Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9156971/48C221861D9211E2ADB30BF508B02CD2/4AF78A4AFEC611EF86B4765BC4F9AE02.roa
File:                     4AF78A4AFEC611EF86B4765BC4F9AE02.roa (raw, json)
Hash identifier:          4eibZFZxCBojQ0XF3++/6D4cGjzEkC+cfaewXmXRSYk=
Subject key identifier:   1A:78:66:2A:0F:B2:70:79:27:04:44:5D:60:3E:3E:B7:06:EC:F9:51
Certificate issuer:       /CN=A9156971/serialNumber=2905FB3212BD61646FB7AF633EA1A257BC3A3DEC
Certificate serial:       3497
Authority key identifier: 29:05:FB:32:12:BD:61:64:6F:B7:AF:63:3E:A1:A2:57:BC:3A:3D:EC
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KQX7MhK9YWRvt69jPqGiV7w6Pew.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9156971/48C221861D9211E2ADB30BF508B02CD2/4AF78A4AFEC611EF86B4765BC4F9AE02.roa
Signing time:             Thu 12 Jun 2025 15:20:46 +0000
ROA not before:           Thu 12 Jun 2025 15:20:46 +0000
ROA not after:            Mon 31 Aug 2026 00:00:00 +0000
asID:                     55580
IP address blocks:        203.30.245.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9156971/48C221861D9211E2ADB30BF508B02CD2/KQX7MhK9YWRvt69jPqGiV7w6Pew.crl
                          rsync://rpki.apnic.net/member_repository/A9156971/48C221861D9211E2ADB30BF508B02CD2/KQX7MhK9YWRvt69jPqGiV7w6Pew.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KQX7MhK9YWRvt69jPqGiV7w6Pew.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 19 Jun 2025 15:20:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 13463 (0x3497)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9156971, serialNumber=2905FB3212BD61646FB7AF633EA1A257BC3A3DEC
        Validity
            Not Before: Jun 12 15:20:46 2025 GMT
            Not After : Aug 31 00:00:00 2026 GMT
        Subject: CN=684af04e-bfa4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f6:5d:80:d9:79:fe:81:8d:42:07:bd:9a:b9:9f:
                    70:e4:6d:dc:31:43:83:17:bf:2e:ed:e3:47:19:a8:
                    47:e5:1b:03:5a:53:f1:7c:d6:73:ac:1b:c4:fa:c9:
                    17:f6:03:81:c4:ec:d3:a2:97:22:a8:d7:a2:66:0f:
                    e3:69:f7:15:88:c3:64:44:b0:25:98:5f:a7:ec:c1:
                    bf:66:9c:63:5a:3f:fd:a1:8f:8a:41:7d:72:64:8e:
                    50:04:29:db:0a:3c:8b:95:66:af:a3:01:8f:39:bf:
                    23:47:44:60:ff:18:07:a7:9a:5f:b7:7d:ed:ba:d3:
                    99:35:44:f4:5a:43:30:1f:0d:ff:0a:8f:26:30:02:
                    65:58:70:79:0a:69:09:4e:51:ab:5a:3a:b3:08:5a:
                    67:1a:b1:5d:7f:10:10:7c:9e:a4:22:f6:c2:51:0c:
                    d5:01:7d:58:62:1c:c0:b7:d4:d4:1a:ed:b1:5b:02:
                    54:30:66:47:fa:3e:85:05:83:ad:11:ad:e0:08:89:
                    7f:85:4c:c8:2e:20:fe:d9:bc:17:e2:1d:ff:3b:db:
                    d9:6e:fd:31:ec:1a:fd:7a:a4:5c:8b:f7:c6:fd:8f:
                    4c:f7:26:a8:8a:05:08:33:82:a2:48:c9:cc:cd:7e:
                    68:7b:ec:6b:d0:63:41:77:83:96:f7:0b:e4:db:b5:
                    40:99
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:78:66:2A:0F:B2:70:79:27:04:44:5D:60:3E:3E:B7:06:EC:F9:51
            X509v3 Authority Key Identifier:
                keyid:29:05:FB:32:12:BD:61:64:6F:B7:AF:63:3E:A1:A2:57:BC:3A:3D:EC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9156971/48C221861D9211E2ADB30BF508B02CD2/KQX7MhK9YWRvt69jPqGiV7w6Pew.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KQX7MhK9YWRvt69jPqGiV7w6Pew.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9156971/48C221861D9211E2ADB30BF508B02CD2/4AF78A4AFEC611EF86B4765BC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.30.245.0/24

    Signature Algorithm: sha256WithRSAEncryption
         41:25:63:11:36:e1:73:3e:e6:64:b3:7b:06:85:fc:96:e1:ff:
         80:44:eb:b1:31:7e:fb:22:5a:55:4e:8b:32:c4:a0:a2:ab:08:
         1b:09:20:88:8a:b6:9a:7a:ee:f6:97:cf:ac:3e:4c:2f:b8:6d:
         f0:94:c6:48:0a:ae:be:b7:2a:8e:25:c5:02:e0:6b:fc:58:26:
         71:62:a3:ec:59:df:98:40:10:7f:e2:39:d0:db:00:ea:35:e8:
         27:ed:86:1f:40:00:99:85:3d:ff:7c:59:b7:19:9a:e0:b2:04:
         b1:05:e5:4a:3c:8e:dc:0f:39:c5:b9:13:04:79:55:d8:9b:48:
         1e:45:02:bc:ca:a8:89:cf:c3:88:21:e4:d2:a3:50:35:ab:91:
         f5:21:fd:be:fd:4e:2f:ca:80:0d:aa:3c:aa:c5:7c:b4:1b:4e:
         df:0c:ba:c0:e8:bf:a2:e5:b3:b9:b5:5d:e4:75:df:b6:4f:a4:
         bd:c3:7a:84:2b:dc:ee:32:49:6b:4d:c1:a2:f5:7d:0f:eb:b6:
         15:1b:ec:fe:1a:14:93:a7:70:7e:a8:c5:1a:6c:95:b8:15:09:
         54:93:8e:e9:c8:55:ad:55:c2:12:8c:a4:c2:22:c7:06:47:bb:
         25:f9:09:33:8b:86:e7:47:17:88:36:31:41:f2:72:d5:2e:de:
         cb:b1:71:b1
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICNJcwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NTY5NzExMTAvBgNVBAUTKDI5MDVGQjMyMTJCRDYxNjQ2RkI3QUY2MzNFQTFBMjU3
QkMzQTNERUMwHhcNMjUwNjEyMTUyMDQ2WhcNMjYwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODRhZjA0ZS1iZmE0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA9l2A2Xn+gY1CB72auZ9w5G3cMUODF78u7eNHGahH5RsDWlPxfNZzrBvE+skX
9gOBxOzTopciqNeiZg/jafcViMNkRLAlmF+n7MG/ZpxjWj/9oY+KQX1yZI5QBCnb
CjyLlWavowGPOb8jR0Rg/xgHp5pft33tutOZNUT0WkMwHw3/Co8mMAJlWHB5CmkJ
TlGrWjqzCFpnGrFdfxAQfJ6kIvbCUQzVAX1YYhzAt9TUGu2xWwJUMGZH+j6FBYOt
Ea3gCIl/hUzILiD+2bwX4h3/O9vZbv0x7Br9eqRci/fG/Y9M9yaoigUIM4KiSMnM
zX5oe+xr0GNBd4OW9wvk27VAmQIDAQABo4IClTCCApEwHQYDVR0OBBYEFBp4ZioP
snB5JwREXWA+PrcG7PlRMB8GA1UdIwQYMBaAFCkF+zISvWFkb7evYz6hole8Oj3s
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1Njk3MS80OEMyMjE4NjFE
OTIxMUUyQURCMzBCRjUwOEIwMkNEMi9LUVg3TWhLOVlXUnZ0NjlqUHFHaVY3dzZQ
ZXcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0tRWDdNaEs5WVdSdnQ2OWpQcUdpVjd3NlBldy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NTY5NzEvNDhDMjIxODYxRDkyMTFFMkFEQjMwQkY1MDhCMDJDRDIvNEFGNzhBNEFG
RUM2MTFFRjg2QjQ3NjVCQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADLHvUwDQYJKoZIhvcNAQELBQADggEBAEElYxE24XM+5mSz
ewaF/Jbh/4BE67ExfvsiWlVOizLEoKKrCBsJIIiKtpp67vaXz6w+TC+4bfCUxkgK
rr63Ko4lxQLga/xYJnFio+xZ35hAEH/iOdDbAOo16Cfthh9AAJmFPf98WbcZmuCy
BLEF5Uo8jtwPOcW5EwR5VdibSB5FArzKqInPw4gh5NKjUDWrkfUh/b79Ti/KgA2q
PKrFfLQbTt8MusDov6Lls7m1XeR137ZPpL3DeoQr3O4ySWtNwaL1fQ/rthUb7P4a
FJOncH6oxRpslbgVCVSTjunIVa1VwhKMpMIixwZHuyX5CTOLhudHF4g2MUHyctUu
3suxcbE=
-----END CERTIFICATE-----
Generated at Fri Jun 13 05:06:58 2025 by rpki-client