Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A911BE01/2323A49C749E11F08EAD2F65C4F9AE02/8A2C40D474B911F08BA0CD37C4F9AE02.roa
File:                     8A2C40D474B911F08BA0CD37C4F9AE02.roa (raw, json)
Hash identifier:          EWAFcedkF4KQQjCKc7J1r1NxEnBfI+A1I/eGLsYGq3I=
Subject key identifier:   6F:92:10:D0:47:3A:22:BA:25:74:24:73:6A:C4:3F:91:22:F1:58:64
Certificate issuer:       /CN=A911BE01/serialNumber=EA05649944A2404237003A7F8BA41D8D8422E721
Certificate serial:       07
Authority key identifier: EA:05:64:99:44:A2:40:42:37:00:3A:7F:8B:A4:1D:8D:84:22:E7:21
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/6gVkmUSiQEI3ADp_i6QdjYQi5yE.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A911BE01/2323A49C749E11F08EAD2F65C4F9AE02/8A2C40D474B911F08BA0CD37C4F9AE02.roa
Signing time:             Sat 09 Aug 2025 00:43:14 +0000
ROA not before:           Sat 09 Aug 2025 00:43:14 +0000
ROA not after:            Tue 01 Dec 2026 00:00:00 +0000
asID:                     151660
IP address blocks:        210.56.150.0/23 maxlen: 24
                          2402:21a0::/32 maxlen: 32
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A911BE01/2323A49C749E11F08EAD2F65C4F9AE02/6gVkmUSiQEI3ADp_i6QdjYQi5yE.crl
                          rsync://rpki.apnic.net/member_repository/A911BE01/2323A49C749E11F08EAD2F65C4F9AE02/6gVkmUSiQEI3ADp_i6QdjYQi5yE.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/6gVkmUSiQEI3ADp_i6QdjYQi5yE.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 14 Aug 2025 05:57:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 7 (0x7)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A911BE01, serialNumber=EA05649944A2404237003A7F8BA41D8D8422E721
        Validity
            Not Before: Aug  9 00:43:14 2025 GMT
            Not After : Dec  1 00:00:00 2026 GMT
        Subject: CN=689699a2-7de2
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a7:00:b2:6c:0c:7e:39:a1:1a:b8:b9:9f:50:19:
                    d4:12:9a:28:f4:7b:1a:31:f9:bf:f7:3d:d4:8a:ed:
                    7d:5a:70:41:fa:d4:42:d4:db:6b:de:aa:21:12:4c:
                    1e:bb:cc:43:8b:23:49:ff:9a:ac:db:b1:1f:d7:e2:
                    3c:b5:91:3c:65:39:88:39:d1:1f:d9:a4:12:c7:1e:
                    fb:aa:d5:e3:67:b4:4b:9f:95:2c:20:21:3b:28:c6:
                    7f:35:4f:16:44:17:8f:c3:32:7d:3d:7f:5d:89:31:
                    8f:8a:20:69:ce:09:2d:98:00:64:90:c2:64:20:4f:
                    bf:8c:dd:af:6c:32:8d:03:1d:e7:fe:df:15:f3:6a:
                    0f:d6:1e:52:85:d4:db:e6:80:3e:b7:83:67:41:c0:
                    28:55:be:dd:d2:86:43:e8:56:f2:27:9a:ab:ca:45:
                    05:59:48:5d:b7:dd:c0:1b:d1:c4:04:0d:c4:7a:b1:
                    9d:c8:f7:6a:74:6f:ae:39:9c:c1:59:c0:b3:6e:7d:
                    f2:11:f1:ec:23:85:d1:26:ed:14:82:8e:04:2c:87:
                    32:80:7e:dd:21:d3:b2:01:aa:5d:14:52:65:0a:8a:
                    5c:8b:e7:60:d5:4b:ba:6e:d2:ec:0b:21:48:b1:56:
                    a9:e2:f1:65:5d:fb:99:7e:19:f5:0e:80:9e:57:66:
                    6b:6b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                6F:92:10:D0:47:3A:22:BA:25:74:24:73:6A:C4:3F:91:22:F1:58:64
            X509v3 Authority Key Identifier:
                keyid:EA:05:64:99:44:A2:40:42:37:00:3A:7F:8B:A4:1D:8D:84:22:E7:21

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A911BE01/2323A49C749E11F08EAD2F65C4F9AE02/6gVkmUSiQEI3ADp_i6QdjYQi5yE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/6gVkmUSiQEI3ADp_i6QdjYQi5yE.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A911BE01/2323A49C749E11F08EAD2F65C4F9AE02/8A2C40D474B911F08BA0CD37C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  210.56.150.0/23
                IPv6:
                  2402:21a0::/32

    Signature Algorithm: sha256WithRSAEncryption
         37:6a:d3:dd:8d:3f:f2:2d:41:40:68:32:fe:0d:c4:95:bd:75:
         2b:a0:89:30:0d:7e:e9:7d:05:18:fc:6f:17:f0:15:14:f8:68:
         04:9a:c7:f5:c8:4f:61:b5:b5:ff:94:29:9a:44:83:af:49:97:
         e3:98:40:c4:ef:a7:aa:ce:ab:fc:87:5e:9a:3e:b7:32:75:71:
         41:ac:89:c2:8c:d5:d2:27:ae:75:88:98:5e:77:9d:17:9e:12:
         c4:4e:43:24:93:73:04:8f:ea:3c:a7:0a:fc:aa:a4:21:6b:cb:
         7f:29:41:5f:bb:2c:8c:03:4c:27:9e:74:32:4e:90:8a:ed:c7:
         dd:e3:a4:ea:1b:69:44:50:77:a7:e5:75:bd:65:97:f7:87:f0:
         78:3b:d6:8a:f1:9c:32:e6:1a:70:66:56:24:32:74:4c:5c:9c:
         c8:16:1f:45:23:02:53:1d:e6:a6:13:dc:55:f5:8f:98:7f:e5:
         ae:ff:18:37:fd:e3:87:50:2a:7b:54:88:71:fd:99:db:7e:91:
         f3:3b:c2:b7:d4:c3:6b:13:71:07:34:30:cd:7f:77:ca:68:56:
         5d:57:7e:6f:cc:61:96:f9:cf:8a:e7:9b:0e:36:88:b1:20:2b:
         2a:bf:a1:e0:98:b4:af:3d:1d:41:1c:e1:64:5b:c6:a9:b5:42:
         fb:99:81:1a
-----BEGIN CERTIFICATE-----
MIIFfzCCBGegAwIBAgIBBzANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTEx
QkUwMTExMC8GA1UEBRMoRUEwNTY0OTk0NEEyNDA0MjM3MDAzQTdGOEJBNDFEOEQ4
NDIyRTcyMTAeFw0yNTA4MDkwMDQzMTRaFw0yNjEyMDEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY4OTY5OWEyLTdkZTIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCnALJsDH45oRq4uZ9QGdQSmij0exox+b/3PdSK7X1acEH61ELU22veqiESTB67
zEOLI0n/mqzbsR/X4jy1kTxlOYg50R/ZpBLHHvuq1eNntEuflSwgITsoxn81TxZE
F4/DMn09f12JMY+KIGnOCS2YAGSQwmQgT7+M3a9sMo0DHef+3xXzag/WHlKF1Nvm
gD63g2dBwChVvt3ShkPoVvInmqvKRQVZSF233cAb0cQEDcR6sZ3I92p0b645nMFZ
wLNuffIR8ewjhdEm7RSCjgQshzKAft0h07IBql0UUmUKilyL52DVS7pu0uwLIUix
Vqni8WVd+5l+GfUOgJ5XZmtrAgMBAAGjggKkMIICoDAdBgNVHQ4EFgQUb5IQ0Ec6
IroldCRzasQ/kSLxWGQwHwYDVR0jBBgwFoAU6gVkmUSiQEI3ADp/i6QdjYQi5yEw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTFCRTAxLzIzMjNBNDlDNzQ5
RTExRjA4RUFEMkY2NUM0RjlBRTAyLzZnVmttVVNpUUVJM0FEcF9pNlFkallRaTV5
RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvNmdWa21VU2lRRUkzQURwX2k2UWRqWVFpNXlFLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEx
QkUwMS8yMzIzQTQ5Qzc0OUUxMUYwOEVBRDJGNjVDNEY5QUUwMi84QTJDNDBENDc0
QjkxMUYwOEJBMENEMzdDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAuBggrBgEFBQcBBwEB/wQf
MB0wDAQCAAEwBgMEAdI4ljANBAIAAjAHAwUAJAIhoDANBgkqhkiG9w0BAQsFAAOC
AQEAN2rT3Y0/8i1BQGgy/g3Elb11K6CJMA1+6X0FGPxvF/AVFPhoBJrH9chPYbW1
/5QpmkSDr0mX45hAxO+nqs6r/Idemj63MnVxQayJwozV0ieudYiYXnedF54SxE5D
JJNzBI/qPKcK/KqkIWvLfylBX7ssjANMJ550Mk6Qiu3H3eOk6htpRFB3p+V1vWWX
94fweDvWivGcMuYacGZWJDJ0TFycyBYfRSMCUx3mphPcVfWPmH/lrv8YN/3jh1Aq
e1SIcf2Z236R8zvCt9TDaxNxBzQwzX93ymhWXVd+b8xhlvnPiuebDjaIsSArKr+h
4Ji0rz0dQRzhZFvGqbVC+5mBGg==
-----END CERTIFICATE-----
Generated at Sat Aug 9 23:12:56 2025 by rpki-client