Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A916C83B/E4E10B4A1D8811E2A012CBE108B02CD2/1B8CEF10160F11F0BC8CF16EC4F9AE02.roa
File:                     1B8CEF10160F11F0BC8CF16EC4F9AE02.roa (raw, json)
Hash identifier:          Atw8mYr719QL2buAs4N+u5Fvkp0vLbC2BST8Rr2vnds=
Subject key identifier:   76:A4:ED:E3:CD:C6:73:19:C4:D1:A1:30:16:9D:5F:DC:DB:48:C9:32
Certificate issuer:       /CN=A916C83B/serialNumber=E76EB256C0FCB07E2907978343E9AD9DD21FE206
Certificate serial:       37C6
Authority key identifier: E7:6E:B2:56:C0:FC:B0:7E:29:07:97:83:43:E9:AD:9D:D2:1F:E2:06
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/526yVsD8sH4pB5eDQ-mtndIf4gY.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A916C83B/E4E10B4A1D8811E2A012CBE108B02CD2/1B8CEF10160F11F0BC8CF16EC4F9AE02.roa
Signing time:             Mon 21 Apr 2025 11:28:47 +0000
ROA not before:           Mon 21 Apr 2025 11:28:47 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     135660
IP address blocks:        111.88.77.0/24 maxlen: 24
                          111.88.79.0/24 maxlen: 24
                          117.102.0.0/24 maxlen: 24
                          117.102.1.0/24 maxlen: 24
                          117.102.2.0/24 maxlen: 24
                          117.102.3.0/24 maxlen: 24
                          117.102.4.0/24 maxlen: 24
                          117.102.5.0/24 maxlen: 24
                          117.102.6.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A916C83B/E4E10B4A1D8811E2A012CBE108B02CD2/526yVsD8sH4pB5eDQ-mtndIf4gY.crl
                          rsync://rpki.apnic.net/member_repository/A916C83B/E4E10B4A1D8811E2A012CBE108B02CD2/526yVsD8sH4pB5eDQ-mtndIf4gY.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/526yVsD8sH4pB5eDQ-mtndIf4gY.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 01 May 2025 14:30:23 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 14278 (0x37c6)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A916C83B, serialNumber=E76EB256C0FCB07E2907978343E9AD9DD21FE206
        Validity
            Not Before: Apr 21 11:28:47 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=68062bef-acce
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c9:15:a5:3c:ff:54:af:57:6e:b2:5a:94:9f:76:
                    72:de:bd:26:c3:63:12:df:5f:39:d9:dc:c3:35:36:
                    ad:75:bf:c3:d2:d7:47:45:7f:a7:54:7d:d9:9f:9d:
                    b4:b3:17:0b:a8:5b:f2:fb:ef:ff:f6:63:8b:5a:9a:
                    8e:5d:e1:7e:77:af:07:50:46:db:79:cd:61:79:39:
                    51:6f:29:89:c5:a8:ba:30:85:a6:82:3b:b0:cf:7b:
                    8e:11:17:35:f3:bf:3a:6e:ff:0f:49:07:95:d8:f2:
                    07:79:16:9b:df:63:06:c7:46:9c:93:1c:e7:eb:3d:
                    0d:9b:85:76:f8:d9:c5:ff:f3:44:55:b3:6c:cd:93:
                    e2:01:dd:cf:ac:50:5a:9c:48:7b:f3:a3:59:17:73:
                    2a:4f:87:89:c9:7a:ec:72:c5:a0:b1:33:f3:b6:29:
                    f0:59:d6:96:7e:56:43:ed:ab:eb:6b:ee:78:25:1a:
                    da:e4:3f:14:0c:5b:34:46:59:c4:11:8a:3b:0c:4c:
                    8e:6f:f7:7b:38:e9:a6:94:cb:1c:0a:91:d4:db:e3:
                    34:88:77:95:e7:58:96:3b:89:3b:71:f6:7c:37:5e:
                    30:f0:33:52:3b:44:64:a5:a5:0d:74:73:43:26:f0:
                    95:bc:49:46:7a:2c:3f:8b:76:7a:12:7b:bb:90:e6:
                    3a:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                76:A4:ED:E3:CD:C6:73:19:C4:D1:A1:30:16:9D:5F:DC:DB:48:C9:32
            X509v3 Authority Key Identifier:
                keyid:E7:6E:B2:56:C0:FC:B0:7E:29:07:97:83:43:E9:AD:9D:D2:1F:E2:06

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A916C83B/E4E10B4A1D8811E2A012CBE108B02CD2/526yVsD8sH4pB5eDQ-mtndIf4gY.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/526yVsD8sH4pB5eDQ-mtndIf4gY.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A916C83B/E4E10B4A1D8811E2A012CBE108B02CD2/1B8CEF10160F11F0BC8CF16EC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  111.88.77.0/24
                  111.88.79.0/24
                  117.102.0.0-117.102.6.255

    Signature Algorithm: sha256WithRSAEncryption
         a7:90:66:af:29:f4:07:c2:02:f0:88:e6:e7:63:e1:b8:54:65:
         1b:d3:09:0f:dd:06:3c:9f:e7:e2:82:02:f3:49:2c:44:f9:2f:
         42:c8:a3:a5:09:a4:92:fa:2f:1e:4e:6a:a8:21:b6:0e:50:0e:
         71:0f:fa:41:de:a6:4f:a8:b4:ae:30:df:d6:63:bc:36:eb:3f:
         c4:52:7f:ee:46:47:f2:bf:85:4e:23:5a:4f:83:27:44:55:d8:
         0f:cc:24:3e:a8:de:5d:c3:55:54:40:8f:66:a1:c3:0c:7f:cd:
         11:3b:34:e9:26:76:32:89:0c:63:1a:7b:75:98:53:cc:f6:d5:
         81:dd:d9:f5:60:75:30:5e:bc:47:ee:bb:1c:2a:06:a9:d0:4e:
         2b:1b:34:31:72:08:7c:2f:1c:83:44:e1:53:1b:c7:21:4f:4f:
         b2:4d:de:21:28:e5:30:ef:f3:40:ec:7c:e3:7b:07:07:b1:96:
         7d:98:83:39:2c:ef:8e:20:e9:a2:d8:24:fc:ab:59:09:5e:27:
         11:41:48:35:05:8d:45:6b:a0:96:35:f7:c6:8c:7a:c4:43:e6:
         b8:79:a7:56:e8:2a:28:0a:d7:74:66:cf:55:bf:23:3b:4d:df:
         17:e6:0b:50:dd:97:9c:6c:40:74:50:f9:02:6e:4b:70:db:7c:
         cc:c5:20:ca
-----BEGIN CERTIFICATE-----
MIIFhDCCBGygAwIBAgICN8YwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NkM4M0IxMTAvBgNVBAUTKEU3NkVCMjU2QzBGQ0IwN0UyOTA3OTc4MzQzRTlBRDlE
RDIxRkUyMDYwHhcNMjUwNDIxMTEyODQ3WhcNMjYwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODA2MmJlZi1hY2NlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAyRWlPP9Ur1duslqUn3Zy3r0mw2MS31852dzDNTatdb/D0tdHRX+nVH3Zn520
sxcLqFvy++//9mOLWpqOXeF+d68HUEbbec1heTlRbymJxai6MIWmgjuwz3uOERc1
8786bv8PSQeV2PIHeRab32MGx0ackxzn6z0Nm4V2+NnF//NEVbNszZPiAd3PrFBa
nEh786NZF3MqT4eJyXrscsWgsTPztinwWdaWflZD7avra+54JRra5D8UDFs0RlnE
EYo7DEyOb/d7OOmmlMscCpHU2+M0iHeV51iWO4k7cfZ8N14w8DNSO0RkpaUNdHND
JvCVvElGeiw/i3Z6Enu7kOY6rQIDAQABo4ICqDCCAqQwHQYDVR0OBBYEFHak7ePN
xnMZxNGhMBadX9zbSMkyMB8GA1UdIwQYMBaAFOduslbA/LB+KQeXg0PprZ3SH+IG
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE2QzgzQi9FNEUxMEI0QTFE
ODgxMUUyQTAxMkNCRTEwOEIwMkNEMi81MjZ5VnNEOHNINHBCNWVEUS1tdG5kSWY0
Z1kuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzUyNnlWc0Q4c0g0cEI1ZURRLW10bmRJZjRnWS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NkM4M0IvRTRFMTBCNEExRDg4MTFFMkEwMTJDQkUxMDhCMDJDRDIvMUI4Q0VGMTAx
NjBGMTFGMEJDOENGMTZFQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMgYIKwYBBQUHAQcBAf8E
IzAhMB8EAgABMBkDBABvWE0DBABvWE8wCwMDAXVmAwQAdWYGMA0GCSqGSIb3DQEB
CwUAA4IBAQCnkGavKfQHwgLwiObnY+G4VGUb0wkP3QY8n+figgLzSSxE+S9CyKOl
CaSS+i8eTmqoIbYOUA5xD/pB3qZPqLSuMN/WY7w26z/EUn/uRkfyv4VOI1pPgydE
VdgPzCQ+qN5dw1VUQI9mocMMf80ROzTpJnYyiQxjGnt1mFPM9tWB3dn1YHUwXrxH
7rscKgap0E4rGzQxcgh8LxyDROFTG8chT0+yTd4hKOUw7/NA7HzjewcHsZZ9mIM5
LO+OIOmi2CT8q1kJXicRQUg1BY1Fa6CWNffGjHrEQ+a4eadW6CooCtd0Zs9VvyM7
Td8X5gtQ3ZecbEB0UPkCbktw23zMxSDK
-----END CERTIFICATE-----
Generated at Sat Apr 26 12:58:36 2025 by rpki-client