Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91E38C1/E75AC2621D9711E28EF8928108B02CD2/5CD84EBCC28811EB8BB7245FC4F9AE02.roa
File:                     5CD84EBCC28811EB8BB7245FC4F9AE02.roa (raw, json)
Hash identifier:          +MuzD9gM5AUhBlmI5x0tCQas+CPjWTVYziN5P4guwtA=
Subject key identifier:   1B:8C:A4:E2:79:3A:93:99:06:24:15:5E:21:02:25:1A:9B:2D:F4:45
Certificate issuer:       /CN=A91E38C1/serialNumber=338BD781ED21E5DB14057B37B903A2A408E24202
Certificate serial:       34C3
Authority key identifier: 33:8B:D7:81:ED:21:E5:DB:14:05:7B:37:B9:03:A2:A4:08:E2:42:02
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/M4vXge0h5dsUBXs3uQOipAjiQgI.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91E38C1/E75AC2621D9711E28EF8928108B02CD2/5CD84EBCC28811EB8BB7245FC4F9AE02.roa
Signing time:             Sat 31 May 2025 15:30:50 +0000
ROA not before:           Sat 31 May 2025 15:30:50 +0000
ROA not after:            Wed 01 Oct 2025 00:00:00 +0000
asID:                     136587
IP address blocks:        119.252.224.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91E38C1/E75AC2621D9711E28EF8928108B02CD2/M4vXge0h5dsUBXs3uQOipAjiQgI.crl
                          rsync://rpki.apnic.net/member_repository/A91E38C1/E75AC2621D9711E28EF8928108B02CD2/M4vXge0h5dsUBXs3uQOipAjiQgI.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/M4vXge0h5dsUBXs3uQOipAjiQgI.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Tue 17 Jun 2025 14:51:22 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 13507 (0x34c3)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E38C1, serialNumber=338BD781ED21E5DB14057B37B903A2A408E24202
        Validity
            Not Before: May 31 15:30:50 2025 GMT
            Not After : Oct  1 00:00:00 2025 GMT
        Subject: CN=683b20a9-30aa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fb:9f:79:b3:9d:9d:2d:fb:1c:fb:d5:95:92:b4:
                    29:f4:18:63:b0:1e:bb:b7:63:36:42:a4:0c:6c:02:
                    33:5a:be:37:18:f6:8c:5d:5c:ad:80:93:a7:6a:ca:
                    34:ed:5c:a6:88:e4:46:d0:25:7c:e9:f2:42:61:91:
                    3e:cf:53:74:16:c3:42:ef:b4:34:ab:b9:33:03:94:
                    0f:dc:3d:73:ac:d4:78:d7:2c:76:fb:b2:9f:86:70:
                    24:1a:d0:3b:53:42:46:b7:58:6e:64:dd:3a:dc:09:
                    6b:07:87:46:42:da:a7:59:41:de:2c:4c:86:48:aa:
                    b1:df:91:02:76:ab:10:7a:ab:ee:2b:fa:44:56:40:
                    06:e1:c8:44:17:35:c1:51:cd:29:03:86:5d:f4:e8:
                    3d:b3:00:e2:ba:16:8c:ee:64:81:97:14:2d:24:22:
                    ac:f9:b8:e3:12:de:6d:8e:0b:e0:bf:05:a9:57:e9:
                    25:8b:ad:96:74:e4:9c:79:4e:3c:f1:04:93:6c:16:
                    47:6d:78:09:bb:d8:72:d2:5b:fd:02:b3:a0:e8:ce:
                    b8:1a:75:03:f2:f0:97:c8:55:e4:0e:e8:b1:ed:f7:
                    d8:61:2f:8a:eb:ab:a4:da:f7:0f:3e:e9:8f:1a:95:
                    d5:a2:ed:bd:c8:10:51:be:d0:57:7e:e3:ea:d4:49:
                    48:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1B:8C:A4:E2:79:3A:93:99:06:24:15:5E:21:02:25:1A:9B:2D:F4:45
            X509v3 Authority Key Identifier:
                keyid:33:8B:D7:81:ED:21:E5:DB:14:05:7B:37:B9:03:A2:A4:08:E2:42:02

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91E38C1/E75AC2621D9711E28EF8928108B02CD2/M4vXge0h5dsUBXs3uQOipAjiQgI.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/M4vXge0h5dsUBXs3uQOipAjiQgI.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91E38C1/E75AC2621D9711E28EF8928108B02CD2/5CD84EBCC28811EB8BB7245FC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  119.252.224.0/24

    Signature Algorithm: sha256WithRSAEncryption
         9a:93:bf:c8:a1:58:52:49:d2:92:44:f6:93:40:c9:da:29:37:
         5f:79:aa:db:d1:36:56:e4:b1:c0:e5:88:58:89:28:18:62:e5:
         f2:59:aa:dd:8a:48:59:b9:a7:6f:80:91:43:ef:1f:52:20:2b:
         88:d2:48:e0:0e:e2:94:f3:29:b1:a3:3b:26:0c:5e:77:2a:57:
         67:62:c1:38:72:85:f0:b4:0d:df:e5:c5:69:25:44:b8:21:b3:
         f8:b3:4d:b5:a3:ef:18:bf:ae:ca:ac:48:0c:9c:7a:ed:3e:23:
         43:94:ba:69:02:c4:49:ed:99:a3:95:a0:d8:29:e8:d8:de:81:
         c4:5e:81:3a:73:ab:13:74:58:00:35:25:77:00:1a:7c:26:f3:
         25:f9:23:49:65:86:d8:c6:3f:99:ae:c1:86:d9:03:fa:3e:70:
         a9:aa:95:7a:c1:ff:61:48:70:30:5b:53:44:9d:a5:69:2b:2d:
         d8:05:55:e8:e3:36:1c:4f:24:ae:0d:29:2e:70:67:17:7d:8e:
         83:95:7e:72:ec:ad:17:d3:9e:ba:67:9a:f0:11:e2:08:1e:63:
         4d:98:72:b1:b2:60:e8:10:88:30:d9:b8:17:21:9a:76:ab:31:
         47:7e:3c:3d:7e:aa:4b:28:22:e0:13:b3:f1:bd:d1:64:f0:2f:
         2f:59:9b:37
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICNMMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RTM4QzExMTAvBgNVBAUTKDMzOEJENzgxRUQyMUU1REIxNDA1N0IzN0I5MDNBMkE0
MDhFMjQyMDIwHhcNMjUwNTMxMTUzMDUwWhcNMjUxMDAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODNiMjBhOS0zMGFhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA+595s52dLfsc+9WVkrQp9BhjsB67t2M2QqQMbAIzWr43GPaMXVytgJOnaso0
7VymiORG0CV86fJCYZE+z1N0FsNC77Q0q7kzA5QP3D1zrNR41yx2+7KfhnAkGtA7
U0JGt1huZN063AlrB4dGQtqnWUHeLEyGSKqx35ECdqsQeqvuK/pEVkAG4chEFzXB
Uc0pA4Zd9Og9swDiuhaM7mSBlxQtJCKs+bjjEt5tjgvgvwWpV+kli62WdOSceU48
8QSTbBZHbXgJu9hy0lv9ArOg6M64GnUD8vCXyFXkDuix7ffYYS+K66uk2vcPPumP
GpXVou29yBBRvtBXfuPq1ElI7wIDAQABo4IClTCCApEwHQYDVR0OBBYEFBuMpOJ5
OpOZBiQVXiECJRqbLfRFMB8GA1UdIwQYMBaAFDOL14HtIeXbFAV7N7kDoqQI4kIC
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFMzhDMS9FNzVBQzI2MjFE
OTcxMUUyOEVGODkyODEwOEIwMkNEMi9NNHZYZ2UwaDVkc1VCWHMzdVFPaXBBamlR
Z0kuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL000dlhnZTBoNWRzVUJYczN1UU9pcEFqaVFnSS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RTM4QzEvRTc1QUMyNjIxRDk3MTFFMjhFRjg5MjgxMDhCMDJDRDIvNUNEODRFQkND
Mjg4MTFFQjhCQjcyNDVGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAB3/OAwDQYJKoZIhvcNAQELBQADggEBAJqTv8ihWFJJ0pJE
9pNAydopN195qtvRNlbkscDliFiJKBhi5fJZqt2KSFm5p2+AkUPvH1IgK4jSSOAO
4pTzKbGjOyYMXncqV2diwThyhfC0Dd/lxWklRLghs/izTbWj7xi/rsqsSAyceu0+
I0OUumkCxEntmaOVoNgp6NjegcRegTpzqxN0WAA1JXcAGnwm8yX5I0llhtjGP5mu
wYbZA/o+cKmqlXrB/2FIcDBbU0SdpWkrLdgFVejjNhxPJK4NKS5wZxd9joOVfnLs
rRfTnrpnmvAR4ggeY02YcrGyYOgQiDDZuBchmnarMUd+PD1+qksoIuATs/G90WTw
Ly9Zmzc=
-----END CERTIFICATE-----
Generated at Tue Jun 10 23:00:13 2025 by rpki-client