Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/4C3CD438DAD011EAB216C959C4F9AE02.roa
File:                     4C3CD438DAD011EAB216C959C4F9AE02.roa (raw, json)
Hash identifier:          N9TJAz80okdlPyL3gZ93munKSlfEkQY/LWY19XWxIMc=
Subject key identifier:   18:91:11:3D:82:16:E7:6A:97:66:6B:3A:13:82:5E:62:65:B7:E9:81
Certificate issuer:       /CN=A918EDB2/serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
Certificate serial:       BA7A
Authority key identifier: 29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/4C3CD438DAD011EAB216C959C4F9AE02.roa
Signing time:             Thu 08 May 2025 16:32:30 +0000
ROA not before:           Thu 08 May 2025 16:32:30 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     9501
IP address blocks:        202.53.96.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl
                          rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 19 Jun 2025 07:37:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 47738 (0xba7a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A918EDB2, serialNumber=296EDB64F3AF6E9D980932E816F95983E3ABC823
        Validity
            Not Before: May  8 16:32:30 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=681cdc9e-5629
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c5:90:bf:5e:44:22:a8:74:f0:03:21:be:85:a4:
                    a8:f1:23:39:c2:da:40:de:ac:f9:43:f8:ff:9f:e9:
                    3a:db:cb:b9:a2:61:a2:13:5b:69:1d:b0:fb:70:fd:
                    f4:aa:ba:bc:13:0e:8c:ca:08:6d:33:3f:df:33:24:
                    d7:cb:52:56:25:af:c7:56:44:0f:22:73:3b:5b:3e:
                    0f:84:db:ea:b2:45:69:23:78:0e:bd:70:52:42:0e:
                    8e:7d:3c:93:45:d2:7d:33:4c:06:0e:cb:7e:11:d5:
                    df:27:23:03:cf:ab:64:bd:30:e4:09:9f:ee:02:d9:
                    f9:47:87:f1:90:05:e0:7a:e5:96:39:a6:63:df:bb:
                    96:83:9b:4a:f2:7e:c9:91:37:08:cd:e6:ad:d8:a6:
                    98:36:2b:23:76:a4:07:a8:57:a8:8a:1d:0d:56:4c:
                    04:5c:86:8b:22:ea:de:e1:46:09:5b:4f:5b:0c:57:
                    11:db:86:6c:bf:98:df:b1:7b:53:0d:c3:ee:a0:8f:
                    81:6d:27:82:0f:59:cd:20:6e:b7:e5:18:06:be:34:
                    25:81:d5:2c:13:e4:b7:3d:80:45:aa:6b:40:02:2c:
                    96:b6:3b:c4:0e:8a:63:8f:3c:b8:6b:fa:6c:30:ca:
                    ca:58:4b:20:04:e2:1f:7b:f9:8d:58:4c:fd:84:b3:
                    16:49
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                18:91:11:3D:82:16:E7:6A:97:66:6B:3A:13:82:5E:62:65:B7:E9:81
            X509v3 Authority Key Identifier:
                keyid:29:6E:DB:64:F3:AF:6E:9D:98:09:32:E8:16:F9:59:83:E3:AB:C8:23

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/KW7bZPOvbp2YCTLoFvlZg-OryCM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/KW7bZPOvbp2YCTLoFvlZg-OryCM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918EDB2/2A43E30C70E911E2B36D4B6B2979BB20/4C3CD438DAD011EAB216C959C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.53.96.0/20

    Signature Algorithm: sha256WithRSAEncryption
         a1:7d:c1:ef:6b:6f:6a:96:15:4e:61:4f:98:cc:0a:6a:ba:c6:
         e6:a3:c8:86:ce:f6:43:ae:8f:b6:12:fe:5e:d1:bd:2d:f5:66:
         7b:ff:3c:4c:57:51:c2:b1:b0:93:61:c2:1b:60:5d:83:9f:58:
         a5:86:92:ff:42:43:5c:3d:b2:84:11:47:39:af:b3:37:d6:d9:
         f4:fd:ca:b3:9a:27:34:ec:5b:9a:31:b7:fd:88:b6:43:33:68:
         01:91:db:db:4a:2b:21:a3:e9:e1:7d:4e:e4:57:1e:ca:2a:ea:
         19:a4:2d:7c:ec:7b:e5:9e:cb:e9:e8:5d:90:fa:df:f7:49:6a:
         d2:b7:c2:8e:2e:f1:0b:93:0f:60:0b:e8:e1:f2:f8:a9:36:a7:
         b2:55:bf:e8:8c:5d:5b:36:cb:98:ac:64:22:1d:ae:69:03:20:
         7e:c8:17:b0:3b:67:11:05:a8:0a:b6:96:0f:fc:25:9c:62:e7:
         3e:79:d1:85:e8:27:23:52:b5:4f:f9:68:f4:a9:51:c5:fb:89:
         76:13:d7:d4:5a:b5:a0:b5:4e:26:77:c7:7a:fc:c9:3e:bd:16:
         02:61:4a:d2:ff:ce:ce:f9:ba:05:5a:8e:96:6c:16:33:e3:b6:
         c8:5f:fc:b0:6c:04:2b:bd:a2:af:1d:ba:0a:e8:d1:d7:9e:bf:
         0a:18:32:e8
-----BEGIN CERTIFICATE-----
MIIFcjCCBFqgAwIBAgIDALp6MA0GCSqGSIb3DQEBCwUAMEYxETAPBgNVBAMTCEE5
MThFREIyMTEwLwYDVQQFEygyOTZFREI2NEYzQUY2RTlEOTgwOTMyRTgxNkY5NTk4
M0UzQUJDODIzMB4XDTI1MDUwODE2MzIzMFoXDTI2MDcwMTAwMDAwMFowGDEWMBQG
A1UEAxMNNjgxY2RjOWUtNTYyOTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBAMWQv15EIqh08AMhvoWkqPEjOcLaQN6s+UP4/5/pOtvLuaJhohNbaR2w+3D9
9Kq6vBMOjMoIbTM/3zMk18tSViWvx1ZEDyJzO1s+D4Tb6rJFaSN4Dr1wUkIOjn08
k0XSfTNMBg7LfhHV3ycjA8+rZL0w5Amf7gLZ+UeH8ZAF4HrlljmmY9+7loObSvJ+
yZE3CM3mrdimmDYrI3akB6hXqIodDVZMBFyGiyLq3uFGCVtPWwxXEduGbL+Y37F7
Uw3D7qCPgW0ngg9ZzSBut+UYBr40JYHVLBPktz2ARaprQAIslrY7xA6KY488uGv6
bDDKylhLIATiH3v5jVhM/YSzFkkCAwEAAaOCApUwggKRMB0GA1UdDgQWBBQYkRE9
ghbnapdmazoTgl5iZbfpgTAfBgNVHSMEGDAWgBQpbttk869unZgJMugW+VmD46vI
IzAOBgNVHQ8BAf8EBAMCB4AwgYMGA1UdHwR8MHoweKB2oHSGcnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkxOEVEQjIvMkE0M0UzMEM3
MEU5MTFFMkIzNkQ0QjZCMjk3OUJCMjAvS1c3YlpQT3ZicDJZQ1RMb0Z2bFpnLU9y
eUNNLmNybDB+BggrBgEFBQcBAQRyMHAwbgYIKwYBBQUHMAKGYnJzeW5jOi8vcnBr
aS5hcG5pYy5uZXQvcmVwb3NpdG9yeS9CNTI3RUY1ODFENjYxMUUyQkI0NjhGN0M3
MkZEMUZGMi9LVzdiWlBPdmJwMllDVExvRnZsWmctT3J5Q00uY2VyMEoGA1UdIAEB
/wRAMD4wPAYIKwYBBQUHDgIwMDAuBggrBgEFBQcCARYiaHR0cHM6Ly93d3cuYXBu
aWMubmV0L1JQS0kvQ1BTLnBkZjCBywYIKwYBBQUHAQsEgb4wgbswgYMGCCsGAQUF
BzALhndyc3luYzovL3Jwa2kuYXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5
MThFREIyLzJBNDNFMzBDNzBFOTExRTJCMzZENEI2QjI5NzlCQjIwLzRDM0NENDM4
REFEMDExRUFCMjE2Qzk1OUM0RjlBRTAyLnJvYTAzBggrBgEFBQcwDYYnaHR0cHM6
Ly9ycmRwLmFwbmljLm5ldC9ub3RpZmljYXRpb24ueG1sMB8GCCsGAQUFBwEHAQH/
BBAwDjAMBAIAATAGAwQEyjVgMA0GCSqGSIb3DQEBCwUAA4IBAQChfcHva29qlhVO
YU+YzApqusbmo8iGzvZDro+2Ev5e0b0t9WZ7/zxMV1HCsbCTYcIbYF2Dn1ilhpL/
QkNcPbKEEUc5r7M31tn0/cqzmic07FuaMbf9iLZDM2gBkdvbSisho+nhfU7kVx7K
KuoZpC187Hvlnsvp6F2Q+t/3SWrSt8KOLvELkw9gC+jh8vipNqeyVb/ojF1bNsuY
rGQiHa5pAyB+yBewO2cRBagKtpYP/CWcYuc+edGF6CcjUrVP+Wj0qVHF+4l2E9fU
WrWgtU4md8d6/Mk+vRYCYUrS/87O+boFWo6WbBYz47bIX/ywbAQrvaKvHboK6NHX
nr8KGDLo
-----END CERTIFICATE-----
Generated at Thu Jun 12 14:01:56 2025 by rpki-client