Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9146207/FE75634002CB11E6865B8F3BC4F9AE02/28DFC39E02CE11E6B167303FC4F9AE02.roa
File:                     28DFC39E02CE11E6B167303FC4F9AE02.roa (raw, json)
Hash identifier:          NK9LWbF8pONuCfm9ynpNYVUJq0bnRlvsHPhOA7O7K+Y=
Subject key identifier:   E9:B3:03:21:4F:6F:FB:BE:23:57:AC:08:AD:09:12:1B:4A:5D:E6:FE
Certificate issuer:       /CN=A9146207/serialNumber=9E668E6E67BAD0ACF940A228C4BC093B8B24002B
Certificate serial:       2566
Authority key identifier: 9E:66:8E:6E:67:BA:D0:AC:F9:40:A2:28:C4:BC:09:3B:8B:24:00:2B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/nmaObme60Kz5QKIoxLwJO4skACs.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9146207/FE75634002CB11E6865B8F3BC4F9AE02/28DFC39E02CE11E6B167303FC4F9AE02.roa
Signing time:             Mon 04 Aug 2025 16:24:15 +0000
ROA not before:           Mon 04 Aug 2025 16:24:15 +0000
ROA not after:            Wed 30 Sep 2026 00:00:00 +0000
asID:                     17550
IP address blocks:        203.177.86.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9146207/FE75634002CB11E6865B8F3BC4F9AE02/nmaObme60Kz5QKIoxLwJO4skACs.crl
                          rsync://rpki.apnic.net/member_repository/A9146207/FE75634002CB11E6865B8F3BC4F9AE02/nmaObme60Kz5QKIoxLwJO4skACs.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/nmaObme60Kz5QKIoxLwJO4skACs.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 14 Aug 2025 05:57:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 9574 (0x2566)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9146207, serialNumber=9E668E6E67BAD0ACF940A228C4BC093B8B24002B
        Validity
            Not Before: Aug  4 16:24:15 2025 GMT
            Not After : Sep 30 00:00:00 2026 GMT
        Subject: CN=6890deaf-9456
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c0:34:11:b9:9e:7c:a0:dd:92:87:bd:64:e2:20:
                    78:ae:4f:17:c2:b2:38:db:04:31:a9:3c:9d:19:63:
                    97:9a:8c:8c:e0:89:0c:25:0d:54:47:13:55:94:f3:
                    70:58:7d:2f:0c:48:dc:71:08:59:a2:85:09:46:90:
                    6b:d4:26:0b:7d:eb:3b:b2:fb:63:f8:f2:97:a0:3a:
                    6d:64:cc:a5:a6:ca:85:41:66:c8:18:f7:f0:3b:7f:
                    bd:c0:f9:61:dd:8d:b7:86:d8:84:38:8a:e5:75:15:
                    9c:32:fa:cf:1d:8a:7c:fc:ed:d2:4e:a2:ce:4f:1e:
                    bf:d5:9c:86:e3:5e:32:0d:d3:5e:65:ab:8d:e4:e1:
                    3a:61:3a:f2:de:5a:89:1f:96:37:a7:79:7b:fd:f2:
                    25:63:77:25:3e:eb:d5:41:e6:d6:23:76:37:ac:68:
                    5d:93:b9:5d:86:89:8a:ef:ac:43:ba:d8:a6:6a:5d:
                    22:2b:8c:ae:39:c7:37:b9:23:75:bd:b9:e4:7c:fd:
                    97:56:cc:17:5f:c1:57:2e:25:4e:60:7c:f9:a8:8a:
                    0b:d0:e3:b2:07:06:53:df:a5:cf:59:a7:e4:39:db:
                    41:f7:10:cc:52:77:04:99:a2:43:65:5e:22:ec:47:
                    41:19:98:bc:7a:e8:75:4a:0f:3f:8c:92:85:59:49:
                    43:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:B3:03:21:4F:6F:FB:BE:23:57:AC:08:AD:09:12:1B:4A:5D:E6:FE
            X509v3 Authority Key Identifier:
                keyid:9E:66:8E:6E:67:BA:D0:AC:F9:40:A2:28:C4:BC:09:3B:8B:24:00:2B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9146207/FE75634002CB11E6865B8F3BC4F9AE02/nmaObme60Kz5QKIoxLwJO4skACs.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/nmaObme60Kz5QKIoxLwJO4skACs.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9146207/FE75634002CB11E6865B8F3BC4F9AE02/28DFC39E02CE11E6B167303FC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.177.86.0/24

    Signature Algorithm: sha256WithRSAEncryption
         da:53:12:95:78:23:23:30:da:e7:d0:f8:a1:8c:9a:02:12:13:
         49:f1:57:35:c2:72:ac:7a:85:ce:9d:47:94:2a:7b:e0:b2:db:
         74:21:66:08:3c:93:74:15:24:df:d1:b5:f2:23:74:ac:25:2a:
         8a:2f:dc:14:6b:c4:b8:fa:89:42:88:17:9f:5d:4d:f2:b5:05:
         df:35:49:49:bd:db:c5:c0:78:12:b6:3f:dd:42:f3:bf:c2:88:
         b2:b5:ae:26:d8:4f:33:85:08:a7:87:ee:29:27:29:1d:f3:da:
         61:be:34:24:05:56:8f:f6:b7:67:ec:ab:e5:b4:29:9a:26:cf:
         96:cb:c6:dd:23:aa:e8:b5:e7:a0:a0:d2:fd:67:ec:c0:c6:18:
         23:78:cf:7b:e0:6f:60:99:c3:54:ad:d0:4a:54:14:48:90:ae:
         15:45:4e:aa:99:c4:d7:68:73:db:70:b3:41:fb:40:d3:95:cc:
         82:cf:c9:7e:1a:0c:15:82:0d:38:57:b8:82:d8:fb:7b:be:8e:
         60:6c:57:ee:69:ca:b8:d5:08:c7:71:55:dc:3b:f6:21:a4:16:
         36:45:84:ff:1f:ea:37:fa:e3:25:30:35:89:f2:54:0b:62:35:
         50:97:3a:e1:98:9c:52:cf:9d:2c:de:9e:8b:db:b9:16:a3:46:
         a4:63:45:59
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICJWYwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDYyMDcxMTAvBgNVBAUTKDlFNjY4RTZFNjdCQUQwQUNGOTQwQTIyOEM0QkMwOTNC
OEIyNDAwMkIwHhcNMjUwODA0MTYyNDE1WhcNMjYwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODkwZGVhZi05NDU2MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAwDQRuZ58oN2Sh71k4iB4rk8XwrI42wQxqTydGWOXmoyM4IkMJQ1URxNVlPNw
WH0vDEjccQhZooUJRpBr1CYLfes7svtj+PKXoDptZMylpsqFQWbIGPfwO3+9wPlh
3Y23htiEOIrldRWcMvrPHYp8/O3STqLOTx6/1ZyG414yDdNeZauN5OE6YTry3lqJ
H5Y3p3l7/fIlY3clPuvVQebWI3Y3rGhdk7ldhomK76xDutimal0iK4yuOcc3uSN1
vbnkfP2XVswXX8FXLiVOYHz5qIoL0OOyBwZT36XPWafkOdtB9xDMUncEmaJDZV4i
7EdBGZi8euh1Sg8/jJKFWUlDeQIDAQABo4IClTCCApEwHQYDVR0OBBYEFOmzAyFP
b/u+I1esCK0JEhtKXeb+MB8GA1UdIwQYMBaAFJ5mjm5nutCs+UCiKMS8CTuLJAAr
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0NjIwNy9GRTc1NjM0MDAy
Q0IxMUU2ODY1QjhGM0JDNEY5QUUwMi9ubWFPYm1lNjBLejVRS0lveEx3Sk80c2tB
Q3MuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL25tYU9ibWU2MEt6NVFLSW94THdKTzRza0FDcy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDYyMDcvRkU3NTYzNDAwMkNCMTFFNjg2NUI4RjNCQzRGOUFFMDIvMjhERkMzOUUw
MkNFMTFFNkIxNjczMDNGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADLsVYwDQYJKoZIhvcNAQELBQADggEBANpTEpV4IyMw2ufQ
+KGMmgISE0nxVzXCcqx6hc6dR5Qqe+Cy23QhZgg8k3QVJN/RtfIjdKwlKoov3BRr
xLj6iUKIF59dTfK1Bd81SUm928XAeBK2P91C87/CiLK1ribYTzOFCKeH7iknKR3z
2mG+NCQFVo/2t2fsq+W0KZomz5bLxt0jqui156Cg0v1n7MDGGCN4z3vgb2CZw1St
0EpUFEiQrhVFTqqZxNdoc9tws0H7QNOVzILPyX4aDBWCDThXuILY+3u+jmBsV+5p
yrjVCMdxVdw79iGkFjZFhP8f6jf64yUwNYnyVAtiNVCXOuGYnFLPnSzenovbuRaj
RqRjRVk=
-----END CERTIFICATE-----
Generated at Mon Aug 11 08:50:01 2025 by rpki-client