Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A911C28D/BDAB67F63A8011E5AE390155C4F9AE02/E2D385AA41C511E8BEC06D36C4F9AE02.roa
File:                     E2D385AA41C511E8BEC06D36C4F9AE02.roa (raw, json)
Hash identifier:          2t6/u72QK0o9abc9b3gHwjINMJOQ+vO/4rSwciknXYA=
Subject key identifier:   8B:67:B4:79:DB:07:04:29:14:2E:3E:3E:DD:02:AA:73:A4:62:BB:B5
Certificate issuer:       /CN=A911C28D/serialNumber=99DFB6BF7950E6B40195A59024F4B750863D3D93
Certificate serial:       286C
Authority key identifier: 99:DF:B6:BF:79:50:E6:B4:01:95:A5:90:24:F4:B7:50:86:3D:3D:93
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/md-2v3lQ5rQBlaWQJPS3UIY9PZM.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A911C28D/BDAB67F63A8011E5AE390155C4F9AE02/E2D385AA41C511E8BEC06D36C4F9AE02.roa
Signing time:             Sat 26 Jul 2025 15:53:40 +0000
ROA not before:           Sat 26 Jul 2025 15:53:40 +0000
ROA not after:            Wed 30 Sep 2026 00:00:00 +0000
asID:                     137033
IP address blocks:        2402:9e80:15::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A911C28D/BDAB67F63A8011E5AE390155C4F9AE02/md-2v3lQ5rQBlaWQJPS3UIY9PZM.crl
                          rsync://rpki.apnic.net/member_repository/A911C28D/BDAB67F63A8011E5AE390155C4F9AE02/md-2v3lQ5rQBlaWQJPS3UIY9PZM.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/md-2v3lQ5rQBlaWQJPS3UIY9PZM.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 14 Aug 2025 05:57:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 10348 (0x286c)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A911C28D, serialNumber=99DFB6BF7950E6B40195A59024F4B750863D3D93
        Validity
            Not Before: Jul 26 15:53:40 2025 GMT
            Not After : Sep 30 00:00:00 2026 GMT
        Subject: CN=6884fa04-9934
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b9:98:54:90:30:bf:5c:18:c0:b3:12:19:09:2c:
                    f6:ef:2d:0b:c8:ed:20:6b:11:52:35:5a:84:b3:53:
                    e5:0f:a0:c7:91:f1:55:f2:54:0e:0d:5f:19:3c:d1:
                    c9:5b:78:d6:d7:8c:6e:44:de:75:34:34:25:af:0b:
                    eb:2d:a4:a2:be:dd:22:b6:aa:43:76:52:63:be:13:
                    ac:d9:6a:4b:2b:6b:e1:2c:37:9e:61:d8:a9:67:0d:
                    c1:d6:59:84:fc:da:58:44:8b:39:fd:75:4a:51:56:
                    f9:85:99:7e:60:da:fe:85:5a:4a:c2:d7:16:26:f5:
                    fc:2b:c8:d3:ea:6b:00:33:3f:03:79:5a:ac:f8:33:
                    fc:7c:6e:3d:6f:0e:5d:d0:62:c5:04:36:33:be:1f:
                    8e:0b:36:00:33:4c:f1:54:23:70:99:46:c9:bd:69:
                    64:13:6e:08:15:0c:c1:a0:e1:43:eb:21:0e:5f:3d:
                    29:41:d1:fd:a8:ff:1d:b8:14:b5:2b:8d:a6:27:1a:
                    b7:45:62:82:e6:55:fc:3a:b0:6f:60:b5:d2:ec:b3:
                    23:4c:ab:a8:0c:fd:97:f2:fb:84:bb:ff:27:7e:65:
                    30:a2:10:8a:14:9c:d2:83:f4:aa:ca:60:f3:c6:d5:
                    22:70:23:ce:f2:89:13:f5:fe:fd:6e:e3:9c:dc:f5:
                    c3:33
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8B:67:B4:79:DB:07:04:29:14:2E:3E:3E:DD:02:AA:73:A4:62:BB:B5
            X509v3 Authority Key Identifier:
                keyid:99:DF:B6:BF:79:50:E6:B4:01:95:A5:90:24:F4:B7:50:86:3D:3D:93

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A911C28D/BDAB67F63A8011E5AE390155C4F9AE02/md-2v3lQ5rQBlaWQJPS3UIY9PZM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/md-2v3lQ5rQBlaWQJPS3UIY9PZM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A911C28D/BDAB67F63A8011E5AE390155C4F9AE02/E2D385AA41C511E8BEC06D36C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2402:9e80:15::/48

    Signature Algorithm: sha256WithRSAEncryption
         84:ba:81:09:f6:24:09:ba:b5:ba:d6:30:53:ce:5a:39:13:c8:
         f3:09:b8:fb:6c:21:5c:26:77:b4:d5:6f:25:55:39:51:c6:72:
         fc:51:d2:39:32:ed:c4:34:24:86:10:d9:5f:14:0a:50:fe:a3:
         ff:0f:a6:56:da:91:ee:37:4c:99:7d:d1:94:b1:c9:69:9a:64:
         07:da:59:d1:5e:55:7b:4f:74:0f:85:8f:3c:dd:fa:2a:3b:51:
         0d:3d:d6:a7:89:81:ca:8d:6d:f0:a7:aa:6d:0c:45:38:ac:f1:
         3a:c7:1e:c9:98:14:a8:ac:fe:9f:34:4e:f1:41:32:bb:d4:fb:
         c6:3b:d2:71:2c:8f:9c:b7:89:d7:91:b1:8c:86:20:61:86:9b:
         25:67:be:bb:10:c7:4c:5e:bd:b7:c5:87:1b:85:11:59:04:21:
         c9:3b:58:fd:e4:ff:0d:78:09:7f:ab:66:31:1f:c3:84:9d:2d:
         dc:7f:51:50:7a:9c:a1:2d:b1:c1:06:af:19:92:f9:91:a3:03:
         d0:de:38:ba:16:bb:62:51:48:fa:6b:41:1d:be:6b:ae:76:ac:
         47:ef:84:df:36:a6:e4:f9:91:a9:7f:7b:d6:dd:8d:77:4c:70:
         a9:2b:28:98:b3:2d:5b:75:ee:ab:4f:b3:ab:86:92:5c:07:5f:
         db:bc:f8:40
-----BEGIN CERTIFICATE-----
MIIFdDCCBFygAwIBAgICKGwwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MUMyOEQxMTAvBgNVBAUTKDk5REZCNkJGNzk1MEU2QjQwMTk1QTU5MDI0RjRCNzUw
ODYzRDNEOTMwHhcNMjUwNzI2MTU1MzQwWhcNMjYwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODg0ZmEwNC05OTM0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAuZhUkDC/XBjAsxIZCSz27y0LyO0gaxFSNVqEs1PlD6DHkfFV8lQODV8ZPNHJ
W3jW14xuRN51NDQlrwvrLaSivt0itqpDdlJjvhOs2WpLK2vhLDeeYdipZw3B1lmE
/NpYRIs5/XVKUVb5hZl+YNr+hVpKwtcWJvX8K8jT6msAMz8DeVqs+DP8fG49bw5d
0GLFBDYzvh+OCzYAM0zxVCNwmUbJvWlkE24IFQzBoOFD6yEOXz0pQdH9qP8duBS1
K42mJxq3RWKC5lX8OrBvYLXS7LMjTKuoDP2X8vuEu/8nfmUwohCKFJzSg/SqymDz
xtUicCPO8okT9f79buOc3PXDMwIDAQABo4ICmDCCApQwHQYDVR0OBBYEFItntHnb
BwQpFC4+Pt0CqnOkYru1MB8GA1UdIwQYMBaAFJnftr95UOa0AZWlkCT0t1CGPT2T
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTExQzI4RC9CREFCNjdGNjNB
ODAxMUU1QUUzOTAxNTVDNEY5QUUwMi9tZC0ydjNsUTVyUUJsYVdRSlBTM1VJWTlQ
Wk0uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL21kLTJ2M2xRNXJRQmxhV1FKUFMzVUlZOVBaTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MUMyOEQvQkRBQjY3RjYzQTgwMTFFNUFFMzkwMTU1QzRGOUFFMDIvRTJEMzg1QUE0
MUM1MTFFOEJFQzA2RDM2QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwIgYIKwYBBQUHAQcBAf8E
EzARMA8EAgACMAkDBwAkAp6AABUwDQYJKoZIhvcNAQELBQADggEBAIS6gQn2JAm6
tbrWMFPOWjkTyPMJuPtsIVwmd7TVbyVVOVHGcvxR0jky7cQ0JIYQ2V8UClD+o/8P
plbake43TJl90ZSxyWmaZAfaWdFeVXtPdA+Fjzzd+io7UQ091qeJgcqNbfCnqm0M
RTis8TrHHsmYFKis/p80TvFBMrvU+8Y70nEsj5y3ideRsYyGIGGGmyVnvrsQx0xe
vbfFhxuFEVkEIck7WP3k/w14CX+rZjEfw4SdLdx/UVB6nKEtscEGrxmS+ZGjA9De
OLoWu2JRSPprQR2+a652rEfvhN82puT5kal/e9bdjXdMcKkrKJizLVt17qtPs6uG
klwHX9u8+EA=
-----END CERTIFICATE-----
Generated at Sat Aug 9 01:23:08 2025 by rpki-client