Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91B0F3F/09373AD678C211EABD772359C4F9AE02/59E4B0A81B9211F0A5D50649C4F9AE02.roa
File:                     59E4B0A81B9211F0A5D50649C4F9AE02.roa (raw, json)
Hash identifier:          4uAphyYn6AbiifiDtaxCom6jwozyhzmoBVY1cw2irI4=
Subject key identifier:   FE:DD:20:F1:1E:F3:4C:50:07:2F:D4:E1:75:35:B1:01:CF:1A:1E:13
Certificate issuer:       /CN=A91B0F3F/serialNumber=F818FC988EC7032C3E2C6A48A55498AB7CD565FD
Certificate serial:       0A30
Authority key identifier: F8:18:FC:98:8E:C7:03:2C:3E:2C:6A:48:A5:54:98:AB:7C:D5:65:FD
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/-Bj8mI7HAyw-LGpIpVSYq3zVZf0.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91B0F3F/09373AD678C211EABD772359C4F9AE02/59E4B0A81B9211F0A5D50649C4F9AE02.roa
Signing time:             Fri 30 May 2025 20:06:40 +0000
ROA not before:           Fri 30 May 2025 20:06:40 +0000
ROA not after:            Thu 30 Jul 2026 00:00:00 +0000
asID:                     135420
IP address blocks:        45.249.184.0/22 maxlen: 22
                          45.249.184.0/24 maxlen: 24
                          45.249.185.0/24 maxlen: 24
                          45.249.186.0/24 maxlen: 24
                          45.249.187.0/24 maxlen: 24
                          103.218.188.0/22 maxlen: 22
                          103.218.188.0/24 maxlen: 24
                          103.218.189.0/24 maxlen: 24
                          103.218.190.0/24 maxlen: 24
                          103.218.191.0/24 maxlen: 24
                          2402:48c0::/32 maxlen: 36
                          2402:48c0::/48 maxlen: 48
                          2402:48c0:1::/48 maxlen: 48
                          2402:48c0:2::/48 maxlen: 48
                          2402:48c0:3::/48 maxlen: 48
                          2402:48c0:4::/48 maxlen: 48
                          2402:48c0:5::/48 maxlen: 48
                          2402:48c0:6::/48 maxlen: 48
                          2402:48c0:7::/48 maxlen: 48
                          2402:48c0:8::/48 maxlen: 48
                          2402:48c0:9::/48 maxlen: 48
                          2402:48c0:a::/48 maxlen: 48
                          2402:48c0:b::/48 maxlen: 48
                          2402:48c0:c::/48 maxlen: 48
                          2402:48c0:d::/48 maxlen: 48
                          2402:48c0:e::/48 maxlen: 48
                          2402:48c0:f::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91B0F3F/09373AD678C211EABD772359C4F9AE02/-Bj8mI7HAyw-LGpIpVSYq3zVZf0.crl
                          rsync://rpki.apnic.net/member_repository/A91B0F3F/09373AD678C211EABD772359C4F9AE02/-Bj8mI7HAyw-LGpIpVSYq3zVZf0.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/-Bj8mI7HAyw-LGpIpVSYq3zVZf0.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 15 Jun 2025 19:35:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2608 (0xa30)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91B0F3F, serialNumber=F818FC988EC7032C3E2C6A48A55498AB7CD565FD
        Validity
            Not Before: May 30 20:06:40 2025 GMT
            Not After : Jul 30 00:00:00 2026 GMT
        Subject: CN=683a0fd0-3091
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:fd:07:89:15:98:81:ed:d9:ef:94:01:ee:fd:
                    1b:37:04:c2:8d:46:39:44:3f:09:76:23:7f:f4:a5:
                    1d:4c:77:ae:3c:09:e5:2d:47:4f:97:d0:de:fd:5a:
                    0a:55:ac:14:c4:f4:0b:1b:9c:79:00:75:5c:ab:13:
                    94:e2:13:f8:09:f9:d4:66:96:af:7c:7a:58:16:99:
                    46:9d:09:9b:dd:b1:d3:84:b2:60:e6:e0:4d:c4:2c:
                    63:db:56:a3:dc:b4:f2:ff:b9:2a:8e:41:f8:cf:ee:
                    c4:01:96:09:07:68:c4:82:e5:28:6b:fb:b2:2b:6b:
                    33:16:a8:d8:5f:8d:94:ad:2c:74:10:5a:35:ad:f6:
                    5a:44:f4:63:69:df:50:76:42:50:7d:62:e1:22:a4:
                    6f:17:40:9e:08:8b:39:05:52:cb:97:ea:11:99:68:
                    6b:2d:b5:8c:b3:ec:a6:6c:ce:c5:44:00:64:18:18:
                    e1:2b:17:8e:ce:98:5b:d1:09:1a:6d:4e:d5:0c:cd:
                    72:66:be:b8:55:b5:09:fd:e2:4f:93:24:d5:cd:b6:
                    99:8b:2f:67:75:dd:29:11:8b:db:a9:a5:75:ea:54:
                    ff:b1:52:11:4c:35:f0:fa:38:0e:8d:ee:12:1e:d5:
                    e0:29:ce:e2:16:ad:c7:9d:ef:f8:7a:d3:00:c2:4e:
                    93:01
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                FE:DD:20:F1:1E:F3:4C:50:07:2F:D4:E1:75:35:B1:01:CF:1A:1E:13
            X509v3 Authority Key Identifier:
                keyid:F8:18:FC:98:8E:C7:03:2C:3E:2C:6A:48:A5:54:98:AB:7C:D5:65:FD

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91B0F3F/09373AD678C211EABD772359C4F9AE02/-Bj8mI7HAyw-LGpIpVSYq3zVZf0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/-Bj8mI7HAyw-LGpIpVSYq3zVZf0.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91B0F3F/09373AD678C211EABD772359C4F9AE02/59E4B0A81B9211F0A5D50649C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.249.184.0/22
                  103.218.188.0/22
                IPv6:
                  2402:48c0::/32

    Signature Algorithm: sha256WithRSAEncryption
         8c:d2:02:33:5f:56:4b:23:fc:9f:1c:e3:64:2a:50:06:eb:0b:
         30:71:a6:ea:4d:dd:84:10:42:bd:23:18:f9:f2:f5:16:46:a0:
         54:de:f9:ef:0f:62:fc:d2:a6:85:aa:76:4d:f0:39:66:92:17:
         b6:cc:1b:e8:d0:3d:08:64:b9:24:41:7d:73:bd:71:64:3f:21:
         92:89:5e:19:1b:58:70:8c:8b:1f:2e:ae:fb:3f:1f:bb:7e:7e:
         76:31:69:86:01:0b:3b:76:26:cc:03:c8:81:e7:e1:d6:05:72:
         50:ca:75:cc:56:d2:b6:ad:24:31:8b:7a:8c:8a:f1:4f:40:10:
         87:a8:03:06:00:af:d5:eb:c3:fd:34:67:bf:47:16:95:c2:b7:
         7e:0e:e4:15:21:79:f2:09:e2:ff:c3:2b:09:2e:aa:30:0f:88:
         a3:49:c7:8f:b0:de:8a:20:33:4d:93:12:d1:15:99:99:0d:31:
         d9:2d:b4:37:11:30:22:dc:9b:ce:a1:72:fd:d6:f1:6a:68:56:
         79:e6:48:e0:af:71:72:62:05:60:1a:8b:26:a6:f7:e3:70:f4:
         ec:78:27:d8:31:4a:f6:09:d2:ee:f2:15:e1:62:f3:84:4b:ed:
         b5:b0:11:86:e1:e0:3c:d3:08:13:bb:60:0a:c2:51:4d:43:8a:
         21:42:85:65
-----BEGIN CERTIFICATE-----
MIIFhjCCBG6gAwIBAgICCjAwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QjBGM0YxMTAvBgNVBAUTKEY4MThGQzk4OEVDNzAzMkMzRTJDNkE0OEE1NTQ5OEFC
N0NENTY1RkQwHhcNMjUwNTMwMjAwNjQwWhcNMjYwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODNhMGZkMC0zMDkxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAyP0HiRWYge3Z75QB7v0bNwTCjUY5RD8JdiN/9KUdTHeuPAnlLUdPl9De/VoK
VawUxPQLG5x5AHVcqxOU4hP4CfnUZpavfHpYFplGnQmb3bHThLJg5uBNxCxj21aj
3LTy/7kqjkH4z+7EAZYJB2jEguUoa/uyK2szFqjYX42UrSx0EFo1rfZaRPRjad9Q
dkJQfWLhIqRvF0CeCIs5BVLLl+oRmWhrLbWMs+ymbM7FRABkGBjhKxeOzphb0Qka
bU7VDM1yZr64VbUJ/eJPkyTVzbaZiy9ndd0pEYvbqaV16lT/sVIRTDXw+jgOje4S
HtXgKc7iFq3Hne/4etMAwk6TAQIDAQABo4ICqjCCAqYwHQYDVR0OBBYEFP7dIPEe
80xQBy/U4XU1sQHPGh4TMB8GA1UdIwQYMBaAFPgY/JiOxwMsPixqSKVUmKt81WX9
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCMEYzRi8wOTM3M0FENjc4
QzIxMUVBQkQ3NzIzNTlDNEY5QUUwMi8tQmo4bUk3SEF5dy1MR3BJcFZTWXEzelZa
ZjAuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLy1CajhtSTdIQXl3LUxHcElwVlNZcTN6VlpmMC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QjBGM0YvMDkzNzNBRDY3OEMyMTFFQUJENzcyMzU5QzRGOUFFMDIvNTlFNEIwQTgx
QjkyMTFGMEE1RDUwNjQ5QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNAYIKwYBBQUHAQcBAf8E
JTAjMBIEAgABMAwDBAIt+bgDBAJn2rwwDQQCAAIwBwMFACQCSMAwDQYJKoZIhvcN
AQELBQADggEBAIzSAjNfVksj/J8c42QqUAbrCzBxpupN3YQQQr0jGPny9RZGoFTe
+e8PYvzSpoWqdk3wOWaSF7bMG+jQPQhkuSRBfXO9cWQ/IZKJXhkbWHCMix8urvs/
H7t+fnYxaYYBCzt2JswDyIHn4dYFclDKdcxW0ratJDGLeoyK8U9AEIeoAwYAr9Xr
w/00Z79HFpXCt34O5BUhefIJ4v/DKwkuqjAPiKNJx4+w3oogM02TEtEVmZkNMdkt
tDcRMCLcm86hcv3W8WpoVnnmSOCvcXJiBWAaiyam9+Nw9Ox4J9gxSvYJ0u7yFeFi
84RL7bWwEYbh4DzTCBO7YArCUU1DiiFChWU=
-----END CERTIFICATE-----
Generated at Tue Jun 10 06:36:57 2025 by rpki-client