Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9148D01/E92519FA990B11EBA355CB53C4F9AE02/4CBCEB321FBE11EF97E7974FC4F9AE02.roa
File:                     4CBCEB321FBE11EF97E7974FC4F9AE02.roa (raw, json)
Hash identifier:          v8w67SRPHv5U3TDYb0E9tPTZXlnE+rXhgTwELGaPne4=
Subject key identifier:   6C:68:86:F1:3C:D9:19:46:65:EB:C7:6F:DE:F3:FC:81:CB:B7:C7:38
Certificate issuer:       /CN=A9148D01/serialNumber=7E36AB1C044321B74CF678263E0524FD34179BBD
Certificate serial:       0604
Authority key identifier: 7E:36:AB:1C:04:43:21:B7:4C:F6:78:26:3E:05:24:FD:34:17:9B:BD
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/fjarHARDIbdM9ngmPgUk_TQXm70.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9148D01/E92519FA990B11EBA355CB53C4F9AE02/4CBCEB321FBE11EF97E7974FC4F9AE02.roa
Signing time:             Mon 03 Jun 2024 01:55:13 +0000
ROA not before:           Mon 03 Jun 2024 01:55:13 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     134540
IP address blocks:        49.248.98.0/23 maxlen: 24
                          49.248.100.0/22 maxlen: 24
                          49.248.127.0/24 maxlen: 24
                          49.248.128.0/24 maxlen: 24
                          49.248.130.0/24 maxlen: 24
                          49.248.131.0/24 maxlen: 24
                          49.248.132.0/24 maxlen: 24
                          49.248.133.0/24 maxlen: 24
                          49.248.134.0/24 maxlen: 24
                          49.248.136.0/24 maxlen: 24
                          49.248.137.0/24 maxlen: 24
                          49.248.150.0/24 maxlen: 24
                          114.143.2.0/24 maxlen: 24
                          114.143.4.0/23 maxlen: 23
                          114.143.8.0/24 maxlen: 24
                          114.143.10.0/24 maxlen: 24
                          114.143.11.0/24 maxlen: 24
                          114.143.12.0/24 maxlen: 24
                          114.143.15.0/24 maxlen: 24
                          114.143.18.0/24 maxlen: 24
                          114.143.19.0/24 maxlen: 24
                          114.143.21.0/24 maxlen: 24
                          114.143.22.0/24 maxlen: 24
                          114.143.24.0/24 maxlen: 24
                          114.143.28.0/24 maxlen: 24
                          114.143.29.0/24 maxlen: 24
                          114.143.32.0/21 maxlen: 24
                          114.143.80.0/20 maxlen: 20
                          114.143.96.0/24 maxlen: 24
                          114.143.97.0/24 maxlen: 24
                          114.143.196.0/24 maxlen: 24
                          123.252.128.0/24 maxlen: 24
                          123.252.129.0/24 maxlen: 24
                          123.252.130.0/24 maxlen: 24
                          123.252.132.0/24 maxlen: 24
                          123.252.139.0/24 maxlen: 24
                          123.252.141.0/24 maxlen: 24
                          123.252.142.0/24 maxlen: 24
                          123.252.143.0/24 maxlen: 24
                          123.252.144.0/24 maxlen: 24
                          123.252.145.0/24 maxlen: 24
                          123.252.150.0/24 maxlen: 24
                          123.252.152.0/24 maxlen: 24
                          123.252.153.0/24 maxlen: 24
                          123.252.154.0/24 maxlen: 24
                          123.252.155.0/24 maxlen: 24
                          123.252.156.0/24 maxlen: 24
                          123.252.157.0/24 maxlen: 24
                          123.252.158.0/24 maxlen: 24
                          123.252.159.0/24 maxlen: 24
                          123.252.160.0/24 maxlen: 24
                          123.252.162.0/24 maxlen: 24
                          123.252.164.0/24 maxlen: 24
                          123.252.166.0/24 maxlen: 24
                          123.252.167.0/24 maxlen: 24
                          123.252.168.0/24 maxlen: 24
                          123.252.169.0/24 maxlen: 24
                          123.252.172.0/24 maxlen: 24
                          123.252.177.0/24 maxlen: 24
                          123.252.178.0/24 maxlen: 24
                          123.252.179.0/24 maxlen: 24
                          123.252.180.0/24 maxlen: 24
                          123.252.182.0/24 maxlen: 24
                          123.252.183.0/24 maxlen: 24
                          123.252.184.0/24 maxlen: 24
                          123.252.185.0/24 maxlen: 24
                          123.252.186.0/24 maxlen: 24
                          123.252.187.0/24 maxlen: 24
                          123.252.192.0/24 maxlen: 24
                          123.252.196.0/24 maxlen: 24
                          123.252.198.0/24 maxlen: 24
                          123.252.199.0/24 maxlen: 24
                          123.252.202.0/24 maxlen: 24
                          123.252.207.0/24 maxlen: 24
                          123.252.212.0/22 maxlen: 24
                          123.252.216.0/24 maxlen: 24
                          123.252.221.0/24 maxlen: 24
                          123.252.223.0/24 maxlen: 24
                          123.252.224.0/21 maxlen: 24
                          123.252.234.0/24 maxlen: 24
                          123.252.237.0/24 maxlen: 24
                          123.252.239.0/24 maxlen: 24
                          123.252.240.0/22 maxlen: 22
                          123.252.245.0/24 maxlen: 24
                          123.252.246.0/24 maxlen: 24
                          123.252.248.0/24 maxlen: 24
                          123.252.254.0/24 maxlen: 24
                          202.149.194.0/24 maxlen: 24
                          202.149.195.0/24 maxlen: 24
                          202.149.197.0/24 maxlen: 24
                          202.149.200.0/24 maxlen: 24
                          202.149.211.0/24 maxlen: 24
                          202.149.212.0/24 maxlen: 24
                          202.149.213.0/24 maxlen: 24
                          202.149.215.0/24 maxlen: 24
                          202.149.216.0/24 maxlen: 24
                          202.189.225.0/24 maxlen: 24
                          202.189.229.0/24 maxlen: 24
                          202.189.230.0/24 maxlen: 24
                          202.189.231.0/24 maxlen: 24
                          202.189.232.0/24 maxlen: 24
                          202.189.233.0/24 maxlen: 24
                          202.189.234.0/24 maxlen: 24
                          202.189.236.0/24 maxlen: 24
                          202.189.237.0/24 maxlen: 24
                          202.189.238.0/24 maxlen: 24
                          202.189.240.0/24 maxlen: 24
                          202.189.241.0/24 maxlen: 24
                          202.189.242.0/24 maxlen: 24
                          202.189.244.0/24 maxlen: 24
                          202.189.245.0/24 maxlen: 24
                          202.189.247.0/24 maxlen: 24
                          202.189.250.0/24 maxlen: 24
                          202.189.251.0/24 maxlen: 24
                          202.189.252.0/24 maxlen: 24
                          202.189.253.0/24 maxlen: 24
                          202.189.254.0/24 maxlen: 24
                          2402:d400:a1::/48 maxlen: 51
                          2402:d400:a2::/48 maxlen: 51

Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9148D01/E92519FA990B11EBA355CB53C4F9AE02/fjarHARDIbdM9ngmPgUk_TQXm70.crl
                          rsync://rpki.apnic.net/member_repository/A9148D01/E92519FA990B11EBA355CB53C4F9AE02/fjarHARDIbdM9ngmPgUk_TQXm70.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/fjarHARDIbdM9ngmPgUk_TQXm70.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 29 Nov 2024 20:43:15 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1540 (0x604)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9148D01/serialNumber=7E36AB1C044321B74CF678263E0524FD34179BBD
        Validity
            Not Before: Jun  3 01:55:13 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=665d2281-2c58
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b6:63:08:90:3e:1a:16:b8:b9:b9:53:8b:b4:3c:
                    98:df:80:64:8f:53:96:20:1e:e3:ef:5d:fe:47:dd:
                    9c:81:9f:76:77:b6:6b:71:7d:75:c7:f0:a0:07:5a:
                    3e:21:eb:7a:d4:a9:40:68:1d:14:60:ed:95:26:41:
                    f0:fa:51:1a:32:1d:79:b2:1b:36:d1:e8:f2:5c:e7:
                    19:1e:07:ae:e8:1d:77:db:75:78:88:42:9d:e1:b2:
                    c5:79:84:e1:03:fd:4b:56:08:da:30:f4:0c:dc:eb:
                    10:4b:ea:37:a5:ac:e1:9c:e2:3c:9f:bd:60:ce:aa:
                    02:77:45:de:37:9d:d9:b9:25:86:16:06:15:0d:e9:
                    5e:e2:43:f6:a2:96:56:22:6f:c7:5d:1f:a7:e8:66:
                    bf:31:78:d9:f4:7e:2e:1e:35:3d:8c:25:a4:48:3c:
                    bc:b0:4e:e1:16:0c:0d:e1:3e:43:10:f1:8c:03:1a:
                    cf:40:06:ab:f0:0f:f0:47:9b:60:88:b5:e4:e7:da:
                    06:ed:54:52:11:8f:89:4a:24:b3:b5:34:90:f6:a3:
                    9f:33:c1:cb:71:90:f4:11:c4:03:f7:e4:c1:95:09:
                    9c:fc:c4:35:47:13:80:8c:59:d7:e7:1d:50:ea:d8:
                    6e:8b:a2:8c:df:58:4a:b4:18:3b:0f:b7:98:d9:45:
                    48:8f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6C:68:86:F1:3C:D9:19:46:65:EB:C7:6F:DE:F3:FC:81:CB:B7:C7:38
            X509v3 Authority Key Identifier:
                keyid:7E:36:AB:1C:04:43:21:B7:4C:F6:78:26:3E:05:24:FD:34:17:9B:BD

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9148D01/E92519FA990B11EBA355CB53C4F9AE02/fjarHARDIbdM9ngmPgUk_TQXm70.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/fjarHARDIbdM9ngmPgUk_TQXm70.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9148D01/E92519FA990B11EBA355CB53C4F9AE02/4CBCEB321FBE11EF97E7974FC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  49.248.98.0-49.248.103.255
                  49.248.127.0-49.248.128.255
                  49.248.130.0-49.248.134.255
                  49.248.136.0/23
                  49.248.150.0/24
                  114.143.2.0/24
                  114.143.4.0/23
                  114.143.8.0/24
                  114.143.10.0-114.143.12.255
                  114.143.15.0/24
                  114.143.18.0/23
                  114.143.21.0-114.143.22.255
                  114.143.24.0/24
                  114.143.28.0/23
                  114.143.32.0/21
                  114.143.80.0-114.143.97.255
                  114.143.196.0/24
                  123.252.128.0-123.252.130.255
                  123.252.132.0/24
                  123.252.139.0/24
                  123.252.141.0-123.252.145.255
                  123.252.150.0/24
                  123.252.152.0-123.252.160.255
                  123.252.162.0/24
                  123.252.164.0/24
                  123.252.166.0-123.252.169.255
                  123.252.172.0/24
                  123.252.177.0-123.252.180.255
                  123.252.182.0-123.252.187.255
                  123.252.192.0/24
                  123.252.196.0/24
                  123.252.198.0/23
                  123.252.202.0/24
                  123.252.207.0/24
                  123.252.212.0-123.252.216.255
                  123.252.221.0/24
                  123.252.223.0-123.252.231.255
                  123.252.234.0/24
                  123.252.237.0/24
                  123.252.239.0-123.252.243.255
                  123.252.245.0-123.252.246.255
                  123.252.248.0/24
                  123.252.254.0/24
                  202.149.194.0/23
                  202.149.197.0/24
                  202.149.200.0/24
                  202.149.211.0-202.149.213.255
                  202.149.215.0-202.149.216.255
                  202.189.225.0/24
                  202.189.229.0-202.189.234.255
                  202.189.236.0-202.189.238.255
                  202.189.240.0-202.189.242.255
                  202.189.244.0/23
                  202.189.247.0/24
                  202.189.250.0-202.189.254.255
                IPv6:
                  2402:d400:a1::-2402:d400:a2:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         32:f3:f7:50:1e:ba:c7:e1:c5:7e:2c:af:9c:3a:90:2f:30:4d:
         5c:bf:da:bf:f1:0d:4e:51:ae:2c:34:cb:bf:f6:b3:43:ed:57:
         c7:6b:22:b9:c2:bb:f7:5c:fe:fe:15:e8:38:cb:f7:ef:f9:75:
         96:97:b2:d0:30:78:c9:02:c0:f1:d4:4d:d3:78:2b:4e:dd:71:
         d1:81:2c:a0:0d:10:38:e4:b8:d4:64:9a:2d:d7:48:bd:6c:c8:
         a9:0c:1c:fc:79:b3:67:84:1c:33:6e:b7:55:3f:14:4f:79:2f:
         bb:fa:e9:8c:e6:f1:52:c3:73:28:f4:d0:d6:1f:25:17:27:05:
         b2:5c:24:d4:86:41:45:07:c9:7d:8f:cb:30:0f:94:51:c0:ab:
         a9:82:35:1b:7c:97:b8:27:95:5f:e6:8f:50:72:21:59:15:ae:
         46:a8:e1:26:7f:b9:0a:13:b9:47:ff:37:aa:56:5d:48:aa:fd:
         51:c7:fe:d3:ee:3c:b0:1e:36:f9:0e:f3:3a:36:c9:5c:fa:28:
         8f:5f:54:92:9c:76:6a:99:1b:ad:ed:a3:16:ad:23:f9:8a:c0:
         1a:70:7b:a9:bf:0d:d1:6a:28:81:29:da:ca:ee:7c:ea:95:60:
         61:e8:37:83:6e:98:af:2b:39:56:e3:c2:d5:75:85:c7:ee:87:
         fd:6a:4c:b7
-----BEGIN CERTIFICATE-----
MIIHizCCBnOgAwIBAgICBgQwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDhEMDExMTAvBgNVBAUTKDdFMzZBQjFDMDQ0MzIxQjc0Q0Y2NzgyNjNFMDUyNEZE
MzQxNzlCQkQwHhcNMjQwNjAzMDE1NTEzWhcNMjUwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02NjVkMjI4MS0yYzU4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAtmMIkD4aFri5uVOLtDyY34Bkj1OWIB7j713+R92cgZ92d7ZrcX11x/CgB1o+
Iet61KlAaB0UYO2VJkHw+lEaMh15shs20ejyXOcZHgeu6B1323V4iEKd4bLFeYTh
A/1LVgjaMPQM3OsQS+o3pazhnOI8n71gzqoCd0XeN53ZuSWGFgYVDele4kP2opZW
Im/HXR+n6Ga/MXjZ9H4uHjU9jCWkSDy8sE7hFgwN4T5DEPGMAxrPQAar8A/wR5tg
iLXk59oG7VRSEY+JSiSztTSQ9qOfM8HLcZD0EcQD9+TBlQmc/MQ1RxOAjFnX5x1Q
6thui6KM31hKtBg7D7eY2UVIjwIDAQABo4IErzCCBKswHQYDVR0OBBYEFGxohvE8
2RlGZevHb97z/IHLt8c4MB8GA1UdIwQYMBaAFH42qxwEQyG3TPZ4Jj4FJP00F5u9
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0OEQwMS9FOTI1MTlGQTk5
MEIxMUVCQTM1NUNCNTNDNEY5QUUwMi9mamFySEFSREliZE05bmdtUGdVa19UUVht
NzAuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2ZqYXJIQVJESWJkTTluZ21QZ1VrX1RRWG03MC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDhEMDEvRTkyNTE5RkE5OTBCMTFFQkEzNTVDQjUzQzRGOUFFMDIvNENCQ0VCMzIx
RkJFMTFFRjk3RTc5NzRGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwggI3BggrBgEFBQcBBwEB
/wSCAiYwggIiMIICAgQCAAEwggH6MAwDBAEx+GIDBAMx+GAwDAMEADH4fwMEADH4
gDAMAwQBMfiCAwQAMfiGAwQBMfiIAwQAMfiWAwQAco8CAwQBco8EAwQAco8IMAwD
BAFyjwoDBAByjwwDBAByjw8DBAFyjxIwDAMEAHKPFQMEAHKPFgMEAHKPGAMEAXKP
HAMEA3KPIDAMAwQEco9QAwQBco9gAwQAco/EMAwDBAd7/IADBAB7/IIDBAB7/IQD
BAB7/IswDAMEAHv8jQMEAXv8kAMEAHv8ljAMAwQDe/yYAwQAe/ygAwQAe/yiAwQA
e/ykMAwDBAF7/KYDBAF7/KgDBAB7/KwwDAMEAHv8sQMEAHv8tDAMAwQBe/y2AwQC
e/y4AwQAe/zAAwQAe/zEAwQBe/zGAwQAe/zKAwQAe/zPMAwDBAJ7/NQDBAB7/NgD
BAB7/N0wDAMEAHv83wMEA3v84AMEAHv86gMEAHv87TAMAwQAe/zvAwQCe/zwMAwD
BAB7/PUDBAB7/PYDBAB7/PgDBAB7/P4DBAHKlcIDBADKlcUDBADKlcgwDAMEAMqV
0wMEAcqV1DAMAwQAypXXAwQAypXYAwQAyr3hMAwDBADKveUDBADKveowDAMEAsq9
7AMEAMq97jAMAwQEyr3wAwQAyr3yAwQByr30AwQAyr33MAwDBAHKvfoDBADKvf4w
GgQCAAIwFDASAwcAJALUAAChAwcAJALUAACiMA0GCSqGSIb3DQEBCwUAA4IBAQAy
8/dQHrrH4cV+LK+cOpAvME1cv9q/8Q1OUa4sNMu/9rND7VfHayK5wrv3XP7+Feg4
y/fv+XWWl7LQMHjJAsDx1E3TeCtO3XHRgSygDRA45LjUZJot10i9bMipDBz8ebNn
hBwzbrdVPxRPeS+7+umM5vFSw3Mo9NDWHyUXJwWyXCTUhkFFB8l9j8swD5RRwKup
gjUbfJe4J5Vf5o9QciFZFa5GqOEmf7kKE7lH/zeqVl1Iqv1Rx/7T7jywHjb5DvM6
Nslc+iiPX1SSnHZqmRut7aMWrSP5isAacHupvw3RaiiBKdrK7nzqlWBh6DeDbpiv
KzlW48LVdYXH7of9aky3
-----END CERTIFICATE-----
Generated at Sat Nov 23 00:08:39 2024 by rpki-client on console-ams.rpki-client.org