Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91EAE3D/97B6E0CE75DE11E8B704A246C4F9AE02/28C73E085EC411F0AFDCEE52C4F9AE02.roa
File:                     28C73E085EC411F0AFDCEE52C4F9AE02.roa (raw, json)
Hash identifier:          Ju8go9OBKML8ykj6qnfvaBG6KjObv0i9KK2dLnaHCbM=
Subject key identifier:   91:7E:33:7E:EA:39:E8:EF:1E:42:35:CF:F0:1A:D9:45:6D:AA:D9:23
Certificate issuer:       /CN=A91EAE3D/serialNumber=C7269B124C420C55E29FB51D3C1B0D9D476CBD00
Certificate serial:       18F9
Authority key identifier: C7:26:9B:12:4C:42:0C:55:E2:9F:B5:1D:3C:1B:0D:9D:47:6C:BD:00
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xyabEkxCDFXin7UdPBsNnUdsvQA.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91EAE3D/97B6E0CE75DE11E8B704A246C4F9AE02/28C73E085EC411F0AFDCEE52C4F9AE02.roa
Signing time:             Sat 12 Jul 2025 02:01:44 +0000
ROA not before:           Sat 12 Jul 2025 02:01:44 +0000
ROA not after:            Fri 01 May 2026 00:00:00 +0000
asID:                     18037
IP address blocks:        27.106.200.0/22 maxlen: 22
                          203.89.64.0/19 maxlen: 19
                          203.89.67.0/24 maxlen: 24
                          203.89.73.0/24 maxlen: 24
                          203.89.90.0/24 maxlen: 24
                          203.89.91.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91EAE3D/97B6E0CE75DE11E8B704A246C4F9AE02/xyabEkxCDFXin7UdPBsNnUdsvQA.crl
                          rsync://rpki.apnic.net/member_repository/A91EAE3D/97B6E0CE75DE11E8B704A246C4F9AE02/xyabEkxCDFXin7UdPBsNnUdsvQA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xyabEkxCDFXin7UdPBsNnUdsvQA.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 29 Jul 2025 17:03:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 6393 (0x18f9)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91EAE3D, serialNumber=C7269B124C420C55E29FB51D3C1B0D9D476CBD00
        Validity
            Not Before: Jul 12 02:01:44 2025 GMT
            Not After : May  1 00:00:00 2026 GMT
        Subject: CN=6871c208-5ff4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f8:6b:ed:f3:42:13:bc:fe:9f:0d:f1:95:af:f6:
                    77:66:ed:87:64:db:3d:44:ed:52:cf:70:e4:06:4e:
                    10:d2:e3:92:b9:d2:81:2a:10:9b:f8:37:5a:09:c8:
                    9f:a7:07:c1:7c:36:ed:95:03:93:89:7b:ab:33:88:
                    4c:ff:15:7a:7a:d5:48:09:32:b3:c3:c5:e8:02:e3:
                    a6:b4:fd:91:3e:45:56:34:80:aa:77:25:82:8a:bd:
                    0b:d9:df:c0:87:7b:09:d6:ef:73:50:d0:74:6a:32:
                    86:4a:06:6d:82:53:83:f4:dc:24:44:c1:f9:09:39:
                    08:38:aa:38:d9:dc:88:c9:78:9c:1a:bd:f8:df:a0:
                    fe:e7:f0:bd:7d:1b:3f:3d:aa:d7:e4:13:93:ce:df:
                    3a:2a:83:4f:6d:46:d5:46:a6:8c:60:c9:6e:33:3e:
                    fd:5c:05:12:b0:d9:0c:81:52:d1:63:cb:3c:73:55:
                    57:25:c7:e6:c3:05:88:d4:10:a5:20:63:f2:c3:87:
                    20:50:95:5c:70:4c:13:53:da:b5:f2:a3:76:f5:af:
                    c3:33:71:a0:70:88:21:10:89:39:22:8a:22:6d:65:
                    6b:b4:32:e0:30:59:ba:75:1d:d0:15:e5:a0:01:fc:
                    cb:de:81:9e:35:4e:4f:9a:2b:ba:68:77:4b:91:b0:
                    a8:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                91:7E:33:7E:EA:39:E8:EF:1E:42:35:CF:F0:1A:D9:45:6D:AA:D9:23
            X509v3 Authority Key Identifier:
                keyid:C7:26:9B:12:4C:42:0C:55:E2:9F:B5:1D:3C:1B:0D:9D:47:6C:BD:00

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91EAE3D/97B6E0CE75DE11E8B704A246C4F9AE02/xyabEkxCDFXin7UdPBsNnUdsvQA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/xyabEkxCDFXin7UdPBsNnUdsvQA.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91EAE3D/97B6E0CE75DE11E8B704A246C4F9AE02/28C73E085EC411F0AFDCEE52C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  27.106.200.0/22
                  203.89.64.0/19

    Signature Algorithm: sha256WithRSAEncryption
         a8:69:57:e1:07:bd:41:19:c9:ca:ae:c2:f9:6d:62:d8:06:b9:
         37:70:5c:14:63:af:f2:6e:04:b4:0d:0d:4d:0c:d6:38:89:fd:
         08:a1:f8:68:e3:b3:4c:89:11:be:e3:78:c4:e3:ad:fa:75:94:
         c1:c0:5a:57:eb:85:1b:54:3d:38:43:84:49:1b:b9:20:85:25:
         6b:71:2c:aa:b5:eb:c3:8e:04:24:a6:ca:92:fa:b1:61:31:96:
         09:b3:58:9b:c0:60:1c:67:24:44:b7:00:0e:62:64:1f:2d:9a:
         15:ec:a3:3b:f5:62:9a:49:42:13:39:1b:6b:85:28:59:5b:22:
         34:23:69:a1:98:c6:08:ec:71:b4:43:06:9a:46:5e:1f:3a:d5:
         1d:ae:da:3b:90:57:ae:53:76:c3:52:ff:5b:17:74:4a:b8:b2:
         3b:e6:2e:5c:4d:72:ef:ff:94:7f:97:49:96:7d:b6:a2:d9:29:
         e5:1f:12:f4:b0:3b:f3:76:d1:aa:47:96:84:5e:51:99:02:39:
         9d:81:2a:c3:b0:2c:1c:7c:e5:03:d9:f9:26:ae:10:79:fe:68:
         62:ed:8b:ff:58:6b:20:cc:d0:5f:6e:29:9b:e2:0a:9b:3b:01:
         c8:65:29:64:84:cb:86:67:f8:e3:db:9a:2c:61:78:77:41:cc:
         53:ca:76:4b
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICGPkwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RUFFM0QxMTAvBgNVBAUTKEM3MjY5QjEyNEM0MjBDNTVFMjlGQjUxRDNDMUIwRDlE
NDc2Q0JEMDAwHhcNMjUwNzEyMDIwMTQ0WhcNMjYwNTAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODcxYzIwOC01ZmY0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA+Gvt80ITvP6fDfGVr/Z3Zu2HZNs9RO1Sz3DkBk4Q0uOSudKBKhCb+DdaCcif
pwfBfDbtlQOTiXurM4hM/xV6etVICTKzw8XoAuOmtP2RPkVWNICqdyWCir0L2d/A
h3sJ1u9zUNB0ajKGSgZtglOD9NwkRMH5CTkIOKo42dyIyXicGr3436D+5/C9fRs/
ParX5BOTzt86KoNPbUbVRqaMYMluMz79XAUSsNkMgVLRY8s8c1VXJcfmwwWI1BCl
IGPyw4cgUJVccEwTU9q18qN29a/DM3GgcIghEIk5IooibWVrtDLgMFm6dR3QFeWg
AfzL3oGeNU5Pmiu6aHdLkbCoiwIDAQABo4ICmzCCApcwHQYDVR0OBBYEFJF+M37q
OejvHkI1z/Aa2UVtqtkjMB8GA1UdIwQYMBaAFMcmmxJMQgxV4p+1HTwbDZ1HbL0A
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFQUUzRC85N0I2RTBDRTc1
REUxMUU4QjcwNEEyNDZDNEY5QUUwMi94eWFiRWt4Q0RGWGluN1VkUEJzTm5VZHN2
UUEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3h5YWJFa3hDREZYaW43VWRQQnNOblVkc3ZRQS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RUFFM0QvOTdCNkUwQ0U3NURFMTFFOEI3MDRBMjQ2QzRGOUFFMDIvMjhDNzNFMDg1
RUM0MTFGMEFGRENFRTUyQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBAIbasgDBAXLWUAwDQYJKoZIhvcNAQELBQADggEBAKhpV+EH
vUEZycquwvltYtgGuTdwXBRjr/JuBLQNDU0M1jiJ/Qih+Gjjs0yJEb7jeMTjrfp1
lMHAWlfrhRtUPThDhEkbuSCFJWtxLKq168OOBCSmypL6sWExlgmzWJvAYBxnJES3
AA5iZB8tmhXsozv1YppJQhM5G2uFKFlbIjQjaaGYxgjscbRDBppGXh861R2u2juQ
V65TdsNS/1sXdEq4sjvmLlxNcu//lH+XSZZ9tqLZKeUfEvSwO/N20apHloReUZkC
OZ2BKsOwLBx85QPZ+SauEHn+aGLti/9YayDM0F9uKZviCps7AchlKWSEy4Zn+OPb
mixheHdBzFPKdks=
-----END CERTIFICATE-----
Generated at Thu Jul 24 05:02:16 2025 by rpki-client