Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9157DA0/3A0D93101D8C11E28EFF57E708B02CD2/E4BA3CE8DFCE11EFBC4CD631C4F9AE02.roa
File:                     E4BA3CE8DFCE11EFBC4CD631C4F9AE02.roa (raw, json)
Hash identifier:          MbcvEjB6bBsz71diYW6luEzJdUqDQqlK0r5oh/a4AKQ=
Subject key identifier:   A6:34:3E:B7:7A:A5:62:2E:86:A3:31:D9:91:85:A4:BB:F5:EA:9E:41
Certificate issuer:       /CN=A9157DA0/serialNumber=8887CF6CF5102F0FB713F4C4A1BDE389481F1C44
Certificate serial:       3486
Authority key identifier: 88:87:CF:6C:F5:10:2F:0F:B7:13:F4:C4:A1:BD:E3:89:48:1F:1C:44
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/iIfPbPUQLw-3E_TEob3jiUgfHEQ.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9157DA0/3A0D93101D8C11E28EFF57E708B02CD2/E4BA3CE8DFCE11EFBC4CD631C4F9AE02.roa
Signing time:             Mon 14 Apr 2025 14:50:43 +0000
ROA not before:           Mon 14 Apr 2025 14:50:43 +0000
ROA not after:            Thu 30 Jul 2026 00:00:00 +0000
asID:                     139759
IP address blocks:        119.252.112.0/21 maxlen: 21
                          119.252.112.0/24 maxlen: 24
                          119.252.116.0/22 maxlen: 22
                          124.109.8.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9157DA0/3A0D93101D8C11E28EFF57E708B02CD2/iIfPbPUQLw-3E_TEob3jiUgfHEQ.crl
                          rsync://rpki.apnic.net/member_repository/A9157DA0/3A0D93101D8C11E28EFF57E708B02CD2/iIfPbPUQLw-3E_TEob3jiUgfHEQ.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/iIfPbPUQLw-3E_TEob3jiUgfHEQ.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 01 May 2025 14:35:18 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 13446 (0x3486)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9157DA0, serialNumber=8887CF6CF5102F0FB713F4C4A1BDE389481F1C44
        Validity
            Not Before: Apr 14 14:50:43 2025 GMT
            Not After : Jul 30 00:00:00 2026 GMT
        Subject: CN=67fd20c3-bd41
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:86:6f:96:9d:f4:a5:06:f9:3b:14:1b:f2:66:
                    d9:45:45:fb:bc:d7:93:63:6c:22:e4:a5:b3:e6:02:
                    ca:42:b7:5f:42:ad:97:38:93:55:e2:b8:e2:e9:05:
                    cb:a3:47:7e:e9:ef:52:2a:73:66:0c:5e:9f:7d:fb:
                    17:89:10:f9:71:ca:1d:a7:d2:6b:8b:f4:58:f4:dc:
                    81:a1:37:1f:4c:90:f5:9a:ec:65:75:b0:bf:3b:5c:
                    83:b7:35:8e:d5:ce:bd:36:b5:79:6a:90:47:3f:8d:
                    b5:cf:52:42:45:aa:72:07:a3:7a:82:5f:51:01:13:
                    cd:ca:13:8d:28:79:b5:23:ef:27:e8:a8:73:c8:15:
                    48:87:d7:30:b6:ef:e4:07:da:e2:b1:24:54:65:57:
                    df:10:03:a9:22:cc:17:6c:06:ac:2b:6e:89:94:bc:
                    26:b0:61:01:02:ea:be:a0:f6:6f:7c:c6:f0:e2:58:
                    4e:76:bd:20:7a:24:c0:04:49:50:e3:19:78:25:17:
                    9b:01:de:17:99:10:5b:47:b1:0e:8c:41:9e:04:3d:
                    0e:e5:d1:5f:5c:e8:98:db:e7:b3:cd:a5:3c:54:62:
                    d9:80:0d:12:20:f1:be:28:92:d6:48:ec:20:1f:57:
                    d3:5c:2d:06:16:f2:9d:6b:57:6f:af:e4:c9:a9:00:
                    5b:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A6:34:3E:B7:7A:A5:62:2E:86:A3:31:D9:91:85:A4:BB:F5:EA:9E:41
            X509v3 Authority Key Identifier:
                keyid:88:87:CF:6C:F5:10:2F:0F:B7:13:F4:C4:A1:BD:E3:89:48:1F:1C:44

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9157DA0/3A0D93101D8C11E28EFF57E708B02CD2/iIfPbPUQLw-3E_TEob3jiUgfHEQ.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/iIfPbPUQLw-3E_TEob3jiUgfHEQ.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9157DA0/3A0D93101D8C11E28EFF57E708B02CD2/E4BA3CE8DFCE11EFBC4CD631C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  119.252.112.0/21
                  124.109.8.0/22

    Signature Algorithm: sha256WithRSAEncryption
         02:14:29:41:ad:17:d0:d0:0f:e8:79:e7:60:29:e6:b6:c5:10:
         20:76:bf:5b:00:53:b1:2d:7c:b6:06:4b:fe:d5:5f:3a:da:96:
         22:49:b7:93:67:53:4c:c5:29:49:a7:a4:fe:5d:89:8d:2f:bc:
         6b:81:93:33:c0:4e:bd:b7:46:66:7e:be:01:b5:41:38:e3:2f:
         32:f3:d9:00:77:ac:92:1d:fd:2a:d1:89:98:a7:ce:ae:aa:5f:
         e7:32:3e:6c:d9:b1:4b:78:a8:ad:f9:fb:da:13:e4:5b:2b:ef:
         6d:a1:61:18:03:e4:6b:23:3b:8f:a4:bc:6b:92:7e:82:e0:06:
         06:e2:f8:49:0c:40:c3:d0:1c:49:ca:35:8f:7b:f5:9c:b1:49:
         af:7d:a9:61:91:4a:1d:ef:b6:14:8d:94:be:53:a5:13:22:51:
         cd:e3:64:88:91:35:6e:25:01:1a:ea:1c:b6:c9:9b:2a:77:42:
         ff:ec:5f:01:36:b3:c7:44:89:d9:9b:57:46:cc:8b:bc:a7:b8:
         aa:87:fa:14:18:70:02:ba:d1:2f:ad:41:aa:3b:fc:9f:f3:c4:
         92:5c:fe:5d:16:56:c0:68:e7:b0:6c:9e:1a:92:b9:87:19:57:
         e9:b8:3a:7d:f9:d8:83:74:3e:89:24:11:93:f7:26:c4:a8:d8:
         da:30:a9:01
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICNIYwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NTdEQTAxMTAvBgNVBAUTKDg4ODdDRjZDRjUxMDJGMEZCNzEzRjRDNEExQkRFMzg5
NDgxRjFDNDQwHhcNMjUwNDE0MTQ1MDQzWhcNMjYwNzMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02N2ZkMjBjMy1iZDQxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAvoZvlp30pQb5OxQb8mbZRUX7vNeTY2wi5KWz5gLKQrdfQq2XOJNV4rji6QXL
o0d+6e9SKnNmDF6fffsXiRD5ccodp9Jri/RY9NyBoTcfTJD1muxldbC/O1yDtzWO
1c69NrV5apBHP421z1JCRapyB6N6gl9RARPNyhONKHm1I+8n6KhzyBVIh9cwtu/k
B9risSRUZVffEAOpIswXbAasK26JlLwmsGEBAuq+oPZvfMbw4lhOdr0geiTABElQ
4xl4JRebAd4XmRBbR7EOjEGeBD0O5dFfXOiY2+ezzaU8VGLZgA0SIPG+KJLWSOwg
H1fTXC0GFvKda1dvr+TJqQBbNwIDAQABo4ICmzCCApcwHQYDVR0OBBYEFKY0Prd6
pWIuhqMx2ZGFpLv16p5BMB8GA1UdIwQYMBaAFIiHz2z1EC8PtxP0xKG944lIHxxE
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1N0RBMC8zQTBEOTMxMDFE
OEMxMUUyOEVGRjU3RTcwOEIwMkNEMi9pSWZQYlBVUUx3LTNFX1RFb2IzamlVZ2ZI
RVEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2lJZlBiUFVRTHctM0VfVEVvYjNqaVVnZkhFUS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NTdEQTAvM0EwRDkzMTAxRDhDMTFFMjhFRkY1N0U3MDhCMDJDRDIvRTRCQTNDRThE
RkNFMTFFRkJDNENENjMxQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBAN3/HADBAJ8bQgwDQYJKoZIhvcNAQELBQADggEBAAIUKUGt
F9DQD+h552Ap5rbFECB2v1sAU7EtfLYGS/7VXzraliJJt5NnU0zFKUmnpP5diY0v
vGuBkzPATr23RmZ+vgG1QTjjLzLz2QB3rJId/SrRiZinzq6qX+cyPmzZsUt4qK35
+9oT5Fsr722hYRgD5GsjO4+kvGuSfoLgBgbi+EkMQMPQHEnKNY979ZyxSa99qWGR
Sh3vthSNlL5TpRMiUc3jZIiRNW4lARrqHLbJmyp3Qv/sXwE2s8dEidmbV0bMi7yn
uKqH+hQYcAK60S+tQao7/J/zxJJc/l0WVsBo57BsnhqSuYcZV+m4On352IN0Pokk
EZP3JsSo2NowqQE=
-----END CERTIFICATE-----
Generated at Sat Apr 26 12:58:48 2025 by rpki-client