Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9120974/033240C03A4A11E9940F2D16C4F9AE02/A87BA1063A4B11E99182B31BC4F9AE02.roa
File:                     A87BA1063A4B11E99182B31BC4F9AE02.roa (raw, json)
Hash identifier:          qPjQ6qU9b4Y2Yxe9iOnxcnbbcXQxddrSOa1xx9RMf9M=
Subject key identifier:   C9:4E:88:9E:CC:7C:F5:32:80:87:6F:2C:E3:20:84:37:AD:CB:7F:9F
Certificate issuer:       /CN=A9120974/serialNumber=A65104DC76A8E0E6A3D92146789680B73DDE5F58
Certificate serial:       1057
Authority key identifier: A6:51:04:DC:76:A8:E0:E6:A3:D9:21:46:78:96:80:B7:3D:DE:5F:58
Authority info access:    rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/plEE3Hao4Oaj2SFGeJaAtz3eX1g.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9120974/033240C03A4A11E9940F2D16C4F9AE02/A87BA1063A4B11E99182B31BC4F9AE02.roa
Signing time:             Fri 16 May 2025 17:51:23 +0000
ROA not before:           Fri 16 May 2025 17:51:23 +0000
ROA not after:            Thu 30 Jul 2026 00:00:00 +0000
asID:                     45090
IP address blocks:        109.244.0.0/16 maxlen: 16
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9120974/033240C03A4A11E9940F2D16C4F9AE02/plEE3Hao4Oaj2SFGeJaAtz3eX1g.crl
                          rsync://rpki.apnic.net/member_repository/A9120974/033240C03A4A11E9940F2D16C4F9AE02/plEE3Hao4Oaj2SFGeJaAtz3eX1g.mft
                          rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/plEE3Hao4Oaj2SFGeJaAtz3eX1g.cer
                          rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/DPzneFf88B852ZpitKpi5hWedvg.crl
                          rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/DPzneFf88B852ZpitKpi5hWedvg.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DPzneFf88B852ZpitKpi5hWedvg.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 19 Jun 2025 17:18:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4183 (0x1057)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9120974, serialNumber=A65104DC76A8E0E6A3D92146789680B73DDE5F58
        Validity
            Not Before: May 16 17:51:23 2025 GMT
            Not After : Jul 30 00:00:00 2026 GMT
        Subject: CN=68277b1b-7314
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:4d:07:b5:cf:d0:13:26:1c:3d:27:45:e8:2c:
                    76:67:32:f7:4f:34:c9:a9:3c:81:b2:c9:8f:62:44:
                    8d:cf:c0:9c:c4:8e:7e:db:3b:64:74:37:0b:b4:5b:
                    01:d2:3e:f2:ee:eb:99:50:59:0f:71:d9:13:ca:5f:
                    3f:63:63:23:32:c4:50:ef:61:63:a4:6e:1e:80:d6:
                    19:d3:39:47:02:a6:c6:5c:0f:20:97:b8:24:34:8f:
                    ee:d5:65:d3:26:8b:e0:4f:9e:85:b6:ea:3e:16:43:
                    70:0f:43:85:2b:f3:36:99:db:68:de:01:d9:4d:4e:
                    cb:65:30:a8:8f:32:92:32:24:ff:2c:0a:41:59:2b:
                    5b:8a:ca:e1:35:82:f6:5f:56:65:e5:4f:94:a0:c1:
                    1c:7c:9f:d1:da:4e:69:bd:88:ea:5b:77:20:cd:b3:
                    d4:58:73:61:13:ff:6c:8f:ba:a9:14:dd:a1:e9:a8:
                    71:3d:fd:71:f8:b9:2a:16:c2:dc:70:16:76:5b:39:
                    b2:0e:90:d0:b6:d7:f4:67:bb:ba:45:8a:8d:bd:cf:
                    a5:06:97:28:b8:0d:f7:8e:61:ca:de:0d:e4:3c:21:
                    b9:21:3c:ad:87:45:1f:1c:18:72:47:70:69:f7:3e:
                    ea:80:58:93:ff:dd:4e:3b:0c:ad:e9:75:a2:0a:36:
                    79:9f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C9:4E:88:9E:CC:7C:F5:32:80:87:6F:2C:E3:20:84:37:AD:CB:7F:9F
            X509v3 Authority Key Identifier:
                keyid:A6:51:04:DC:76:A8:E0:E6:A3:D9:21:46:78:96:80:B7:3D:DE:5F:58

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9120974/033240C03A4A11E9940F2D16C4F9AE02/plEE3Hao4Oaj2SFGeJaAtz3eX1g.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/plEE3Hao4Oaj2SFGeJaAtz3eX1g.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9120974/033240C03A4A11E9940F2D16C4F9AE02/A87BA1063A4B11E99182B31BC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  109.244.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         6d:ee:70:69:eb:11:b8:cc:64:05:16:27:fd:f1:b3:12:3c:9e:
         5e:56:a9:e8:cf:7c:5a:da:cc:be:48:22:da:17:ac:af:30:90:
         6a:36:7f:ac:c9:bf:04:94:72:51:fb:d0:75:6f:66:21:00:42:
         f1:88:d5:a9:33:c5:9f:ae:d5:bc:16:de:12:3f:b3:3e:ff:91:
         14:df:b7:51:b1:d2:54:b6:62:0b:07:3b:31:f2:ca:ab:a2:b5:
         7c:f8:7c:4f:5c:f0:94:07:d8:48:88:a1:4b:d0:c4:1c:4e:68:
         1e:46:8e:6d:1b:a7:55:7a:85:ab:bf:41:4f:c6:9f:da:08:02:
         8f:ff:b3:16:41:77:bc:99:0c:be:6a:e3:d7:87:5b:b3:29:10:
         bc:23:3e:ac:7a:fa:1d:d5:8a:fa:18:b3:52:7a:16:fb:8b:94:
         03:f7:6b:35:54:69:f1:9d:5a:db:2e:96:c0:54:28:7b:68:42:
         d4:c5:04:63:c1:4e:8a:7d:06:bf:89:43:1b:83:30:20:3a:d4:
         61:29:af:f1:fd:02:9f:7c:01:ef:6d:fe:33:01:d6:61:89:5c:
         fe:0e:2c:af:ee:2e:3d:26:c6:a5:3b:ba:b4:44:da:00:e9:b5:
         11:65:8a:7c:fe:6c:8f:39:23:59:07:21:b3:28:ca:89:c4:fd:
         1b:e4:36:42
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgICEFcwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MjA5NzQxMTAvBgNVBAUTKEE2NTEwNERDNzZBOEUwRTZBM0Q5MjE0Njc4OTY4MEI3
M0RERTVGNTgwHhcNMjUwNTE2MTc1MTIzWhcNMjYwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODI3N2IxYi03MzE0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAw00Htc/QEyYcPSdF6Cx2ZzL3TzTJqTyBssmPYkSNz8CcxI5+2ztkdDcLtFsB
0j7y7uuZUFkPcdkTyl8/Y2MjMsRQ72FjpG4egNYZ0zlHAqbGXA8gl7gkNI/u1WXT
JovgT56Ftuo+FkNwD0OFK/M2mdto3gHZTU7LZTCojzKSMiT/LApBWStbisrhNYL2
X1Zl5U+UoMEcfJ/R2k5pvYjqW3cgzbPUWHNhE/9sj7qpFN2h6ahxPf1x+LkqFsLc
cBZ2WzmyDpDQttf0Z7u6RYqNvc+lBpcouA33jmHK3g3kPCG5ITyth0UfHBhyR3Bp
9z7qgFiT/91OOwyt6XWiCjZ5nwIDAQABo4IClDCCApAwHQYDVR0OBBYEFMlOiJ7M
fPUygIdvLOMghDety3+fMB8GA1UdIwQYMBaAFKZRBNx2qODmo9khRniWgLc93l9Y
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEyMDk3NC8wMzMyNDBDMDNB
NEExMUU5OTQwRjJEMTZDNEY5QUUwMi9wbEVFM0hhbzRPYWoyU0ZHZUphQXR6M2VY
MWcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzMjJBNUY0MUQ2NjExRTJBM0YyN0Y3Qzcy
RkQxRkYyL3BsRUUzSGFvNE9hajJTRkdlSmFBdHozZVgxZy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MjA5NzQvMDMzMjQwQzAzQTRBMTFFOTk0MEYyRDE2QzRGOUFFMDIvQTg3QkExMDYz
QTRCMTFFOTkxODJCMzFCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHgYIKwYBBQUHAQcBAf8E
DzANMAsEAgABMAUDAwBt9DANBgkqhkiG9w0BAQsFAAOCAQEAbe5waesRuMxkBRYn
/fGzEjyeXlap6M98WtrMvkgi2hesrzCQajZ/rMm/BJRyUfvQdW9mIQBC8YjVqTPF
n67VvBbeEj+zPv+RFN+3UbHSVLZiCwc7MfLKq6K1fPh8T1zwlAfYSIihS9DEHE5o
HkaObRunVXqFq79BT8af2ggCj/+zFkF3vJkMvmrj14dbsykQvCM+rHr6HdWK+hiz
UnoW+4uUA/drNVRp8Z1a2y6WwFQoe2hC1MUEY8FOin0Gv4lDG4MwIDrUYSmv8f0C
n3wB723+MwHWYYlc/g4sr+4uPSbGpTu6tETaAOm1EWWKfP5sjzkjWQchsyjKicT9
G+Q2Qg==
-----END CERTIFICATE-----
Generated at Fri Jun 13 12:09:14 2025 by rpki-client