Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A918D2CA/09F74EF6354711F08103BE24C4F9AE02/8C9E2B18354711F09FCEEE25C4F9AE02.roa
File:                     8C9E2B18354711F09FCEEE25C4F9AE02.roa (raw, json)
Hash identifier:          iXRkCvMuEb2mCCQ3WPeQVPDrtMuYggiC5UewvS7CFYE=
Subject key identifier:   5D:8C:63:7B:D1:C1:CA:8C:CF:53:DC:E4:F6:1E:66:45:73:0A:99:E8
Certificate issuer:       /CN=A918D2CA/serialNumber=6F91C76A4F74664100DD8DEBD1785142E137802D
Certificate serial:       02
Authority key identifier: 6F:91:C7:6A:4F:74:66:41:00:DD:8D:EB:D1:78:51:42:E1:37:80:2D
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/b5HHak90ZkEA3Y3r0XhRQuE3gC0.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A918D2CA/09F74EF6354711F08103BE24C4F9AE02/8C9E2B18354711F09FCEEE25C4F9AE02.roa
Signing time:             Tue 20 May 2025 06:56:27 +0000
ROA not before:           Tue 20 May 2025 06:56:27 +0000
ROA not after:            Tue 31 Mar 2026 00:00:00 +0000
asID:                     133182
IP address blocks:        160.250.201.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A918D2CA/09F74EF6354711F08103BE24C4F9AE02/b5HHak90ZkEA3Y3r0XhRQuE3gC0.crl
                          rsync://rpki.apnic.net/member_repository/A918D2CA/09F74EF6354711F08103BE24C4F9AE02/b5HHak90ZkEA3Y3r0XhRQuE3gC0.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/b5HHak90ZkEA3Y3r0XhRQuE3gC0.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 16 Jun 2025 05:32:14 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A918D2CA, serialNumber=6F91C76A4F74664100DD8DEBD1785142E137802D
        Validity
            Not Before: May 20 06:56:27 2025 GMT
            Not After : Mar 31 00:00:00 2026 GMT
        Subject: CN=682c279a-8d43
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:82:cf:8d:3a:54:35:da:f9:e8:d7:c4:22:21:
                    a7:e9:72:86:73:ea:21:23:94:84:44:68:1a:63:db:
                    f9:eb:e5:b0:35:27:ff:48:fd:7a:35:d5:41:85:7a:
                    da:ca:cf:ef:4a:1b:b6:65:9b:20:1d:ed:1e:b9:8b:
                    78:36:92:5b:e8:78:e8:55:ef:4f:7e:f5:aa:b9:a6:
                    60:8a:89:4d:00:c0:21:41:b3:fd:51:98:5c:87:5d:
                    e9:a0:50:01:99:60:84:0c:2b:77:2a:04:4d:78:40:
                    a4:86:ad:6f:64:08:67:7f:2e:e2:db:1d:47:31:b3:
                    48:a6:4e:40:62:18:85:19:9f:ad:c1:0d:66:25:44:
                    85:10:68:95:40:66:86:57:75:44:08:47:60:dd:9d:
                    8e:7a:7e:69:d5:a3:8c:ed:a8:f2:c0:71:84:a7:5b:
                    90:59:91:6a:4a:77:b2:3c:6f:55:2d:8a:ea:8c:4c:
                    02:fc:35:ca:c1:5d:7a:7d:92:a9:f4:8f:76:37:d6:
                    54:af:04:3a:ac:38:1d:23:9a:eb:10:a3:bd:7c:f2:
                    df:bb:d7:ca:72:76:2a:fd:07:80:ae:70:59:e9:cf:
                    b0:6e:7c:78:a0:c6:ce:cc:e8:be:2a:4a:cd:54:3e:
                    27:07:65:a6:07:73:7f:da:fd:22:f6:2d:a1:e2:01:
                    10:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:8C:63:7B:D1:C1:CA:8C:CF:53:DC:E4:F6:1E:66:45:73:0A:99:E8
            X509v3 Authority Key Identifier:
                keyid:6F:91:C7:6A:4F:74:66:41:00:DD:8D:EB:D1:78:51:42:E1:37:80:2D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A918D2CA/09F74EF6354711F08103BE24C4F9AE02/b5HHak90ZkEA3Y3r0XhRQuE3gC0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/b5HHak90ZkEA3Y3r0XhRQuE3gC0.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918D2CA/09F74EF6354711F08103BE24C4F9AE02/8C9E2B18354711F09FCEEE25C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  160.250.201.0/24

    Signature Algorithm: sha256WithRSAEncryption
         77:a9:3d:5b:9f:9a:4d:9e:21:3d:06:c9:ce:bb:76:27:07:55:
         7b:81:ed:51:50:98:a1:ca:cd:fe:f9:d8:e9:26:00:75:d9:3f:
         9f:67:56:d9:07:dc:2d:99:44:a2:c1:20:9a:2f:a4:28:26:fb:
         c4:65:88:5a:28:4f:6c:dc:3a:a6:12:d8:ff:3c:dc:9b:75:74:
         9b:81:e7:c9:33:3b:8f:96:35:54:4d:64:74:dd:a5:98:36:8e:
         c2:27:79:a6:90:a7:b7:7b:95:35:ff:89:51:01:01:af:96:22:
         f4:c6:11:b6:58:4f:df:ee:44:28:18:5e:fd:82:f0:84:1f:2b:
         66:89:14:c7:d3:6f:75:40:94:3a:26:82:d7:33:22:be:30:23:
         ad:d1:9b:b9:77:d8:b1:a7:9b:55:ab:f2:82:6f:d3:18:dc:ff:
         83:87:29:bc:18:ce:01:19:c4:d5:55:87:90:13:05:79:4a:77:
         20:25:bd:96:b1:c4:7f:2c:fd:b0:e8:9d:bf:14:fe:5f:cb:46:
         32:e4:46:82:a9:68:06:ba:dc:90:44:8e:1d:89:27:03:3a:c5:
         35:5d:a4:9d:12:8c:b9:51:17:96:a1:e4:77:e7:36:fe:bd:75:
         3e:e3:65:8f:2e:51:92:2c:f7:bc:a6:d8:49:c8:e7:0d:20:71:
         99:e6:37:f5
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgIBAjANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTE4
RDJDQTExMC8GA1UEBRMoNkY5MUM3NkE0Rjc0NjY0MTAwREQ4REVCRDE3ODUxNDJF
MTM3ODAyRDAeFw0yNTA1MjAwNjU2MjdaFw0yNjAzMzEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY4MmMyNzlhLThkNDMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCygs+NOlQ12vno18QiIafpcoZz6iEjlIREaBpj2/nr5bA1J/9I/Xo11UGFetrK
z+9KG7ZlmyAd7R65i3g2klvoeOhV709+9aq5pmCKiU0AwCFBs/1RmFyHXemgUAGZ
YIQMK3cqBE14QKSGrW9kCGd/LuLbHUcxs0imTkBiGIUZn63BDWYlRIUQaJVAZoZX
dUQIR2DdnY56fmnVo4ztqPLAcYSnW5BZkWpKd7I8b1UtiuqMTAL8NcrBXXp9kqn0
j3Y31lSvBDqsOB0jmusQo7188t+718pydir9B4CucFnpz7BufHigxs7M6L4qSs1U
PicHZaYHc3/a/SL2LaHiARDDAgMBAAGjggKVMIICkTAdBgNVHQ4EFgQUXYxje9HB
yozPU9zk9h5mRXMKmegwHwYDVR0jBBgwFoAUb5HHak90ZkEA3Y3r0XhRQuE3gC0w
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MThEMkNBLzA5Rjc0RUY2MzU0
NzExRjA4MTAzQkUyNEM0RjlBRTAyL2I1SEhhazkwWmtFQTNZM3IwWGhSUXVFM2dD
MC5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRGMjAxRDY2MTFFMjhBQzg4MzdDNzJG
RDFGRjIvYjVISGFrOTBaa0VBM1kzcjBYaFJRdUUzZ0MwLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4
RDJDQS8wOUY3NEVGNjM1NDcxMUYwODEwM0JFMjRDNEY5QUUwMi84QzlFMkIxODM1
NDcxMUYwOUZDRUVFMjVDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEAKD6yTANBgkqhkiG9w0BAQsFAAOCAQEAd6k9W5+aTZ4hPQbJ
zrt2JwdVe4HtUVCYocrN/vnY6SYAddk/n2dW2QfcLZlEosEgmi+kKCb7xGWIWihP
bNw6phLY/zzcm3V0m4HnyTM7j5Y1VE1kdN2lmDaOwid5ppCnt3uVNf+JUQEBr5Yi
9MYRtlhP3+5EKBhe/YLwhB8rZokUx9NvdUCUOiaC1zMivjAjrdGbuXfYsaebVavy
gm/TGNz/g4cpvBjOARnE1VWHkBMFeUp3ICW9lrHEfyz9sOidvxT+X8tGMuRGgqlo
BrrckESOHYknAzrFNV2knRKMuVEXlqHkd+c2/r11PuNljy5Rkiz3vKbYScjnDSBx
meY39Q==
-----END CERTIFICATE-----
Generated at Mon Jun 9 13:19:56 2025 by rpki-client