhw-i4z0aLX0lqkauw5Iz6g.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/i4rVyhw-i4z0aLX0lqkauw5Iz6g.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 29 Jul 2025 22:48:07 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1888 (0x760)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91DC31B, serialNumber=8B8AD5CA1C3E8B8CF468B5F496A91ABB0E48CFA8
        Validity
            Not Before: Jul  8 11:22:08 2025 GMT
            Not After : Mar 31 00:00:00 2026 GMT
        Subject: CN=686cff5f-4a9d
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:e8:bf:43:03:89:7f:3e:10:0b:28:13:e0:29:
                    84:0f:99:69:f9:70:35:e0:0f:20:e9:7e:61:0d:5f:
                    2d:c6:1c:7d:3d:f8:44:5c:c1:a6:08:f2:62:ce:03:
                    51:f5:7b:24:ea:ec:f1:ca:b5:77:62:d6:24:c9:39:
                    70:9f:63:e2:95:63:be:d5:e9:33:38:48:42:c7:8d:
                    6f:2c:c3:0f:4d:80:9c:b8:98:1a:3e:d5:9d:f7:dd:
                    1c:1d:c8:9b:33:0a:c2:66:20:47:ef:dc:ab:47:1f:
                    54:f0:29:e5:31:ec:a2:42:31:5f:64:e4:04:c8:8f:
                    48:0d:f4:03:df:b1:c6:09:4e:87:9b:05:2f:ec:11:
                    67:fa:a9:6d:37:09:99:d4:5e:40:03:4d:7e:b3:f7:
                    ae:f9:79:1f:d5:d6:02:c6:42:72:ca:5b:2c:6c:73:
                    3c:2a:9a:41:32:43:9c:01:fd:34:91:ec:54:b7:67:
                    e0:bd:ff:04:54:a9:8c:74:f6:52:8d:f8:70:a4:65:
                    d5:92:1e:b4:5c:92:67:5b:f5:03:75:1b:cc:65:38:
                    e7:3e:41:bc:3f:1b:f4:4d:03:3c:93:f7:3d:38:eb:
                    62:d8:a6:04:0e:08:23:8d:4f:bc:51:86:9b:46:12:
                    23:08:4c:fa:0e:75:8c:a4:b1:20:df:d6:94:73:b5:
                    ce:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:02:5D:18:05:29:5D:DE:DE:81:B3:C8:3E:74:C0:7B:F9:14:7F:FB
            X509v3 Authority Key Identifier:
                keyid:8B:8A:D5:CA:1C:3E:8B:8C:F4:68:B5:F4:96:A9:1A:BB:0E:48:CF:A8

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91DC31B/D0ECCD48893D11EB916DF022C4F9AE02/i4rVyhw-i4z0aLX0lqkauw5Iz6g.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/i4rVyhw-i4z0aLX0lqkauw5Iz6g.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91DC31B/D0ECCD48893D11EB916DF022C4F9AE02/2AECA58494EE11EE84F9D73CC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  166.81.2.0/24
                  166.81.5.0-166.81.6.255
                  166.81.32.0-166.81.34.255
                  166.81.39.0-166.81.40.255
                  166.81.51.0-166.81.54.255
                  166.81.56.0/23
                  166.81.61.0-166.81.63.255
                  166.81.81.0/24
                  166.81.83.0-166.81.84.255

    Signature Algorithm: sha256WithRSAEncryption
         20:90:5a:aa:fc:49:ba:95:d5:c4:c7:a1:52:85:6c:72:60:1a:
         ec:58:ea:74:fd:f1:bf:f2:94:b2:8a:5f:5f:e7:c4:44:5b:8c:
         b7:01:91:27:c8:86:38:27:ea:a3:47:36:86:f8:e8:30:50:02:
         c8:70:19:9e:9e:86:a3:fb:72:70:ba:09:be:08:7d:13:3d:63:
         59:25:a6:3a:17:6a:52:00:b1:56:28:4a:44:d2:2d:d1:64:74:
         c4:45:a7:37:34:83:0b:13:db:55:d1:ae:1f:39:77:41:02:d8:
         88:70:7f:47:07:bc:50:14:99:af:38:cc:23:da:7e:c6:db:2f:
         69:5b:56:24:89:a8:4e:e3:3e:eb:79:1f:3b:08:16:87:69:e7:
         0a:1e:f8:7e:4a:53:3e:d4:32:69:fe:42:0c:5b:7a:38:b2:04:
         83:7a:37:8f:c4:19:b4:8e:63:ff:b6:af:29:a8:ac:5c:f6:d8:
         a0:36:0b:37:7b:36:3d:07:d7:99:c0:58:82:eb:e1:b2:ce:cf:
         4d:7a:a6:d7:96:0b:8e:db:a1:05:f1:c3:ee:51:cb:fc:f2:fd:
         c5:79:98:75:d3:47:2a:5f:98:2a:d5:ae:da:c5:f8:c7:48:51:
         40:8a:51:86:98:ca:03:73:bb:90:08:63:46:96:08:9d:74:f4:
         c4:fd:32:84
-----BEGIN CERTIFICATE-----
MIIF0TCCBLmgAwIBAgICB2AwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
REMzMUIxMTAvBgNVBAUTKDhCOEFENUNBMUMzRThCOENGNDY4QjVGNDk2QTkxQUJC
MEU0OENGQTgwHhcNMjUwNzA4MTEyMjA4WhcNMjYwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODZjZmY1Zi00YTlkMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAyei/QwOJfz4QCygT4CmED5lp+XA14A8g6X5hDV8txhx9PfhEXMGmCPJizgNR
9Xsk6uzxyrV3YtYkyTlwn2PilWO+1ekzOEhCx41vLMMPTYCcuJgaPtWd990cHcib
MwrCZiBH79yrRx9U8CnlMeyiQjFfZOQEyI9IDfQD37HGCU6HmwUv7BFn+qltNwmZ
1F5AA01+s/eu+Xkf1dYCxkJyylssbHM8KppBMkOcAf00kexUt2fgvf8EVKmMdPZS
jfhwpGXVkh60XJJnW/UDdRvMZTjnPkG8Pxv0TQM8k/c9OOti2KYEDggjjU+8UYab
RhIjCEz6DnWMpLEg39aUc7XO0wIDAQABo4IC9TCCAvEwHQYDVR0OBBYEFJYCXRgF
KV3e3oGzyD50wHv5FH/7MB8GA1UdIwQYMBaAFIuK1cocPouM9Gi19JapGrsOSM+o
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFEQzMxQi9EMEVDQ0Q0ODg5
M0QxMUVCOTE2REYwMjJDNEY5QUUwMi9pNHJWeWh3LWk0ejBhTFgwbHFrYXV3NUl6
NmcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL2k0clZ5aHctaTR6MGFMWDBscWthdXc1SXo2Zy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
REMzMUIvRDBFQ0NENDg4OTNEMTFFQjkxNkRGMDIyQzRGOUFFMDIvMkFFQ0E1ODQ5
NEVFMTFFRTg0RjlENzNDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwfwYIKwYBBQUHAQcBAf8E
cDBuMGwEAgABMGYDBACmUQIwDAMEAKZRBQMEAKZRBjAMAwQFplEgAwQAplEiMAwD
BACmUScDBACmUSgwDAMEAKZRMwMEAKZRNgMEAaZRODAMAwQAplE9AwQGplEAAwQA
plFRMAwDBACmUVMDBACmUVQwDQYJKoZIhvcNAQELBQADggEBACCQWqr8SbqV1cTH
oVKFbHJgGuxY6nT98b/ylLKKX1/nxERbjLcBkSfIhjgn6qNHNob46DBQAshwGZ6e
hqP7cnC6Cb4IfRM9Y1klpjoXalIAsVYoSkTSLdFkdMRFpzc0gwsT21XRrh85d0EC
2Ihwf0cHvFAUma84zCPafsbbL2lbViSJqE7jPut5HzsIFodp5woe+H5KUz7UMmn+
QgxbejiyBIN6N4/EGbSOY/+2rymorFz22KA2Czd7Nj0H15nAWILr4bLOz016pteW
C47boQXxw+5Ry/zy/cV5mHXTRypfmCrVrtrF+MdIUUCKUYaYygNzu5AIY0aWCJ10
9MT9MoQ=
-----END CERTIFICATE-----
Generated at Wed Jul 23 02:06:46 2025 by rpki-client