Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9186214/B7F81958331A11E4AF2AB37CC4F9AE02/7523EB28671811F0B26A8C1AC4F9AE02.roa
File:                     7523EB28671811F0B26A8C1AC4F9AE02.roa (raw, json)
Hash identifier:          ppGKOWraeOF8KBxlm/qgPAfA6uqwS+C7Tk6GCScwyjk=
Subject key identifier:   44:AD:91:A6:03:1F:2D:A7:2F:77:4F:8A:B0:63:A5:98:E1:83:E5:40
Certificate issuer:       /CN=A9186214/serialNumber=3FB18D89FAF3188DCE590F7C489077961F82A957
Certificate serial:       2B02
Authority key identifier: 3F:B1:8D:89:FA:F3:18:8D:CE:59:0F:7C:48:90:77:96:1F:82:A9:57
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/P7GNifrzGI3OWQ98SJB3lh-CqVc.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9186214/B7F81958331A11E4AF2AB37CC4F9AE02/7523EB28671811F0B26A8C1AC4F9AE02.roa
Signing time:             Sat 02 Aug 2025 15:52:39 +0000
ROA not before:           Sat 02 Aug 2025 15:52:39 +0000
ROA not after:            Mon 02 Mar 2026 00:00:00 +0000
asID:                     153987
IP address blocks:        165.99.152.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9186214/B7F81958331A11E4AF2AB37CC4F9AE02/P7GNifrzGI3OWQ98SJB3lh-CqVc.crl
                          rsync://rpki.apnic.net/member_repository/A9186214/B7F81958331A11E4AF2AB37CC4F9AE02/P7GNifrzGI3OWQ98SJB3lh-CqVc.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/P7GNifrzGI3OWQ98SJB3lh-CqVc.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 14 Aug 2025 05:57:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 11010 (0x2b02)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9186214, serialNumber=3FB18D89FAF3188DCE590F7C489077961F82A957
        Validity
            Not Before: Aug  2 15:52:39 2025 GMT
            Not After : Mar  2 00:00:00 2026 GMT
        Subject: CN=688e3447-fb0b
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c3:fa:bd:f8:30:fa:a3:40:74:9e:60:f3:09:a6:
                    ce:b0:7a:3c:a1:61:c4:f9:ce:64:41:77:40:75:b3:
                    10:29:8e:57:3e:0e:77:e9:51:29:e1:ac:ef:95:a9:
                    cd:f1:a4:23:af:a9:65:7f:a5:d2:a6:f3:37:19:57:
                    f8:f0:e3:a5:86:e2:0f:d4:13:9c:9e:06:e0:aa:f4:
                    0d:40:91:49:8b:2d:11:95:40:7f:83:1a:dc:3b:d5:
                    35:03:06:b9:84:bc:b9:fd:df:1e:18:80:ec:4d:b4:
                    de:e1:0e:82:70:9c:1d:09:3d:87:76:87:51:32:78:
                    7b:6c:99:c5:07:5b:c1:b0:46:f5:ae:ac:fc:70:19:
                    50:a0:1f:15:3d:84:2a:5f:cf:6d:68:2a:d0:e5:79:
                    22:a5:2b:02:20:db:14:bd:34:f7:d3:47:1a:bf:b0:
                    4b:c1:fb:5d:07:a8:9a:18:96:81:16:fb:a0:e9:66:
                    fb:c6:d5:ee:1a:7e:eb:ec:24:a4:f5:31:f2:f0:60:
                    62:f2:57:37:a5:07:1b:88:c8:c7:2b:16:65:29:de:
                    45:f6:fb:60:b4:b8:7a:86:b3:5d:52:13:1a:2f:b0:
                    ff:4a:fa:db:3b:31:9d:37:48:89:b3:25:1d:8b:3f:
                    54:2d:f2:5f:0f:c7:e7:df:9c:35:a2:89:16:17:a1:
                    4d:b3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                44:AD:91:A6:03:1F:2D:A7:2F:77:4F:8A:B0:63:A5:98:E1:83:E5:40
            X509v3 Authority Key Identifier:
                keyid:3F:B1:8D:89:FA:F3:18:8D:CE:59:0F:7C:48:90:77:96:1F:82:A9:57

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9186214/B7F81958331A11E4AF2AB37CC4F9AE02/P7GNifrzGI3OWQ98SJB3lh-CqVc.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/P7GNifrzGI3OWQ98SJB3lh-CqVc.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9186214/B7F81958331A11E4AF2AB37CC4F9AE02/7523EB28671811F0B26A8C1AC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  165.99.152.0/23

    Signature Algorithm: sha256WithRSAEncryption
         9b:c9:ec:7b:39:9e:c2:c0:74:1a:de:c1:d1:6f:00:e3:fd:a9:
         bf:47:d8:be:22:61:73:8a:e3:2d:bd:95:81:89:b6:6c:12:63:
         70:f9:7a:ac:70:f0:43:59:15:20:00:80:2d:e5:3c:23:1b:a2:
         1f:63:fb:b5:65:84:7c:2b:1b:82:19:ed:02:73:e2:61:e2:af:
         46:b3:4f:33:59:27:6b:ee:ee:ae:ac:a1:6c:01:86:93:7c:70:
         6a:f9:4f:9b:aa:24:8d:27:a8:41:8c:ea:f5:17:c7:9c:cb:c1:
         41:bf:38:d8:2b:bb:ae:f6:f7:74:20:ca:64:5b:74:8c:9d:f4:
         0b:ff:bf:86:1e:9b:b3:6e:83:ba:a2:8b:99:1c:3f:bf:8a:3a:
         4a:bf:93:cc:dc:55:23:e4:6f:17:f2:68:f7:90:2d:b4:2a:9d:
         d9:e3:63:53:1a:90:4a:b8:47:b6:70:88:a7:1c:72:c9:0a:f1:
         70:00:9f:97:4f:e2:d6:2b:dc:8e:f5:99:6b:14:41:84:07:3b:
         85:17:52:7f:9c:54:dd:66:83:5c:ff:0d:ee:f8:44:19:99:30:
         ef:57:91:15:6d:f5:6f:02:7a:71:e0:e2:36:83:86:9d:8f:3d:
         3d:15:ce:79:87:3a:90:94:86:b2:bb:b6:a2:10:ad:a5:6b:7f:
         79:2b:5f:55
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICKwIwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
ODYyMTQxMTAvBgNVBAUTKDNGQjE4RDg5RkFGMzE4OERDRTU5MEY3QzQ4OTA3Nzk2
MUY4MkE5NTcwHhcNMjUwODAyMTU1MjM5WhcNMjYwMzAyMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODhlMzQ0Ny1mYjBiMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAw/q9+DD6o0B0nmDzCabOsHo8oWHE+c5kQXdAdbMQKY5XPg536VEp4azvlanN
8aQjr6llf6XSpvM3GVf48OOlhuIP1BOcngbgqvQNQJFJiy0RlUB/gxrcO9U1Awa5
hLy5/d8eGIDsTbTe4Q6CcJwdCT2HdodRMnh7bJnFB1vBsEb1rqz8cBlQoB8VPYQq
X89taCrQ5XkipSsCINsUvTT300cav7BLwftdB6iaGJaBFvug6Wb7xtXuGn7r7CSk
9THy8GBi8lc3pQcbiMjHKxZlKd5F9vtgtLh6hrNdUhMaL7D/SvrbOzGdN0iJsyUd
iz9ULfJfD8fn35w1ookWF6FNswIDAQABo4IClTCCApEwHQYDVR0OBBYEFEStkaYD
Hy2nL3dPirBjpZjhg+VAMB8GA1UdIwQYMBaAFD+xjYn68xiNzlkPfEiQd5YfgqlX
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4NjIxNC9CN0Y4MTk1ODMz
MUExMUU0QUYyQUIzN0NDNEY5QUUwMi9QN0dOaWZyekdJM09XUTk4U0pCM2xoLUNx
VmMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL1A3R05pZnJ6R0kzT1dROThTSkIzbGgtQ3FWYy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
ODYyMTQvQjdGODE5NTgzMzFBMTFFNEFGMkFCMzdDQzRGOUFFMDIvNzUyM0VCMjg2
NzE4MTFGMEIyNkE4QzFBQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAGlY5gwDQYJKoZIhvcNAQELBQADggEBAJvJ7Hs5nsLAdBre
wdFvAOP9qb9H2L4iYXOK4y29lYGJtmwSY3D5eqxw8ENZFSAAgC3lPCMboh9j+7Vl
hHwrG4IZ7QJz4mHir0azTzNZJ2vu7q6soWwBhpN8cGr5T5uqJI0nqEGM6vUXx5zL
wUG/ONgru67293QgymRbdIyd9Av/v4Yem7Nug7qii5kcP7+KOkq/k8zcVSPkbxfy
aPeQLbQqndnjY1MakEq4R7ZwiKcccskK8XAAn5dP4tYr3I71mWsUQYQHO4UXUn+c
VN1mg1z/De74RBmZMO9XkRVt9W8CenHg4jaDhp2PPT0VznmHOpCUhrK7tqIQraVr
f3krX1U=
-----END CERTIFICATE-----
Generated at Sun Aug 10 13:56:55 2025 by rpki-client