Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9146207/FE75634002CB11E6865B8F3BC4F9AE02/2F88F46802CE11E6B167303FC4F9AE02.roa
File:                     2F88F46802CE11E6B167303FC4F9AE02.roa (raw, json)
Hash identifier:          b9KSK49f3+RJ5Zndahld37Ne8rgyICiG4X/yrNeRCwg=
Subject key identifier:   CB:F3:6B:0A:38:C5:44:B2:47:CB:0E:26:CE:74:DF:A4:C6:D9:EE:DD
Certificate issuer:       /CN=A9146207/serialNumber=9E668E6E67BAD0ACF940A228C4BC093B8B24002B
Certificate serial:       2572
Authority key identifier: 9E:66:8E:6E:67:BA:D0:AC:F9:40:A2:28:C4:BC:09:3B:8B:24:00:2B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/nmaObme60Kz5QKIoxLwJO4skACs.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9146207/FE75634002CB11E6865B8F3BC4F9AE02/2F88F46802CE11E6B167303FC4F9AE02.roa
Signing time:             Mon 04 Aug 2025 16:24:26 +0000
ROA not before:           Mon 04 Aug 2025 16:24:26 +0000
ROA not after:            Wed 30 Sep 2026 00:00:00 +0000
asID:                     38822
IP address blocks:        222.127.138.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9146207/FE75634002CB11E6865B8F3BC4F9AE02/nmaObme60Kz5QKIoxLwJO4skACs.crl
                          rsync://rpki.apnic.net/member_repository/A9146207/FE75634002CB11E6865B8F3BC4F9AE02/nmaObme60Kz5QKIoxLwJO4skACs.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/nmaObme60Kz5QKIoxLwJO4skACs.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 14 Aug 2025 05:57:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 9586 (0x2572)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9146207, serialNumber=9E668E6E67BAD0ACF940A228C4BC093B8B24002B
        Validity
            Not Before: Aug  4 16:24:26 2025 GMT
            Not After : Sep 30 00:00:00 2026 GMT
        Subject: CN=6890deb9-4e38
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d2:52:54:d0:53:92:58:e0:95:ae:01:c8:ab:b0:
                    dc:03:1c:cb:92:b7:0c:04:e0:1c:13:5e:5a:a2:0b:
                    2c:f9:91:fb:3e:b4:aa:a1:53:06:28:30:6c:23:e0:
                    93:c3:11:e9:9a:b3:7e:8f:4a:cc:5c:e5:60:b5:40:
                    e5:1f:a5:2d:23:d7:31:65:1d:49:12:b5:0a:4b:e5:
                    9c:7f:42:0f:3a:22:3b:b9:10:c3:95:09:97:e2:88:
                    d1:d2:30:aa:4e:9d:12:f0:f8:46:81:a6:13:f1:08:
                    5c:aa:12:7b:46:c7:af:c6:c2:2c:1d:f5:c8:9c:a0:
                    de:86:52:1d:4f:d5:34:3f:78:7f:94:91:88:50:13:
                    57:82:f2:1b:11:57:b3:84:92:4c:7f:15:82:0b:86:
                    99:88:87:e3:e7:16:9d:c5:cf:38:b9:17:02:31:34:
                    83:1e:55:52:99:f5:f2:94:89:ca:08:9c:e4:b6:20:
                    05:61:17:74:23:b4:6f:9b:34:72:73:73:18:f4:45:
                    d0:00:17:3e:e1:2f:b1:8e:b9:5e:46:93:f5:66:e7:
                    87:57:56:89:fc:74:bb:53:c6:9b:35:fb:7a:e1:2b:
                    df:68:e5:2a:79:a1:c1:38:eb:ca:a2:73:0b:46:7d:
                    ae:bf:c4:2a:13:1e:17:bb:f6:65:8f:0c:bf:6a:55:
                    2d:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CB:F3:6B:0A:38:C5:44:B2:47:CB:0E:26:CE:74:DF:A4:C6:D9:EE:DD
            X509v3 Authority Key Identifier:
                keyid:9E:66:8E:6E:67:BA:D0:AC:F9:40:A2:28:C4:BC:09:3B:8B:24:00:2B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9146207/FE75634002CB11E6865B8F3BC4F9AE02/nmaObme60Kz5QKIoxLwJO4skACs.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/nmaObme60Kz5QKIoxLwJO4skACs.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9146207/FE75634002CB11E6865B8F3BC4F9AE02/2F88F46802CE11E6B167303FC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  222.127.138.0/24

    Signature Algorithm: sha256WithRSAEncryption
         91:23:94:ec:2f:36:62:06:c9:57:a8:db:8d:73:10:2f:c5:6c:
         27:41:b5:7b:53:45:c7:e2:9a:10:20:5d:93:d3:67:f6:07:8e:
         50:c0:16:e8:28:2f:09:92:d7:a5:9f:51:27:4a:2d:6d:ea:95:
         11:ff:4a:b2:ef:92:0e:2f:78:e6:58:56:d1:e9:12:45:9d:f7:
         6e:4b:c7:64:f0:94:37:94:48:b2:46:84:f2:8b:6f:4d:29:9e:
         df:49:5f:e8:57:d8:0c:c7:a7:94:08:61:a0:39:fb:a3:65:3e:
         44:a8:94:57:88:d2:02:11:78:83:64:ce:34:64:1e:8e:c3:16:
         c4:ae:54:76:72:2b:9e:9d:86:17:af:d9:15:6c:3d:f1:a9:e5:
         cc:6f:48:74:c0:d4:b8:a0:9a:28:2c:78:37:b2:e7:ce:16:59:
         ad:a9:b8:49:d7:cd:1f:b2:d1:f3:52:5a:8e:ba:ce:da:78:fe:
         23:fe:9a:e6:14:c5:d1:95:03:55:15:32:53:dc:f1:f8:b6:79:
         b3:d4:6f:d3:0d:09:5c:b9:17:bb:19:86:60:e6:b4:11:03:d6:
         f2:09:9d:42:8f:b0:f0:25:41:ba:17:20:1a:31:12:be:da:67:
         e1:c5:4a:80:4c:8c:82:2b:81:21:a4:c5:9d:43:40:de:dc:d8:
         39:ac:ca:da
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICJXIwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDYyMDcxMTAvBgNVBAUTKDlFNjY4RTZFNjdCQUQwQUNGOTQwQTIyOEM0QkMwOTNC
OEIyNDAwMkIwHhcNMjUwODA0MTYyNDI2WhcNMjYwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODkwZGViOS00ZTM4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA0lJU0FOSWOCVrgHIq7DcAxzLkrcMBOAcE15aogss+ZH7PrSqoVMGKDBsI+CT
wxHpmrN+j0rMXOVgtUDlH6UtI9cxZR1JErUKS+Wcf0IPOiI7uRDDlQmX4ojR0jCq
Tp0S8PhGgaYT8QhcqhJ7RsevxsIsHfXInKDehlIdT9U0P3h/lJGIUBNXgvIbEVez
hJJMfxWCC4aZiIfj5xadxc84uRcCMTSDHlVSmfXylInKCJzktiAFYRd0I7RvmzRy
c3MY9EXQABc+4S+xjrleRpP1ZueHV1aJ/HS7U8abNft64SvfaOUqeaHBOOvKonML
Rn2uv8QqEx4Xu/Zljwy/alUtJwIDAQABo4IClTCCApEwHQYDVR0OBBYEFMvzawo4
xUSyR8sOJs5036TG2e7dMB8GA1UdIwQYMBaAFJ5mjm5nutCs+UCiKMS8CTuLJAAr
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0NjIwNy9GRTc1NjM0MDAy
Q0IxMUU2ODY1QjhGM0JDNEY5QUUwMi9ubWFPYm1lNjBLejVRS0lveEx3Sk80c2tB
Q3MuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL25tYU9ibWU2MEt6NVFLSW94THdKTzRza0FDcy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDYyMDcvRkU3NTYzNDAwMkNCMTFFNjg2NUI4RjNCQzRGOUFFMDIvMkY4OEY0Njgw
MkNFMTFFNkIxNjczMDNGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADef4owDQYJKoZIhvcNAQELBQADggEBAJEjlOwvNmIGyVeo
241zEC/FbCdBtXtTRcfimhAgXZPTZ/YHjlDAFugoLwmS16WfUSdKLW3qlRH/SrLv
kg4veOZYVtHpEkWd925Lx2TwlDeUSLJGhPKLb00pnt9JX+hX2AzHp5QIYaA5+6Nl
PkSolFeI0gIReINkzjRkHo7DFsSuVHZyK56dhhev2RVsPfGp5cxvSHTA1Ligmigs
eDey584WWa2puEnXzR+y0fNSWo66ztp4/iP+muYUxdGVA1UVMlPc8fi2ebPUb9MN
CVy5F7sZhmDmtBED1vIJnUKPsPAlQboXIBoxEr7aZ+HFSoBMjIIrgSGkxZ1DQN7c
2Dmsyto=
-----END CERTIFICATE-----
Generated at Mon Aug 11 05:55:51 2025 by rpki-client