Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91D4A3A/1814F366ECB511EEA4650337C4F9AE02/8A5FC86AECB511EE8DC7B937C4F9AE02.roa
File:                     8A5FC86AECB511EE8DC7B937C4F9AE02.roa (raw, json)
Hash identifier:          Vp6oIV4Kwe3FgHjDClftctReHYiAIs5p4BPX7qetipE=
Subject key identifier:   61:22:97:2C:BB:15:0A:8F:DB:65:59:2E:79:60:23:BF:06:65:86:69
Certificate issuer:       /CN=A91D4A3A/serialNumber=83E4BCB763B8CED0365190E7280F0A6A34B35B51
Certificate serial:       C8
Authority key identifier: 83:E4:BC:B7:63:B8:CE:D0:36:51:90:E7:28:0F:0A:6A:34:B3:5B:51
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/g-S8t2O4ztA2UZDnKA8KajSzW1E.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91D4A3A/1814F366ECB511EEA4650337C4F9AE02/8A5FC86AECB511EE8DC7B937C4F9AE02.roa
Signing time:             Wed 09 Apr 2025 05:11:55 +0000
ROA not before:           Wed 09 Apr 2025 05:11:55 +0000
ROA not after:            Wed 01 Jul 2026 00:00:00 +0000
asID:                     152665
IP address blocks:        203.28.134.0/23 maxlen: 23
                          203.28.134.0/24 maxlen: 24
                          203.28.135.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91D4A3A/1814F366ECB511EEA4650337C4F9AE02/g-S8t2O4ztA2UZDnKA8KajSzW1E.crl
                          rsync://rpki.apnic.net/member_repository/A91D4A3A/1814F366ECB511EEA4650337C4F9AE02/g-S8t2O4ztA2UZDnKA8KajSzW1E.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/g-S8t2O4ztA2UZDnKA8KajSzW1E.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 02 May 2025 04:47:02 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 200 (0xc8)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91D4A3A, serialNumber=83E4BCB763B8CED0365190E7280F0A6A34B35B51
        Validity
            Not Before: Apr  9 05:11:55 2025 GMT
            Not After : Jul  1 00:00:00 2026 GMT
        Subject: CN=67f6019b-c3e0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:9e:57:4c:a1:36:95:6b:e8:3c:79:9c:18:ac:
                    6f:19:7c:37:32:a1:d6:29:9f:38:dc:a0:f3:09:8a:
                    fc:d6:17:45:c9:c4:a6:32:b4:75:65:a0:28:81:1c:
                    96:99:08:cc:92:f2:31:0a:a7:12:2c:b6:9c:e9:8a:
                    66:cc:2e:19:3e:7f:93:6c:7b:33:e4:60:b7:59:32:
                    d1:a6:23:cc:8e:16:69:30:e4:c1:fb:cb:ad:8a:e6:
                    fe:e1:4d:bd:ac:7b:28:db:34:db:2c:99:9c:94:4e:
                    55:10:66:d2:27:f8:17:40:c8:b7:24:ec:50:53:ff:
                    42:c9:43:18:70:24:cd:d7:dd:14:b0:e1:6d:74:57:
                    e8:2e:8b:94:d8:22:ff:68:17:f0:b8:de:e1:5a:2e:
                    b9:a8:0b:1c:33:97:3e:66:25:a1:a3:50:fe:97:3a:
                    96:58:00:c8:94:d3:58:50:d2:c5:27:84:d9:0a:61:
                    2b:36:52:aa:3f:4e:d2:2b:4e:4c:09:ab:e9:33:62:
                    a6:d4:5c:ec:79:0c:d0:ba:3d:16:13:cc:75:5e:02:
                    c8:23:e3:9c:37:d1:0b:df:09:6c:66:7e:db:82:8c:
                    ac:49:ac:e5:40:20:d9:4a:ac:e5:aa:4b:87:9f:f8:
                    44:6d:d5:3b:c1:e8:b9:a3:00:2e:45:e2:4e:75:aa:
                    3d:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                61:22:97:2C:BB:15:0A:8F:DB:65:59:2E:79:60:23:BF:06:65:86:69
            X509v3 Authority Key Identifier:
                keyid:83:E4:BC:B7:63:B8:CE:D0:36:51:90:E7:28:0F:0A:6A:34:B3:5B:51

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91D4A3A/1814F366ECB511EEA4650337C4F9AE02/g-S8t2O4ztA2UZDnKA8KajSzW1E.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/g-S8t2O4ztA2UZDnKA8KajSzW1E.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91D4A3A/1814F366ECB511EEA4650337C4F9AE02/8A5FC86AECB511EE8DC7B937C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.28.134.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7f:04:8d:7a:b1:d1:49:84:fb:a9:62:2a:63:fb:19:71:22:50:
         13:f6:eb:b2:7c:5f:34:81:03:db:bf:64:96:db:f0:5e:d1:36:
         8d:97:c9:89:ae:41:0a:ee:ce:8e:43:90:bd:49:93:92:71:ab:
         70:5b:f7:58:66:78:b1:c0:eb:81:86:73:d6:5a:50:f2:5b:ee:
         fc:69:b6:f4:dc:1f:44:fd:ea:62:0a:b0:d7:11:aa:3e:a8:88:
         63:fa:9e:dd:c1:c2:e4:90:13:ce:9f:74:f3:37:3f:bd:59:e4:
         12:e2:05:c6:ae:35:b8:46:08:1e:ca:7d:0c:d1:56:92:c4:65:
         67:49:2b:90:1f:4d:fe:f0:43:30:83:3f:3d:ae:db:59:da:c0:
         3f:bb:5b:28:cd:f0:c9:4a:8b:a2:6c:58:33:b9:74:9c:ff:c7:
         3d:bd:ed:13:4a:a0:ab:a0:84:a6:c2:8f:e7:b4:5c:18:92:c4:
         85:8e:d3:28:1b:9a:28:ef:27:d7:18:07:68:8c:ca:e8:de:84:
         1f:ab:5b:69:e0:ff:ac:47:77:52:16:d8:b4:87:e3:68:75:1b:
         66:14:b5:c5:4b:c4:35:b1:57:09:1f:e4:c8:73:3e:f8:ac:ec:
         73:b9:72:07:95:da:b7:82:ba:f1:d5:d5:00:c8:ad:5c:f9:6f:
         c5:c0:ea:a3
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICAMgwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
RDRBM0ExMTAvBgNVBAUTKDgzRTRCQ0I3NjNCOENFRDAzNjUxOTBFNzI4MEYwQTZB
MzRCMzVCNTEwHhcNMjUwNDA5MDUxMTU1WhcNMjYwNzAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02N2Y2MDE5Yi1jM2UwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAzJ5XTKE2lWvoPHmcGKxvGXw3MqHWKZ843KDzCYr81hdFycSmMrR1ZaAogRyW
mQjMkvIxCqcSLLac6YpmzC4ZPn+TbHsz5GC3WTLRpiPMjhZpMOTB+8utiub+4U29
rHso2zTbLJmclE5VEGbSJ/gXQMi3JOxQU/9CyUMYcCTN190UsOFtdFfoLouU2CL/
aBfwuN7hWi65qAscM5c+ZiWho1D+lzqWWADIlNNYUNLFJ4TZCmErNlKqP07SK05M
CavpM2Km1FzseQzQuj0WE8x1XgLII+OcN9EL3wlsZn7bgoysSazlQCDZSqzlqkuH
n/hEbdU7wei5owAuReJOdao9rwIDAQABo4IClTCCApEwHQYDVR0OBBYEFGEilyy7
FQqP22VZLnlgI78GZYZpMB8GA1UdIwQYMBaAFIPkvLdjuM7QNlGQ5ygPCmo0s1tR
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTFENEEzQS8xODE0RjM2NkVD
QjUxMUVFQTQ2NTAzMzdDNEY5QUUwMi9nLVM4dDJPNHp0QTJVWkRuS0E4S2FqU3pX
MUUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2ctUzh0Mk80enRBMlVaRG5LQThLYWpTelcxRS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
RDRBM0EvMTgxNEYzNjZFQ0I1MTFFRUE0NjUwMzM3QzRGOUFFMDIvOEE1RkM4NkFF
Q0I1MTFFRThEQzdCOTM3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAHLHIYwDQYJKoZIhvcNAQELBQADggEBAH8EjXqx0UmE+6li
KmP7GXEiUBP267J8XzSBA9u/ZJbb8F7RNo2XyYmuQQruzo5DkL1Jk5Jxq3Bb91hm
eLHA64GGc9ZaUPJb7vxptvTcH0T96mIKsNcRqj6oiGP6nt3BwuSQE86fdPM3P71Z
5BLiBcauNbhGCB7KfQzRVpLEZWdJK5AfTf7wQzCDPz2u21nawD+7WyjN8MlKi6Js
WDO5dJz/xz297RNKoKughKbCj+e0XBiSxIWO0ygbmijvJ9cYB2iMyujehB+rW2ng
/6xHd1IW2LSH42h1G2YUtcVLxDWxVwkf5MhzPvis7HO5cgeV2reCuvHV1QDIrVz5
b8XA6qM=
-----END CERTIFICATE-----
Generated at Sat Apr 26 12:58:38 2025 by rpki-client