Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A912B4DB/5C50296C1DA811E2AB6BA6A208B02CD2/7FE5F2CEDB9411E9832A463AC4F9AE02.roa
File:                     7FE5F2CEDB9411E9832A463AC4F9AE02.roa (raw, json)
Hash identifier:          Sw4ihe/uH6fmIDPdKoxmP7xAVXuq4ul6aZ2AD9s5AWE=
Subject key identifier:   45:C5:9B:51:08:E8:23:0A:93:D9:E3:03:6C:70:02:51:F0:35:D4:FA
Certificate issuer:       /CN=A912B4DB/serialNumber=0DC5CE4A294F2C9380A9135EE1F0530728A4CDA6
Certificate serial:       349C
Authority key identifier: 0D:C5:CE:4A:29:4F:2C:93:80:A9:13:5E:E1:F0:53:07:28:A4:CD:A6
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DcXOSilPLJOAqRNe4fBTByikzaY.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A912B4DB/5C50296C1DA811E2AB6BA6A208B02CD2/7FE5F2CEDB9411E9832A463AC4F9AE02.roa
Signing time:             Wed 04 Jun 2025 15:51:00 +0000
ROA not before:           Wed 04 Jun 2025 15:51:00 +0000
ROA not after:            Mon 31 Aug 2026 00:00:00 +0000
asID:                     56293
IP address blocks:        59.153.84.0/22 maxlen: 24
                          103.10.20.0/22 maxlen: 24
                          2400:db80::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A912B4DB/5C50296C1DA811E2AB6BA6A208B02CD2/DcXOSilPLJOAqRNe4fBTByikzaY.crl
                          rsync://rpki.apnic.net/member_repository/A912B4DB/5C50296C1DA811E2AB6BA6A208B02CD2/DcXOSilPLJOAqRNe4fBTByikzaY.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DcXOSilPLJOAqRNe4fBTByikzaY.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 17 Jun 2025 15:12:58 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 13468 (0x349c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A912B4DB, serialNumber=0DC5CE4A294F2C9380A9135EE1F0530728A4CDA6
        Validity
            Not Before: Jun  4 15:51:00 2025 GMT
            Not After : Aug 31 00:00:00 2026 GMT
        Subject: CN=68406b64-a3f8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cd:31:68:70:2a:a2:1e:bf:f2:1e:e3:f1:61:79:
                    f6:ce:b6:a8:68:67:9b:6f:5c:5e:44:02:f4:3a:e6:
                    53:d1:ca:b0:67:6b:a7:bd:77:7b:1a:8b:88:3d:c2:
                    f1:00:4e:42:b9:01:13:18:2c:13:11:ab:67:6f:10:
                    cf:e5:c7:36:13:cd:cc:84:15:de:62:81:bd:bf:8d:
                    8f:9a:4d:5e:d5:f1:ee:64:83:c5:23:ef:38:3e:4f:
                    87:01:bb:9b:1f:ff:02:b0:00:43:81:0e:48:04:0e:
                    a2:8f:f6:e4:10:2c:cf:5b:50:d8:b2:cd:0d:3d:da:
                    7c:ce:7e:fc:d3:35:50:f1:63:88:df:e9:cc:31:7a:
                    69:82:60:ca:3b:d0:95:0b:55:37:d8:bf:c4:89:5a:
                    12:40:58:f9:a4:df:60:dc:e8:77:1d:5a:8c:2c:7b:
                    f7:88:28:8c:0b:45:26:49:2c:8f:c4:83:0c:c9:9f:
                    a2:e0:4f:08:a2:07:43:ba:1d:e6:a7:03:1c:0a:11:
                    65:63:40:f7:31:cf:8d:70:3b:da:b9:f8:4c:fc:29:
                    b0:ad:c4:b4:af:48:f0:da:7d:b5:dc:bd:6f:b8:dd:
                    f7:b0:aa:c2:03:a9:59:78:2c:86:0a:7f:22:14:b1:
                    ec:0f:14:96:c9:73:58:40:03:63:84:43:64:6f:87:
                    6f:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                45:C5:9B:51:08:E8:23:0A:93:D9:E3:03:6C:70:02:51:F0:35:D4:FA
            X509v3 Authority Key Identifier:
                keyid:0D:C5:CE:4A:29:4F:2C:93:80:A9:13:5E:E1:F0:53:07:28:A4:CD:A6

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A912B4DB/5C50296C1DA811E2AB6BA6A208B02CD2/DcXOSilPLJOAqRNe4fBTByikzaY.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DcXOSilPLJOAqRNe4fBTByikzaY.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A912B4DB/5C50296C1DA811E2AB6BA6A208B02CD2/7FE5F2CEDB9411E9832A463AC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  59.153.84.0/22
                  103.10.20.0/22
                IPv6:
                  2400:db80::/32

    Signature Algorithm: sha256WithRSAEncryption
         06:d6:d9:19:84:ae:52:b1:01:3d:3e:f9:4f:7b:6b:2b:07:f2:
         92:01:4e:c2:86:38:8c:bf:e3:2f:c1:b9:ec:5c:ba:aa:8d:15:
         80:f9:52:fd:6d:86:98:73:45:ed:3e:bd:01:1e:ad:c1:97:6f:
         8d:1d:a6:e4:cc:0a:5c:20:47:a7:a6:88:09:66:26:fc:65:cf:
         41:ea:eb:4e:50:70:9b:8c:e9:1c:c1:c3:0f:b5:32:f2:8a:b2:
         f5:30:f9:e6:91:dc:15:c2:61:48:2b:34:08:3f:75:86:40:00:
         d9:ec:11:d2:00:5f:30:05:ba:7e:76:18:fe:a7:6e:2b:ff:63:
         ff:63:c6:d8:cf:de:87:0e:f4:05:8e:03:5f:c3:9d:a3:bf:9c:
         21:f0:76:45:e2:de:d1:04:42:04:37:94:bb:9c:eb:0a:b3:b3:
         af:8a:9e:45:f1:ca:79:27:78:87:86:d0:55:fb:e1:6c:53:16:
         3b:ac:81:f6:62:eb:b4:69:f6:da:e4:29:fa:d7:43:39:64:d4:
         e5:6f:e2:3c:97:6a:9c:45:e1:b5:52:fc:63:42:f9:f8:bb:f0:
         d3:be:a8:f0:68:f9:8e:ad:1d:c6:93:f9:da:a0:0e:43:1e:97:
         9a:7a:ca:14:d9:b6:f8:a4:59:8a:a6:e3:87:a1:da:df:f5:0a:
         b4:2b:8e:53
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgICNJwwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MkI0REIxMTAvBgNVBAUTKDBEQzVDRTRBMjk0RjJDOTM4MEE5MTM1RUUxRjA1MzA3
MjhBNENEQTYwHhcNMjUwNjA0MTU1MTAwWhcNMjYwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODQwNmI2NC1hM2Y4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAzTFocCqiHr/yHuPxYXn2zraoaGebb1xeRAL0OuZT0cqwZ2unvXd7GouIPcLx
AE5CuQETGCwTEatnbxDP5cc2E83MhBXeYoG9v42Pmk1e1fHuZIPFI+84Pk+HAbub
H/8CsABDgQ5IBA6ij/bkECzPW1DYss0NPdp8zn780zVQ8WOI3+nMMXppgmDKO9CV
C1U32L/EiVoSQFj5pN9g3Oh3HVqMLHv3iCiMC0UmSSyPxIMMyZ+i4E8IogdDuh3m
pwMcChFlY0D3Mc+NcDvaufhM/CmwrcS0r0jw2n213L1vuN33sKrCA6lZeCyGCn8i
FLHsDxSWyXNYQANjhENkb4dvAQIDAQABo4ICqjCCAqYwHQYDVR0OBBYEFEXFm1EI
6CMKk9njA2xwAlHwNdT6MB8GA1UdIwQYMBaAFA3FzkopTyyTgKkTXuHwUwcopM2m
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEyQjREQi81QzUwMjk2QzFE
QTgxMUUyQUI2QkE2QTIwOEIwMkNEMi9EY1hPU2lsUExKT0FxUk5lNGZCVEJ5aWt6
YVkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0RjWE9TaWxQTEpPQXFSTmU0ZkJUQnlpa3phWS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MkI0REIvNUM1MDI5NkMxREE4MTFFMkFCNkJBNkEyMDhCMDJDRDIvN0ZFNUYyQ0VE
Qjk0MTFFOTgzMkE0NjNBQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNAYIKwYBBQUHAQcBAf8E
JTAjMBIEAgABMAwDBAI7mVQDBAJnChQwDQQCAAIwBwMFACQA24AwDQYJKoZIhvcN
AQELBQADggEBAAbW2RmErlKxAT0++U97aysH8pIBTsKGOIy/4y/BuexcuqqNFYD5
Uv1thphzRe0+vQEercGXb40dpuTMClwgR6emiAlmJvxlz0Hq605QcJuM6RzBww+1
MvKKsvUw+eaR3BXCYUgrNAg/dYZAANnsEdIAXzAFun52GP6nbiv/Y/9jxtjP3ocO
9AWOA1/DnaO/nCHwdkXi3tEEQgQ3lLuc6wqzs6+KnkXxynkneIeG0FX74WxTFjus
gfZi67Rp9trkKfrXQzlk1OVv4jyXapxF4bVS/GNC+fi78NO+qPBo+Y6tHcaT+dqg
DkMel5p6yhTZtvikWYqm44eh2t/1CrQrjlM=
-----END CERTIFICATE-----
Generated at Thu Jun 12 13:12:49 2025 by rpki-client