Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9146207/FE75634002CB11E6865B8F3BC4F9AE02/2AA1812202CE11E6B167303FC4F9AE02.roa
File:                     2AA1812202CE11E6B167303FC4F9AE02.roa (raw, json)
Hash identifier:          Ms7QsXkh2kQNfde4KuGq3vFMf59+eXYHE6ZiNy8XHPg=
Subject key identifier:   77:B0:1D:C1:EE:84:1D:13:7C:9E:05:0D:7F:F0:03:81:96:93:14:EF
Certificate issuer:       /CN=A9146207/serialNumber=9E668E6E67BAD0ACF940A228C4BC093B8B24002B
Certificate serial:       256D
Authority key identifier: 9E:66:8E:6E:67:BA:D0:AC:F9:40:A2:28:C4:BC:09:3B:8B:24:00:2B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/nmaObme60Kz5QKIoxLwJO4skACs.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9146207/FE75634002CB11E6865B8F3BC4F9AE02/2AA1812202CE11E6B167303FC4F9AE02.roa
Signing time:             Mon 04 Aug 2025 16:24:21 +0000
ROA not before:           Mon 04 Aug 2025 16:24:21 +0000
ROA not after:            Wed 30 Sep 2026 00:00:00 +0000
asID:                     24179
IP address blocks:        203.177.151.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9146207/FE75634002CB11E6865B8F3BC4F9AE02/nmaObme60Kz5QKIoxLwJO4skACs.crl
                          rsync://rpki.apnic.net/member_repository/A9146207/FE75634002CB11E6865B8F3BC4F9AE02/nmaObme60Kz5QKIoxLwJO4skACs.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/nmaObme60Kz5QKIoxLwJO4skACs.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 14 Aug 2025 05:57:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 9581 (0x256d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9146207, serialNumber=9E668E6E67BAD0ACF940A228C4BC093B8B24002B
        Validity
            Not Before: Aug  4 16:24:21 2025 GMT
            Not After : Sep 30 00:00:00 2026 GMT
        Subject: CN=6890deb4-c897
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:fb:a9:66:b9:8b:41:70:e8:aa:0c:7a:0b:fe:66:
                    39:4f:08:7d:97:05:3d:e3:4c:3d:7f:5d:06:17:6e:
                    be:1b:00:12:71:b8:3c:18:5d:a7:4d:76:f8:cc:f4:
                    e7:be:eb:80:29:71:da:99:6a:23:ea:61:7f:c9:d0:
                    e0:b5:58:8b:d1:bc:63:72:aa:e8:fc:a7:3e:8c:1d:
                    ce:d4:dd:68:32:ab:db:3b:81:45:e7:4f:ea:ff:d3:
                    44:00:f5:28:e5:62:ed:3a:a8:0c:61:cf:fe:fc:39:
                    ff:06:4c:0f:76:ef:45:d7:4f:dc:01:1d:dd:4a:2c:
                    43:33:4c:56:df:96:5c:59:31:04:27:db:7d:3b:d6:
                    37:ed:3b:ed:0b:35:35:69:4b:c0:d0:ca:9a:74:b3:
                    a0:ca:f9:45:46:45:89:2b:06:e8:29:4e:b3:9e:8a:
                    40:22:74:69:df:b0:e3:65:d4:2f:4b:01:7f:19:f7:
                    73:14:2e:ce:ed:72:03:fe:ad:99:ef:1e:41:44:e5:
                    28:dc:11:9d:cf:95:71:c3:08:5c:99:85:2b:0b:66:
                    55:96:24:ec:fd:43:fd:3f:6e:a8:03:00:a0:28:48:
                    fe:b8:7e:f9:8d:5f:6d:ba:21:e9:75:32:f8:b1:f1:
                    9e:b3:f7:fd:8e:dd:f4:94:d4:f4:f7:0a:8e:ed:60:
                    b5:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                77:B0:1D:C1:EE:84:1D:13:7C:9E:05:0D:7F:F0:03:81:96:93:14:EF
            X509v3 Authority Key Identifier:
                keyid:9E:66:8E:6E:67:BA:D0:AC:F9:40:A2:28:C4:BC:09:3B:8B:24:00:2B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9146207/FE75634002CB11E6865B8F3BC4F9AE02/nmaObme60Kz5QKIoxLwJO4skACs.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/nmaObme60Kz5QKIoxLwJO4skACs.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9146207/FE75634002CB11E6865B8F3BC4F9AE02/2AA1812202CE11E6B167303FC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.177.151.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0f:17:e9:64:fe:94:51:06:d8:1a:e8:8f:b2:23:b0:b4:0d:fe:
         21:30:16:95:5e:a6:78:3b:2c:e3:f6:61:a8:37:4b:d6:cb:5b:
         7d:98:b9:22:05:57:c2:12:51:d7:78:76:b4:75:c4:92:e7:33:
         7c:8a:70:e4:62:a4:08:e9:42:a7:cf:70:a7:51:d8:7b:ad:e9:
         2a:df:81:23:70:b1:41:e2:6b:21:b9:25:b7:03:fc:97:74:2d:
         08:53:eb:7a:4f:83:88:bb:74:79:d9:37:36:29:67:f8:00:63:
         3f:cc:04:4f:d2:8d:09:62:54:86:6d:2e:c8:50:34:b8:4a:84:
         34:e5:5b:17:ee:9a:46:d3:99:0a:45:21:25:bb:ba:16:cf:1e:
         15:e6:a4:18:90:ab:20:95:d2:89:19:d3:9f:c2:ce:de:30:f8:
         5e:d7:c6:8a:71:1e:de:13:13:39:18:14:1e:04:79:4d:e5:7a:
         40:56:ad:22:82:36:c6:72:51:42:4c:e1:70:75:4b:a6:5e:44:
         43:b0:54:8f:b2:37:6e:55:e0:ab:83:3f:36:d4:1f:25:9e:2e:
         b7:93:4f:5f:d4:17:13:2b:f5:42:73:77:a9:3e:c1:dc:24:79:
         e3:d4:32:c3:41:08:11:19:f4:35:e3:76:df:4a:33:2c:4a:c7:
         7d:73:0a:86
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICJW0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDYyMDcxMTAvBgNVBAUTKDlFNjY4RTZFNjdCQUQwQUNGOTQwQTIyOEM0QkMwOTNC
OEIyNDAwMkIwHhcNMjUwODA0MTYyNDIxWhcNMjYwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODkwZGViNC1jODk3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA+6lmuYtBcOiqDHoL/mY5Twh9lwU940w9f10GF26+GwAScbg8GF2nTXb4zPTn
vuuAKXHamWoj6mF/ydDgtViL0bxjcqro/Kc+jB3O1N1oMqvbO4FF50/q/9NEAPUo
5WLtOqgMYc/+/Dn/BkwPdu9F10/cAR3dSixDM0xW35ZcWTEEJ9t9O9Y37TvtCzU1
aUvA0MqadLOgyvlFRkWJKwboKU6znopAInRp37DjZdQvSwF/GfdzFC7O7XID/q2Z
7x5BROUo3BGdz5VxwwhcmYUrC2ZVliTs/UP9P26oAwCgKEj+uH75jV9tuiHpdTL4
sfGes/f9jt30lNT09wqO7WC1IwIDAQABo4IClTCCApEwHQYDVR0OBBYEFHewHcHu
hB0TfJ4FDX/wA4GWkxTvMB8GA1UdIwQYMBaAFJ5mjm5nutCs+UCiKMS8CTuLJAAr
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0NjIwNy9GRTc1NjM0MDAy
Q0IxMUU2ODY1QjhGM0JDNEY5QUUwMi9ubWFPYm1lNjBLejVRS0lveEx3Sk80c2tB
Q3MuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL25tYU9ibWU2MEt6NVFLSW94THdKTzRza0FDcy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDYyMDcvRkU3NTYzNDAwMkNCMTFFNjg2NUI4RjNCQzRGOUFFMDIvMkFBMTgxMjIw
MkNFMTFFNkIxNjczMDNGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADLsZcwDQYJKoZIhvcNAQELBQADggEBAA8X6WT+lFEG2Bro
j7IjsLQN/iEwFpVepng7LOP2Yag3S9bLW32YuSIFV8ISUdd4drR1xJLnM3yKcORi
pAjpQqfPcKdR2Hut6SrfgSNwsUHiayG5JbcD/Jd0LQhT63pPg4i7dHnZNzYpZ/gA
Yz/MBE/SjQliVIZtLshQNLhKhDTlWxfumkbTmQpFISW7uhbPHhXmpBiQqyCV0okZ
05/Czt4w+F7XxopxHt4TEzkYFB4EeU3lekBWrSKCNsZyUUJM4XB1S6ZeREOwVI+y
N25V4KuDPzbUHyWeLreTT1/UFxMr9UJzd6k+wdwkeePUMsNBCBEZ9DXjdt9KMyxK
x31zCoY=
-----END CERTIFICATE-----
Generated at Mon Aug 11 08:49:55 2025 by rpki-client