Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9149F3E/AC52B7481D8211E2BC6417D708B02CD2/97DE828061E211F0A89DA027C4F9AE02.roa
File:                     97DE828061E211F0A89DA027C4F9AE02.roa (raw, json)
Hash identifier:          ZE7ZukYBgBvNYyPPJAzJ612eGNB9AKUYhTrRQDE3DEk=
Subject key identifier:   A5:16:0F:76:DB:85:86:95:4D:DE:20:7A:83:75:B1:4D:C0:60:DE:12
Certificate issuer:       /CN=A9149F3E/serialNumber=EB389FB339B3908D549A65390C92E15F9DF7C54B
Certificate serial:       3953
Authority key identifier: EB:38:9F:B3:39:B3:90:8D:54:9A:65:39:0C:92:E1:5F:9D:F7:C5:4B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/6zifszmzkI1UmmU5DJLhX533xUs.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9149F3E/AC52B7481D8211E2BC6417D708B02CD2/97DE828061E211F0A89DA027C4F9AE02.roa
Signing time:             Mon 28 Jul 2025 05:41:15 +0000
ROA not before:           Mon 28 Jul 2025 05:41:15 +0000
ROA not after:            Mon 31 Aug 2026 00:00:00 +0000
asID:                     151349
IP address blocks:        45.250.221.0/24 maxlen: 24
                          45.250.222.0/24 maxlen: 24
                          45.250.223.0/24 maxlen: 24
                          61.251.181.0/24 maxlen: 24
                          61.251.183.0/24 maxlen: 24
                          203.173.97.0/24 maxlen: 24
                          203.173.98.0/24 maxlen: 24
                          203.173.99.0/24 maxlen: 24
                          203.173.100.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9149F3E/AC52B7481D8211E2BC6417D708B02CD2/6zifszmzkI1UmmU5DJLhX533xUs.crl
                          rsync://rpki.apnic.net/member_repository/A9149F3E/AC52B7481D8211E2BC6417D708B02CD2/6zifszmzkI1UmmU5DJLhX533xUs.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/6zifszmzkI1UmmU5DJLhX533xUs.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 14 Aug 2025 05:57:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 14675 (0x3953)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9149F3E, serialNumber=EB389FB339B3908D549A65390C92E15F9DF7C54B
        Validity
            Not Before: Jul 28 05:41:15 2025 GMT
            Not After : Aug 31 00:00:00 2026 GMT
        Subject: CN=68870d7b-da81
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:af:e7:b8:9b:7e:4b:66:87:53:82:c6:47:a8:eb:
                    ce:b3:36:f0:8f:ee:25:b5:ff:dd:2c:fd:e7:b8:48:
                    09:19:98:0d:f2:14:c7:1b:0d:82:47:d4:01:dd:de:
                    7f:84:0b:f8:89:17:93:97:15:d3:06:2f:e0:80:38:
                    66:01:6f:6d:fe:b0:61:af:5b:64:87:0d:4d:79:4f:
                    68:b5:06:c2:7d:6d:f2:b7:a2:30:d9:6e:1e:56:d8:
                    52:cd:10:95:9e:9d:2e:79:89:6f:6f:c5:5a:5d:7a:
                    61:14:ac:ff:d3:a3:6e:05:80:ec:b7:74:23:7a:c2:
                    cb:25:86:f4:04:53:a9:40:e1:cb:c3:bd:80:4f:ec:
                    12:b3:e9:82:c1:d3:f1:92:9c:ee:6b:6e:38:8d:81:
                    48:cf:5b:48:13:7d:38:00:f6:4c:47:6e:24:cf:c2:
                    45:25:43:d2:98:0e:0c:44:09:67:39:71:03:8c:94:
                    05:c9:5a:e4:11:67:cb:86:68:8a:a8:21:f8:71:6f:
                    0d:2a:df:fa:ec:41:fb:62:5a:be:f3:ce:b0:b0:08:
                    ac:32:ca:a9:4f:f5:27:8b:00:ba:a2:ba:13:5a:32:
                    21:93:4a:07:51:a4:eb:05:7e:70:26:8f:98:bb:c2:
                    6e:15:9c:c2:16:d6:6b:d3:40:c7:8d:66:27:0a:e2:
                    02:a7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A5:16:0F:76:DB:85:86:95:4D:DE:20:7A:83:75:B1:4D:C0:60:DE:12
            X509v3 Authority Key Identifier:
                keyid:EB:38:9F:B3:39:B3:90:8D:54:9A:65:39:0C:92:E1:5F:9D:F7:C5:4B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9149F3E/AC52B7481D8211E2BC6417D708B02CD2/6zifszmzkI1UmmU5DJLhX533xUs.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/6zifszmzkI1UmmU5DJLhX533xUs.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9149F3E/AC52B7481D8211E2BC6417D708B02CD2/97DE828061E211F0A89DA027C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.250.221.0-45.250.223.255
                  61.251.181.0/24
                  61.251.183.0/24
                  203.173.97.0-203.173.100.255

    Signature Algorithm: sha256WithRSAEncryption
         b7:14:b7:62:7a:77:c6:b0:ce:e0:5a:ff:ad:41:74:4f:92:0f:
         c6:24:b3:9e:e0:a8:5a:fc:dc:0a:6e:fd:fb:44:9b:be:44:27:
         bb:9c:bc:c8:d1:85:29:9e:7d:66:45:29:98:09:a5:cb:14:d0:
         e4:a4:84:2e:03:32:29:b8:42:21:b7:43:fe:af:fe:2d:c8:51:
         b6:ba:ab:2c:1c:a0:a9:3f:f7:22:b8:f3:9e:af:6a:ee:c8:27:
         00:58:6b:82:d4:6b:a8:20:43:8c:ec:86:c6:25:1d:66:b7:24:
         3f:55:b3:8e:d9:98:ed:65:39:4f:c6:5a:49:9e:75:e0:ae:fc:
         d4:0b:1e:98:5a:ed:20:4c:e2:d0:ff:d8:69:7c:a6:ea:b0:22:
         b3:c8:9d:94:50:14:43:8d:e8:93:5d:21:78:29:87:2f:68:49:
         12:64:70:a4:b4:26:e0:c3:60:24:a2:8c:3b:ee:d6:6c:84:f4:
         b1:af:45:60:01:ec:ff:d2:af:3a:33:a5:17:5e:8d:d0:6d:ac:
         af:26:99:87:01:2b:66:ec:cd:20:0c:cd:aa:40:ec:58:a5:2e:
         8d:6f:1e:8b:da:bf:dc:b3:8b:38:76:83:62:6f:7b:a1:f4:15:
         77:f7:ba:4e:bd:8e:09:1d:94:2d:e4:72:f1:59:ed:d4:07:02:
         93:6d:62:6a
-----BEGIN CERTIFICATE-----
MIIFkzCCBHugAwIBAgICOVMwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDlGM0UxMTAvBgNVBAUTKEVCMzg5RkIzMzlCMzkwOEQ1NDlBNjUzOTBDOTJFMTVG
OURGN0M1NEIwHhcNMjUwNzI4MDU0MTE1WhcNMjYwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODg3MGQ3Yi1kYTgxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAr+e4m35LZodTgsZHqOvOszbwj+4ltf/dLP3nuEgJGZgN8hTHGw2CR9QB3d5/
hAv4iReTlxXTBi/ggDhmAW9t/rBhr1tkhw1NeU9otQbCfW3yt6Iw2W4eVthSzRCV
np0ueYlvb8VaXXphFKz/06NuBYDst3QjesLLJYb0BFOpQOHLw72AT+wSs+mCwdPx
kpzua244jYFIz1tIE304APZMR24kz8JFJUPSmA4MRAlnOXEDjJQFyVrkEWfLhmiK
qCH4cW8NKt/67EH7Ylq+886wsAisMsqpT/UniwC6oroTWjIhk0oHUaTrBX5wJo+Y
u8JuFZzCFtZr00DHjWYnCuICpwIDAQABo4ICtzCCArMwHQYDVR0OBBYEFKUWD3bb
hYaVTd4geoN1sU3AYN4SMB8GA1UdIwQYMBaAFOs4n7M5s5CNVJplOQyS4V+d98VL
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0OUYzRS9BQzUyQjc0ODFE
ODIxMUUyQkM2NDE3RDcwOEIwMkNEMi82emlmc3ptemtJMVVtbVU1REpMaFg1MzN4
VXMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzZ6aWZzem16a0kxVW1tVTVESkxoWDUzM3hVcy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDlGM0UvQUM1MkI3NDgxRDgyMTFFMkJDNjQxN0Q3MDhCMDJDRDIvOTdERTgyODA2
MUUyMTFGMEE4OURBMDI3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwQQYIKwYBBQUHAQcBAf8E
MjAwMC4EAgABMCgwDAMEAC363QMEBS36wAMEAD37tQMEAD37tzAMAwQAy61hAwQA
y61kMA0GCSqGSIb3DQEBCwUAA4IBAQC3FLdienfGsM7gWv+tQXRPkg/GJLOe4Kha
/NwKbv37RJu+RCe7nLzI0YUpnn1mRSmYCaXLFNDkpIQuAzIpuEIht0P+r/4tyFG2
uqssHKCpP/ciuPOer2ruyCcAWGuC1GuoIEOM7IbGJR1mtyQ/VbOO2ZjtZTlPxlpJ
nnXgrvzUCx6YWu0gTOLQ/9hpfKbqsCKzyJ2UUBRDjeiTXSF4KYcvaEkSZHCktCbg
w2Akoow77tZshPSxr0VgAez/0q86M6UXXo3QbayvJpmHAStm7M0gDM2qQOxYpS6N
bx6L2r/cs4s4doNib3uh9BV397pOvY4JHZQt5HLxWe3UBwKTbWJq
-----END CERTIFICATE-----
Generated at Sat Aug 9 05:49:11 2025 by rpki-client