Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9157D67/60286638442A11EB9599AD38C4F9AE02/AA3A944A27EA11ECB1EBEA82C4F9AE02.roa
File:                     AA3A944A27EA11ECB1EBEA82C4F9AE02.roa (raw, json)
Hash identifier:          2jsCymQavrx92Kq4v6h75mDYqdyK8XpnNBvpUzJpvhE=
Subject key identifier:   7C:A1:11:2E:6C:F0:89:8B:56:59:B7:58:D7:FA:DA:5F:ED:B1:0F:30
Certificate issuer:       /CN=A9157D67/serialNumber=029B8CE2E95F45858462E9070B1B5153AC913FE8
Certificate serial:       0726
Authority key identifier: 02:9B:8C:E2:E9:5F:45:85:84:62:E9:07:0B:1B:51:53:AC:91:3F:E8
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ApuM4ulfRYWEYukHCxtRU6yRP-g.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9157D67/60286638442A11EB9599AD38C4F9AE02/AA3A944A27EA11ECB1EBEA82C4F9AE02.roa
Signing time:             Tue 10 Jun 2025 22:10:04 +0000
ROA not before:           Tue 10 Jun 2025 22:10:04 +0000
ROA not after:            Mon 31 Aug 2026 00:00:00 +0000
asID:                     132203
IP address blocks:        129.226.144.0/20 maxlen: 20
                          129.226.152.0/24 maxlen: 24
                          162.62.48.0/20 maxlen: 24
                          162.62.64.0/20 maxlen: 24
                          162.62.80.0/20 maxlen: 23
                          162.62.96.0/19 maxlen: 24
                          162.62.128.0/19 maxlen: 24
                          162.62.208.0/20 maxlen: 20
                          162.62.255.0/24 maxlen: 24
                          170.106.149.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9157D67/60286638442A11EB9599AD38C4F9AE02/ApuM4ulfRYWEYukHCxtRU6yRP-g.crl
                          rsync://rpki.apnic.net/member_repository/A9157D67/60286638442A11EB9599AD38C4F9AE02/ApuM4ulfRYWEYukHCxtRU6yRP-g.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ApuM4ulfRYWEYukHCxtRU6yRP-g.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 19 Jun 2025 21:34:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1830 (0x726)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9157D67, serialNumber=029B8CE2E95F45858462E9070B1B5153AC913FE8
        Validity
            Not Before: Jun 10 22:10:04 2025 GMT
            Not After : Aug 31 00:00:00 2026 GMT
        Subject: CN=6848ad3c-185b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c2:4b:c7:3a:87:ba:5e:63:d8:69:ef:70:54:48:
                    f4:10:d1:71:49:a2:a4:97:b9:e4:28:a6:dd:7d:83:
                    8b:7b:2b:6c:a0:61:6d:0a:cd:c0:d3:99:4b:27:1d:
                    45:e0:41:59:e2:88:bb:e9:32:d3:34:35:65:f4:e1:
                    14:cf:bd:fc:6a:39:9b:96:d1:f2:d6:f9:69:db:5d:
                    b7:4d:26:70:10:17:06:13:53:57:ab:39:c5:94:d6:
                    01:98:b0:3a:69:b3:2e:3f:9d:2b:fb:c4:a4:e7:b3:
                    67:a6:d4:08:45:eb:e9:8e:03:97:50:64:2d:07:08:
                    3e:43:26:01:9b:4a:dc:8c:6c:5b:db:5f:b4:97:82:
                    54:31:27:db:46:07:28:b0:5a:29:6b:53:7e:32:5b:
                    dc:04:d8:28:28:f4:c9:e4:a9:6b:4f:2d:34:52:8e:
                    af:79:02:f2:0e:0b:46:a5:33:a0:fe:fa:60:ea:e9:
                    40:b4:fa:1b:11:5b:a2:2c:08:dd:c0:71:10:12:c3:
                    f1:36:9c:e3:2b:e3:be:96:a1:83:3d:16:71:22:ec:
                    db:26:c8:e2:ad:bc:f0:46:79:f2:bc:87:be:d5:52:
                    61:fe:62:b3:bb:ab:20:75:a4:bb:de:31:f2:b8:45:
                    8e:a2:9a:a9:c1:59:d3:90:40:1a:1c:56:68:72:24:
                    78:85
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7C:A1:11:2E:6C:F0:89:8B:56:59:B7:58:D7:FA:DA:5F:ED:B1:0F:30
            X509v3 Authority Key Identifier:
                keyid:02:9B:8C:E2:E9:5F:45:85:84:62:E9:07:0B:1B:51:53:AC:91:3F:E8

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9157D67/60286638442A11EB9599AD38C4F9AE02/ApuM4ulfRYWEYukHCxtRU6yRP-g.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/ApuM4ulfRYWEYukHCxtRU6yRP-g.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9157D67/60286638442A11EB9599AD38C4F9AE02/AA3A944A27EA11ECB1EBEA82C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  129.226.144.0/20
                  162.62.48.0-162.62.159.255
                  162.62.208.0/20
                  162.62.255.0/24
                  170.106.149.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0e:c5:ba:96:fb:8d:d2:a0:89:eb:9b:cb:0d:2a:4f:5b:31:90:
         63:fe:77:c3:54:06:d5:93:43:2f:37:2f:b8:63:2c:b3:0b:a2:
         1f:95:b5:58:35:3d:93:c6:aa:9d:ca:67:43:4f:46:f1:87:5c:
         6d:66:c2:ce:ce:2c:36:e8:5c:ea:3e:6a:54:f2:1a:df:fb:9d:
         aa:da:34:a7:27:4c:c0:a4:18:73:2a:5e:c9:b1:6b:81:9f:2d:
         88:d1:f2:d7:a3:10:44:2b:ca:0b:33:91:5f:f9:42:a6:f2:db:
         b6:29:40:32:f3:fd:2d:7e:b1:50:40:64:5f:10:83:3e:00:69:
         93:e1:19:7e:3e:99:ff:e8:a0:00:66:d8:e4:e0:9a:d9:66:40:
         7f:7d:87:7b:d3:08:69:83:92:af:82:ee:7d:6c:a7:d1:6a:a7:
         2e:0c:f6:bd:75:04:19:51:c3:62:e7:c6:e6:82:5e:f7:a0:15:
         77:6c:2f:c2:d8:7a:58:02:82:63:ba:62:89:d6:f3:24:bd:12:
         84:4e:43:17:c3:a1:49:ec:0a:0b:62:cc:df:f6:f9:c5:c4:ca:
         35:b4:64:5b:9c:d2:28:ee:dc:eb:25:69:9d:21:51:a4:fd:cb:
         a5:6c:b8:cf:61:2b:69:f4:ad:95:b1:fc:e7:c6:5f:b7:c7:90:
         17:03:f3:fa
-----BEGIN CERTIFICATE-----
MIIFkTCCBHmgAwIBAgICByYwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NTdENjcxMTAvBgNVBAUTKDAyOUI4Q0UyRTk1RjQ1ODU4NDYyRTkwNzBCMUI1MTUz
QUM5MTNGRTgwHhcNMjUwNjEwMjIxMDA0WhcNMjYwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODQ4YWQzYy0xODViMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAwkvHOoe6XmPYae9wVEj0ENFxSaKkl7nkKKbdfYOLeytsoGFtCs3A05lLJx1F
4EFZ4oi76TLTNDVl9OEUz738ajmbltHy1vlp2123TSZwEBcGE1NXqznFlNYBmLA6
abMuP50r+8Sk57NnptQIRevpjgOXUGQtBwg+QyYBm0rcjGxb21+0l4JUMSfbRgco
sFopa1N+MlvcBNgoKPTJ5KlrTy00Uo6veQLyDgtGpTOg/vpg6ulAtPobEVuiLAjd
wHEQEsPxNpzjK+O+lqGDPRZxIuzbJsjirbzwRnnyvIe+1VJh/mKzu6sgdaS73jHy
uEWOopqpwVnTkEAaHFZociR4hQIDAQABo4ICtTCCArEwHQYDVR0OBBYEFHyhES5s
8ImLVlm3WNf62l/tsQ8wMB8GA1UdIwQYMBaAFAKbjOLpX0WFhGLpBwsbUVOskT/o
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1N0Q2Ny82MDI4NjYzODQ0
MkExMUVCOTU5OUFEMzhDNEY5QUUwMi9BcHVNNHVsZlJZV0VZdWtIQ3h0UlU2eVJQ
LWcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL0FwdU00dWxmUllXRVl1a0hDeHRSVTZ5UlAtZy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NTdENjcvNjAyODY2Mzg0NDJBMTFFQjk1OTlBRDM4QzRGOUFFMDIvQUEzQTk0NEEy
N0VBMTFFQ0IxRUJFQTgyQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwPwYIKwYBBQUHAQcBAf8E
MDAuMCwEAgABMCYDBASB4pAwDAMEBKI+MAMEBaI+gAMEBKI+0AMEAKI+/wMEAKpq
lTANBgkqhkiG9w0BAQsFAAOCAQEADsW6lvuN0qCJ65vLDSpPWzGQY/53w1QG1ZND
LzcvuGMsswuiH5W1WDU9k8aqncpnQ09G8YdcbWbCzs4sNuhc6j5qVPIa3/udqto0
pydMwKQYcypeybFrgZ8tiNHy16MQRCvKCzORX/lCpvLbtilAMvP9LX6xUEBkXxCD
PgBpk+EZfj6Z/+igAGbY5OCa2WZAf32He9MIaYOSr4LufWyn0WqnLgz2vXUEGVHD
YufG5oJe96AVd2wvwth6WAKCY7piidbzJL0ShE5DF8OhSewKC2LM3/b5xcTKNbRk
W5zSKO7c6yVpnSFRpP3LpWy4z2ErafStlbH858Zft8eQFwPz+g==
-----END CERTIFICATE-----
Generated at Sat Jun 14 20:38:59 2025 by rpki-client