Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9172BD3/E80F137CB99211EEAB9F1D19C4F9AE02/2DAB7B74BE4211EE970F4140C4F9AE02.roa
File:                     2DAB7B74BE4211EE970F4140C4F9AE02.roa (raw, json)
Hash identifier:          T30+4AKrilbZIcAZi9NYz7bIJXkuS5yn1jvtRVqnvBo=
Subject key identifier:   BE:42:33:CE:DA:B7:15:F1:28:8C:E4:3C:DB:C1:BB:A7:B7:3E:B8:3F
Certificate issuer:       /CN=A9172BD3/serialNumber=4BE5068B37B1632530FF522386E7B7FB0188E9EA
Certificate serial:       01EA
Authority key identifier: 4B:E5:06:8B:37:B1:63:25:30:FF:52:23:86:E7:B7:FB:01:88:E9:EA
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/S-UGizexYyUw_1Ijhue3-wGI6eo.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9172BD3/E80F137CB99211EEAB9F1D19C4F9AE02/2DAB7B74BE4211EE970F4140C4F9AE02.roa
Signing time:             Wed 08 Jul 2026 10:29:08 +0000
ROA not before:           Wed 08 Jul 2026 10:29:08 +0000
ROA not after:            Fri 30 Jul 2027 00:00:00 +0000
asID:                     45442
IP address blocks:        164.75.8.0/24 maxlen: 24
                          164.75.34.24/29 maxlen: 29
                          164.75.64.0/20 maxlen: 20
                          164.75.96.0/20 maxlen: 20
                          164.75.112.0/20 maxlen: 20
                          164.75.128.0/24 maxlen: 24
                          164.75.143.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9172BD3/E80F137CB99211EEAB9F1D19C4F9AE02/S-UGizexYyUw_1Ijhue3-wGI6eo.crl
                          rsync://rpki.apnic.net/member_repository/A9172BD3/E80F137CB99211EEAB9F1D19C4F9AE02/S-UGizexYyUw_1Ijhue3-wGI6eo.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/S-UGizexYyUw_1Ijhue3-wGI6eo.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 24 Jul 2026 04:34:36 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 490 (0x1ea)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9172BD3, serialNumber=4BE5068B37B1632530FF522386E7B7FB0188E9EA
        Validity
            Not Before: Jul  8 10:29:08 2026 GMT
            Not After : Jul 30 00:00:00 2027 GMT
        Subject: CN=6a4e2674-f8f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ac:7b:12:c4:b9:52:1c:ab:31:94:e1:98:b3:77:
                    f8:08:29:dc:ae:b2:cf:50:f6:a6:68:0b:60:bc:a9:
                    99:b7:18:74:96:74:93:c3:af:19:22:6b:07:da:59:
                    b3:df:9c:c3:57:12:a1:e4:98:10:83:3b:aa:d9:eb:
                    40:42:06:da:50:1c:28:c4:51:76:6c:55:30:a6:31:
                    9e:45:ab:85:8b:06:69:c1:0b:75:85:8c:b9:ca:bd:
                    55:a2:60:7c:d7:eb:08:88:88:6c:bb:f1:7a:d5:23:
                    c7:0a:20:9f:92:65:aa:7c:af:78:6d:62:fc:cd:46:
                    03:c1:78:39:f9:2b:3a:5f:b5:1b:ed:5b:c7:00:00:
                    15:50:4f:3f:a1:57:12:d7:14:62:5c:e1:b0:a2:47:
                    e5:b3:10:47:8d:42:e2:d1:cf:3e:62:9e:85:52:8b:
                    31:5f:2b:64:f6:8c:b6:7a:70:4e:43:b7:50:f5:7b:
                    26:f3:58:08:50:3d:b2:56:7a:48:d9:f2:25:b1:6a:
                    63:10:60:21:6a:97:67:3e:9d:f4:ac:41:62:4c:46:
                    e9:12:49:50:6a:00:76:7d:b9:67:09:e5:73:1b:a5:
                    c6:a5:fe:4c:15:84:1f:af:5b:c7:fa:97:a0:5a:97:
                    9f:13:04:e5:4f:d6:ee:c0:bc:d1:5b:75:00:0a:d3:
                    f4:b1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BE:42:33:CE:DA:B7:15:F1:28:8C:E4:3C:DB:C1:BB:A7:B7:3E:B8:3F
            X509v3 Authority Key Identifier:
                keyid:4B:E5:06:8B:37:B1:63:25:30:FF:52:23:86:E7:B7:FB:01:88:E9:EA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9172BD3/E80F137CB99211EEAB9F1D19C4F9AE02/S-UGizexYyUw_1Ijhue3-wGI6eo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/S-UGizexYyUw_1Ijhue3-wGI6eo.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9172BD3/E80F137CB99211EEAB9F1D19C4F9AE02/2DAB7B74BE4211EE970F4140C4F9AE02.roa

            sbgp-ipAddrBlock: critical
                IPv4:
                  164.75.8.0/24
                  164.75.34.24/29
                  164.75.64.0/20
                  164.75.96.0-164.75.128.255
                  164.75.143.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:a9:7a:6e:b3:73:8d:f9:24:4b:1c:d4:56:5f:14:5e:83:0e:
         98:9f:6f:28:39:bd:09:76:bd:84:89:dd:92:0f:b7:1d:29:fc:
         08:18:6a:68:e5:d0:88:4e:8a:89:81:cb:80:e6:42:f9:6a:02:
         d5:33:ac:2a:d9:fe:ad:89:52:9b:b8:e0:7b:ad:ce:c0:22:12:
         1a:b4:12:03:a0:f4:ab:6c:0d:0d:35:2c:51:95:1d:46:dc:a6:
         11:3b:24:d6:2c:35:55:c8:ed:4a:e9:8a:e3:64:94:23:42:80:
         3c:c2:87:86:da:82:8b:e5:c2:03:df:b9:4b:6e:24:8e:cf:4c:
         4d:3d:00:d2:83:43:e2:c7:cb:3b:bc:c2:3d:ee:cb:36:b6:4e:
         93:f8:14:00:cc:2d:25:f7:af:25:21:f9:bd:cb:50:0d:32:c4:
         8a:4c:85:ce:46:5a:a1:57:ac:59:f0:73:25:4b:ad:f2:10:a3:
         92:df:83:eb:24:44:53:1f:54:a9:08:95:dc:ad:13:39:bb:52:
         68:04:68:33:c4:62:4e:ff:f0:9d:04:e4:53:d6:39:16:24:bd:
         d4:a1:6a:d4:65:fd:ff:c8:7b:b2:5c:8b:a3:1e:c2:8e:4c:cc:
         1e:1c:79:6f:d8:66:8f:4e:3b:09:46:95:25:4b:81:96:10:7f:
         03:6c:da:cf
-----BEGIN CERTIFICATE-----
MIIFXTCCBEWgAwIBAgICAeowDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NzJCRDMxMTAvBgNVBAUTKDRCRTUwNjhCMzdCMTYzMjUzMEZGNTIyMzg2RTdCN0ZC
MDE4OEU5RUEwHhcNMjYwNzA4MTAyOTA4WhcNMjcwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02YTRlMjY3NC1mOGY0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEArHsSxLlSHKsxlOGYs3f4CCncrrLPUPamaAtgvKmZtxh0lnSTw68ZImsH2lmz
35zDVxKh5JgQgzuq2etAQgbaUBwoxFF2bFUwpjGeRauFiwZpwQt1hYy5yr1VomB8
1+sIiIhsu/F61SPHCiCfkmWqfK94bWL8zUYDwXg5+Ss6X7Ub7VvHAAAVUE8/oVcS
1xRiXOGwokflsxBHjULi0c8+Yp6FUosxXytk9oy2enBOQ7dQ9Xsm81gIUD2yVnpI
2fIlsWpjEGAhapdnPp30rEFiTEbpEklQagB2fblnCeVzG6XGpf5MFYQfr1vH+peg
WpefEwTlT9buwLzRW3UACtP0sQIDAQABo4ICgTCCAn0wHQYDVR0OBBYEFL5CM87a
txXxKIzkPNvBu6e3Prg/MB8GA1UdIwQYMBaAFEvlBos3sWMlMP9SI4bnt/sBiOnq
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3MkJEMy9FODBGMTM3Q0I5
OTIxMUVFQUI5RjFEMTlDNEY5QUUwMi9TLVVHaXpleFl5VXdfMUlqaHVlMy13R0k2
ZW8uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL1MtVUdpemV4WXlVd18xSWpodWUzLXdHSTZlby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIGWBggrBgEFBQcBCwSBiTCBhjCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NzJCRDMvRTgwRjEzN0NCOTkyMTFFRUFCOUYxRDE5QzRGOUFFMDIvMkRBQjdCNzRC
RTQyMTFFRTk3MEY0MTQwQzRGOUFFMDIucm9hMEAGCCsGAQUFBwEHAQH/BDEwLzAt
BAIAATAnAwQApEsIAwUDpEsiGAMEBKRLQDAMAwQFpEtgAwQApEuAAwQApEuPMA0G
CSqGSIb3DQEBCwUAA4IBAQCaqXpus3ON+SRLHNRWXxRegw6Yn28oOb0Jdr2Eid2S
D7cdKfwIGGpo5dCIToqJgcuA5kL5agLVM6wq2f6tiVKbuOB7rc7AIhIatBIDoPSr
bA0NNSxRlR1G3KYROyTWLDVVyO1K6YrjZJQjQoA8woeG2oKL5cID37lLbiSOz0xN
PQDSg0Pix8s7vMI97ss2tk6T+BQAzC0l968lIfm9y1ANMsSKTIXORlqhV6xZ8HMl
S63yEKOS34PrJERTH1SpCJXcrRM5u1JoBGgzxGJO//CdBORT1jkWJL3UoWrUZf3/
yHuyXIujHsKOTMweHHlv2GaPTjsJRpUlS4GWEH8DbNrP
-----END CERTIFICATE-----
Generated at Sat Jul 18 04:31:01 2026 by rpki-client