Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9148D01/E92519FA990B11EBA355CB53C4F9AE02/4CBCEB321FBE11EF97E7974FC4F9AE02.roa
File:                     4CBCEB321FBE11EF97E7974FC4F9AE02.roa (raw, json)
Hash identifier:          Ewou1QcNItpQthFWEmWwwkpuXzxhZqW9J78lYj+caRY=
Subject key identifier:   CD:88:F5:46:AD:17:08:D4:08:09:72:87:51:A9:CD:7E:95:DA:2B:C7
Certificate issuer:       /CN=A9148D01/serialNumber=7E36AB1C044321B74CF678263E0524FD34179BBD
Certificate serial:       07AD
Authority key identifier: 7E:36:AB:1C:04:43:21:B7:4C:F6:78:26:3E:05:24:FD:34:17:9B:BD
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/fjarHARDIbdM9ngmPgUk_TQXm70.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9148D01/E92519FA990B11EBA355CB53C4F9AE02/4CBCEB321FBE11EF97E7974FC4F9AE02.roa
Signing time:             Wed 08 Jul 2026 23:24:54 +0000
ROA not before:           Wed 08 Jul 2026 23:24:53 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     134540
IP address blocks:        49.248.98.0/23 maxlen: 24
                          49.248.100.0/22 maxlen: 24
                          49.248.127.0/24 maxlen: 24
                          49.248.128.0/24 maxlen: 24
                          49.248.130.0/24 maxlen: 24
                          49.248.131.0/24 maxlen: 24
                          49.248.132.0/24 maxlen: 24
                          49.248.133.0/24 maxlen: 24
                          49.248.134.0/24 maxlen: 24
                          49.248.136.0/24 maxlen: 24
                          49.248.137.0/24 maxlen: 24
                          49.248.150.0/24 maxlen: 24
                          114.143.2.0/24 maxlen: 24
                          114.143.4.0/23 maxlen: 23
                          114.143.8.0/24 maxlen: 24
                          114.143.10.0/24 maxlen: 24
                          114.143.11.0/24 maxlen: 24
                          114.143.12.0/24 maxlen: 24
                          114.143.15.0/24 maxlen: 24
                          114.143.18.0/24 maxlen: 24
                          114.143.19.0/24 maxlen: 24
                          114.143.21.0/24 maxlen: 24
                          114.143.22.0/24 maxlen: 24
                          114.143.24.0/24 maxlen: 24
                          114.143.28.0/24 maxlen: 24
                          114.143.29.0/24 maxlen: 24
                          114.143.32.0/21 maxlen: 24
                          114.143.80.0/20 maxlen: 20
                          114.143.96.0/24 maxlen: 24
                          114.143.97.0/24 maxlen: 24
                          114.143.196.0/24 maxlen: 24
                          123.252.128.0/24 maxlen: 24
                          123.252.129.0/24 maxlen: 24
                          123.252.130.0/24 maxlen: 24
                          123.252.132.0/24 maxlen: 24
                          123.252.139.0/24 maxlen: 24
                          123.252.141.0/24 maxlen: 24
                          123.252.142.0/24 maxlen: 24
                          123.252.143.0/24 maxlen: 24
                          123.252.144.0/24 maxlen: 24
                          123.252.145.0/24 maxlen: 24
                          123.252.150.0/24 maxlen: 24
                          123.252.152.0/24 maxlen: 24
                          123.252.153.0/24 maxlen: 24
                          123.252.154.0/24 maxlen: 24
                          123.252.155.0/24 maxlen: 24
                          123.252.156.0/24 maxlen: 24
                          123.252.157.0/24 maxlen: 24
                          123.252.158.0/24 maxlen: 24
                          123.252.159.0/24 maxlen: 24
                          123.252.160.0/24 maxlen: 24
                          123.252.162.0/24 maxlen: 24
                          123.252.164.0/24 maxlen: 24
                          123.252.166.0/24 maxlen: 24
                          123.252.167.0/24 maxlen: 24
                          123.252.168.0/24 maxlen: 24
                          123.252.169.0/24 maxlen: 24
                          123.252.172.0/24 maxlen: 24
                          123.252.177.0/24 maxlen: 24
                          123.252.178.0/24 maxlen: 24
                          123.252.179.0/24 maxlen: 24
                          123.252.180.0/24 maxlen: 24
                          123.252.182.0/24 maxlen: 24
                          123.252.183.0/24 maxlen: 24
                          123.252.184.0/24 maxlen: 24
                          123.252.185.0/24 maxlen: 24
                          123.252.186.0/24 maxlen: 24
                          123.252.187.0/24 maxlen: 24
                          123.252.192.0/24 maxlen: 24
                          123.252.196.0/24 maxlen: 24
                          123.252.198.0/24 maxlen: 24
                          123.252.199.0/24 maxlen: 24
                          123.252.202.0/24 maxlen: 24
                          123.252.207.0/24 maxlen: 24
                          123.252.212.0/22 maxlen: 24
                          123.252.216.0/24 maxlen: 24
                          123.252.221.0/24 maxlen: 24
                          123.252.223.0/24 maxlen: 24
                          123.252.224.0/21 maxlen: 24
                          123.252.234.0/24 maxlen: 24
                          123.252.237.0/24 maxlen: 24
                          123.252.239.0/24 maxlen: 24
                          123.252.240.0/22 maxlen: 22
                          123.252.245.0/24 maxlen: 24
                          123.252.246.0/24 maxlen: 24
                          123.252.248.0/24 maxlen: 24
                          123.252.254.0/24 maxlen: 24
                          202.149.194.0/24 maxlen: 24
                          202.149.195.0/24 maxlen: 24
                          202.149.197.0/24 maxlen: 24
                          202.149.200.0/24 maxlen: 24
                          202.149.211.0/24 maxlen: 24
                          202.149.212.0/24 maxlen: 24
                          202.149.213.0/24 maxlen: 24
                          202.149.215.0/24 maxlen: 24
                          202.149.216.0/24 maxlen: 24
                          202.189.225.0/24 maxlen: 24
                          202.189.229.0/24 maxlen: 24
                          202.189.230.0/24 maxlen: 24
                          202.189.231.0/24 maxlen: 24
                          202.189.232.0/24 maxlen: 24
                          202.189.233.0/24 maxlen: 24
                          202.189.234.0/24 maxlen: 24
                          202.189.236.0/24 maxlen: 24
                          202.189.237.0/24 maxlen: 24
                          202.189.238.0/24 maxlen: 24
                          202.189.240.0/24 maxlen: 24
                          202.189.241.0/24 maxlen: 24
                          202.189.242.0/24 maxlen: 24
                          202.189.244.0/24 maxlen: 24
                          202.189.245.0/24 maxlen: 24
                          202.189.247.0/24 maxlen: 24
                          202.189.250.0/24 maxlen: 24
                          202.189.251.0/24 maxlen: 24
                          202.189.252.0/24 maxlen: 24
                          202.189.253.0/24 maxlen: 24
                          202.189.254.0/24 maxlen: 24
                          2402:d400:a1::/48 maxlen: 51
                          2402:d400:a2::/48 maxlen: 51
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9148D01/E92519FA990B11EBA355CB53C4F9AE02/fjarHARDIbdM9ngmPgUk_TQXm70.crl
                          rsync://rpki.apnic.net/member_repository/A9148D01/E92519FA990B11EBA355CB53C4F9AE02/fjarHARDIbdM9ngmPgUk_TQXm70.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/fjarHARDIbdM9ngmPgUk_TQXm70.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 23 Jul 2026 22:34:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1965 (0x7ad)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9148D01, serialNumber=7E36AB1C044321B74CF678263E0524FD34179BBD
        Validity
            Not Before: Jul  8 23:24:53 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6a4edc45-526a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:b2:bc:c1:4f:24:25:4a:3d:3a:27:52:19:39:
                    fd:40:72:56:34:99:5a:9d:7b:55:21:44:88:ef:26:
                    df:af:7a:a9:e8:bd:1e:92:a1:25:cd:cc:71:22:b3:
                    21:83:b6:52:ff:3c:18:cf:1e:e8:1a:52:3b:49:7d:
                    5f:86:53:d8:5d:6f:94:d8:71:b6:5f:ef:c1:38:83:
                    a5:b6:fe:4d:c6:1d:3e:31:50:99:e5:f4:65:d5:56:
                    ca:5b:83:45:2a:02:94:e5:37:86:56:9f:50:3e:7a:
                    38:c7:8a:c9:57:80:80:ff:cf:f1:3f:a7:ee:be:83:
                    d3:11:01:4b:f2:fd:1f:92:c1:6c:2e:2a:39:bf:04:
                    ee:1c:df:fd:42:39:cd:56:f0:0d:b0:38:01:69:96:
                    ad:64:1a:c3:b4:48:6a:18:5c:87:36:59:6c:ad:69:
                    37:cc:05:2d:2a:29:1f:92:5b:33:4f:8f:76:65:9e:
                    e3:ab:9a:69:d8:c0:46:3c:ea:23:46:de:57:60:06:
                    48:29:c2:82:6f:f0:27:5c:df:18:70:60:7a:7c:10:
                    79:a7:7e:da:7c:31:c8:e9:78:c4:7d:1d:ce:8a:6c:
                    ae:c6:40:fc:04:65:e1:72:4b:72:a7:98:90:b6:7e:
                    a4:e3:2e:dd:6f:92:5e:83:a4:6a:1c:a4:d1:6d:b9:
                    b7:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:88:F5:46:AD:17:08:D4:08:09:72:87:51:A9:CD:7E:95:DA:2B:C7
            X509v3 Authority Key Identifier:
                keyid:7E:36:AB:1C:04:43:21:B7:4C:F6:78:26:3E:05:24:FD:34:17:9B:BD

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9148D01/E92519FA990B11EBA355CB53C4F9AE02/fjarHARDIbdM9ngmPgUk_TQXm70.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/fjarHARDIbdM9ngmPgUk_TQXm70.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9148D01/E92519FA990B11EBA355CB53C4F9AE02/4CBCEB321FBE11EF97E7974FC4F9AE02.roa

            sbgp-ipAddrBlock: critical
                IPv4:
                  49.248.98.0-49.248.103.255
                  49.248.127.0-49.248.128.255
                  49.248.130.0-49.248.134.255
                  49.248.136.0/23
                  49.248.150.0/24
                  114.143.2.0/24
                  114.143.4.0/23
                  114.143.8.0/24
                  114.143.10.0-114.143.12.255
                  114.143.15.0/24
                  114.143.18.0/23
                  114.143.21.0-114.143.22.255
                  114.143.24.0/24
                  114.143.28.0/23
                  114.143.32.0/21
                  114.143.80.0-114.143.97.255
                  114.143.196.0/24
                  123.252.128.0-123.252.130.255
                  123.252.132.0/24
                  123.252.139.0/24
                  123.252.141.0-123.252.145.255
                  123.252.150.0/24
                  123.252.152.0-123.252.160.255
                  123.252.162.0/24
                  123.252.164.0/24
                  123.252.166.0-123.252.169.255
                  123.252.172.0/24
                  123.252.177.0-123.252.180.255
                  123.252.182.0-123.252.187.255
                  123.252.192.0/24
                  123.252.196.0/24
                  123.252.198.0/23
                  123.252.202.0/24
                  123.252.207.0/24
                  123.252.212.0-123.252.216.255
                  123.252.221.0/24
                  123.252.223.0-123.252.231.255
                  123.252.234.0/24
                  123.252.237.0/24
                  123.252.239.0-123.252.243.255
                  123.252.245.0-123.252.246.255
                  123.252.248.0/24
                  123.252.254.0/24
                  202.149.194.0/23
                  202.149.197.0/24
                  202.149.200.0/24
                  202.149.211.0-202.149.213.255
                  202.149.215.0-202.149.216.255
                  202.189.225.0/24
                  202.189.229.0-202.189.234.255
                  202.189.236.0-202.189.238.255
                  202.189.240.0-202.189.242.255
                  202.189.244.0/23
                  202.189.247.0/24
                  202.189.250.0-202.189.254.255
                IPv6:
                  2402:d400:a1::-2402:d400:a2:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         74:34:0f:e0:9c:7f:b2:b2:21:13:78:80:d7:22:20:ca:07:e9:
         b6:74:de:ba:bc:ee:6d:df:3f:74:3f:89:5d:08:1f:33:e9:22:
         1e:4d:d5:da:bb:34:b4:45:31:3d:52:f4:2f:80:2c:e0:73:fb:
         18:f7:eb:c2:80:3c:c5:a9:0a:54:af:d7:6b:eb:42:8a:a0:f0:
         48:25:c6:6d:42:ce:4e:8e:74:6b:2a:3b:10:04:2b:5a:e5:db:
         45:e7:e7:00:48:d5:e2:49:6e:79:35:32:29:27:78:8a:4c:ad:
         5d:a8:d2:78:39:35:28:91:01:42:5b:84:48:aa:61:21:58:6b:
         67:25:07:38:3c:23:12:e7:19:54:1b:46:f1:2a:a9:ac:c2:0c:
         58:cd:99:e4:4f:86:5e:b1:e8:70:11:2f:43:40:16:fc:d7:e2:
         c0:8a:52:c5:49:21:24:3e:52:cd:7c:7c:b4:fd:ca:ac:e3:b5:
         f9:5e:4a:2a:49:d3:c2:33:7c:d7:ab:68:0e:51:f2:b4:43:44:
         53:9f:bb:d1:6f:b9:6e:a3:e3:34:ec:a8:e2:56:9c:b5:1e:9d:
         f9:51:f0:48:43:0d:da:db:81:02:a7:4c:7b:93:f5:0b:0d:1c:
         3b:26:f1:5e:5c:dc:d6:62:03:fc:d1:46:3f:32:76:f4:63:f0:
         34:15:cd:75
-----BEGIN CERTIFICATE-----
MIIHVjCCBj6gAwIBAgICB60wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDhEMDExMTAvBgNVBAUTKDdFMzZBQjFDMDQ0MzIxQjc0Q0Y2NzgyNjNFMDUyNEZE
MzQxNzlCQkQwHhcNMjYwNzA4MjMyNDUzWhcNMjcwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02YTRlZGM0NS01MjZhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA0LK8wU8kJUo9OidSGTn9QHJWNJlanXtVIUSI7ybfr3qp6L0ekqElzcxxIrMh
g7ZS/zwYzx7oGlI7SX1fhlPYXW+U2HG2X+/BOIOltv5Nxh0+MVCZ5fRl1VbKW4NF
KgKU5TeGVp9QPno4x4rJV4CA/8/xP6fuvoPTEQFL8v0fksFsLio5vwTuHN/9QjnN
VvANsDgBaZatZBrDtEhqGFyHNllsrWk3zAUtKikfklszT492ZZ7jq5pp2MBGPOoj
Rt5XYAZIKcKCb/AnXN8YcGB6fBB5p37afDHI6XjEfR3OimyuxkD8BGXhcktyp5iQ
tn6k4y7db5Jeg6RqHKTRbbm3KwIDAQABo4IEejCCBHYwHQYDVR0OBBYEFM2I9Uat
FwjUCAlyh1GpzX6V2ivHMB8GA1UdIwQYMBaAFH42qxwEQyG3TPZ4Jj4FJP00F5u9
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0OEQwMS9FOTI1MTlGQTk5
MEIxMUVCQTM1NUNCNTNDNEY5QUUwMi9mamFySEFSREliZE05bmdtUGdVa19UUVht
NzAuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2ZqYXJIQVJESWJkTTluZ21QZ1VrX1RRWG03MC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDhEMDEvRTkyNTE5RkE5OTBCMTFFQkEzNTVDQjUzQzRGOUFFMDIvNENCQ0VCMzIx
RkJFMTFFRjk3RTc5NzRGQzRGOUFFMDIucm9hMIICNwYIKwYBBQUHAQcBAf8EggIm
MIICIjCCAgIEAgABMIIB+jAMAwQBMfhiAwQDMfhgMAwDBAAx+H8DBAAx+IAwDAME
ATH4ggMEADH4hgMEATH4iAMEADH4lgMEAHKPAgMEAXKPBAMEAHKPCDAMAwQBco8K
AwQAco8MAwQAco8PAwQBco8SMAwDBAByjxUDBAByjxYDBAByjxgDBAFyjxwDBANy
jyAwDAMEBHKPUAMEAXKPYAMEAHKPxDAMAwQHe/yAAwQAe/yCAwQAe/yEAwQAe/yL
MAwDBAB7/I0DBAF7/JADBAB7/JYwDAMEA3v8mAMEAHv8oAMEAHv8ogMEAHv8pDAM
AwQBe/ymAwQBe/yoAwQAe/ysMAwDBAB7/LEDBAB7/LQwDAMEAXv8tgMEAnv8uAME
AHv8wAMEAHv8xAMEAXv8xgMEAHv8ygMEAHv8zzAMAwQCe/zUAwQAe/zYAwQAe/zd
MAwDBAB7/N8DBAN7/OADBAB7/OoDBAB7/O0wDAMEAHv87wMEAnv88DAMAwQAe/z1
AwQAe/z2AwQAe/z4AwQAe/z+AwQBypXCAwQAypXFAwQAypXIMAwDBADKldMDBAHK
ldQwDAMEAMqV1wMEAMqV2AMEAMq94TAMAwQAyr3lAwQAyr3qMAwDBALKvewDBADK
ve4wDAMEBMq98AMEAMq98gMEAcq99AMEAMq99zAMAwQByr36AwQAyr3+MBoEAgAC
MBQwEgMHACQC1AAAoQMHACQC1AAAojANBgkqhkiG9w0BAQsFAAOCAQEAdDQP4Jx/
srIhE3iA1yIgygfptnTeurzubd8/dD+JXQgfM+kiHk3V2rs0tEUxPVL0L4As4HP7
GPfrwoA8xakKVK/Xa+tCiqDwSCXGbULOTo50ayo7EAQrWuXbRefnAEjV4klueTUy
KSd4ikytXajSeDk1KJEBQluESKphIVhrZyUHODwjEucZVBtG8SqprMIMWM2Z5E+G
XrHocBEvQ0AW/NfiwIpSxUkhJD5SzXx8tP3KrOO1+V5KKknTwjN816toDlHytENE
U5+70W+5bqPjNOyo4lactR6d+VHwSEMN2tuBAqdMe5P1Cw0cOybxXlzc1mID/NFG
PzJ29GPwNBXNdQ==
-----END CERTIFICATE-----
Generated at Sat Jul 18 05:04:27 2026 by rpki-client