Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91CB4E9/D386134440EE11F09E93351CC4F9AE02/BA23C0E440EF11F099D6761DC4F9AE02.roa
File:                     BA23C0E440EF11F099D6761DC4F9AE02.roa (raw, json)
Hash identifier:          pgsw/lIIAC86SHOBUAFVHyyezuLYZcEiwQh3Fbl1fpM=
Subject key identifier:   BD:50:9D:19:60:40:58:DF:D1:47:79:75:2F:9E:51:3D:79:48:73:A8
Certificate issuer:       /CN=A91CB4E9/serialNumber=50AE716F3D36B9BEEAE27F10068F9E36A233AB91
Certificate serial:       04
Authority key identifier: 50:AE:71:6F:3D:36:B9:BE:EA:E2:7F:10:06:8F:9E:36:A2:33:AB:91
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/UK5xbz02ub7q4n8QBo-eNqIzq5E.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91CB4E9/D386134440EE11F09E93351CC4F9AE02/BA23C0E440EF11F099D6761DC4F9AE02.roa
Signing time:             Wed 04 Jun 2025 02:58:01 +0000
ROA not before:           Wed 04 Jun 2025 02:58:01 +0000
ROA not after:            Tue 31 Mar 2026 00:00:00 +0000
asID:                     14618
IP address blocks:        202.49.204.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91CB4E9/D386134440EE11F09E93351CC4F9AE02/UK5xbz02ub7q4n8QBo-eNqIzq5E.crl
                          rsync://rpki.apnic.net/member_repository/A91CB4E9/D386134440EE11F09E93351CC4F9AE02/UK5xbz02ub7q4n8QBo-eNqIzq5E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/UK5xbz02ub7q4n8QBo-eNqIzq5E.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 22 Jun 2025 07:14:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4 (0x4)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91CB4E9, serialNumber=50AE716F3D36B9BEEAE27F10068F9E36A233AB91
        Validity
            Not Before: Jun  4 02:58:01 2025 GMT
            Not After : Mar 31 00:00:00 2026 GMT
        Subject: CN=683fb639-70f9
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ce:37:a2:f1:d8:6a:71:8d:c8:d6:d2:ad:13:7f:
                    d5:57:f6:44:79:ff:97:34:83:eb:b6:d0:d2:c1:99:
                    88:f6:36:70:15:7e:c6:1c:a8:30:c2:cb:4e:21:1d:
                    61:72:8f:5b:71:db:1c:46:33:e5:ac:17:0a:05:0e:
                    f5:58:53:9d:6e:61:3e:9a:10:f3:03:82:ff:19:a4:
                    99:af:f5:53:d4:0b:23:a1:a4:93:e7:9e:fb:f5:7b:
                    97:76:fe:0d:44:3f:09:0b:84:2d:69:7c:51:70:01:
                    33:75:9f:3d:19:e3:30:be:1f:7f:26:19:cc:bf:84:
                    41:d1:c6:71:bd:07:fb:91:b9:1a:49:d6:e7:9e:85:
                    60:55:94:ca:37:3c:70:48:75:0f:f6:26:b7:0a:c5:
                    1f:2d:09:39:59:5f:3a:1b:f3:7b:0e:7c:19:af:f3:
                    cc:76:a2:79:29:6b:46:4c:34:09:5e:75:d7:2e:db:
                    20:05:62:bd:e2:7d:e8:03:46:4e:43:86:3c:0c:36:
                    64:d1:40:87:97:bd:4f:13:ef:49:f0:a7:82:44:30:
                    74:a8:ca:21:63:78:da:e2:ce:d8:6c:56:0b:9a:d5:
                    c9:f5:cf:28:5f:fa:1c:c0:34:c8:0f:c3:13:86:8a:
                    81:4d:b9:b3:f5:71:69:ba:c2:c8:b1:7b:85:64:63:
                    d7:97
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BD:50:9D:19:60:40:58:DF:D1:47:79:75:2F:9E:51:3D:79:48:73:A8
            X509v3 Authority Key Identifier:
                keyid:50:AE:71:6F:3D:36:B9:BE:EA:E2:7F:10:06:8F:9E:36:A2:33:AB:91

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91CB4E9/D386134440EE11F09E93351CC4F9AE02/UK5xbz02ub7q4n8QBo-eNqIzq5E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/UK5xbz02ub7q4n8QBo-eNqIzq5E.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91CB4E9/D386134440EE11F09E93351CC4F9AE02/BA23C0E440EF11F099D6761DC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.49.204.0/24

    Signature Algorithm: sha256WithRSAEncryption
         5c:55:6f:45:cc:45:9c:0a:f1:97:39:0b:de:6c:db:c1:24:fc:
         81:d8:6f:19:31:c6:87:b1:0e:e8:03:6b:94:72:4d:fe:33:e1:
         9c:3d:09:34:ca:9e:3a:51:1c:f9:d8:cf:9f:49:e8:ff:54:52:
         eb:1a:83:43:b8:09:cc:38:9e:df:d3:9b:33:ae:65:12:f8:17:
         d9:40:57:b9:b8:ca:ef:c0:1f:a3:22:4f:13:c6:c6:f4:3e:60:
         61:af:6a:6f:58:09:a7:85:8a:22:9c:79:32:44:eb:b2:05:20:
         e3:03:88:fa:08:a4:e9:af:23:50:2c:66:8a:cc:2a:46:da:19:
         a9:f1:21:77:24:18:41:4d:10:52:84:0d:59:9b:b2:1f:2e:62:
         e5:17:35:9c:62:00:3d:ed:3e:23:bc:e4:78:1d:e6:54:f5:77:
         83:ac:64:80:71:9b:89:d8:de:b7:33:3a:7c:6c:77:ec:db:c3:
         94:6f:1c:41:85:b3:09:2c:f1:6e:e6:4b:34:a6:fc:cd:a9:fb:
         a0:54:5a:a8:77:e0:ff:ad:74:93:5a:7a:25:08:50:06:ce:ff:
         e5:65:bc:ab:5c:ca:92:15:93:80:91:22:c0:ac:55:82:78:c4:
         0f:3c:d6:7d:1e:8a:dd:d3:d6:91:22:4e:0d:4e:ed:57:de:e3:
         00:fd:44:ce
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgIBBDANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTFD
QjRFOTExMC8GA1UEBRMoNTBBRTcxNkYzRDM2QjlCRUVBRTI3RjEwMDY4RjlFMzZB
MjMzQUI5MTAeFw0yNTA2MDQwMjU4MDFaFw0yNjAzMzEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY4M2ZiNjM5LTcwZjkwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDON6Lx2GpxjcjW0q0Tf9VX9kR5/5c0g+u20NLBmYj2NnAVfsYcqDDCy04hHWFy
j1tx2xxGM+WsFwoFDvVYU51uYT6aEPMDgv8ZpJmv9VPUCyOhpJPnnvv1e5d2/g1E
PwkLhC1pfFFwATN1nz0Z4zC+H38mGcy/hEHRxnG9B/uRuRpJ1ueehWBVlMo3PHBI
dQ/2JrcKxR8tCTlZXzob83sOfBmv88x2onkpa0ZMNAleddcu2yAFYr3ifegDRk5D
hjwMNmTRQIeXvU8T70nwp4JEMHSoyiFjeNrizthsVgua1cn1zyhf+hzANMgPwxOG
ioFNubP1cWm6wsixe4VkY9eXAgMBAAGjggKVMIICkTAdBgNVHQ4EFgQUvVCdGWBA
WN/RR3l1L55RPXlIc6gwHwYDVR0jBBgwFoAUUK5xbz02ub7q4n8QBo+eNqIzq5Ew
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MUNCNEU5L0QzODYxMzQ0NDBF
RTExRjA5RTkzMzUxQ0M0RjlBRTAyL1VLNXhiejAydWI3cTRuOFFCby1lTnFJenE1
RS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvVUs1eGJ6MDJ1YjdxNG44UUJvLWVOcUl6cTVFLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFD
QjRFOS9EMzg2MTM0NDQwRUUxMUYwOUU5MzM1MUNDNEY5QUUwMi9CQTIzQzBFNDQw
RUYxMUYwOTlENjc2MURDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAfBggrBgEFBQcBBwEB/wQQ
MA4wDAQCAAEwBgMEAMoxzDANBgkqhkiG9w0BAQsFAAOCAQEAXFVvRcxFnArxlzkL
3mzbwST8gdhvGTHGh7EO6ANrlHJN/jPhnD0JNMqeOlEc+djPn0no/1RS6xqDQ7gJ
zDie39ObM65lEvgX2UBXubjK78AfoyJPE8bG9D5gYa9qb1gJp4WKIpx5MkTrsgUg
4wOI+gik6a8jUCxmiswqRtoZqfEhdyQYQU0QUoQNWZuyHy5i5Rc1nGIAPe0+I7zk
eB3mVPV3g6xkgHGbidjetzM6fGx37NvDlG8cQYWzCSzxbuZLNKb8zan7oFRaqHfg
/610k1p6JQhQBs7/5WW8q1zKkhWTgJEiwKxVgnjEDzzWfR6K3dPWkSJODU7tV97j
AP1Ezg==
-----END CERTIFICATE-----
Generated at Tue Jun 17 04:34:51 2025 by rpki-client