Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/1EEABD982B3311F0A7450418C4F9AE02.roa
File:                     1EEABD982B3311F0A7450418C4F9AE02.roa (raw, json)
Hash identifier:          098NDRGAmYFL5vQ1oX0DJdPThy0xGWMzjgPoLgK9pSI=
Subject key identifier:   F7:49:7E:83:47:3C:BC:F8:39:70:59:A4:1A:DD:FD:4A:38:94:E9:1A
Certificate issuer:       /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial:       BC29
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/1EEABD982B3311F0A7450418C4F9AE02.roa
Signing time:             Tue 27 May 2025 12:25:20 +0000
ROA not before:           Tue 27 May 2025 12:25:20 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     153271
IP address blocks:        43.242.224.0/24 maxlen: 24
                          43.242.225.0/24 maxlen: 24
                          43.242.226.0/24 maxlen: 24
                          43.242.227.0/24 maxlen: 24
                          45.112.56.0/22 maxlen: 24
                          103.181.4.0/24 maxlen: 24
                          103.181.5.0/24 maxlen: 24
                          103.232.24.0/24 maxlen: 24
                          103.232.25.0/24 maxlen: 24
                          103.232.26.0/24 maxlen: 24
                          103.232.27.0/24 maxlen: 24
                          103.239.168.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
                          rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 18 Jun 2025 10:42:11 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 48169 (0xbc29)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A918EDB2, serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
        Validity
            Not Before: May 27 12:25:20 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=6835af2f-e5c6
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:da:fe:b4:32:a4:f0:37:57:1f:60:ea:61:d1:d2:
                    d4:f3:d2:db:e7:9d:3c:9a:0e:54:86:39:21:4d:4d:
                    ce:9a:2a:ca:23:14:8f:72:c3:8a:59:bf:06:ae:df:
                    dc:2b:c0:19:1c:19:0a:ac:0c:43:ca:74:2a:a7:e5:
                    d8:c8:85:e4:a5:9f:84:9b:48:dd:ce:ac:48:e0:15:
                    ba:df:c0:a6:7c:01:a8:c3:94:1e:e0:76:e5:da:9a:
                    75:6a:c9:bf:50:b5:b9:92:36:4d:47:fd:31:3a:b8:
                    54:a7:50:40:4b:b0:ef:f1:b2:83:23:01:b8:c0:e7:
                    df:ee:3f:17:75:59:cb:79:85:92:38:98:b7:cc:da:
                    b9:d0:3b:bb:58:8b:ec:51:6f:0c:fa:f0:6c:52:fd:
                    db:1f:80:c3:c0:99:2f:0f:b1:2e:fa:6b:54:9a:7c:
                    18:2f:0f:78:84:1d:93:13:b0:b7:e9:28:26:66:a9:
                    74:7a:cb:9a:19:61:da:0b:5f:45:32:e2:89:c4:f3:
                    5c:94:d4:19:c6:a2:e1:89:04:0f:6e:2a:ea:e6:a2:
                    5c:71:a1:9a:d3:fa:03:44:b3:84:59:0b:18:86:3d:
                    1b:0b:6e:b1:a3:33:1f:c2:ac:82:fd:2c:4d:09:96:
                    7b:5e:e7:35:7a:cb:c1:f1:71:0e:f0:63:e6:97:fe:
                    f0:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F7:49:7E:83:47:3C:BC:F8:39:70:59:A4:1A:DD:FD:4A:38:94:E9:1A
            X509v3 Authority Key Identifier:
                keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/1EEABD982B3311F0A7450418C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  43.242.224.0/22
                  45.112.56.0/22
                  103.181.4.0/23
                  103.232.24.0/22
                  103.239.168.0/22

    Signature Algorithm: sha256WithRSAEncryption
         0d:15:c2:1b:db:e0:5a:a6:c5:22:27:0e:86:26:58:e3:20:bf:
         04:29:d9:29:08:4a:d4:ff:c5:a5:34:9c:55:d8:45:8d:c2:85:
         95:d7:cd:ba:99:22:a2:35:6a:7d:34:2b:93:4a:8b:a0:2d:87:
         40:cc:92:a5:88:2e:bb:53:94:9c:27:21:77:f3:f6:79:5f:5a:
         8e:c2:4e:61:b5:17:e7:e3:9a:68:54:96:cf:8b:0c:a2:78:fe:
         cf:23:79:6d:7e:86:a0:30:1d:43:40:37:4d:c4:cb:d5:dc:87:
         cb:6b:e3:80:a4:6e:df:f5:fd:b0:38:cb:ab:14:70:f5:e9:44:
         e0:3f:48:2d:33:5c:98:ac:b2:bc:c0:3f:49:6d:3a:aa:d4:99:
         40:f8:31:d3:38:0b:c9:5b:0f:fd:8c:6c:bf:2e:c6:b2:cf:f2:
         1c:bb:c8:b8:07:96:4f:11:0f:40:7f:52:48:91:ab:3b:1e:90:
         d1:c4:b7:92:b4:9e:00:02:78:37:9e:5b:1c:42:9e:c6:e0:07:
         7d:f8:7e:c4:54:4f:bb:b0:5b:12:47:68:99:f8:ff:c3:33:bf:
         b9:ff:d8:e0:e8:54:43:b2:58:c4:ca:a9:d7:62:62:29:6a:b3:
         30:e1:f5:fe:f4:44:07:62:14:f0:8f:21:02:48:df:b1:23:04:
         93:3a:32:a4
-----BEGIN CERTIFICATE-----
MIIFijCCBHKgAwIBAgIDALwpMA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MThFREIyMTEwLwYDVQQFEygyOTZFREI2NEYzQUY2RTlEOTgwOTMyRTgxNkY5NTk4
M0UzQUJDODIzMB4XDTI1MDUyNzEyMjUyMFoXDTI2MDcwMTAwMDAwMFowGDEWMBQG
A1UEAxMNNjgzNWFmMmYtZTVjNjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANr+tDKk8DdXH2DqYdHS1PPS2+edPJoOVIY5IU1NzpoqyiMUj3LDilm/Bq7f
3CvAGRwZCqwMQ8p0Kqfl2MiF5KWfhJtI3c6sSOAVut/ApnwBqMOUHuB25dqadWrJ
v1C1uZI2TUf9MTq4VKdQQEuw7/GygyMBuMDn3+4/F3VZy3mFkjiYt8zaudA7u1iL
7FFvDPrwbFL92x+Aw8CZLw+xLvprVJp8GC8PeIQdkxOwt+koJmapdHrLmhlh2gtf
RTLiicTzXJTUGcai4YkED24q6uaiXHGhmtP6A0SzhFkLGIY9GwtusaMzH8Ksgv0s
TQmWe17nNXrLwfFxDvBj5pf+8K8CAwEAAaOCAq0wggKpMB0GA1UdDgQWBBT3SX6D
Rzy8+DlwWaQa3f1KOJTpGjAfBgNVHSMEGDAWgBQpbttk869unZgJMugW+VmD46vI
IzAOBgNVHQ8BAf8EBAMCB4AwgYMGA1UdHwR8MHoweKB2oHSGcnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkxOEVEQjIvMkE0M0UzMEM3
MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvS1c3YlpQT3ZicDJZQ1RMb0Z2bFpnLU9y
eUNNLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3
MkZEMUZGMi9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5Q00uY2VyMEoGA1UdIAEB
/wRAMD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBu
aWMubmV0L1JQS0kvQ1BTLnBkZjCBywYIKwYBBQUHAQsEgb4wgbswgYMGCCsGAQUF
BzALhndyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MThFREIyLzJBNDNFMzBDNzBFOTExRTJCMzZENEI2QjI5NzlCQjIwLzFFRUFCRDk4
MkIzMzExRjBBNzQ1MDQxOEM0RjlBRTAyLnJvYTAzBggrBgEFBQcwDYYnaHR0cHM6
Ly9ycmRwLmFwbmljLm5ldC9ub3RpZmljYXRpb24ueG1sMDcGCCsGAQUFBwEHAQH/
BCgwJjAkBAIAATAeAwQCK/LgAwQCLXA4AwQBZ7UEAwQCZ+gYAwQCZ++oMA0GCSqG
SIb3DQEBCwUAA4IBAQANFcIb2+BapsUiJw6GJljjIL8EKdkpCErU/8WlNJxV2EWN
woWV1826mSKiNWp9NCuTSougLYdAzJKliC67U5ScJyF38/Z5X1qOwk5htRfn45po
VJbPiwyieP7PI3ltfoagMB1DQDdNxMvV3IfLa+OApG7f9f2wOMurFHD16UTgP0gt
M1yYrLK8wD9JbTqq1JlA+DHTOAvJWw/9jGy/Lsayz/Icu8i4B5ZPEQ9Af1JIkas7
HpDRxLeStJ4AAng3nlscQp7G4Ad9+H7EVE+7sFsSR2iZ+P/DM7+5/9jg6FRDsljE
yqnXYmIparMw4fX+9EQHYhTwjyECSN+xIwSTOjKk
-----END CERTIFICATE-----
Generated at Wed Jun 11 22:32:42 2025 by rpki-client