Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A918DB4E/77E7F9A00CE511EAA20DDD82C4F9AE02/CF3CF4A2DECD11EFA34A7C66C4F9AE02.roa
File:                     CF3CF4A2DECD11EFA34A7C66C4F9AE02.roa (raw, json)
Hash identifier:          3Pf+UclR1ixgluEahQ2no6MMrcl7KhpZcpwccqiTviQ=
Subject key identifier:   69:AF:7E:70:BC:46:77:90:7B:90:DF:3F:17:10:6B:EA:B1:83:04:F1
Certificate issuer:       /CN=A918DB4E/serialNumber=42758DE0CC0CF62C2AEEE93E0EEE67903A502CCC
Certificate serial:       0C8E
Authority key identifier: 42:75:8D:E0:CC:0C:F6:2C:2A:EE:E9:3E:0E:EE:67:90:3A:50:2C:CC
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QnWN4MwM9iwq7uk-Du5nkDpQLMw.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A918DB4E/77E7F9A00CE511EAA20DDD82C4F9AE02/CF3CF4A2DECD11EFA34A7C66C4F9AE02.roa
Signing time:             Thu 31 Jul 2025 19:28:17 +0000
ROA not before:           Thu 31 Jul 2025 19:28:17 +0000
ROA not after:            Mon 01 Dec 2025 00:00:00 +0000
asID:                     137883
IP address blocks:        2402:f840::/32 maxlen: 32
                          2402:f840::/48 maxlen: 48
                          2402:f840:1::/48 maxlen: 48
                          2402:f840:2::/48 maxlen: 48
                          2402:f840:3::/48 maxlen: 48
                          2402:f840:4::/48 maxlen: 48
                          2402:f840:5::/48 maxlen: 48
                          2402:f840:6::/48 maxlen: 48
                          2402:f840:7::/48 maxlen: 48
                          2402:f840:8::/48 maxlen: 48
                          2402:f840:9::/48 maxlen: 48
                          2402:f840:a::/48 maxlen: 48
                          2402:f840:b::/48 maxlen: 48
                          2402:f840:c::/48 maxlen: 48
                          2402:f840:d::/48 maxlen: 48
                          2402:f840:e::/48 maxlen: 48
                          2402:f840:f::/48 maxlen: 48
                          2402:f840:10::/48 maxlen: 48
                          2402:f840:11::/48 maxlen: 48
                          2402:f840:12::/48 maxlen: 48
                          2402:f840:13::/48 maxlen: 48
                          2402:f840:14::/48 maxlen: 48
                          2402:f840:15::/48 maxlen: 48
                          2402:f840:16::/48 maxlen: 48
                          2402:f840:17::/48 maxlen: 48
                          2402:f840:18::/48 maxlen: 48
                          2402:f840:19::/48 maxlen: 48
                          2402:f840:1a::/48 maxlen: 48
                          2402:f840:1b::/48 maxlen: 48
                          2402:f840:1c::/48 maxlen: 48
                          2402:f840:1d::/48 maxlen: 48
                          2402:f840:1e::/48 maxlen: 48
                          2402:f840:1f::/48 maxlen: 48
                          2402:f840:20::/48 maxlen: 48
                          2402:f840:21::/48 maxlen: 48
                          2402:f840:22::/48 maxlen: 48
                          2402:f840:23::/48 maxlen: 48
                          2402:f840:24::/48 maxlen: 48
                          2402:f840:25::/48 maxlen: 48
                          2402:f840:26::/48 maxlen: 48
                          2402:f840:27::/48 maxlen: 48
                          2402:f840:28::/48 maxlen: 48
                          2402:f840:29::/48 maxlen: 48
                          2402:f840:2a::/48 maxlen: 48
                          2402:f840:2b::/48 maxlen: 48
                          2402:f840:2c::/48 maxlen: 48
                          2402:f840:2d::/48 maxlen: 48
                          2402:f840:2e::/48 maxlen: 48
                          2402:f840:2f::/48 maxlen: 48
                          2402:f840:30::/48 maxlen: 48
                          2402:f840:31::/48 maxlen: 48
                          2402:f840:32::/48 maxlen: 48
                          2402:f840:33::/48 maxlen: 48
                          2402:f840:34::/48 maxlen: 48
                          2402:f840:35::/48 maxlen: 48
                          2402:f840:36::/48 maxlen: 48
                          2402:f840:37::/48 maxlen: 48
                          2402:f840:38::/48 maxlen: 48
                          2402:f840:39::/48 maxlen: 48
                          2402:f840:3a::/48 maxlen: 48
                          2402:f840:3b::/48 maxlen: 48
                          2402:f840:3c::/48 maxlen: 48
                          2402:f840:3d::/48 maxlen: 48
                          2402:f840:3e::/48 maxlen: 48
                          2402:f840:3f::/48 maxlen: 48
                          2402:f840:40::/48 maxlen: 48
                          2402:f840:41::/48 maxlen: 48
                          2402:f840:42::/48 maxlen: 48
                          2402:f840:43::/48 maxlen: 48
                          2402:f840:44::/48 maxlen: 48
                          2402:f840:45::/48 maxlen: 48
                          2402:f840:46::/48 maxlen: 48
                          2402:f840:47::/48 maxlen: 48
                          2402:f840:48::/48 maxlen: 48
                          2402:f840:49::/48 maxlen: 48
                          2402:f840:4a::/48 maxlen: 48
                          2402:f840:4b::/48 maxlen: 48
                          2402:f840:4c::/48 maxlen: 48
                          2402:f840:4d::/48 maxlen: 48
                          2402:f840:4e::/48 maxlen: 48
                          2402:f840:4f::/48 maxlen: 48
                          2402:f840:50::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A918DB4E/77E7F9A00CE511EAA20DDD82C4F9AE02/QnWN4MwM9iwq7uk-Du5nkDpQLMw.crl
                          rsync://rpki.apnic.net/member_repository/A918DB4E/77E7F9A00CE511EAA20DDD82C4F9AE02/QnWN4MwM9iwq7uk-Du5nkDpQLMw.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QnWN4MwM9iwq7uk-Du5nkDpQLMw.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 14 Aug 2025 05:57:38 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3214 (0xc8e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A918DB4E, serialNumber=42758DE0CC0CF62C2AEEE93E0EEE67903A502CCC
        Validity
            Not Before: Jul 31 19:28:17 2025 GMT
            Not After : Dec  1 00:00:00 2025 GMT
        Subject: CN=688bc3d0-2dc7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ea:02:d3:dd:df:ea:19:39:ae:86:b2:93:b4:61:
                    00:5f:ac:a5:6a:83:3d:05:71:b3:10:92:8c:11:8d:
                    7d:be:3b:e7:8a:ee:32:5d:6d:d8:64:ef:52:f8:6e:
                    af:78:94:83:b1:c6:72:71:96:76:aa:c9:c2:91:5b:
                    17:31:3e:b9:7f:f4:66:ac:e8:67:fa:cf:df:d1:36:
                    76:7e:39:c1:35:b2:86:1c:9d:51:78:65:0f:2c:d6:
                    44:f1:2a:c4:06:c2:8f:4e:a7:ab:0f:2c:67:71:de:
                    d4:10:fc:ac:3b:4d:77:68:1a:a0:78:3e:99:3b:62:
                    ce:28:d5:c9:83:00:60:c6:bf:07:e9:17:cf:a4:9d:
                    90:d8:db:91:80:f2:27:f9:e3:1e:e0:30:4d:6a:1f:
                    40:74:aa:6a:85:8d:82:b8:fc:5a:ef:62:a3:e9:ac:
                    78:7b:46:e6:aa:62:87:d1:0e:0f:1b:8d:58:88:73:
                    b1:92:84:4f:ca:45:19:b2:9a:d4:a4:60:ed:6d:2e:
                    de:ff:28:64:23:40:a5:b8:ea:cd:04:da:af:b7:d5:
                    63:42:44:71:b0:6a:7b:22:6e:2e:65:1a:c3:78:75:
                    c2:67:37:ae:80:2e:29:ce:1a:ad:58:f8:68:bf:04:
                    43:e7:ed:e5:bb:86:f7:0e:47:88:4a:ef:93:2b:7e:
                    b6:95
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                69:AF:7E:70:BC:46:77:90:7B:90:DF:3F:17:10:6B:EA:B1:83:04:F1
            X509v3 Authority Key Identifier:
                keyid:42:75:8D:E0:CC:0C:F6:2C:2A:EE:E9:3E:0E:EE:67:90:3A:50:2C:CC

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A918DB4E/77E7F9A00CE511EAA20DDD82C4F9AE02/QnWN4MwM9iwq7uk-Du5nkDpQLMw.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QnWN4MwM9iwq7uk-Du5nkDpQLMw.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A918DB4E/77E7F9A00CE511EAA20DDD82C4F9AE02/CF3CF4A2DECD11EFA34A7C66C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2402:f840::/32

    Signature Algorithm: sha256WithRSAEncryption
         a0:84:c5:c7:94:c8:47:5a:10:c5:59:bb:d2:7b:93:3b:8b:7f:
         ab:d8:36:e8:fc:ee:6c:fc:bf:f9:92:ed:07:2b:c1:84:64:31:
         a4:94:ff:a0:d6:46:b3:83:8e:fc:ba:8b:4d:c5:25:cc:92:ae:
         b4:cc:5c:39:81:98:c8:68:e6:73:06:c9:82:56:ae:08:23:09:
         a5:18:87:e0:5e:ee:1a:bc:0b:8c:da:45:12:35:ad:f6:7e:a5:
         67:7e:72:ed:b4:58:83:ba:e5:6d:1a:51:07:15:d6:e0:7d:d0:
         38:27:75:81:56:68:94:2e:4e:0b:76:b2:92:fe:69:65:6a:8f:
         ac:02:75:42:76:48:7c:ce:e4:aa:f3:85:b0:2f:b6:97:3d:ad:
         51:a3:e2:ba:69:ec:f7:9d:c4:bf:f9:82:e8:61:d6:93:4b:15:
         56:dd:f2:a1:74:86:fa:27:25:a0:e5:d8:93:21:25:7b:a2:42:
         3c:84:a0:ab:9b:2e:d4:c4:2c:41:2f:87:de:4e:cb:1e:b8:2c:
         0c:ea:54:24:94:63:62:de:76:3d:2b:41:25:4d:18:7b:39:09:
         4d:ec:43:35:48:ec:9a:21:44:a1:6e:b7:8e:1f:b2:64:26:8b:
         7c:9b:13:88:d8:ce:17:d1:70:76:f4:bb:07:06:dc:1b:02:f5:
         e9:e6:01:31
-----BEGIN CERTIFICATE-----
MIIFcjCCBFqgAwIBAgICDI4wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OERCNEUxMTAvBgNVBAUTKDQyNzU4REUwQ0MwQ0Y2MkMyQUVFRTkzRTBFRUU2Nzkw
M0E1MDJDQ0MwHhcNMjUwNzMxMTkyODE3WhcNMjUxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODhiYzNkMC0yZGM3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA6gLT3d/qGTmuhrKTtGEAX6ylaoM9BXGzEJKMEY19vjvniu4yXW3YZO9S+G6v
eJSDscZycZZ2qsnCkVsXMT65f/RmrOhn+s/f0TZ2fjnBNbKGHJ1ReGUPLNZE8SrE
BsKPTqerDyxncd7UEPysO013aBqgeD6ZO2LOKNXJgwBgxr8H6RfPpJ2Q2NuRgPIn
+eMe4DBNah9AdKpqhY2CuPxa72Kj6ax4e0bmqmKH0Q4PG41YiHOxkoRPykUZsprU
pGDtbS7e/yhkI0CluOrNBNqvt9VjQkRxsGp7Im4uZRrDeHXCZzeugC4pzhqtWPho
vwRD5+3lu4b3DkeISu+TK362lQIDAQABo4ICljCCApIwHQYDVR0OBBYEFGmvfnC8
RneQe5DfPxcQa+qxgwTxMB8GA1UdIwQYMBaAFEJ1jeDMDPYsKu7pPg7uZ5A6UCzM
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4REI0RS83N0U3RjlBMDBD
RTUxMUVBQTIwREREODJDNEY5QUUwMi9RbldONE13TTlpd3E3dWstRHU1bmtEcFFM
TXcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1FuV040TXdNOWl3cTd1ay1EdTVua0RwUUxNdy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OERCNEUvNzdFN0Y5QTAwQ0U1MTFFQUEyMERERDgyQzRGOUFFMDIvQ0YzQ0Y0QTJE
RUNEMTFFRkEzNEE3QzY2QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwIAYIKwYBBQUHAQcBAf8E
ETAPMA0EAgACMAcDBQAkAvhAMA0GCSqGSIb3DQEBCwUAA4IBAQCghMXHlMhHWhDF
WbvSe5M7i3+r2Dbo/O5s/L/5ku0HK8GEZDGklP+g1kazg478uotNxSXMkq60zFw5
gZjIaOZzBsmCVq4IIwmlGIfgXu4avAuM2kUSNa32fqVnfnLttFiDuuVtGlEHFdbg
fdA4J3WBVmiULk4LdrKS/mllao+sAnVCdkh8zuSq84WwL7aXPa1Ro+K6aez3ncS/
+YLoYdaTSxVW3fKhdIb6JyWg5diTISV7okI8hKCrmy7UxCxBL4feTsseuCwM6lQk
lGNi3nY9K0ElTRh7OQlN7EM1SOyaIUShbreOH7JkJot8mxOI2M4X0XB29LsHBtwb
AvXp5gEx
-----END CERTIFICATE-----
Generated at Sat Aug 9 05:51:44 2025 by rpki-client