Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A917748E/4D78926A4FA911EDADE5157CC4F9AE02/A4B9732E372211F088B77741C4F9AE02.roa
File:                     A4B9732E372211F088B77741C4F9AE02.roa (raw, json)
Hash identifier:          mk1V1FHxB9suL0UPFLyM/A4VOyjRdsjF6s6gkTDXYcQ=
Subject key identifier:   E8:CB:D1:0A:14:41:32:61:92:AD:FC:62:2A:3C:D5:C3:F7:BE:44:D9
Certificate issuer:       /CN=A917748E/serialNumber=4B3B5A01A8952FB5642D2484B7F0205AE7DCC761
Certificate serial:       01F1
Authority key identifier: 4B:3B:5A:01:A8:95:2F:B5:64:2D:24:84:B7:F0:20:5A:E7:DC:C7:61
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/SztaAaiVL7VkLSSEt_AgWufcx2E.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A917748E/4D78926A4FA911EDADE5157CC4F9AE02/A4B9732E372211F088B77741C4F9AE02.roa
Signing time:             Thu 22 May 2025 15:37:18 +0000
ROA not before:           Thu 22 May 2025 15:37:18 +0000
ROA not after:            Tue 30 Dec 2025 00:00:00 +0000
asID:                     394695
IP address blocks:        66.116.128.0/17 maxlen: 17
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A917748E/4D78926A4FA911EDADE5157CC4F9AE02/SztaAaiVL7VkLSSEt_AgWufcx2E.crl
                          rsync://rpki.apnic.net/member_repository/A917748E/4D78926A4FA911EDADE5157CC4F9AE02/SztaAaiVL7VkLSSEt_AgWufcx2E.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/SztaAaiVL7VkLSSEt_AgWufcx2E.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 18 Jun 2025 02:00:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 497 (0x1f1)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A917748E, serialNumber=4B3B5A01A8952FB5642D2484B7F0205AE7DCC761
        Validity
            Not Before: May 22 15:37:18 2025 GMT
            Not After : Dec 30 00:00:00 2025 GMT
        Subject: CN=682f44ae-0bce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:90:03:ad:f2:72:ae:56:0f:ea:87:db:2e:30:
                    56:4e:a3:fd:3d:99:bd:a2:c4:1e:d9:41:2a:10:83:
                    1c:25:5a:c5:57:92:81:3b:52:2b:29:bc:4c:c8:33:
                    a7:3e:ad:2a:36:36:e3:d0:ec:0b:6c:40:1a:12:80:
                    cc:bf:67:12:54:60:76:53:b3:f1:30:dc:7d:90:48:
                    13:f6:bd:b2:82:26:65:0b:2d:b7:b8:88:58:84:82:
                    f2:fb:04:4f:a8:00:b9:25:18:5e:db:ab:4f:d1:e7:
                    ed:83:03:27:89:a9:2d:aa:f3:3d:a2:6c:c5:68:d1:
                    20:c9:d2:05:43:ae:0e:9c:00:cd:70:1a:0c:73:cb:
                    ae:79:61:9b:59:0f:94:a7:c5:85:9b:e2:91:a3:0b:
                    ad:bf:04:2b:0c:fa:47:7a:0d:05:1f:dd:de:60:12:
                    8a:01:61:48:dd:d9:34:87:36:a0:0e:e0:1f:be:e6:
                    9e:2c:bf:28:53:42:6f:39:ab:f0:1e:f3:4f:f3:92:
                    29:a8:c7:80:87:01:0b:e2:52:9d:30:18:bc:e7:2c:
                    0b:a2:8c:89:90:47:f6:4b:b9:b3:5c:28:66:a0:4e:
                    c4:cf:18:f3:48:b4:1b:88:37:6f:14:a4:6e:19:65:
                    20:44:70:27:35:98:3b:92:2b:d8:96:62:72:06:8f:
                    32:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E8:CB:D1:0A:14:41:32:61:92:AD:FC:62:2A:3C:D5:C3:F7:BE:44:D9
            X509v3 Authority Key Identifier:
                keyid:4B:3B:5A:01:A8:95:2F:B5:64:2D:24:84:B7:F0:20:5A:E7:DC:C7:61

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A917748E/4D78926A4FA911EDADE5157CC4F9AE02/SztaAaiVL7VkLSSEt_AgWufcx2E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/SztaAaiVL7VkLSSEt_AgWufcx2E.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A917748E/4D78926A4FA911EDADE5157CC4F9AE02/A4B9732E372211F088B77741C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  66.116.128.0/17

    Signature Algorithm: sha256WithRSAEncryption
         9c:9e:43:ba:dc:9b:cd:ec:6c:43:b2:12:86:7f:7a:3d:56:d9:
         b7:61:0f:0b:d0:60:cd:37:83:21:c1:25:e9:1b:74:ed:4a:e9:
         e1:16:da:c4:31:8b:42:c6:b9:78:93:f7:d4:73:c0:b5:5d:e7:
         8e:4e:5c:2a:08:73:7b:a4:9e:73:2f:ba:21:69:85:1e:ac:57:
         a8:b5:93:08:4d:32:6f:98:7b:a7:6c:fa:63:ae:ac:35:ed:20:
         65:32:9f:46:25:38:74:6a:09:ba:23:58:58:2e:20:ce:7c:4b:
         4c:52:2f:4c:7b:09:d2:46:4d:42:a8:4e:90:58:93:e5:a5:c8:
         49:37:85:9b:53:a5:5f:51:59:2c:1a:3d:8f:79:f8:00:67:6e:
         42:62:b7:5f:ae:07:88:36:9e:ba:87:7f:0e:e0:41:14:0b:99:
         d0:ed:9f:37:a3:e9:47:09:ee:19:80:cd:11:bf:3b:c1:7c:5b:
         d8:05:13:9c:96:b5:93:72:f0:b7:88:85:7b:e4:b9:cf:a7:14:
         d5:2d:1e:bf:c6:15:60:09:94:ee:14:74:86:86:59:bb:53:6a:
         bf:19:f6:93:fe:7c:c1:43:af:cd:71:af:c8:e4:e6:ce:3d:fb:
         fa:11:0c:8d:39:fb:b3:e5:e6:bb:4e:62:17:39:7f:a1:5f:12:
         17:04:be:95
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICAfEwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
Nzc0OEUxMTAvBgNVBAUTKDRCM0I1QTAxQTg5NTJGQjU2NDJEMjQ4NEI3RjAyMDVB
RTdEQ0M3NjEwHhcNMjUwNTIyMTUzNzE4WhcNMjUxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODJmNDRhZS0wYmNlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAtZADrfJyrlYP6ofbLjBWTqP9PZm9osQe2UEqEIMcJVrFV5KBO1IrKbxMyDOn
Pq0qNjbj0OwLbEAaEoDMv2cSVGB2U7PxMNx9kEgT9r2ygiZlCy23uIhYhILy+wRP
qAC5JRhe26tP0eftgwMniaktqvM9omzFaNEgydIFQ64OnADNcBoMc8uueWGbWQ+U
p8WFm+KRowutvwQrDPpHeg0FH93eYBKKAWFI3dk0hzagDuAfvuaeLL8oU0JvOavw
HvNP85IpqMeAhwEL4lKdMBi85ywLooyJkEf2S7mzXChmoE7EzxjzSLQbiDdvFKRu
GWUgRHAnNZg7kivYlmJyBo8yRQIDAQABo4IClTCCApEwHQYDVR0OBBYEFOjL0QoU
QTJhkq38Yio81cP3vkTZMB8GA1UdIwQYMBaAFEs7WgGolS+1ZC0khLfwIFrn3Mdh
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE3NzQ4RS80RDc4OTI2QTRG
QTkxMUVEQURFNTE1N0NDNEY5QUUwMi9TenRhQWFpVkw3VmtMU1NFdF9BZ1d1ZmN4
MkUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL1N6dGFBYWlWTDdWa0xTU0V0X0FnV3VmY3gyRS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
Nzc0OEUvNEQ3ODkyNkE0RkE5MTFFREFERTUxNTdDQzRGOUFFMDIvQTRCOTczMkUz
NzIyMTFGMDg4Qjc3NzQxQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAdCdIAwDQYJKoZIhvcNAQELBQADggEBAJyeQ7rcm83sbEOy
EoZ/ej1W2bdhDwvQYM03gyHBJekbdO1K6eEW2sQxi0LGuXiT99RzwLVd545OXCoI
c3uknnMvuiFphR6sV6i1kwhNMm+Ye6ds+mOurDXtIGUyn0YlOHRqCbojWFguIM58
S0xSL0x7CdJGTUKoTpBYk+WlyEk3hZtTpV9RWSwaPY95+ABnbkJit1+uB4g2nrqH
fw7gQRQLmdDtnzej6UcJ7hmAzRG/O8F8W9gFE5yWtZNy8LeIhXvkuc+nFNUtHr/G
FWAJlO4UdIaGWbtTar8Z9pP+fMFDr81xr8jk5s49+/oRDI05+7Pl5rtOYhc5f6Ff
EhcEvpU=
-----END CERTIFICATE-----
Generated at Wed Jun 11 06:17:23 2025 by rpki-client