Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A911C28D/BDAB67F63A8011E5AE390155C4F9AE02/5EBAE6BA379F11EFA59DAE0AC4F9AE02.roa
File:                     5EBAE6BA379F11EFA59DAE0AC4F9AE02.roa (raw, json)
Hash identifier:          N1a96Bp2XVma17pAfKJ5UoTb8QNj5J00c+8i+FNuIr8=
Subject key identifier:   87:F4:51:F6:20:2D:D3:E9:AB:85:39:47:50:7A:C7:D6:A3:EC:F0:5B
Certificate issuer:       /CN=A911C28D/serialNumber=99DFB6BF7950E6B40195A59024F4B750863D3D93
Certificate serial:       2889
Authority key identifier: 99:DF:B6:BF:79:50:E6:B4:01:95:A5:90:24:F4:B7:50:86:3D:3D:93
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/md-2v3lQ5rQBlaWQJPS3UIY9PZM.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A911C28D/BDAB67F63A8011E5AE390155C4F9AE02/5EBAE6BA379F11EFA59DAE0AC4F9AE02.roa
Signing time:             Sat 26 Jul 2025 15:54:09 +0000
ROA not before:           Sat 26 Jul 2025 15:54:08 +0000
ROA not after:            Wed 30 Sep 2026 00:00:00 +0000
asID:                     153040
IP address blocks:        27.100.38.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A911C28D/BDAB67F63A8011E5AE390155C4F9AE02/md-2v3lQ5rQBlaWQJPS3UIY9PZM.crl
                          rsync://rpki.apnic.net/member_repository/A911C28D/BDAB67F63A8011E5AE390155C4F9AE02/md-2v3lQ5rQBlaWQJPS3UIY9PZM.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/md-2v3lQ5rQBlaWQJPS3UIY9PZM.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 14 Aug 2025 05:57:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 10377 (0x2889)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A911C28D, serialNumber=99DFB6BF7950E6B40195A59024F4B750863D3D93
        Validity
            Not Before: Jul 26 15:54:08 2025 GMT
            Not After : Sep 30 00:00:00 2026 GMT
        Subject: CN=6884fa20-6df8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d5:0a:6f:a8:0d:53:9f:13:48:9a:db:41:c2:34:
                    e6:41:fa:28:d6:6b:f0:68:5e:fe:db:57:a9:99:31:
                    b2:0a:aa:64:6b:e1:e2:36:b9:d5:ee:88:be:f3:1e:
                    73:a9:84:94:cc:ff:42:06:a4:82:60:0f:58:ff:88:
                    34:b4:46:2c:b8:dc:0b:83:75:3c:a3:bf:4d:08:ea:
                    d6:ca:d5:04:fd:cb:23:e0:8c:0e:85:4a:ea:66:2a:
                    2f:85:54:e1:3f:74:d0:44:68:88:69:b9:7d:ff:9c:
                    a1:71:0a:9f:71:7d:a1:61:97:84:8a:9c:75:6f:0b:
                    11:01:c1:81:0e:64:06:f0:7d:75:43:ee:ae:b2:0a:
                    14:d4:d0:e1:50:06:43:66:84:96:70:c7:c8:44:c7:
                    49:67:4d:13:76:d9:f0:7b:fe:51:d0:de:9d:b2:66:
                    b0:ef:4d:b4:89:53:3e:66:cc:6b:0a:4a:1d:a3:c9:
                    29:71:65:b1:69:14:e0:ad:27:8e:3a:0f:b4:6b:72:
                    8e:7d:4f:61:fb:52:69:33:cf:f8:3e:77:76:53:fa:
                    b9:24:8d:96:55:07:40:5c:89:5e:01:2f:18:7a:66:
                    6b:41:00:a5:a9:84:42:21:d0:8b:06:c3:f2:9f:58:
                    03:96:99:2d:7f:9c:ad:b4:33:4d:d5:0f:e8:e9:46:
                    04:ff
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                87:F4:51:F6:20:2D:D3:E9:AB:85:39:47:50:7A:C7:D6:A3:EC:F0:5B
            X509v3 Authority Key Identifier:
                keyid:99:DF:B6:BF:79:50:E6:B4:01:95:A5:90:24:F4:B7:50:86:3D:3D:93

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A911C28D/BDAB67F63A8011E5AE390155C4F9AE02/md-2v3lQ5rQBlaWQJPS3UIY9PZM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/md-2v3lQ5rQBlaWQJPS3UIY9PZM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A911C28D/BDAB67F63A8011E5AE390155C4F9AE02/5EBAE6BA379F11EFA59DAE0AC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  27.100.38.0/24

    Signature Algorithm: sha256WithRSAEncryption
         83:28:ab:92:eb:89:47:9e:28:9f:22:aa:fb:d0:e7:1c:49:29:
         9a:d5:d3:2a:60:c8:cc:ad:cd:12:95:66:c2:d3:40:f0:1a:84:
         c1:30:0c:6e:4d:02:80:0a:cc:2c:25:c0:e9:9a:02:1c:11:97:
         89:ac:58:26:a3:25:f9:9f:04:06:4d:b5:08:11:39:25:33:98:
         64:eb:5b:46:40:38:ce:e6:d8:5a:12:61:6f:f7:07:a2:b8:13:
         d6:8e:2a:82:dd:ba:1b:e1:d0:1c:c6:99:5b:da:c6:1b:a2:ff:
         28:a7:cb:af:e7:b4:e5:2d:59:6c:06:6b:0b:a2:67:ab:5d:e9:
         4f:04:d4:2d:72:d1:7f:66:a9:7c:a6:69:62:fd:3e:19:bc:54:
         d6:b9:dc:f5:c4:58:18:fb:1d:ea:af:09:b4:4b:75:3b:b2:53:
         b8:ec:75:ca:fc:66:bd:7e:96:15:4f:96:61:35:8a:22:81:5c:
         bd:bd:1f:e6:84:21:9a:2c:75:bf:d1:43:da:7c:77:02:a4:28:
         e7:eb:41:fb:17:76:0c:ba:c9:af:ce:90:85:25:39:d8:37:cb:
         a0:ff:2b:b7:d8:b3:3f:5f:54:ef:61:f5:ab:dd:a0:3b:46:7a:
         11:1a:2c:4e:15:87:af:76:d8:be:e0:23:42:96:f1:a6:51:c1:
         4d:07:b6:a7
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICKIkwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MUMyOEQxMTAvBgNVBAUTKDk5REZCNkJGNzk1MEU2QjQwMTk1QTU5MDI0RjRCNzUw
ODYzRDNEOTMwHhcNMjUwNzI2MTU1NDA4WhcNMjYwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODg0ZmEyMC02ZGY4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA1QpvqA1TnxNImttBwjTmQfoo1mvwaF7+21epmTGyCqpka+HiNrnV7oi+8x5z
qYSUzP9CBqSCYA9Y/4g0tEYsuNwLg3U8o79NCOrWytUE/csj4IwOhUrqZiovhVTh
P3TQRGiIabl9/5yhcQqfcX2hYZeEipx1bwsRAcGBDmQG8H11Q+6usgoU1NDhUAZD
ZoSWcMfIRMdJZ00Tdtnwe/5R0N6dsmaw7020iVM+ZsxrCkodo8kpcWWxaRTgrSeO
Og+0a3KOfU9h+1JpM8/4Pnd2U/q5JI2WVQdAXIleAS8YemZrQQClqYRCIdCLBsPy
n1gDlpktf5yttDNN1Q/o6UYE/wIDAQABo4IClTCCApEwHQYDVR0OBBYEFIf0UfYg
LdPpq4U5R1B6x9aj7PBbMB8GA1UdIwQYMBaAFJnftr95UOa0AZWlkCT0t1CGPT2T
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTExQzI4RC9CREFCNjdGNjNB
ODAxMUU1QUUzOTAxNTVDNEY5QUUwMi9tZC0ydjNsUTVyUUJsYVdRSlBTM1VJWTlQ
Wk0uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL21kLTJ2M2xRNXJRQmxhV1FKUFMzVUlZOVBaTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MUMyOEQvQkRBQjY3RjYzQTgwMTFFNUFFMzkwMTU1QzRGOUFFMDIvNUVCQUU2QkEz
NzlGMTFFRkE1OURBRTBBQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAAbZCYwDQYJKoZIhvcNAQELBQADggEBAIMoq5LriUeeKJ8i
qvvQ5xxJKZrV0ypgyMytzRKVZsLTQPAahMEwDG5NAoAKzCwlwOmaAhwRl4msWCaj
JfmfBAZNtQgROSUzmGTrW0ZAOM7m2FoSYW/3B6K4E9aOKoLduhvh0BzGmVvaxhui
/yiny6/ntOUtWWwGawuiZ6td6U8E1C1y0X9mqXymaWL9Phm8VNa53PXEWBj7Heqv
CbRLdTuyU7jsdcr8Zr1+lhVPlmE1iiKBXL29H+aEIZosdb/RQ9p8dwKkKOfrQfsX
dgy6ya/OkIUlOdg3y6D/K7fYsz9fVO9h9avdoDtGehEaLE4Vh6922L7gI0KW8aZR
wU0Htqc=
-----END CERTIFICATE-----
Generated at Sat Aug 9 01:24:16 2025 by rpki-client