Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91709BC/892897302E9011E99177960FC4F9AE02/8D76CA462E9511E9896EFA1DC4F9AE02.roa
File:                     8D76CA462E9511E9896EFA1DC4F9AE02.roa (raw, json)
Hash identifier:          MmpvHOBJX6/TYN9r3lrc9Z7dr+vQVfQyHD+RNXiHs1I=
Subject key identifier:   D0:1E:E6:FD:8B:82:05:62:84:F9:4E:19:47:8C:C6:08:D6:DC:5B:1B
Certificate issuer:       /CN=A91709BC/serialNumber=36EE8A401305EB38E28D86A5DB7F7628AAB7E24F
Certificate serial:       1101
Authority key identifier: 36:EE:8A:40:13:05:EB:38:E2:8D:86:A5:DB:7F:76:28:AA:B7:E2:4F
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Nu6KQBMF6zjijYal2392KKq34k8.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91709BC/892897302E9011E99177960FC4F9AE02/8D76CA462E9511E9896EFA1DC4F9AE02.roa
Signing time:             Sat 24 May 2025 17:49:45 +0000
ROA not before:           Sat 24 May 2025 17:49:45 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     38301
IP address blocks:        125.212.63.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91709BC/892897302E9011E99177960FC4F9AE02/Nu6KQBMF6zjijYal2392KKq34k8.crl
                          rsync://rpki.apnic.net/member_repository/A91709BC/892897302E9011E99177960FC4F9AE02/Nu6KQBMF6zjijYal2392KKq34k8.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Nu6KQBMF6zjijYal2392KKq34k8.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 15 Jun 2025 17:13:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4353 (0x1101)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91709BC, serialNumber=36EE8A401305EB38E28D86A5DB7F7628AAB7E24F
        Validity
            Not Before: May 24 17:49:45 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=683206b9-a440
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:f0:3b:4d:2e:b7:d0:4f:09:83:fb:6f:0d:3b:
                    cf:af:3d:49:8e:09:13:9e:60:c5:0b:1a:fd:99:48:
                    68:bd:bf:e5:32:93:d8:fb:24:22:38:b4:30:c2:da:
                    5f:8a:0d:15:50:a9:87:67:3b:36:81:4b:7e:b1:df:
                    75:12:57:d5:7b:d2:5b:bd:2d:0d:66:46:db:d0:e5:
                    04:3c:e1:cd:0f:2f:6c:31:d5:21:85:8d:96:20:9c:
                    5e:ae:76:d5:2a:ae:f4:26:10:21:a2:d3:c6:ea:1c:
                    40:a0:32:b9:3c:f5:32:13:cb:ac:72:48:b3:1c:4c:
                    67:ec:0c:64:b4:b5:b1:88:c1:88:d6:67:b5:20:6c:
                    12:e5:3d:d7:d6:ea:5e:a3:5a:43:09:8e:43:73:e6:
                    16:e0:4d:14:be:b7:55:67:d5:9b:31:a1:1e:f9:ab:
                    d4:62:26:06:63:2c:2a:09:b7:8e:9b:a6:d5:c6:03:
                    a3:ac:7d:8d:13:81:fc:f3:78:67:5d:71:c5:37:2f:
                    72:d9:2b:42:7a:91:97:4c:e1:f4:62:a3:8b:ca:e8:
                    52:70:90:49:6d:0d:7f:b0:b0:bd:ae:8b:bc:c2:bd:
                    4b:62:5c:98:8c:6c:ca:e5:d4:15:e5:f5:74:60:83:
                    ae:a3:bf:f9:5e:29:79:7c:36:11:29:c3:0f:fc:3a:
                    ed:db
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D0:1E:E6:FD:8B:82:05:62:84:F9:4E:19:47:8C:C6:08:D6:DC:5B:1B
            X509v3 Authority Key Identifier:
                keyid:36:EE:8A:40:13:05:EB:38:E2:8D:86:A5:DB:7F:76:28:AA:B7:E2:4F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91709BC/892897302E9011E99177960FC4F9AE02/Nu6KQBMF6zjijYal2392KKq34k8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Nu6KQBMF6zjijYal2392KKq34k8.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91709BC/892897302E9011E99177960FC4F9AE02/8D76CA462E9511E9896EFA1DC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  125.212.63.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9c:98:c4:0a:d2:22:71:ed:03:19:31:ff:e3:48:27:78:05:61:
         7e:7b:cd:0e:fd:7d:82:bf:3a:71:77:9e:5e:55:d9:23:10:76:
         43:7c:e6:f9:02:34:f8:18:ff:05:b3:2d:dd:11:63:eb:4e:61:
         99:1d:8b:73:00:ed:a5:d5:4b:86:11:73:91:ad:29:52:9b:3f:
         2b:dd:0f:2c:77:5f:b9:58:5a:79:b9:5d:fb:6b:fa:6f:29:02:
         8c:4d:3b:40:b3:45:b8:62:13:77:e3:ea:0b:47:b2:21:e0:22:
         2e:c8:ae:8c:a9:28:e1:9c:a9:1e:75:84:de:83:31:2e:29:14:
         e5:ee:2f:2c:e3:28:04:34:d4:53:38:71:fa:21:a6:fe:d5:83:
         d8:61:4d:7b:51:ad:37:c8:55:1c:d3:55:21:11:d4:17:f0:14:
         46:10:e5:59:84:3b:0f:ce:08:0c:48:0c:60:9f:07:db:41:c8:
         be:c0:df:09:71:a9:89:ea:68:e1:2d:4d:dd:00:70:c6:1a:bf:
         90:f1:85:66:f3:4c:db:c3:54:2c:ee:55:8f:80:aa:bd:69:f8:
         1b:ec:f6:b6:d6:c1:ed:38:36:d3:37:5a:83:a2:e4:2d:47:75:
         2e:78:d4:71:39:a3:50:18:3c:47:b2:e3:7a:fe:69:1f:34:6c:
         94:49:c8:e0
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICEQEwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NzA5QkMxMTAvBgNVBAUTKDM2RUU4QTQwMTMwNUVCMzhFMjhEODZBNURCN0Y3NjI4
QUFCN0UyNEYwHhcNMjUwNTI0MTc0OTQ1WhcNMjYwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODMyMDZiOS1hNDQwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAqPA7TS630E8Jg/tvDTvPrz1JjgkTnmDFCxr9mUhovb/lMpPY+yQiOLQwwtpf
ig0VUKmHZzs2gUt+sd91ElfVe9JbvS0NZkbb0OUEPOHNDy9sMdUhhY2WIJxernbV
Kq70JhAhotPG6hxAoDK5PPUyE8usckizHExn7AxktLWxiMGI1me1IGwS5T3X1upe
o1pDCY5Dc+YW4E0UvrdVZ9WbMaEe+avUYiYGYywqCbeOm6bVxgOjrH2NE4H883hn
XXHFNy9y2StCepGXTOH0YqOLyuhScJBJbQ1/sLC9rou8wr1LYlyYjGzK5dQV5fV0
YIOuo7/5Xil5fDYRKcMP/Drt2wIDAQABo4IClTCCApEwHQYDVR0OBBYEFNAe5v2L
ggVihPlOGUeMxgjW3FsbMB8GA1UdIwQYMBaAFDbuikATBes44o2Gpdt/diiqt+JP
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3MDlCQy84OTI4OTczMDJF
OTAxMUU5OTE3Nzk2MEZDNEY5QUUwMi9OdTZLUUJNRjZ6amlqWWFsMjM5MktLcTM0
azguY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL051NktRQk1GNnpqaWpZYWwyMzkyS0txMzRrOC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NzA5QkMvODkyODk3MzAyRTkwMTFFOTkxNzc5NjBGQzRGOUFFMDIvOEQ3NkNBNDYy
RTk1MTFFOTg5NkVGQTFEQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAB91D8wDQYJKoZIhvcNAQELBQADggEBAJyYxArSInHtAxkx
/+NIJ3gFYX57zQ79fYK/OnF3nl5V2SMQdkN85vkCNPgY/wWzLd0RY+tOYZkdi3MA
7aXVS4YRc5GtKVKbPyvdDyx3X7lYWnm5Xftr+m8pAoxNO0CzRbhiE3fj6gtHsiHg
Ii7IroypKOGcqR51hN6DMS4pFOXuLyzjKAQ01FM4cfohpv7Vg9hhTXtRrTfIVRzT
VSER1BfwFEYQ5VmEOw/OCAxIDGCfB9tByL7A3wlxqYnqaOEtTd0AcMYav5DxhWbz
TNvDVCzuVY+Aqr1p+Bvs9rbWwe04NtM3WoOi5C1HdS541HE5o1AYPEey43r+aR80
bJRJyOA=
-----END CERTIFICATE-----
Generated at Tue Jun 10 06:38:22 2025 by rpki-client