Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9148D01/E92519FA990B11EBA355CB53C4F9AE02/4DEF33661FBE11EF97E7974FC4F9AE02.roa
File:                     4DEF33661FBE11EF97E7974FC4F9AE02.roa (raw, json)
Hash identifier:          HaC5OiRXXaF0uBBareXExXAOf/pyzBZ1t4GNWw2vGp8=
Subject key identifier:   B3:9A:F1:B6:C5:3E:01:12:43:23:FF:4A:7E:EB:67:E6:B2:DA:D8:B2
Certificate issuer:       /CN=A9148D01/serialNumber=7E36AB1C044321B74CF678263E0524FD34179BBD
Certificate serial:       07AE
Authority key identifier: 7E:36:AB:1C:04:43:21:B7:4C:F6:78:26:3E:05:24:FD:34:17:9B:BD
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/fjarHARDIbdM9ngmPgUk_TQXm70.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9148D01/E92519FA990B11EBA355CB53C4F9AE02/4DEF33661FBE11EF97E7974FC4F9AE02.roa
Signing time:             Wed 08 Jul 2026 23:24:56 +0000
ROA not before:           Wed 08 Jul 2026 23:24:56 +0000
ROA not after:            Thu 01 Jul 2027 00:00:00 +0000
asID:                     17762
IP address blocks:        49.248.0.0/17 maxlen: 21
                          49.248.0.0/18 maxlen: 24
                          49.248.64.0/19 maxlen: 24
                          49.248.96.0/22 maxlen: 22
                          49.248.96.0/23 maxlen: 24
                          49.248.104.0/21 maxlen: 24
                          49.248.112.0/20 maxlen: 23
                          49.248.112.0/21 maxlen: 24
                          49.248.120.0/22 maxlen: 24
                          49.248.124.0/23 maxlen: 24
                          49.248.126.0/24 maxlen: 24
                          49.248.128.0/18 maxlen: 18
                          49.248.128.0/21 maxlen: 23
                          49.248.129.0/24 maxlen: 24
                          49.248.135.0/24 maxlen: 24
                          49.248.136.0/21 maxlen: 23
                          49.248.136.0/24 maxlen: 24
                          49.248.138.0/23 maxlen: 24
                          49.248.140.0/22 maxlen: 24
                          49.248.144.0/22 maxlen: 24
                          49.248.148.0/23 maxlen: 24
                          49.248.151.0/24 maxlen: 24
                          49.248.152.0/21 maxlen: 24
                          49.248.160.0/19 maxlen: 24
                          49.248.192.0/19 maxlen: 24
                          49.248.246.0/23 maxlen: 24
                          49.248.248.0/21 maxlen: 24
                          103.3.40.0/24 maxlen: 24
                          103.3.41.0/24 maxlen: 24
                          103.3.43.0/24 maxlen: 24
                          103.8.148.0/22 maxlen: 24
                          114.143.0.0/16 maxlen: 24
                          123.252.128.0/18 maxlen: 21
                          123.252.128.0/22 maxlen: 22
                          123.252.128.0/23 maxlen: 24
                          123.252.131.0/24 maxlen: 24
                          123.252.133.0/24 maxlen: 24
                          123.252.134.0/23 maxlen: 24
                          123.252.136.0/21 maxlen: 22
                          123.252.136.0/23 maxlen: 24
                          123.252.138.0/24 maxlen: 24
                          123.252.140.0/22 maxlen: 24
                          123.252.144.0/20 maxlen: 24
                          123.252.160.0/19 maxlen: 24
                          123.252.192.0/18 maxlen: 24
                          202.149.192.0/19 maxlen: 19
                          202.149.192.0/22 maxlen: 22
                          202.149.192.0/24 maxlen: 24
                          202.149.193.0/24 maxlen: 24
                          202.149.196.0/24 maxlen: 24
                          202.149.198.0/24 maxlen: 24
                          202.149.199.0/24 maxlen: 24
                          202.149.201.0/24 maxlen: 24
                          202.149.202.0/24 maxlen: 24
                          202.149.203.0/24 maxlen: 24
                          202.149.204.0/22 maxlen: 22
                          202.149.204.0/23 maxlen: 23
                          202.149.207.0/24 maxlen: 24
                          202.149.210.0/24 maxlen: 24
                          202.149.212.0/22 maxlen: 22
                          202.149.214.0/24 maxlen: 24
                          202.149.217.0/24 maxlen: 24
                          202.149.218.0/24 maxlen: 24
                          202.149.219.0/24 maxlen: 24
                          202.149.220.0/22 maxlen: 22
                          202.149.222.0/23 maxlen: 23
                          202.149.222.0/24 maxlen: 24
                          202.149.223.0/24 maxlen: 24
                          202.189.224.0/19 maxlen: 24
                          2402:d400::/32 maxlen: 32
                          2402:d400::/44 maxlen: 48
                          2402:d400:40::/48 maxlen: 48
                          2402:d400:41::/48 maxlen: 48
                          2402:d400:3e2::/48 maxlen: 48
                          2402:d400:3e3::/48 maxlen: 48
                          2402:d400:3e4::/48 maxlen: 48
                          2402:d400:3e5::/48 maxlen: 48
                          2402:d400:3e6::/48 maxlen: 48
                          2402:d400:fa00::/44 maxlen: 48
                          2402:d400:fa10::/44 maxlen: 48
                          2402:d400:fa20::/44 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9148D01/E92519FA990B11EBA355CB53C4F9AE02/fjarHARDIbdM9ngmPgUk_TQXm70.crl
                          rsync://rpki.apnic.net/member_repository/A9148D01/E92519FA990B11EBA355CB53C4F9AE02/fjarHARDIbdM9ngmPgUk_TQXm70.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/fjarHARDIbdM9ngmPgUk_TQXm70.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 23 Jul 2026 22:34:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1966 (0x7ae)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9148D01, serialNumber=7E36AB1C044321B74CF678263E0524FD34179BBD
        Validity
            Not Before: Jul  8 23:24:56 2026 GMT
            Not After : Jul  1 00:00:00 2027 GMT
        Subject: CN=6a4edc48-9d8e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:8d:08:fc:e0:94:09:a7:d1:fa:00:09:25:fa:50:
                    35:f0:ae:cf:42:82:09:ca:69:e0:fc:82:4b:97:5b:
                    92:5e:18:e9:d6:96:68:d2:93:07:ad:d5:76:f4:5a:
                    6d:01:f2:f8:a5:66:c8:ba:8d:9d:f6:79:69:c1:e0:
                    a9:8d:2d:e8:78:bf:df:69:13:18:69:38:e1:54:94:
                    3e:47:3c:65:25:a7:70:ea:c0:33:18:17:59:a4:ac:
                    04:2f:bf:07:db:dc:e2:9c:98:81:7c:bf:f3:66:79:
                    44:33:de:a7:bf:71:77:3f:c1:19:47:82:fc:99:70:
                    bb:76:64:f1:b9:2f:6e:b6:3d:28:96:36:4a:a7:c3:
                    53:e8:d5:ec:9c:92:91:04:1a:89:85:2f:d6:00:18:
                    91:eb:1a:66:ba:37:1c:d6:c2:b8:2f:e3:89:17:8c:
                    0a:70:2e:ee:42:3b:bb:19:62:72:dc:7e:ab:8e:ce:
                    d2:96:32:4b:65:9b:8b:24:9c:a8:e0:40:35:42:63:
                    10:ea:27:71:47:fc:dc:5f:e1:b1:1a:8a:27:3b:d1:
                    cd:d6:64:81:8a:77:a4:a7:79:d9:06:c0:39:04:f7:
                    7b:60:05:1b:a2:23:3b:f7:5a:10:9c:08:3f:82:2e:
                    63:33:8e:40:6e:59:b5:21:cc:9e:39:bc:b9:5c:9a:
                    9f:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                B3:9A:F1:B6:C5:3E:01:12:43:23:FF:4A:7E:EB:67:E6:B2:DA:D8:B2
            X509v3 Authority Key Identifier:
                keyid:7E:36:AB:1C:04:43:21:B7:4C:F6:78:26:3E:05:24:FD:34:17:9B:BD

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9148D01/E92519FA990B11EBA355CB53C4F9AE02/fjarHARDIbdM9ngmPgUk_TQXm70.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/fjarHARDIbdM9ngmPgUk_TQXm70.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9148D01/E92519FA990B11EBA355CB53C4F9AE02/4DEF33661FBE11EF97E7974FC4F9AE02.roa

            sbgp-ipAddrBlock: critical
                IPv4:
                  49.248.0.0-49.248.223.255
                  49.248.246.0-49.248.255.255
                  103.3.40.0/23
                  103.3.43.0/24
                  103.8.148.0/22
                  114.143.0.0/16
                  123.252.128.0/17
                  202.149.192.0/19
                  202.189.224.0/19
                IPv6:
                  2402:d400::/32

    Signature Algorithm: sha256WithRSAEncryption
         ad:fe:53:e0:d5:0d:ec:46:d4:68:86:a2:79:ee:1a:ec:ff:3e:
         11:9b:44:e5:3a:19:35:23:35:b5:aa:ef:06:3f:14:c9:20:81:
         18:02:e2:43:8a:04:33:32:55:2d:d2:e2:fc:00:98:aa:50:8b:
         22:a3:cd:50:ad:ad:0e:2a:af:83:23:a1:7a:22:6e:89:fa:67:
         c8:27:b0:27:29:3f:6e:99:50:b4:61:cf:40:99:c7:48:ed:59:
         ec:96:22:93:97:87:69:93:fb:44:50:c0:67:44:01:e9:ff:ab:
         5f:e4:ea:cb:c1:74:09:03:43:31:15:e1:f6:47:14:79:36:df:
         91:47:17:4c:29:fc:d4:ef:cc:21:04:26:ec:fb:3e:31:df:d5:
         4f:9b:e3:95:3b:76:5a:6a:d7:87:c3:e2:35:9a:ca:39:99:88:
         56:f1:2e:ce:39:2d:4f:7e:bd:2b:4d:37:c2:70:03:3f:17:85:
         19:54:32:f6:5b:f6:ff:4b:81:4d:d7:aa:23:f2:46:68:5e:0b:
         92:a1:44:b6:a7:b8:53:1e:36:fe:72:cd:9c:ad:f2:9d:01:6c:
         f9:31:a2:b4:f5:e3:7d:b8:b8:b5:37:86:08:f5:a9:a5:9b:96:
         a5:55:58:ec:3c:81:bf:40:13:3a:3a:d2:af:ef:f7:e2:8f:4b:
         06:71:5b:e9
-----BEGIN CERTIFICATE-----
MIIFiDCCBHCgAwIBAgICB64wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDhEMDExMTAvBgNVBAUTKDdFMzZBQjFDMDQ0MzIxQjc0Q0Y2NzgyNjNFMDUyNEZE
MzQxNzlCQkQwHhcNMjYwNzA4MjMyNDU2WhcNMjcwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02YTRlZGM0OC05ZDhlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAjQj84JQJp9H6AAkl+lA18K7PQoIJymng/IJLl1uSXhjp1pZo0pMHrdV29Fpt
AfL4pWbIuo2d9nlpweCpjS3oeL/faRMYaTjhVJQ+RzxlJadw6sAzGBdZpKwEL78H
29zinJiBfL/zZnlEM96nv3F3P8EZR4L8mXC7dmTxuS9utj0oljZKp8NT6NXsnJKR
BBqJhS/WABiR6xpmujcc1sK4L+OJF4wKcC7uQju7GWJy3H6rjs7SljJLZZuLJJyo
4EA1QmMQ6idxR/zcX+GxGoonO9HN1mSBinekp3nZBsA5BPd7YAUboiM791oQnAg/
gi5jM45Ablm1IcyeOby5XJqfAQIDAQABo4ICrDCCAqgwHQYDVR0OBBYEFLOa8bbF
PgESQyP/Sn7rZ+ay2tiyMB8GA1UdIwQYMBaAFH42qxwEQyG3TPZ4Jj4FJP00F5u9
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0OEQwMS9FOTI1MTlGQTk5
MEIxMUVCQTM1NUNCNTNDNEY5QUUwMi9mamFySEFSREliZE05bmdtUGdVa19UUVht
NzAuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2ZqYXJIQVJESWJkTTluZ21QZ1VrX1RRWG03MC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDhEMDEvRTkyNTE5RkE5OTBCMTFFQkEzNTVDQjUzQzRGOUFFMDIvNERFRjMzNjYx
RkJFMTFFRjk3RTc5NzRGQzRGOUFFMDIucm9hMGsGCCsGAQUFBwEHAQH/BFwwWjBJ
BAIAATBDMAsDAwMx+AMEBTH4wDALAwQBMfj2AwMAMfgDBAFnAygDBABnAysDBAJn
CJQDAwByjwMEB3v8gAMEBcqVwAMEBcq94DANBAIAAjAHAwUAJALUADANBgkqhkiG
9w0BAQsFAAOCAQEArf5T4NUN7EbUaIaiee4a7P8+EZtE5ToZNSM1tarvBj8UySCB
GALiQ4oEMzJVLdLi/ACYqlCLIqPNUK2tDiqvgyOheiJuifpnyCewJyk/bplQtGHP
QJnHSO1Z7JYik5eHaZP7RFDAZ0QB6f+rX+Tqy8F0CQNDMRXh9kcUeTbfkUcXTCn8
1O/MIQQm7Ps+Md/VT5vjlTt2WmrXh8PiNZrKOZmIVvEuzjktT369K003wnADPxeF
GVQy9lv2/0uBTdeqI/JGaF4LkqFEtqe4Ux42/nLNnK3ynQFs+TGitPXjfbi4tTeG
CPWppZuWpVVY7DyBv0ATOjrSr+/34o9LBnFb6Q==
-----END CERTIFICATE-----
Generated at Sat Jul 18 04:57:05 2026 by rpki-client