Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91E38C1/E75AC2621D9711E28EF8928108B02CD2/5DF144D4C28811EB8BB7245FC4F9AE02.roa
File:                     5DF144D4C28811EB8BB7245FC4F9AE02.roa (raw, json)
Hash identifier:          MtAXGpGxLYC9TQTRbnJyAY8nZ+XjjJVEjf45TgfTD7c=
Subject key identifier:   7B:99:DA:E6:EB:42:D3:08:72:CD:26:C1:31:DD:64:64:82:7E:79:D7
Certificate issuer:       /CN=A91E38C1/serialNumber=338BD781ED21E5DB14057B37B903A2A408E24202
Certificate serial:       34C4
Authority key identifier: 33:8B:D7:81:ED:21:E5:DB:14:05:7B:37:B9:03:A2:A4:08:E2:42:02
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/M4vXge0h5dsUBXs3uQOipAjiQgI.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91E38C1/E75AC2621D9711E28EF8928108B02CD2/5DF144D4C28811EB8BB7245FC4F9AE02.roa
Signing time:             Sat 31 May 2025 15:30:51 +0000
ROA not before:           Sat 31 May 2025 15:30:50 +0000
ROA not after:            Wed 01 Oct 2025 00:00:00 +0000
asID:                     9229
IP address blocks:        119.252.228.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91E38C1/E75AC2621D9711E28EF8928108B02CD2/M4vXge0h5dsUBXs3uQOipAjiQgI.crl
                          rsync://rpki.apnic.net/member_repository/A91E38C1/E75AC2621D9711E28EF8928108B02CD2/M4vXge0h5dsUBXs3uQOipAjiQgI.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/M4vXge0h5dsUBXs3uQOipAjiQgI.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 15 Jun 2025 14:51:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 13508 (0x34c4)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E38C1, serialNumber=338BD781ED21E5DB14057B37B903A2A408E24202
        Validity
            Not Before: May 31 15:30:50 2025 GMT
            Not After : Oct  1 00:00:00 2025 GMT
        Subject: CN=683b20aa-0cca
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:8e:3c:55:22:16:cb:bb:d8:b3:58:aa:7e:c6:
                    36:5f:e9:76:95:4f:94:82:45:98:4b:f1:f1:1f:55:
                    42:3d:7e:d5:93:4a:9e:72:0b:38:d7:f5:bc:59:fc:
                    2e:00:a4:f5:09:64:fd:37:e9:3f:b0:e8:a1:e1:e1:
                    6d:54:a6:9e:db:7e:5a:22:2a:82:97:d8:98:8a:03:
                    ff:45:c9:a4:b5:37:de:08:f4:b4:e5:a0:30:02:be:
                    8f:83:7f:83:3e:46:48:5f:c6:84:ca:ec:67:0f:25:
                    dd:52:4e:72:0b:8d:44:80:eb:5f:4c:97:1e:58:58:
                    fb:e5:a6:21:af:57:68:2e:e4:16:12:b6:68:3a:8b:
                    03:a3:93:bc:07:61:fd:77:04:f7:f3:c2:c7:da:8f:
                    96:93:d6:97:b1:f3:c7:b4:73:80:0d:c7:f4:b4:6c:
                    d0:c2:90:4a:bd:55:4c:d2:ad:30:f0:0f:38:19:b2:
                    90:73:60:04:a7:35:12:fc:3c:51:26:ec:3d:a3:c4:
                    0d:0e:ed:21:40:d5:7a:d9:ca:a7:2b:f3:2e:40:ce:
                    02:15:2f:f6:10:74:61:e0:92:60:c8:d7:97:a6:bc:
                    8a:dc:84:39:bb:9d:10:e9:82:50:e1:70:ef:e2:4d:
                    9c:1c:ed:de:4f:24:9b:f7:65:ea:7a:5e:61:3b:09:
                    d1:2b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                7B:99:DA:E6:EB:42:D3:08:72:CD:26:C1:31:DD:64:64:82:7E:79:D7
            X509v3 Authority Key Identifier:
                keyid:33:8B:D7:81:ED:21:E5:DB:14:05:7B:37:B9:03:A2:A4:08:E2:42:02

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91E38C1/E75AC2621D9711E28EF8928108B02CD2/M4vXge0h5dsUBXs3uQOipAjiQgI.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/M4vXge0h5dsUBXs3uQOipAjiQgI.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91E38C1/E75AC2621D9711E28EF8928108B02CD2/5DF144D4C28811EB8BB7245FC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  119.252.228.0/24

    Signature Algorithm: sha256WithRSAEncryption
         2d:43:94:23:ee:d6:c1:3b:4d:57:3d:1c:a0:7e:6e:fa:77:04:
         ca:a0:b0:9f:a9:30:1c:ce:b5:7b:dc:83:ae:a3:9e:e7:35:18:
         30:15:e4:06:61:e8:7a:3c:aa:b4:02:d4:66:3c:25:23:f9:4f:
         7a:27:5f:35:22:22:15:22:c8:90:b5:40:0c:0d:84:c9:46:74:
         83:9f:ff:d7:15:ed:dc:9e:79:80:a7:37:fb:6b:b2:36:9e:31:
         ce:0c:64:d8:53:71:a8:af:c0:00:fb:70:e9:56:b5:16:79:ba:
         ce:83:a6:bf:34:a2:20:4f:a7:ed:64:d7:c4:c0:61:64:66:1a:
         06:dc:e2:34:82:63:e6:17:8a:c6:d7:4c:6b:db:1c:dd:ef:a6:
         d5:0b:c9:cb:d6:cc:57:41:25:6c:36:02:c5:f0:ee:90:bb:c6:
         68:5a:29:1d:80:81:8d:91:c1:fe:82:30:76:ec:a6:7e:e9:e0:
         49:a4:14:84:e6:89:29:f9:f5:69:31:87:0a:b6:54:18:7b:7f:
         8e:6d:c3:cd:3c:51:1f:72:a2:cd:25:e7:e5:a5:e8:61:1c:23:
         f5:dd:89:50:ec:35:4a:d7:56:ca:a2:34:4f:e0:91:64:da:43:
         24:ae:7a:75:d1:1b:18:16:13:45:ef:e6:ab:1f:dd:04:9b:ee:
         71:fc:e6:87
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICNMQwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RTM4QzExMTAvBgNVBAUTKDMzOEJENzgxRUQyMUU1REIxNDA1N0IzN0I5MDNBMkE0
MDhFMjQyMDIwHhcNMjUwNTMxMTUzMDUwWhcNMjUxMDAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODNiMjBhYS0wY2NhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAwI48VSIWy7vYs1iqfsY2X+l2lU+UgkWYS/HxH1VCPX7Vk0qecgs41/W8Wfwu
AKT1CWT9N+k/sOih4eFtVKae235aIiqCl9iYigP/RcmktTfeCPS05aAwAr6Pg3+D
PkZIX8aEyuxnDyXdUk5yC41EgOtfTJceWFj75aYhr1doLuQWErZoOosDo5O8B2H9
dwT388LH2o+Wk9aXsfPHtHOADcf0tGzQwpBKvVVM0q0w8A84GbKQc2AEpzUS/DxR
Juw9o8QNDu0hQNV62cqnK/MuQM4CFS/2EHRh4JJgyNeXpryK3IQ5u50Q6YJQ4XDv
4k2cHO3eTySb92Xqel5hOwnRKwIDAQABo4IClTCCApEwHQYDVR0OBBYEFHuZ2ubr
QtMIcs0mwTHdZGSCfnnXMB8GA1UdIwQYMBaAFDOL14HtIeXbFAV7N7kDoqQI4kIC
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFMzhDMS9FNzVBQzI2MjFE
OTcxMUUyOEVGODkyODEwOEIwMkNEMi9NNHZYZ2UwaDVkc1VCWHMzdVFPaXBBamlR
Z0kuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL000dlhnZTBoNWRzVUJYczN1UU9pcEFqaVFnSS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RTM4QzEvRTc1QUMyNjIxRDk3MTFFMjhFRjg5MjgxMDhCMDJDRDIvNURGMTQ0RDRD
Mjg4MTFFQjhCQjcyNDVGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAB3/OQwDQYJKoZIhvcNAQELBQADggEBAC1DlCPu1sE7TVc9
HKB+bvp3BMqgsJ+pMBzOtXvcg66jnuc1GDAV5AZh6Ho8qrQC1GY8JSP5T3onXzUi
IhUiyJC1QAwNhMlGdIOf/9cV7dyeeYCnN/trsjaeMc4MZNhTcaivwAD7cOlWtRZ5
us6Dpr80oiBPp+1k18TAYWRmGgbc4jSCY+YXisbXTGvbHN3vptULycvWzFdBJWw2
AsXw7pC7xmhaKR2AgY2Rwf6CMHbspn7p4EmkFITmiSn59Wkxhwq2VBh7f45tw808
UR9yos0l5+Wl6GEcI/XdiVDsNUrXVsqiNE/gkWTaQySuenXRGxgWE0Xv5qsf3QSb
7nH85oc=
-----END CERTIFICATE-----
Generated at Tue Jun 10 07:32:50 2025 by rpki-client