Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91E91BC/A4E673CADBE911EC95110515C4F9AE02/7BCC4B32E85C11EE9593933FC4F9AE02.roa
File:                     7BCC4B32E85C11EE9593933FC4F9AE02.roa (raw, json)
Hash identifier:          C9cBIgp62dlijuyH/TsefWQ1spYTduwHvoUlA7V/520=
Subject key identifier:   88:CB:F1:10:BB:D4:85:50:A0:EF:4E:39:F1:CE:8E:DC:AE:0C:72:FC
Certificate issuer:       /CN=A91E91BC/serialNumber=414FB6178869130F826E9E30C0B794084D9760DD
Certificate serial:       0303
Authority key identifier: 41:4F:B6:17:88:69:13:0F:82:6E:9E:30:C0:B7:94:08:4D:97:60:DD
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/QU-2F4hpEw-Cbp4wwLeUCE2XYN0.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91E91BC/A4E673CADBE911EC95110515C4F9AE02/7BCC4B32E85C11EE9593933FC4F9AE02.roa
Signing time:             Thu 05 Jun 2025 01:08:18 +0000
ROA not before:           Thu 05 Jun 2025 01:08:18 +0000
ROA not after:            Mon 31 Aug 2026 00:00:00 +0000
asID:                     151499
IP address blocks:        192.188.107.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91E91BC/A4E673CADBE911EC95110515C4F9AE02/QU-2F4hpEw-Cbp4wwLeUCE2XYN0.crl
                          rsync://rpki.apnic.net/member_repository/A91E91BC/A4E673CADBE911EC95110515C4F9AE02/QU-2F4hpEw-Cbp4wwLeUCE2XYN0.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/QU-2F4hpEw-Cbp4wwLeUCE2XYN0.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 16 Jun 2025 00:50:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 771 (0x303)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91E91BC, serialNumber=414FB6178869130F826E9E30C0B794084D9760DD
        Validity
            Not Before: Jun  5 01:08:18 2025 GMT
            Not After : Aug 31 00:00:00 2026 GMT
        Subject: CN=6840ee02-730c
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e5:f4:a0:ab:63:19:08:9a:f8:2c:e7:c8:77:3b:
                    f5:23:2b:7e:24:15:71:87:a1:f5:8e:8b:38:32:9d:
                    38:1a:64:00:ae:17:32:a9:dd:ce:9e:93:7b:fc:47:
                    c3:f0:ce:c3:d0:c6:63:4d:ed:4a:56:ec:e8:87:8c:
                    68:89:16:95:75:59:8d:11:d3:ce:80:0c:f6:b1:a0:
                    c1:7e:25:c4:50:00:58:02:7a:1d:97:76:15:ae:f7:
                    e7:b8:5e:e8:30:b2:b8:ac:25:c7:21:a0:1a:d6:ee:
                    fb:d5:85:3d:c8:0a:a3:87:64:b4:a6:c8:fb:bb:89:
                    a8:67:71:2e:70:13:78:34:43:a9:a8:67:12:23:9d:
                    75:d5:a6:9b:bd:02:bf:fc:2c:c2:dc:68:7c:8a:45:
                    b4:84:bf:1f:c8:18:e3:83:8e:39:da:6c:9e:76:1b:
                    97:ee:fc:9b:db:5b:5a:e5:e0:21:60:30:02:0a:35:
                    9d:74:b4:77:7e:59:18:61:9d:32:9f:23:b8:36:a6:
                    73:f3:be:13:06:bc:d7:40:4c:eb:42:73:99:aa:06:
                    ce:7b:c5:05:24:94:f0:92:b4:7b:4a:46:63:e9:3b:
                    c9:50:e4:c7:82:98:ff:7e:87:e4:24:c9:28:01:6f:
                    8f:5c:f8:3d:af:a7:fa:d6:89:34:b4:f2:6a:f2:34:
                    54:c7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                88:CB:F1:10:BB:D4:85:50:A0:EF:4E:39:F1:CE:8E:DC:AE:0C:72:FC
            X509v3 Authority Key Identifier:
                keyid:41:4F:B6:17:88:69:13:0F:82:6E:9E:30:C0:B7:94:08:4D:97:60:DD

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91E91BC/A4E673CADBE911EC95110515C4F9AE02/QU-2F4hpEw-Cbp4wwLeUCE2XYN0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/QU-2F4hpEw-Cbp4wwLeUCE2XYN0.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91E91BC/A4E673CADBE911EC95110515C4F9AE02/7BCC4B32E85C11EE9593933FC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  192.188.107.0/24

    Signature Algorithm: sha256WithRSAEncryption
         b3:ef:54:f6:47:c5:51:af:59:d0:61:b7:4b:2e:b3:65:4b:07:
         10:99:6d:ff:7a:6d:f2:77:98:b9:4b:b7:67:de:36:3b:9e:75:
         ee:d3:0d:d0:ad:84:63:08:6f:41:37:f0:3d:39:a5:11:25:db:
         f7:e8:a9:34:1b:5d:9a:5e:13:07:10:b8:7b:a0:23:16:44:09:
         ff:22:0a:eb:c6:e4:bd:d0:40:2d:d1:23:96:c3:66:59:11:ca:
         8a:69:71:90:db:95:fe:32:b6:2c:e6:09:5c:ae:e2:5d:f4:45:
         e9:0d:0d:48:bc:c6:92:ac:f2:48:0b:e9:ec:25:a3:09:ea:de:
         b4:47:ad:19:fa:b0:69:7e:51:54:3c:ec:01:60:b5:1a:78:f2:
         39:31:fd:14:a4:14:c5:51:c0:d1:52:97:8d:a5:2c:f9:5e:77:
         0f:27:3d:ba:42:64:0c:15:a4:6f:76:1b:cc:8f:19:f6:ed:fa:
         4e:a7:b8:6d:6b:08:ab:0b:78:a1:77:2d:f1:e0:f1:44:28:76:
         bd:50:cf:6b:dc:10:2e:08:7e:16:7e:ff:0d:01:1f:a5:e3:df:
         8a:41:d5:8b:9c:fa:c2:80:85:e0:e8:18:93:b5:bf:2e:da:db:
         e4:c5:68:49:05:cf:9c:96:ca:bf:a7:84:fe:e6:ee:88:12:e2:
         a7:0d:44:9a
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICAwMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RTkxQkMxMTAvBgNVBAUTKDQxNEZCNjE3ODg2OTEzMEY4MjZFOUUzMEMwQjc5NDA4
NEQ5NzYwREQwHhcNMjUwNjA1MDEwODE4WhcNMjYwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODQwZWUwMi03MzBjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA5fSgq2MZCJr4LOfIdzv1Iyt+JBVxh6H1jos4Mp04GmQArhcyqd3OnpN7/EfD
8M7D0MZjTe1KVuzoh4xoiRaVdVmNEdPOgAz2saDBfiXEUABYAnodl3YVrvfnuF7o
MLK4rCXHIaAa1u771YU9yAqjh2S0psj7u4moZ3EucBN4NEOpqGcSI5111aabvQK/
/CzC3Gh8ikW0hL8fyBjjg4452myedhuX7vyb21ta5eAhYDACCjWddLR3flkYYZ0y
nyO4NqZz874TBrzXQEzrQnOZqgbOe8UFJJTwkrR7SkZj6TvJUOTHgpj/fofkJMko
AW+PXPg9r6f61ok0tPJq8jRUxwIDAQABo4IClTCCApEwHQYDVR0OBBYEFIjL8RC7
1IVQoO9OOfHOjtyuDHL8MB8GA1UdIwQYMBaAFEFPtheIaRMPgm6eMMC3lAhNl2Dd
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFFOTFCQy9BNEU2NzNDQURC
RTkxMUVDOTUxMTA1MTVDNEY5QUUwMi9RVS0yRjRocEV3LUNicDR3d0xlVUNFMlhZ
TjAuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL1FVLTJGNGhwRXctQ2JwNHd3TGVVQ0UyWFlOMC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RTkxQkMvQTRFNjczQ0FEQkU5MTFFQzk1MTEwNTE1QzRGOUFFMDIvN0JDQzRCMzJF
ODVDMTFFRTk1OTM5MzNGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADAvGswDQYJKoZIhvcNAQELBQADggEBALPvVPZHxVGvWdBh
t0sus2VLBxCZbf96bfJ3mLlLt2feNjuede7TDdCthGMIb0E38D05pREl2/foqTQb
XZpeEwcQuHugIxZECf8iCuvG5L3QQC3RI5bDZlkRyoppcZDblf4ytizmCVyu4l30
RekNDUi8xpKs8kgL6ewlownq3rRHrRn6sGl+UVQ87AFgtRp48jkx/RSkFMVRwNFS
l42lLPledw8nPbpCZAwVpG92G8yPGfbt+k6nuG1rCKsLeKF3LfHg8UQodr1Qz2vc
EC4IfhZ+/w0BH6Xj34pB1Yuc+sKAheDoGJO1vy7a2+TFaEkFz5yWyr+nhP7m7ogS
4qcNRJo=
-----END CERTIFICATE-----
Generated at Tue Jun 10 04:02:27 2025 by rpki-client