Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91709BC/892897302E9011E99177960FC4F9AE02/8EA288F62E9511E9896EFA1DC4F9AE02.roa
File:                     8EA288F62E9511E9896EFA1DC4F9AE02.roa (raw, json)
Hash identifier:          S5sgxNBi0p+O5VGwcCA6mYFpVmBWw6J0mLdcaJC7l/k=
Subject key identifier:   A3:7C:12:A1:7D:15:76:42:01:36:2E:10:9C:30:1B:11:F0:BD:55:22
Certificate issuer:       /CN=A91709BC/serialNumber=36EE8A401305EB38E28D86A5DB7F7628AAB7E24F
Certificate serial:       1103
Authority key identifier: 36:EE:8A:40:13:05:EB:38:E2:8D:86:A5:DB:7F:76:28:AA:B7:E2:4F
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Nu6KQBMF6zjijYal2392KKq34k8.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91709BC/892897302E9011E99177960FC4F9AE02/8EA288F62E9511E9896EFA1DC4F9AE02.roa
Signing time:             Sat 24 May 2025 17:49:47 +0000
ROA not before:           Sat 24 May 2025 17:49:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     45782
IP address blocks:        210.4.6.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91709BC/892897302E9011E99177960FC4F9AE02/Nu6KQBMF6zjijYal2392KKq34k8.crl
                          rsync://rpki.apnic.net/member_repository/A91709BC/892897302E9011E99177960FC4F9AE02/Nu6KQBMF6zjijYal2392KKq34k8.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Nu6KQBMF6zjijYal2392KKq34k8.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 15 Jun 2025 17:13:50 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4355 (0x1103)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91709BC, serialNumber=36EE8A401305EB38E28D86A5DB7F7628AAB7E24F
        Validity
            Not Before: May 24 17:49:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=683206ba-8e82
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cf:61:a1:2e:78:b8:97:ea:c1:1b:d5:f2:96:44:
                    39:11:64:55:e5:b3:e6:98:b3:55:a4:a3:cb:07:fb:
                    50:5e:c6:d3:dc:5b:33:31:50:bb:24:13:eb:b6:68:
                    79:e7:a5:3f:75:7d:49:c3:c9:0c:11:2a:35:25:86:
                    f1:cc:0c:ac:4c:9c:3b:52:8c:6c:c1:38:16:1b:81:
                    81:41:73:7b:ff:1b:21:8b:f7:22:0b:df:95:d7:2d:
                    54:86:52:0c:da:3c:3a:5a:c5:36:b9:d5:25:9e:87:
                    b6:80:76:03:4f:ab:e0:e2:35:64:c7:9f:a6:4c:65:
                    97:c5:be:d0:32:c7:d8:35:b8:c9:50:ea:d4:5c:80:
                    fd:e4:5c:86:9f:0f:a4:50:78:4f:0a:34:e5:16:dd:
                    71:e7:89:22:48:22:e3:d5:af:8b:36:6e:02:07:af:
                    e5:ec:41:69:cf:1d:b8:f2:d7:ac:88:ee:c9:27:93:
                    fb:b0:89:16:de:44:14:35:c3:01:d9:e1:94:ac:28:
                    4f:33:92:0a:46:d3:7c:09:43:26:4f:ff:26:dd:0b:
                    71:42:d2:20:80:c4:44:34:d0:75:62:32:91:08:b4:
                    29:1f:4b:96:f6:7f:d0:32:3d:34:ec:c3:a7:4e:01:
                    2b:2c:19:a7:d6:c5:71:50:f5:7a:5f:e3:eb:b4:49:
                    c9:bd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:7C:12:A1:7D:15:76:42:01:36:2E:10:9C:30:1B:11:F0:BD:55:22
            X509v3 Authority Key Identifier:
                keyid:36:EE:8A:40:13:05:EB:38:E2:8D:86:A5:DB:7F:76:28:AA:B7:E2:4F

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91709BC/892897302E9011E99177960FC4F9AE02/Nu6KQBMF6zjijYal2392KKq34k8.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/Nu6KQBMF6zjijYal2392KKq34k8.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91709BC/892897302E9011E99177960FC4F9AE02/8EA288F62E9511E9896EFA1DC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  210.4.6.0/24

    Signature Algorithm: sha256WithRSAEncryption
         33:1f:52:40:bb:c8:f1:62:97:f2:1b:30:66:2a:1d:8e:b5:20:
         ac:de:fe:8b:d9:e9:a9:77:d0:4a:dc:59:14:51:35:ed:68:75:
         2a:c9:b4:0e:43:91:21:8a:3e:f0:d0:8e:50:d4:28:37:e7:bf:
         79:14:8f:0a:2e:03:a6:65:3f:2c:03:a5:82:a8:d0:43:1d:6d:
         7e:0a:7b:e2:01:4a:35:13:9c:e2:f2:11:0e:cd:e5:2a:d5:12:
         ae:6c:46:ab:f0:8f:ac:be:44:09:0a:0f:f1:8b:57:0d:8a:a6:
         59:f8:ad:47:62:aa:65:7a:7e:12:01:91:cc:b5:0e:15:5b:8c:
         52:c7:bb:f5:49:40:3b:ee:5d:7c:f4:08:96:ec:d6:61:9e:43:
         e5:71:63:a9:b3:ac:f4:4c:a9:e2:fb:6f:5c:00:3a:91:f2:6c:
         24:fc:62:06:a3:e8:d3:5d:97:67:ac:88:15:fb:77:e2:b9:75:
         bd:6b:21:f4:2f:e2:fd:6a:60:6a:de:aa:84:5f:35:c9:a4:3d:
         77:4c:58:10:8c:d3:a7:61:83:92:1f:18:c4:9a:2c:c2:70:d7:
         2c:05:8e:6c:e6:05:04:2f:d9:de:35:a3:04:15:f9:3f:f7:23:
         bd:c3:68:11:02:40:05:34:40:a4:9c:70:08:6a:30:d9:88:d5:
         15:b4:18:76
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICEQMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NzA5QkMxMTAvBgNVBAUTKDM2RUU4QTQwMTMwNUVCMzhFMjhEODZBNURCN0Y3NjI4
QUFCN0UyNEYwHhcNMjUwNTI0MTc0OTQ3WhcNMjYwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODMyMDZiYS04ZTgyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAz2GhLni4l+rBG9XylkQ5EWRV5bPmmLNVpKPLB/tQXsbT3FszMVC7JBPrtmh5
56U/dX1Jw8kMESo1JYbxzAysTJw7UoxswTgWG4GBQXN7/xshi/ciC9+V1y1UhlIM
2jw6WsU2udUlnoe2gHYDT6vg4jVkx5+mTGWXxb7QMsfYNbjJUOrUXID95FyGnw+k
UHhPCjTlFt1x54kiSCLj1a+LNm4CB6/l7EFpzx248tesiO7JJ5P7sIkW3kQUNcMB
2eGUrChPM5IKRtN8CUMmT/8m3QtxQtIggMRENNB1YjKRCLQpH0uW9n/QMj007MOn
TgErLBmn1sVxUPV6X+PrtEnJvQIDAQABo4IClTCCApEwHQYDVR0OBBYEFKN8EqF9
FXZCATYuEJwwGxHwvVUiMB8GA1UdIwQYMBaAFDbuikATBes44o2Gpdt/diiqt+JP
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3MDlCQy84OTI4OTczMDJF
OTAxMUU5OTE3Nzk2MEZDNEY5QUUwMi9OdTZLUUJNRjZ6amlqWWFsMjM5MktLcTM0
azguY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL051NktRQk1GNnpqaWpZYWwyMzkyS0txMzRrOC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NzA5QkMvODkyODk3MzAyRTkwMTFFOTkxNzc5NjBGQzRGOUFFMDIvOEVBMjg4RjYy
RTk1MTFFOTg5NkVGQTFEQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADSBAYwDQYJKoZIhvcNAQELBQADggEBADMfUkC7yPFil/Ib
MGYqHY61IKze/ovZ6al30ErcWRRRNe1odSrJtA5DkSGKPvDQjlDUKDfnv3kUjwou
A6ZlPywDpYKo0EMdbX4Ke+IBSjUTnOLyEQ7N5SrVEq5sRqvwj6y+RAkKD/GLVw2K
pln4rUdiqmV6fhIBkcy1DhVbjFLHu/VJQDvuXXz0CJbs1mGeQ+VxY6mzrPRMqeL7
b1wAOpHybCT8Ygaj6NNdl2esiBX7d+K5db1rIfQv4v1qYGreqoRfNcmkPXdMWBCM
06dhg5IfGMSaLMJw1ywFjmzmBQQv2d41owQV+T/3I73DaBECQAU0QKSccAhqMNmI
1RW0GHY=
-----END CERTIFICATE-----
Generated at Tue Jun 10 06:55:36 2025 by rpki-client