Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91BAA44/9CC00A9CC7FF11EC9BDBFE4BC4F9AE02/10D5A618C80411ECBA7BB174C4F9AE02.roa
File:                     10D5A618C80411ECBA7BB174C4F9AE02.roa (raw, json)
Hash identifier:          nXXBcFn3sufAqV+9Xuyz52CzFZ6TDQVFXH9eUCdKsfc=
Subject key identifier:   49:27:EA:51:F2:33:61:5B:8D:2F:CC:9B:A2:20:CC:E6:4A:9B:73:BC
Certificate issuer:       /CN=A91BAA44/serialNumber=2CC33FBCB864084020894A72DD088505AF9BB66D
Certificate serial:       0336
Authority key identifier: 2C:C3:3F:BC:B8:64:08:40:20:89:4A:72:DD:08:85:05:AF:9B:B6:6D
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/LMM_vLhkCEAgiUpy3QiFBa-btm0.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91BAA44/9CC00A9CC7FF11EC9BDBFE4BC4F9AE02/10D5A618C80411ECBA7BB174C4F9AE02.roa
Signing time:             Mon 05 May 2025 01:06:53 +0000
ROA not before:           Mon 05 May 2025 01:06:53 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     40676
IP address blocks:        45.114.119.0/24 maxlen: 24
                          2402:2f80:a::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91BAA44/9CC00A9CC7FF11EC9BDBFE4BC4F9AE02/LMM_vLhkCEAgiUpy3QiFBa-btm0.crl
                          rsync://rpki.apnic.net/member_repository/A91BAA44/9CC00A9CC7FF11EC9BDBFE4BC4F9AE02/LMM_vLhkCEAgiUpy3QiFBa-btm0.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/LMM_vLhkCEAgiUpy3QiFBa-btm0.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 16 Jun 2025 00:41:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 822 (0x336)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91BAA44, serialNumber=2CC33FBCB864084020894A72DD088505AF9BB66D
        Validity
            Not Before: May  5 01:06:53 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=68180f2d-6d6a
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:1c:e7:84:5f:d3:e2:0c:fe:58:2a:ca:ad:6f:
                    76:6c:e7:b3:b6:da:40:3f:cf:ee:f7:b5:37:45:26:
                    81:cb:3f:1e:47:21:d1:2f:83:bb:1d:74:57:5a:91:
                    8f:53:24:4b:b9:24:bc:33:2f:67:a2:8e:6e:3d:1e:
                    88:dc:9a:fa:77:7e:dc:31:b1:d3:11:f8:2b:4d:d7:
                    7f:29:d1:58:17:52:aa:98:ac:84:59:f3:24:51:19:
                    74:c2:44:a2:3a:c3:40:6d:99:b2:89:8e:d1:93:4e:
                    ad:5a:44:fd:40:5e:e0:db:cf:43:16:49:63:80:a4:
                    4a:ca:26:58:d1:50:13:d3:ea:84:fa:d1:ef:4d:34:
                    f2:bf:d1:a9:58:58:7b:04:58:d8:91:0d:48:bf:f6:
                    6d:62:b3:04:2e:fc:9c:0d:a8:1f:83:84:d2:0d:c9:
                    11:c8:d8:fe:a4:48:da:27:cb:56:db:cd:0a:4e:cb:
                    1d:1c:75:2e:21:a5:fa:72:86:fa:e5:94:a1:b4:4b:
                    7a:ce:05:6e:35:aa:ea:96:92:cf:45:a3:3e:97:f4:
                    7b:8b:73:7c:bd:eb:d4:d5:88:78:3a:92:30:d9:63:
                    38:f4:1d:24:22:1d:52:30:4c:5c:13:27:1b:b4:54:
                    10:40:4a:a3:4e:8f:a8:f0:cc:74:30:0f:cb:3d:8e:
                    e9:a5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                49:27:EA:51:F2:33:61:5B:8D:2F:CC:9B:A2:20:CC:E6:4A:9B:73:BC
            X509v3 Authority Key Identifier:
                keyid:2C:C3:3F:BC:B8:64:08:40:20:89:4A:72:DD:08:85:05:AF:9B:B6:6D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91BAA44/9CC00A9CC7FF11EC9BDBFE4BC4F9AE02/LMM_vLhkCEAgiUpy3QiFBa-btm0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/LMM_vLhkCEAgiUpy3QiFBa-btm0.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91BAA44/9CC00A9CC7FF11EC9BDBFE4BC4F9AE02/10D5A618C80411ECBA7BB174C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.114.119.0/24
                IPv6:
                  2402:2f80:a::/48

    Signature Algorithm: sha256WithRSAEncryption
         67:bb:72:ed:15:39:69:de:00:20:13:36:13:b8:45:f5:71:95:
         6b:64:4d:17:07:64:57:c3:4f:3e:e3:e3:df:4f:35:50:8f:09:
         6d:a1:cb:3f:c7:5b:cc:a8:b1:9a:06:32:5d:b6:88:56:29:65:
         3a:97:55:54:c7:22:ec:4a:ae:ce:8b:ce:e4:ac:b3:2d:d6:93:
         d9:0d:fb:f2:20:53:48:4b:d2:aa:31:c8:88:a6:db:eb:4e:e5:
         f5:41:85:32:29:16:98:03:43:4f:f8:b2:89:f0:df:a1:35:4d:
         42:f7:90:70:7f:0b:03:85:5b:5b:ae:84:37:8f:f4:91:d3:5a:
         b8:5f:3b:2c:9f:b9:40:cc:c5:38:6d:f0:ca:d2:fc:de:ef:5a:
         56:f5:20:c4:de:f6:77:58:62:a6:90:b9:e9:9e:2e:69:60:16:
         0f:b4:d0:a0:8a:fe:2a:9f:18:f9:29:fb:c4:82:f5:93:07:84:
         cc:24:c6:9a:ce:2a:0b:9f:72:e5:0f:5b:0c:86:b4:20:a9:a1:
         3f:a1:dc:a0:b9:a9:e2:7e:22:83:c7:0f:6e:cd:9d:94:e3:9f:
         ef:22:49:60:3f:a9:92:4b:30:fb:6f:30:24:67:68:d3:86:7a:
         0a:ca:a4:ba:b0:a5:f3:96:a5:cb:75:8d:38:f2:c5:66:6b:d7:
         3a:e4:1e:63
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICAzYwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
QkFBNDQxMTAvBgNVBAUTKDJDQzMzRkJDQjg2NDA4NDAyMDg5NEE3MkREMDg4NTA1
QUY5QkI2NkQwHhcNMjUwNTA1MDEwNjUzWhcNMjYwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODE4MGYyZC02ZDZhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAzhznhF/T4gz+WCrKrW92bOezttpAP8/u97U3RSaByz8eRyHRL4O7HXRXWpGP
UyRLuSS8My9noo5uPR6I3Jr6d37cMbHTEfgrTdd/KdFYF1KqmKyEWfMkURl0wkSi
OsNAbZmyiY7Rk06tWkT9QF7g289DFkljgKRKyiZY0VAT0+qE+tHvTTTyv9GpWFh7
BFjYkQ1Iv/ZtYrMELvycDagfg4TSDckRyNj+pEjaJ8tW280KTssdHHUuIaX6cob6
5ZShtEt6zgVuNarqlpLPRaM+l/R7i3N8vevU1Yh4OpIw2WM49B0kIh1SMExcEycb
tFQQQEqjTo+o8Mx0MA/LPY7ppQIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFEkn6lHy
M2FbjS/Mm6IgzOZKm3O8MB8GA1UdIwQYMBaAFCzDP7y4ZAhAIIlKct0IhQWvm7Zt
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFCQUE0NC85Q0MwMEE5Q0M3
RkYxMUVDOUJEQkZFNEJDNEY5QUUwMi9MTU1fdkxoa0NFQWdpVXB5M1FpRkJhLWJ0
bTAuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL0xNTV92TGhrQ0VBZ2lVcHkzUWlGQmEtYnRtMC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
QkFBNDQvOUNDMDBBOUNDN0ZGMTFFQzlCREJGRTRCQzRGOUFFMDIvMTBENUE2MThD
ODA0MTFFQ0JBN0JCMTc0QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBAAtcncwDwQCAAIwCQMHACQCL4AACjANBgkqhkiG9w0BAQsF
AAOCAQEAZ7ty7RU5ad4AIBM2E7hF9XGVa2RNFwdkV8NPPuPj3081UI8JbaHLP8db
zKixmgYyXbaIVillOpdVVMci7EquzovO5KyzLdaT2Q378iBTSEvSqjHIiKbb607l
9UGFMikWmANDT/iyifDfoTVNQveQcH8LA4VbW66EN4/0kdNauF87LJ+5QMzFOG3w
ytL83u9aVvUgxN72d1hippC56Z4uaWAWD7TQoIr+Kp8Y+Sn7xIL1kweEzCTGms4q
C59y5Q9bDIa0IKmhP6HcoLmp4n4ig8cPbs2dlOOf7yJJYD+pkksw+28wJGdo04Z6
CsqkurCl85aly3WNOPLFZmvXOuQeYw==
-----END CERTIFICATE-----
Generated at Mon Jun 9 10:45:52 2025 by rpki-client