Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A912BE9D/D305E4EE990E11EB89B76D68C4F9AE02/CA44DBE09A9811EBAC99AD22C4F9AE02.roa
File:                     CA44DBE09A9811EBAC99AD22C4F9AE02.roa (raw, json)
Hash identifier:          y4GtwygNXHOsgApCazrA1K5LMWjkg33ysXo8KtVSOnk=
Subject key identifier:   00:3B:12:EF:4A:CB:D6:23:89:99:42:DF:DC:E3:ED:13:19:35:87:A9
Certificate issuer:       /CN=A912BE9D/serialNumber=BF6AD1ABC9D91619A09287FB6C64F4647B9FD31C
Certificate serial:       06F2
Authority key identifier: BF:6A:D1:AB:C9:D9:16:19:A0:92:87:FB:6C:64:F4:64:7B:9F:D3:1C
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/v2rRq8nZFhmgkof7bGT0ZHuf0xw.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A912BE9D/D305E4EE990E11EB89B76D68C4F9AE02/CA44DBE09A9811EBAC99AD22C4F9AE02.roa
Signing time:             Tue 22 Jul 2025 23:05:01 +0000
ROA not before:           Tue 22 Jul 2025 23:05:01 +0000
ROA not after:            Wed 30 Sep 2026 00:00:00 +0000
asID:                     58693
IP address blocks:        49.249.225.0/24 maxlen: 24
                          49.249.226.0/24 maxlen: 24
                          49.249.227.0/24 maxlen: 24
                          49.249.228.0/24 maxlen: 24
                          49.249.229.0/24 maxlen: 24
                          49.249.230.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A912BE9D/D305E4EE990E11EB89B76D68C4F9AE02/v2rRq8nZFhmgkof7bGT0ZHuf0xw.crl
                          rsync://rpki.apnic.net/member_repository/A912BE9D/D305E4EE990E11EB89B76D68C4F9AE02/v2rRq8nZFhmgkof7bGT0ZHuf0xw.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/v2rRq8nZFhmgkof7bGT0ZHuf0xw.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 14 Aug 2025 05:57:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1778 (0x6f2)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A912BE9D, serialNumber=BF6AD1ABC9D91619A09287FB6C64F4647B9FD31C
        Validity
            Not Before: Jul 22 23:05:01 2025 GMT
            Not After : Sep 30 00:00:00 2026 GMT
        Subject: CN=6880191d-b4e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:39:f0:f8:7c:1c:7c:f0:c5:9f:10:13:fb:28:
                    95:1a:69:12:99:47:79:e8:51:25:24:3b:b4:93:df:
                    74:40:9a:4e:1c:8d:50:43:7c:32:2b:9b:4e:b8:c7:
                    b7:18:66:f0:95:80:78:40:e7:ae:ee:c0:07:b9:c0:
                    95:4c:41:3d:dd:a9:fa:d9:5f:61:cd:00:28:e0:e8:
                    e7:d7:dd:72:43:bf:47:10:dc:ee:67:d8:a0:3d:b5:
                    4e:5f:9e:ae:fe:92:ef:d3:c2:99:82:fa:56:a8:1f:
                    3f:67:d0:68:7f:13:7a:54:be:c3:5a:95:a7:41:f0:
                    69:da:51:a5:24:5f:39:7a:5b:a9:71:e3:9d:db:40:
                    13:56:56:a0:3c:d4:be:38:36:c2:ad:20:1f:96:5c:
                    86:5f:49:ca:44:a6:9b:54:5a:2a:15:b5:b6:0e:52:
                    ef:6e:06:0f:99:3c:5a:01:ce:26:43:e1:fb:de:8d:
                    38:e9:a7:a5:53:c8:8a:28:3b:81:bb:67:e8:25:61:
                    60:6e:96:0f:9d:d5:99:d0:d0:6a:70:25:24:71:8e:
                    35:74:db:90:b1:9b:09:c8:3f:55:e6:1f:48:d8:12:
                    78:87:3e:20:c7:cc:58:05:10:e3:59:dd:c6:fd:a2:
                    cb:7f:d7:34:6c:ae:63:22:ea:cb:37:0a:f7:60:2e:
                    78:91
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                00:3B:12:EF:4A:CB:D6:23:89:99:42:DF:DC:E3:ED:13:19:35:87:A9
            X509v3 Authority Key Identifier:
                keyid:BF:6A:D1:AB:C9:D9:16:19:A0:92:87:FB:6C:64:F4:64:7B:9F:D3:1C

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A912BE9D/D305E4EE990E11EB89B76D68C4F9AE02/v2rRq8nZFhmgkof7bGT0ZHuf0xw.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/v2rRq8nZFhmgkof7bGT0ZHuf0xw.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A912BE9D/D305E4EE990E11EB89B76D68C4F9AE02/CA44DBE09A9811EBAC99AD22C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  49.249.225.0-49.249.230.255

    Signature Algorithm: sha256WithRSAEncryption
         00:8d:e3:24:cc:51:f1:40:14:77:dc:1b:30:eb:17:fe:06:b5:
         d5:f7:48:f2:68:aa:bc:8c:54:62:13:69:45:ba:16:2f:47:f6:
         2b:fc:82:08:24:5f:bb:b7:96:1b:73:15:39:b5:fd:1e:58:ad:
         66:ae:c6:8f:8b:00:2a:fe:4e:79:ad:73:ea:96:c8:be:a1:bd:
         04:bf:7a:05:c8:7c:c5:e6:88:f7:32:04:8a:58:c5:df:9d:15:
         66:48:f8:e9:17:37:b5:40:54:fb:dc:33:99:6d:22:84:57:73:
         a0:3a:da:7c:23:23:83:b1:9e:36:17:1c:c5:f7:1c:4c:2b:59:
         2e:f9:52:2d:a5:83:1c:65:3c:95:4a:12:33:7e:58:1c:a7:64:
         77:ea:28:31:27:55:e3:1b:73:8b:59:d0:e6:66:7e:0c:d6:c6:
         e9:c1:92:de:b7:cd:fe:95:a4:15:7c:c0:ae:5e:b7:39:33:71:
         5b:11:c1:66:13:2c:62:e6:9c:ae:df:43:89:ce:5f:91:59:0e:
         d3:5e:78:75:fd:8f:e9:ff:83:a8:1a:35:32:c0:49:d1:a6:33:
         8e:19:52:33:3d:f6:7b:00:24:62:ff:21:a6:ed:24:25:80:47:
         98:fe:eb:80:02:53:f1:d8:f1:9b:c2:74:48:30:6e:66:52:c2:
         8d:f8:5f:b9
-----BEGIN CERTIFICATE-----
MIIFeTCCBGGgAwIBAgICBvIwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MkJFOUQxMTAvBgNVBAUTKEJGNkFEMUFCQzlEOTE2MTlBMDkyODdGQjZDNjRGNDY0
N0I5RkQzMUMwHhcNMjUwNzIyMjMwNTAxWhcNMjYwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODgwMTkxZC1iNGUxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA3Tnw+HwcfPDFnxAT+yiVGmkSmUd56FElJDu0k990QJpOHI1QQ3wyK5tOuMe3
GGbwlYB4QOeu7sAHucCVTEE93an62V9hzQAo4Ojn191yQ79HENzuZ9igPbVOX56u
/pLv08KZgvpWqB8/Z9BofxN6VL7DWpWnQfBp2lGlJF85elupceOd20ATVlagPNS+
ODbCrSAfllyGX0nKRKabVFoqFbW2DlLvbgYPmTxaAc4mQ+H73o046aelU8iKKDuB
u2foJWFgbpYPndWZ0NBqcCUkcY41dNuQsZsJyD9V5h9I2BJ4hz4gx8xYBRDjWd3G
/aLLf9c0bK5jIurLNwr3YC54kQIDAQABo4ICnTCCApkwHQYDVR0OBBYEFAA7Eu9K
y9YjiZlC39zj7RMZNYepMB8GA1UdIwQYMBaAFL9q0avJ2RYZoJKH+2xk9GR7n9Mc
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEyQkU5RC9EMzA1RTRFRTk5
MEUxMUVCODlCNzZENjhDNEY5QUUwMi92MnJScThuWkZobWdrb2Y3YkdUMFpIdWYw
eHcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3YyclJxOG5aRmhtZ2tvZjdiR1QwWkh1ZjB4dy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MkJFOUQvRDMwNUU0RUU5OTBFMTFFQjg5Qjc2RDY4QzRGOUFFMDIvQ0E0NERCRTA5
QTk4MTFFQkFDOTlBRDIyQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJwYIKwYBBQUHAQcBAf8E
GDAWMBQEAgABMA4wDAMEADH54QMEADH55jANBgkqhkiG9w0BAQsFAAOCAQEAAI3j
JMxR8UAUd9wbMOsX/ga11fdI8miqvIxUYhNpRboWL0f2K/yCCCRfu7eWG3MVObX9
HlitZq7Gj4sAKv5Oea1z6pbIvqG9BL96Bch8xeaI9zIEiljF350VZkj46Rc3tUBU
+9wzmW0ihFdzoDrafCMjg7GeNhccxfccTCtZLvlSLaWDHGU8lUoSM35YHKdkd+oo
MSdV4xtzi1nQ5mZ+DNbG6cGS3rfN/pWkFXzArl63OTNxWxHBZhMsYuacrt9Dic5f
kVkO0154df2P6f+DqBo1MsBJ0aYzjhlSMz32ewAkYv8hpu0kJYBHmP7rgAJT8djx
m8J0SDBuZlLCjfhfuQ==
-----END CERTIFICATE-----
Generated at Sun Aug 10 13:48:07 2025 by rpki-client