Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91F6C10/0E9405BA3B9D11F0901CB262C4F9AE02/7D7F13983B9D11F08338F965C4F9AE02.roa
File:                     7D7F13983B9D11F08338F965C4F9AE02.roa (raw, json)
Hash identifier:          iR9RmJIaK9kKAtKzjMGd269EeycB0OEwfaUigxvrCq4=
Subject key identifier:   1A:62:0E:FF:90:EA:B4:24:00:D3:C5:4A:14:40:B5:12:45:1A:80:C3
Certificate issuer:       /CN=A91F6C10/serialNumber=E2B0DFA690D2C7EAC43636756E437B7C2626F4BB
Certificate serial:       02
Authority key identifier: E2:B0:DF:A6:90:D2:C7:EA:C4:36:36:75:6E:43:7B:7C:26:26:F4:BB
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/4rDfppDSx-rENjZ1bkN7fCYm9Ls.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91F6C10/0E9405BA3B9D11F0901CB262C4F9AE02/7D7F13983B9D11F08338F965C4F9AE02.roa
Signing time:             Wed 28 May 2025 08:26:45 +0000
ROA not before:           Wed 28 May 2025 08:26:45 +0000
ROA not after:            Tue 31 Mar 2026 00:00:00 +0000
asID:                     139772
IP address blocks:        161.248.88.0/23 maxlen: 23
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91F6C10/0E9405BA3B9D11F0901CB262C4F9AE02/4rDfppDSx-rENjZ1bkN7fCYm9Ls.crl
                          rsync://rpki.apnic.net/member_repository/A91F6C10/0E9405BA3B9D11F0901CB262C4F9AE02/4rDfppDSx-rENjZ1bkN7fCYm9Ls.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/4rDfppDSx-rENjZ1bkN7fCYm9Ls.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 16 Jun 2025 07:06:03 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2 (0x2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91F6C10, serialNumber=E2B0DFA690D2C7EAC43636756E437B7C2626F4BB
        Validity
            Not Before: May 28 08:26:45 2025 GMT
            Not After : Mar 31 00:00:00 2026 GMT
        Subject: CN=6836c8c5-08b4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:12:a4:a0:28:c7:13:15:84:0d:f4:b7:21:0e:
                    32:8c:bd:45:6c:ef:ce:03:f0:94:c0:66:94:5a:5b:
                    32:f6:99:cc:e3:7a:72:bf:9b:1e:47:a1:ba:ec:9c:
                    62:a9:b8:9a:61:a5:2c:00:aa:cd:b5:cf:47:16:b4:
                    69:ab:3e:20:18:c9:83:63:18:01:e8:d3:1f:f2:20:
                    56:96:f4:5b:7c:94:29:8e:b5:b3:a4:d9:9e:f1:19:
                    2e:45:70:88:71:7c:e6:8b:45:35:23:e6:96:4f:6b:
                    66:46:ee:c0:4a:21:a2:85:f3:1c:fd:ad:a4:85:3c:
                    96:3a:2b:c0:c3:0a:79:86:8a:46:af:f8:6e:7e:1c:
                    11:40:78:58:45:9e:65:a7:85:4a:a5:7a:07:8e:4d:
                    9b:f6:1d:aa:38:2b:50:7e:90:25:85:9d:27:ae:9f:
                    56:d0:a4:92:10:60:89:07:7c:22:7d:0c:cf:a3:53:
                    2d:87:2e:50:b6:45:67:7b:e1:cb:1f:ae:79:c7:ab:
                    16:05:7e:a6:a6:6b:6a:0d:0e:54:5d:55:22:4f:2a:
                    c3:66:86:05:48:50:a7:40:8b:59:49:e4:4e:5c:63:
                    15:a6:de:20:29:f2:3a:67:05:52:fa:ce:ab:21:a6:
                    84:6e:75:2a:8a:18:e8:bc:80:f8:e4:e5:91:c6:fe:
                    fb:7f
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                1A:62:0E:FF:90:EA:B4:24:00:D3:C5:4A:14:40:B5:12:45:1A:80:C3
            X509v3 Authority Key Identifier:
                keyid:E2:B0:DF:A6:90:D2:C7:EA:C4:36:36:75:6E:43:7B:7C:26:26:F4:BB

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91F6C10/0E9405BA3B9D11F0901CB262C4F9AE02/4rDfppDSx-rENjZ1bkN7fCYm9Ls.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/4rDfppDSx-rENjZ1bkN7fCYm9Ls.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91F6C10/0E9405BA3B9D11F0901CB262C4F9AE02/7D7F13983B9D11F08338F965C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  161.248.88.0/23

    Signature Algorithm: sha256WithRSAEncryption
         37:ea:30:7c:d6:2e:c8:10:99:cf:66:ca:35:8b:ff:75:8f:f3:
         49:e9:30:8c:49:eb:c4:70:ed:de:3f:6b:ea:ae:e0:a8:ce:f7:
         1a:56:a1:65:f2:0c:96:07:1f:e0:df:22:6d:6c:35:76:8d:38:
         2f:9c:c3:28:4b:46:0b:b1:78:a6:fb:48:a5:2f:e4:e0:59:a8:
         ba:78:d4:22:e9:49:50:2c:23:a5:17:42:8d:aa:2f:1c:2b:04:
         0a:3f:52:c8:41:24:80:0b:e5:6d:dc:1d:d8:c3:3f:2f:4c:32:
         98:ec:15:43:0f:58:4b:80:44:80:db:87:6a:e0:dc:45:76:11:
         1a:b4:00:94:07:b5:7f:d8:3a:8f:9a:10:ff:f9:ba:15:bd:e1:
         15:ea:f8:49:50:9f:61:27:22:f8:7f:ac:84:b8:59:ed:2d:3e:
         24:de:57:72:33:73:9b:95:59:c8:26:39:86:20:a3:32:af:46:
         4c:2d:f6:c8:38:57:cb:0d:0d:03:d3:e2:51:d1:75:0e:0c:fb:
         79:8f:cf:cb:d7:68:30:26:c6:2c:4a:e9:9c:34:37:4e:a1:c6:
         d0:53:c5:0a:43:68:46:6c:c4:8e:9b:d6:16:36:24:1b:0b:89:
         07:ae:8e:67:1f:5b:66:20:18:e1:c3:46:5d:f7:88:ba:47:a5:
         2c:77:89:9c
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgIBAjANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFG
NkMxMDExMC8GA1UEBRMoRTJCMERGQTY5MEQyQzdFQUM0MzYzNjc1NkU0MzdCN0My
NjI2RjRCQjAeFw0yNTA1MjgwODI2NDVaFw0yNjAzMzEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY4MzZjOGM1LTA4YjQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDsEqSgKMcTFYQN9LchDjKMvUVs784D8JTAZpRaWzL2mczjenK/mx5HobrsnGKp
uJphpSwAqs21z0cWtGmrPiAYyYNjGAHo0x/yIFaW9Ft8lCmOtbOk2Z7xGS5FcIhx
fOaLRTUj5pZPa2ZG7sBKIaKF8xz9raSFPJY6K8DDCnmGikav+G5+HBFAeFhFnmWn
hUqlegeOTZv2Hao4K1B+kCWFnSeun1bQpJIQYIkHfCJ9DM+jUy2HLlC2RWd74csf
rnnHqxYFfqama2oNDlRdVSJPKsNmhgVIUKdAi1lJ5E5cYxWm3iAp8jpnBVL6zqsh
poRudSqKGOi8gPjk5ZHG/vt/AgMBAAGjggKVMIICkTAdBgNVHQ4EFgQUGmIO/5Dq
tCQA08VKFEC1EkUagMMwHwYDVR0jBBgwFoAU4rDfppDSx+rENjZ1bkN7fCYm9Lsw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUY2QzEwLzBFOTQwNUJBM0I5
RDExRjA5MDFDQjI2MkM0RjlBRTAyLzRyRGZwcERTeC1yRU5qWjFia043ZkNZbTlM
cy5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjNBMjRGMjAxRDY2MTFFMjhBQzg4MzdDNzJG
RDFGRjIvNHJEZnBwRFN4LXJFTmpaMWJrTjdmQ1ltOUxzLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFG
NkMxMC8wRTk0MDVCQTNCOUQxMUYwOTAxQ0IyNjJDNEY5QUUwMi83RDdGMTM5ODNC
OUQxMUYwODMzOEY5NjVDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEAaH4WDANBgkqhkiG9w0BAQsFAAOCAQEAN+owfNYuyBCZz2bK
NYv/dY/zSekwjEnrxHDt3j9r6q7gqM73GlahZfIMlgcf4N8ibWw1do04L5zDKEtG
C7F4pvtIpS/k4FmounjUIulJUCwjpRdCjaovHCsECj9SyEEkgAvlbdwd2MM/L0wy
mOwVQw9YS4BEgNuHauDcRXYRGrQAlAe1f9g6j5oQ//m6Fb3hFer4SVCfYSci+H+s
hLhZ7S0+JN5XcjNzm5VZyCY5hiCjMq9GTC32yDhXyw0NA9PiUdF1Dgz7eY/Py9do
MCbGLErpnDQ3TqHG0FPFCkNoRmzEjpvWFjYkGwuJB66OZx9bZiAY4cNGXfeIukel
LHeJnA==
-----END CERTIFICATE-----
Generated at Wed Jun 11 07:25:32 2025 by rpki-client