Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91E28E2/952FA632D2E611ED9A52D55AC4F9AE02/7D22B44E249D11EFAC24EF6CC4F9AE02.roa
File:                     7D22B44E249D11EFAC24EF6CC4F9AE02.roa (raw, json)
Hash identifier:          A2YwzeZCV7lXuESZaxuoNr3XCXQA1+q4ChTmE99OOZ8=
Subject key identifier:   1E:B2:1B:22:F4:5C:C4:2E:22:55:F3:8B:DC:08:A4:8D:EF:51:D9:16
Certificate issuer:       /CN=A91E28E2/serialNumber=B481987331E1ED408B51CB9FD8EF4A650AC8669A
Certificate serial:       01CE
Authority key identifier: B4:81:98:73:31:E1:ED:40:8B:51:CB:9F:D8:EF:4A:65:0A:C8:66:9A
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/tIGYczHh7UCLUcuf2O9KZQrIZpo.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91E28E2/952FA632D2E611ED9A52D55AC4F9AE02/7D22B44E249D11EFAC24EF6CC4F9AE02.roa
Signing time:             Tue 15 Jul 2025 02:46:21 +0000
ROA not before:           Tue 15 Jul 2025 02:46:21 +0000
ROA not after:            Mon 31 Aug 2026 00:00:00 +0000
asID:                     45352
IP address blocks:        45.117.120.0/24 maxlen: 24
                          45.117.121.0/24 maxlen: 24
                          45.117.122.0/24 maxlen: 24
                          103.57.188.0/24 maxlen: 24
                          103.57.189.0/24 maxlen: 24
                          103.57.190.0/23 maxlen: 24
                          2403:1cc0::/48 maxlen: 48
                          2403:1cc0:1000::/48 maxlen: 48
                          2403:1cc0:1001::/48 maxlen: 48
                          2403:1cc0:1002::/48 maxlen: 48
                          2403:1cc0:1003::/48 maxlen: 48
                          2403:1cc0:1004::/48 maxlen: 48
                          2403:1cc0:1007::/48 maxlen: 48
                          2403:1cc0:1008::/48 maxlen: 48
                          2403:1cc0:1101::/48 maxlen: 48
                          2403:1cc0:1102::/48 maxlen: 48
                          2403:1cc0:1128::/48 maxlen: 48
                          2403:1cc0:1201::/48 maxlen: 48
                          2403:1cc0:1301::/48 maxlen: 48
                          2403:1cc0:1303::/48 maxlen: 48
                          2403:1cc0:2000::/48 maxlen: 48
                          2403:1cc0:2001::/48 maxlen: 48
                          2403:1cc0:2201::/48 maxlen: 48
                          2403:1cc0:2300::/48 maxlen: 48
                          2403:1cc0:3201::/48 maxlen: 48
                          2403:1cc0:3202::/48 maxlen: 48
                          2403:1cc0:5201::/48 maxlen: 48
                          2403:1cc0:6000::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91E28E2/952FA632D2E611ED9A52D55AC4F9AE02/tIGYczHh7UCLUcuf2O9KZQrIZpo.crl
                          rsync://rpki.apnic.net/member_repository/A91E28E2/952FA632D2E611ED9A52D55AC4F9AE02/tIGYczHh7UCLUcuf2O9KZQrIZpo.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/tIGYczHh7UCLUcuf2O9KZQrIZpo.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 28 Jul 2025 03:15:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 462 (0x1ce)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E28E2, serialNumber=B481987331E1ED408B51CB9FD8EF4A650AC8669A
        Validity
            Not Before: Jul 15 02:46:21 2025 GMT
            Not After : Aug 31 00:00:00 2026 GMT
        Subject: CN=6875c0fd-c126
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e6:56:80:0b:08:51:66:5a:1c:c1:7e:e0:95:5b:
                    3c:a7:bb:f0:90:02:25:c4:d3:e6:c7:32:57:df:2d:
                    1e:e5:7e:b7:ed:52:96:98:48:ae:36:03:51:07:31:
                    c9:db:32:60:9f:ce:f5:b7:0d:39:32:a1:be:3e:ca:
                    3b:16:c1:79:54:25:10:6a:ed:d6:c6:c2:50:3b:e8:
                    1d:4b:27:98:e7:55:23:5f:ad:0e:a3:0b:cf:60:ef:
                    27:3b:11:29:65:ce:3a:60:c5:39:51:97:82:a4:1d:
                    04:0c:35:46:ae:5e:ee:1f:a0:bf:52:f9:27:a8:b6:
                    37:ab:ba:94:3a:77:3b:f2:ec:e0:97:41:9c:a1:a3:
                    7e:62:18:b2:34:da:ca:1a:be:2e:4c:b1:b9:9d:ef:
                    c9:a8:5f:64:11:8a:40:22:ae:b7:7d:89:36:02:04:
                    d4:09:05:59:04:35:75:eb:4f:6f:0f:be:a4:0d:0b:
                    97:e5:99:41:dc:f0:f1:c9:0a:f0:af:d9:ea:4e:75:
                    ba:2c:93:5d:08:7d:05:19:ce:37:1c:53:30:ef:b4:
                    88:cf:78:a5:58:e7:6f:28:49:ea:05:72:61:9f:63:
                    9b:ba:76:cc:03:45:ae:5f:bb:60:07:77:0d:99:a5:
                    c4:42:87:76:41:4d:c9:7f:41:56:41:4b:3d:e9:ab:
                    a3:35
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1E:B2:1B:22:F4:5C:C4:2E:22:55:F3:8B:DC:08:A4:8D:EF:51:D9:16
            X509v3 Authority Key Identifier:
                keyid:B4:81:98:73:31:E1:ED:40:8B:51:CB:9F:D8:EF:4A:65:0A:C8:66:9A

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91E28E2/952FA632D2E611ED9A52D55AC4F9AE02/tIGYczHh7UCLUcuf2O9KZQrIZpo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/tIGYczHh7UCLUcuf2O9KZQrIZpo.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91E28E2/952FA632D2E611ED9A52D55AC4F9AE02/7D22B44E249D11EFAC24EF6CC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.117.120.0-45.117.122.255
                  103.57.188.0/22
                IPv6:
                  2403:1cc0::/48
                  2403:1cc0:1000::-2403:1cc0:1004:ffff:ffff:ffff:ffff:ffff
                  2403:1cc0:1007::-2403:1cc0:1008:ffff:ffff:ffff:ffff:ffff
                  2403:1cc0:1101::-2403:1cc0:1102:ffff:ffff:ffff:ffff:ffff
                  2403:1cc0:1128::/48
                  2403:1cc0:1201::/48
                  2403:1cc0:1301::/48
                  2403:1cc0:1303::/48
                  2403:1cc0:2000::/47
                  2403:1cc0:2201::/48
                  2403:1cc0:2300::/48
                  2403:1cc0:3201::-2403:1cc0:3202:ffff:ffff:ffff:ffff:ffff
                  2403:1cc0:5201::/48
                  2403:1cc0:6000::/48

    Signature Algorithm: sha256WithRSAEncryption
         65:81:19:e6:39:72:60:fe:e0:13:69:5d:6b:42:bf:1b:ae:8f:
         63:47:aa:e8:05:62:ba:d1:2b:cd:06:ab:68:ac:71:54:e9:d3:
         65:29:cb:57:b0:9e:13:64:20:5e:a1:0b:c8:54:aa:e3:fc:9c:
         f5:a9:78:db:c6:68:71:ef:b3:ee:21:bf:ca:0c:a3:b0:7b:3c:
         8a:8f:18:03:0a:95:6f:e9:95:05:0d:c1:13:fe:02:67:b8:e5:
         d9:66:51:d1:49:f2:32:3e:7b:ca:28:79:cd:70:17:71:1e:a7:
         04:64:ec:a0:93:74:d8:37:1d:d0:db:6c:af:13:d2:df:57:81:
         16:30:8e:f9:44:e2:dd:b9:60:b0:e0:71:0c:04:ab:a3:f2:bb:
         bc:b3:56:81:ed:0e:9b:86:2b:77:27:fc:c0:5a:5a:60:0f:78:
         12:bd:c4:47:32:43:7e:bf:a1:d0:4a:e2:38:79:bc:f9:d3:77:
         10:6f:7e:1e:67:c9:74:5d:21:3f:a2:c9:12:53:a3:91:e6:39:
         2f:e1:29:4e:c4:b1:a2:f4:16:84:a6:27:3a:48:23:41:27:e7:
         64:33:85:43:13:69:5d:3e:74:f7:79:3f:7c:94:75:38:e2:30:
         73:f3:f0:42:4b:ac:c5:ea:a9:7b:c4:e3:29:91:82:26:b3:2b:
         01:b3:7a:f4
-----BEGIN CERTIFICATE-----
MIIGNTCCBR2gAwIBAgICAc4wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RTI4RTIxMTAvBgNVBAUTKEI0ODE5ODczMzFFMUVENDA4QjUxQ0I5RkQ4RUY0QTY1
MEFDODY2OUEwHhcNMjUwNzE1MDI0NjIxWhcNMjYwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODc1YzBmZC1jMTI2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA5laACwhRZlocwX7glVs8p7vwkAIlxNPmxzJX3y0e5X637VKWmEiuNgNRBzHJ
2zJgn871tw05MqG+Pso7FsF5VCUQau3WxsJQO+gdSyeY51UjX60OowvPYO8nOxEp
Zc46YMU5UZeCpB0EDDVGrl7uH6C/UvknqLY3q7qUOnc78uzgl0GcoaN+YhiyNNrK
Gr4uTLG5ne/JqF9kEYpAIq63fYk2AgTUCQVZBDV1609vD76kDQuX5ZlB3PDxyQrw
r9nqTnW6LJNdCH0FGc43HFMw77SIz3ilWOdvKEnqBXJhn2ObunbMA0WuX7tgB3cN
maXEQod2QU3Jf0FWQUs96aujNQIDAQABo4IDWTCCA1UwHQYDVR0OBBYEFB6yGyL0
XMQuIlXzi9wIpI3vUdkWMB8GA1UdIwQYMBaAFLSBmHMx4e1Ai1HLn9jvSmUKyGaa
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFMjhFMi85NTJGQTYzMkQy
RTYxMUVEOUE1MkQ1NUFDNEY5QUUwMi90SUdZY3pIaDdVQ0xVY3VmMk85S1pRckla
cG8uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3RJR1ljekhoN1VDTFVjdWYyTzlLWlFySVpwby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RTI4RTIvOTUyRkE2MzJEMkU2MTFFRDlBNTJENTVBQzRGOUFFMDIvN0QyMkI0NEUy
NDlEMTFFRkFDMjRFRjZDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgeIGCCsGAQUFBwEHAQH/
BIHSMIHPMBoEAgABMBQwDAMEAy11eAMEAC11egMEAmc5vDCBsAQCAAIwgakDBwAk
AxzAAAAwEQMGBCQDHMAQAwcAJAMcwBAEMBIDBwAkAxzAEAcDBwAkAxzAEAgwEgMH
ACQDHMARAQMHACQDHMARAgMHACQDHMARKAMHACQDHMASAQMHACQDHMATAQMHACQD
HMATAwMHASQDHMAgAAMHACQDHMAiAQMHACQDHMAjADASAwcAJAMcwDIBAwcAJAMc
wDICAwcAJAMcwFIBAwcAJAMcwGAAMA0GCSqGSIb3DQEBCwUAA4IBAQBlgRnmOXJg
/uATaV1rQr8bro9jR6roBWK60SvNBqtorHFU6dNlKctXsJ4TZCBeoQvIVKrj/Jz1
qXjbxmhx77PuIb/KDKOwezyKjxgDCpVv6ZUFDcET/gJnuOXZZlHRSfIyPnvKKHnN
cBdxHqcEZOygk3TYNx3Q22yvE9LfV4EWMI75ROLduWCw4HEMBKuj8ru8s1aB7Q6b
hit3J/zAWlpgD3gSvcRHMkN+v6HQSuI4ebz503cQb34eZ8l0XSE/oskSU6OR5jkv
4SlOxLGi9BaEpic6SCNBJ+dkM4VDE2ldPnT3eT98lHU44jBz8/BCS6zF6ql7xOMp
kYImsysBs3r0
-----END CERTIFICATE-----
Generated at Wed Jul 23 02:30:03 2025 by rpki-client