Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A911C28D/BDAB67F63A8011E5AE390155C4F9AE02/AFC59224604711E9BB8C0349C4F9AE02.roa
File:                     AFC59224604711E9BB8C0349C4F9AE02.roa (raw, json)
Hash identifier:          Ny46hTdCHTic/U8tcqJUxV4zkHEnXaL+aV1UVZePGUA=
Subject key identifier:   78:D3:12:D1:EE:BD:8A:72:47:0B:D0:6F:9B:A6:F6:36:B1:3F:E7:0A
Certificate issuer:       /CN=A911C28D/serialNumber=99DFB6BF7950E6B40195A59024F4B750863D3D93
Certificate serial:       2877
Authority key identifier: 99:DF:B6:BF:79:50:E6:B4:01:95:A5:90:24:F4:B7:50:86:3D:3D:93
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/md-2v3lQ5rQBlaWQJPS3UIY9PZM.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A911C28D/BDAB67F63A8011E5AE390155C4F9AE02/AFC59224604711E9BB8C0349C4F9AE02.roa
Signing time:             Sat 26 Jul 2025 15:53:49 +0000
ROA not before:           Sat 26 Jul 2025 15:53:49 +0000
ROA not after:            Wed 30 Sep 2026 00:00:00 +0000
asID:                     138992
IP address blocks:        2402:9e80:49::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A911C28D/BDAB67F63A8011E5AE390155C4F9AE02/md-2v3lQ5rQBlaWQJPS3UIY9PZM.crl
                          rsync://rpki.apnic.net/member_repository/A911C28D/BDAB67F63A8011E5AE390155C4F9AE02/md-2v3lQ5rQBlaWQJPS3UIY9PZM.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/md-2v3lQ5rQBlaWQJPS3UIY9PZM.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 14 Aug 2025 05:57:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 10359 (0x2877)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A911C28D, serialNumber=99DFB6BF7950E6B40195A59024F4B750863D3D93
        Validity
            Not Before: Jul 26 15:53:49 2025 GMT
            Not After : Sep 30 00:00:00 2026 GMT
        Subject: CN=6884fa0d-199b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b4:71:0a:03:24:78:2c:c5:f8:18:5a:8b:7a:32:
                    b9:d0:3d:8f:a1:03:39:90:d4:7c:53:8f:c3:e1:d7:
                    06:de:62:91:99:f1:c4:0d:8b:11:75:38:fe:f5:57:
                    d8:c4:78:3f:94:ec:1f:03:5d:fb:0f:6d:27:aa:f9:
                    9a:9d:2c:75:d6:d7:1a:79:71:e8:29:b5:79:f3:5b:
                    bd:a4:9a:e4:01:e5:f5:43:2a:90:d5:97:13:9f:43:
                    2a:5c:23:63:0b:cf:19:35:31:f5:8d:ea:12:f2:48:
                    39:4d:c3:3a:50:45:f3:8c:45:8e:aa:fe:d8:8c:3a:
                    c3:e1:bb:66:1c:c6:e8:fb:31:23:38:a4:90:5f:9d:
                    01:51:c8:b2:cd:b8:d8:25:26:b0:2c:e7:f6:52:73:
                    e2:96:36:19:f5:86:55:e2:f7:15:e7:62:a9:66:82:
                    85:61:b9:81:cb:0b:73:62:74:90:e0:c7:8d:bc:b4:
                    95:00:3e:80:cd:39:3f:df:ab:3d:e0:9f:b5:c1:5b:
                    fb:b5:e4:df:a1:34:2b:44:46:25:76:72:48:a4:b0:
                    0d:3d:ca:48:ef:b3:44:71:29:dd:00:da:e8:1e:ea:
                    99:2c:be:1f:f9:21:bb:e3:e8:bd:ad:62:03:c8:88:
                    5f:6d:e7:1f:81:ea:31:03:43:d0:f9:d1:a3:a3:94:
                    75:c5
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                78:D3:12:D1:EE:BD:8A:72:47:0B:D0:6F:9B:A6:F6:36:B1:3F:E7:0A
            X509v3 Authority Key Identifier:
                keyid:99:DF:B6:BF:79:50:E6:B4:01:95:A5:90:24:F4:B7:50:86:3D:3D:93

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A911C28D/BDAB67F63A8011E5AE390155C4F9AE02/md-2v3lQ5rQBlaWQJPS3UIY9PZM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/md-2v3lQ5rQBlaWQJPS3UIY9PZM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A911C28D/BDAB67F63A8011E5AE390155C4F9AE02/AFC59224604711E9BB8C0349C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2402:9e80:49::/48

    Signature Algorithm: sha256WithRSAEncryption
         9c:41:4a:1b:87:41:42:56:50:6e:86:2a:2f:a1:cd:01:24:48:
         b3:10:3e:41:67:72:a2:66:80:07:59:4d:81:c0:83:fb:c4:5e:
         3e:71:0d:cb:37:32:55:e3:7f:e6:c7:0d:5f:79:fa:0d:c0:1d:
         a4:1c:a1:09:53:df:35:06:33:d9:c8:57:c3:c1:be:c8:1d:1a:
         39:94:94:33:b3:f2:9b:b6:fb:67:78:0f:69:1c:62:81:82:0a:
         e2:32:2e:11:7c:c8:5a:45:08:2c:0b:86:25:80:a5:50:09:3a:
         55:b6:ea:71:cc:4f:c1:3a:f8:01:ca:1c:bc:92:bf:64:03:5c:
         c4:34:f7:bf:b0:e8:78:4e:67:26:18:e4:92:2e:35:55:6e:a8:
         00:96:e8:c2:f1:7e:e5:93:e7:90:89:1b:26:7d:69:c2:a1:86:
         95:df:70:f6:9e:19:9f:38:0f:70:d7:9f:9a:e0:e1:6b:75:59:
         d3:eb:df:db:56:02:5d:36:6e:e5:7f:9b:65:59:0c:80:81:80:
         82:af:48:b6:f2:6c:8a:28:aa:f3:d9:32:5d:dc:2f:ab:df:df:
         38:c0:b2:8f:ad:c9:82:75:1f:88:a5:ea:5c:9c:c7:07:ba:a9:
         8c:dd:0a:ba:0d:da:5d:37:10:02:25:0b:6d:5b:36:05:47:ce:
         1b:47:99:ed
-----BEGIN CERTIFICATE-----
MIIFdDCCBFygAwIBAgICKHcwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MUMyOEQxMTAvBgNVBAUTKDk5REZCNkJGNzk1MEU2QjQwMTk1QTU5MDI0RjRCNzUw
ODYzRDNEOTMwHhcNMjUwNzI2MTU1MzQ5WhcNMjYwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODg0ZmEwZC0xOTliMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAtHEKAyR4LMX4GFqLejK50D2PoQM5kNR8U4/D4dcG3mKRmfHEDYsRdTj+9VfY
xHg/lOwfA137D20nqvmanSx11tcaeXHoKbV581u9pJrkAeX1QyqQ1ZcTn0MqXCNj
C88ZNTH1jeoS8kg5TcM6UEXzjEWOqv7YjDrD4btmHMbo+zEjOKSQX50BUciyzbjY
JSawLOf2UnPiljYZ9YZV4vcV52KpZoKFYbmBywtzYnSQ4MeNvLSVAD6AzTk/36s9
4J+1wVv7teTfoTQrREYldnJIpLANPcpI77NEcSndANroHuqZLL4f+SG74+i9rWID
yIhfbecfgeoxA0PQ+dGjo5R1xQIDAQABo4ICmDCCApQwHQYDVR0OBBYEFHjTEtHu
vYpyRwvQb5um9jaxP+cKMB8GA1UdIwQYMBaAFJnftr95UOa0AZWlkCT0t1CGPT2T
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTExQzI4RC9CREFCNjdGNjNB
ODAxMUU1QUUzOTAxNTVDNEY5QUUwMi9tZC0ydjNsUTVyUUJsYVdRSlBTM1VJWTlQ
Wk0uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL21kLTJ2M2xRNXJRQmxhV1FKUFMzVUlZOVBaTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MUMyOEQvQkRBQjY3RjYzQTgwMTFFNUFFMzkwMTU1QzRGOUFFMDIvQUZDNTkyMjQ2
MDQ3MTFFOUJCOEMwMzQ5QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwIgYIKwYBBQUHAQcBAf8E
EzARMA8EAgACMAkDBwAkAp6AAEkwDQYJKoZIhvcNAQELBQADggEBAJxBShuHQUJW
UG6GKi+hzQEkSLMQPkFncqJmgAdZTYHAg/vEXj5xDcs3MlXjf+bHDV95+g3AHaQc
oQlT3zUGM9nIV8PBvsgdGjmUlDOz8pu2+2d4D2kcYoGCCuIyLhF8yFpFCCwLhiWA
pVAJOlW26nHMT8E6+AHKHLySv2QDXMQ097+w6HhOZyYY5JIuNVVuqACW6MLxfuWT
55CJGyZ9acKhhpXfcPaeGZ84D3DXn5rg4Wt1WdPr39tWAl02buV/m2VZDICBgIKv
SLbybIooqvPZMl3cL6vf3zjAso+tyYJ1H4il6lycxwe6qYzdCroN2l03EAIlC21b
NgVHzhtHme0=
-----END CERTIFICATE-----
Generated at Sat Aug 9 05:48:21 2025 by rpki-client