Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A916AC30/6BC4CDFE8C6211EF99464085C4F9AE02/33A6DBFAD31C11EFA728D52FC4F9AE02.roa
File:                     33A6DBFAD31C11EFA728D52FC4F9AE02.roa (raw, json)
Hash identifier:          C51FnirOwHNLSENUvzzb2TxTVOy5VJ2d+aAfYjutEMA=
Subject key identifier:   A3:ED:E1:76:35:1A:E5:7E:28:2A:F0:CA:46:28:E5:AD:A0:98:11:61
Certificate issuer:       /CN=A916AC30/serialNumber=576790244CC29275C112356FF620F2620D7D615E
Certificate serial:       CB
Authority key identifier: 57:67:90:24:4C:C2:92:75:C1:12:35:6F:F6:20:F2:62:0D:7D:61:5E
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/V2eQJEzCknXBEjVv9iDyYg19YV4.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A916AC30/6BC4CDFE8C6211EF99464085C4F9AE02/33A6DBFAD31C11EFA728D52FC4F9AE02.roa
Signing time:             Wed 23 Jul 2025 14:48:41 +0000
ROA not before:           Wed 23 Jul 2025 14:48:41 +0000
ROA not after:            Tue 31 Mar 2026 00:00:00 +0000
asID:                     59253
IP address blocks:        23.106.48.0/21 maxlen: 21
                          23.106.50.0/24 maxlen: 24
                          23.106.64.0/20 maxlen: 20
                          23.106.67.0/24 maxlen: 24
                          23.106.120.0/21 maxlen: 21
                          23.106.248.0/21 maxlen: 21
                          23.106.248.0/22 maxlen: 22
                          23.106.252.0/22 maxlen: 22
                          23.108.96.0/21 maxlen: 21
                          23.108.96.0/22 maxlen: 22
                          23.108.100.0/22 maxlen: 22
                          23.111.12.0/22 maxlen: 22
                          64.120.92.0/22 maxlen: 22
                          64.120.110.0/23 maxlen: 24
                          142.91.96.0/23 maxlen: 23
                          142.91.98.0/23 maxlen: 23
                          142.91.100.0/23 maxlen: 23
                          142.91.102.0/23 maxlen: 23
                          173.234.0.0/23 maxlen: 23
                          173.234.2.0/23 maxlen: 23
                          173.234.4.0/22 maxlen: 22
                          173.234.8.0/22 maxlen: 22
                          173.234.12.0/23 maxlen: 23
                          173.234.14.0/23 maxlen: 23
                          209.58.160.0/20 maxlen: 20
                          209.58.160.0/21 maxlen: 21
                          209.58.168.0/21 maxlen: 21
                          209.58.176.0/21 maxlen: 21
                          209.58.176.0/22 maxlen: 22
                          209.58.180.0/22 maxlen: 22
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A916AC30/6BC4CDFE8C6211EF99464085C4F9AE02/V2eQJEzCknXBEjVv9iDyYg19YV4.crl
                          rsync://rpki.apnic.net/member_repository/A916AC30/6BC4CDFE8C6211EF99464085C4F9AE02/V2eQJEzCknXBEjVv9iDyYg19YV4.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/V2eQJEzCknXBEjVv9iDyYg19YV4.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 14 Aug 2025 05:57:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 203 (0xcb)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A916AC30, serialNumber=576790244CC29275C112356FF620F2620D7D615E
        Validity
            Not Before: Jul 23 14:48:41 2025 GMT
            Not After : Mar 31 00:00:00 2026 GMT
        Subject: CN=6880f649-ba68
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:be:1b:4f:72:49:f9:81:1b:af:e1:6c:2f:40:c5:
                    71:db:13:dc:f6:88:19:6a:4e:c0:2c:44:7b:35:9e:
                    df:e6:b5:3a:59:2d:be:df:66:a4:50:8f:ad:ee:63:
                    95:e6:d1:37:ad:d2:1b:11:31:db:b6:17:f7:d5:ff:
                    e4:ca:8f:a4:3a:76:f0:ae:98:ec:56:51:3b:ec:46:
                    73:5e:42:7a:bf:90:ac:79:0c:89:94:82:88:69:96:
                    6e:90:e8:8b:93:dc:bc:1d:9d:41:55:15:c6:dc:9e:
                    4d:bf:4e:48:7d:02:de:ef:04:6e:b7:55:60:e5:74:
                    09:56:0e:a3:f5:dd:f8:f6:de:7e:ae:1b:7e:20:e9:
                    4e:63:1d:85:9e:f1:b2:c8:bf:16:22:05:1e:ea:a1:
                    f3:c2:63:8e:c3:17:41:c5:2a:a0:b2:38:b3:7d:40:
                    1a:61:b7:f0:f8:92:90:69:d2:b6:e2:6c:c1:11:b2:
                    03:ec:ed:0a:e6:df:79:f4:4a:ba:8e:e9:cc:2c:6f:
                    86:f0:52:bb:16:56:12:0c:41:7f:f4:7e:36:10:08:
                    2d:56:ca:74:95:02:0f:f3:2b:fb:5c:99:4a:4c:a4:
                    5a:9d:5f:41:8e:82:4c:8b:34:1c:50:61:ae:c7:35:
                    b2:e9:a5:b4:97:41:c0:ea:ab:34:5c:b2:52:45:cb:
                    75:c9
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                A3:ED:E1:76:35:1A:E5:7E:28:2A:F0:CA:46:28:E5:AD:A0:98:11:61
            X509v3 Authority Key Identifier:
                keyid:57:67:90:24:4C:C2:92:75:C1:12:35:6F:F6:20:F2:62:0D:7D:61:5E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A916AC30/6BC4CDFE8C6211EF99464085C4F9AE02/V2eQJEzCknXBEjVv9iDyYg19YV4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/V2eQJEzCknXBEjVv9iDyYg19YV4.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A916AC30/6BC4CDFE8C6211EF99464085C4F9AE02/33A6DBFAD31C11EFA728D52FC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  23.106.48.0/21
                  23.106.64.0/20
                  23.106.120.0/21
                  23.106.248.0/21
                  23.108.96.0/21
                  23.111.12.0/22
                  64.120.92.0/22
                  64.120.110.0/23
                  142.91.96.0/21
                  173.234.0.0/20
                  209.58.160.0-209.58.183.255

    Signature Algorithm: sha256WithRSAEncryption
         47:01:76:82:90:b2:28:49:c5:a1:0f:bd:04:19:90:6d:10:38:
         ee:44:0a:fd:49:c6:b5:46:bf:84:87:9d:8d:14:00:43:15:20:
         03:51:5b:22:89:07:ee:34:60:6a:fa:ff:43:97:ed:fb:69:06:
         ab:4d:e8:6b:cc:80:8d:c6:81:b9:9c:e1:a8:4b:09:74:d2:d1:
         63:bd:f4:6a:2a:71:ec:85:cc:a5:0e:14:33:58:e8:f4:83:46:
         e9:81:5b:4c:87:13:68:2e:aa:2d:55:62:d2:c0:ee:20:d4:f4:
         2a:92:c5:a7:1c:a9:2c:58:dd:1d:c8:cc:5c:32:e5:f4:db:71:
         99:36:09:ba:39:c0:00:86:0d:b3:2e:2f:58:4e:92:98:93:f5:
         54:ea:94:6e:23:c7:a8:da:05:11:22:73:a2:9c:b1:24:f2:95:
         79:8d:50:1f:04:fc:dc:bb:bd:fb:7c:cb:a9:6a:4d:66:40:5f:
         99:65:58:75:82:f9:28:cc:29:5a:98:e1:81:f4:8f:43:4e:3c:
         8d:e7:28:6d:d9:1c:4c:a1:a8:26:9a:10:e6:64:c6:fa:01:1d:
         22:8a:85:6f:dc:f5:b3:46:0e:8f:00:6e:7d:fc:44:e1:39:c1:
         d1:b4:9f:8b:66:0c:ae:c3:91:f8:ad:d3:fc:a4:c8:3a:68:df:
         c1:17:20:42
-----BEGIN CERTIFICATE-----
MIIFtTCCBJ2gAwIBAgICAMswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NkFDMzAxMTAvBgNVBAUTKDU3Njc5MDI0NENDMjkyNzVDMTEyMzU2RkY2MjBGMjYy
MEQ3RDYxNUUwHhcNMjUwNzIzMTQ0ODQxWhcNMjYwMzMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODgwZjY0OS1iYTY4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAvhtPckn5gRuv4WwvQMVx2xPc9ogZak7ALER7NZ7f5rU6WS2+32akUI+t7mOV
5tE3rdIbETHbthf31f/kyo+kOnbwrpjsVlE77EZzXkJ6v5CseQyJlIKIaZZukOiL
k9y8HZ1BVRXG3J5Nv05IfQLe7wRut1Vg5XQJVg6j9d349t5+rht+IOlOYx2FnvGy
yL8WIgUe6qHzwmOOwxdBxSqgsjizfUAaYbfw+JKQadK24mzBEbID7O0K5t959Eq6
junMLG+G8FK7FlYSDEF/9H42EAgtVsp0lQIP8yv7XJlKTKRanV9BjoJMizQcUGGu
xzWy6aW0l0HA6qs0XLJSRct1yQIDAQABo4IC2TCCAtUwHQYDVR0OBBYEFKPt4XY1
GuV+KCrwykYo5a2gmBFhMB8GA1UdIwQYMBaAFFdnkCRMwpJ1wRI1b/Yg8mINfWFe
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE2QUMzMC82QkM0Q0RGRThD
NjIxMUVGOTk0NjQwODVDNEY5QUUwMi9WMmVRSkV6Q2tuWEJFalZ2OWlEeVlnMTlZ
VjQuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL1YyZVFKRXpDa25YQkVqVnY5aUR5WWcxOVlWNC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NkFDMzAvNkJDNENERkU4QzYyMTFFRjk5NDY0MDg1QzRGOUFFMDIvMzNBNkRCRkFE
MzFDMTFFRkE3MjhENTJGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwYwYIKwYBBQUHAQcBAf8E
VDBSMFAEAgABMEoDBAMXajADBAQXakADBAMXangDBAMXavgDBAMXbGADBAIXbwwD
BAJAeFwDBAFAeG4DBAOOW2ADBASt6gAwDAMEBdE6oAMEA9E6sDANBgkqhkiG9w0B
AQsFAAOCAQEARwF2gpCyKEnFoQ+9BBmQbRA47kQK/UnGtUa/hIedjRQAQxUgA1Fb
IokH7jRgavr/Q5ft+2kGq03oa8yAjcaBuZzhqEsJdNLRY730aipx7IXMpQ4UM1jo
9ING6YFbTIcTaC6qLVVi0sDuINT0KpLFpxypLFjdHcjMXDLl9NtxmTYJujnAAIYN
sy4vWE6SmJP1VOqUbiPHqNoFESJzopyxJPKVeY1QHwT83Lu9+3zLqWpNZkBfmWVY
dYL5KMwpWpjhgfSPQ048jecobdkcTKGoJpoQ5mTG+gEdIoqFb9z1s0YOjwBuffxE
4TnB0bSfi2YMrsOR+K3T/KTIOmjfwRcgQg==
-----END CERTIFICATE-----
Generated at Sat Aug 9 01:04:29 2025 by rpki-client