Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A911069A/961B2A4666F511EEA4384F74C4F9AE02/E286BAA24B5611F0A987864DC4F9AE02.roa
File:                     E286BAA24B5611F0A987864DC4F9AE02.roa (raw, json)
Hash identifier:          bWytMX2ocHQy8Cou+9GWFJwmUM99UBB8tHyLMwlptss=
Subject key identifier:   29:9E:8E:0B:CE:EE:A4:41:EB:A5:50:98:F4:44:83:84:47:8B:3D:7A
Certificate issuer:       /CN=A911069A/serialNumber=5B82E88C014132823D020D5C30A6BFB6D5B50221
Certificate serial:       0141
Authority key identifier: 5B:82:E8:8C:01:41:32:82:3D:02:0D:5C:30:A6:BF:B6:D5:B5:02:21
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/W4LojAFBMoI9Ag1cMKa_ttW1AiE.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A911069A/961B2A4666F511EEA4384F74C4F9AE02/E286BAA24B5611F0A987864DC4F9AE02.roa
Signing time:             Tue 17 Jun 2025 08:41:39 +0000
ROA not before:           Tue 17 Jun 2025 08:41:39 +0000
ROA not after:            Fri 31 Oct 2025 00:00:00 +0000
asID:                     38624
IP address blocks:        117.120.32.0/23 maxlen: 24
                          117.120.34.0/23 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A911069A/961B2A4666F511EEA4384F74C4F9AE02/W4LojAFBMoI9Ag1cMKa_ttW1AiE.crl
                          rsync://rpki.apnic.net/member_repository/A911069A/961B2A4666F511EEA4384F74C4F9AE02/W4LojAFBMoI9Ag1cMKa_ttW1AiE.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/W4LojAFBMoI9Ag1cMKa_ttW1AiE.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 10 Jul 2025 03:15:40 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 321 (0x141)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A911069A, serialNumber=5B82E88C014132823D020D5C30A6BFB6D5B50221
        Validity
            Not Before: Jun 17 08:41:39 2025 GMT
            Not After : Oct 31 00:00:00 2025 GMT
        Subject: CN=68512a43-9b61
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:6c:7f:47:b1:f0:04:a5:34:62:9b:a0:13:7e:
                    eb:74:85:f4:3f:94:03:b1:f1:5d:6b:d0:d4:53:57:
                    56:6a:cf:f6:64:68:ff:ef:06:3a:de:83:d4:f2:8f:
                    a7:be:e4:34:40:1e:01:09:4c:9e:47:58:03:fa:0a:
                    0d:61:33:d4:1c:0d:98:3d:89:10:66:49:bb:d7:73:
                    e4:ea:94:a0:95:8c:f4:28:96:46:ff:b8:40:78:87:
                    ff:34:3c:22:35:c3:85:8e:94:04:e6:79:aa:06:bc:
                    50:25:3f:31:f7:5d:14:55:64:7b:31:6a:dc:53:ce:
                    39:27:88:98:89:93:03:ac:16:d8:ea:e2:34:74:d6:
                    50:76:d0:50:61:ef:27:a1:82:e6:df:61:79:32:e1:
                    31:5c:33:ae:b0:16:69:c4:50:2d:bb:ed:87:7f:bd:
                    72:45:72:9a:ff:35:d4:e2:0d:65:ce:ec:e0:20:c6:
                    56:97:5d:8d:6f:d7:7a:b0:01:17:e6:74:52:a0:69:
                    a7:9b:c1:c5:c6:08:de:c7:82:18:b1:d2:f1:0f:e4:
                    ce:0b:a8:0b:33:41:8d:0f:b7:b3:d4:d0:38:94:53:
                    07:44:63:d9:79:7d:1c:3d:b4:a2:68:7e:1c:1b:4d:
                    93:b8:19:95:0d:8a:b8:47:a8:6a:91:dd:75:81:64:
                    47:ad
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                29:9E:8E:0B:CE:EE:A4:41:EB:A5:50:98:F4:44:83:84:47:8B:3D:7A
            X509v3 Authority Key Identifier:
                keyid:5B:82:E8:8C:01:41:32:82:3D:02:0D:5C:30:A6:BF:B6:D5:B5:02:21

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A911069A/961B2A4666F511EEA4384F74C4F9AE02/W4LojAFBMoI9Ag1cMKa_ttW1AiE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/W4LojAFBMoI9Ag1cMKa_ttW1AiE.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A911069A/961B2A4666F511EEA4384F74C4F9AE02/E286BAA24B5611F0A987864DC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  117.120.32.0/22

    Signature Algorithm: sha256WithRSAEncryption
         ac:75:48:08:7e:a5:58:4f:c0:f5:4b:0f:01:09:49:9d:19:57:
         9f:d8:34:e2:5e:f7:d4:d8:20:a1:73:2e:9b:91:70:5a:df:f7:
         be:05:b6:ee:cc:a8:b6:bf:fb:c0:43:04:13:1e:d3:cb:c4:95:
         6a:17:e1:9d:31:f5:1f:89:20:26:ff:74:29:a5:e3:75:77:d9:
         6f:0b:bc:48:b4:e6:fb:42:05:9e:53:e3:03:50:20:f4:73:7d:
         5e:d1:70:fc:92:1f:71:27:6f:6c:20:9e:21:3f:5a:ea:05:f5:
         84:9b:8d:87:b1:12:06:d7:f8:68:c8:27:de:4a:86:dc:30:50:
         0a:4a:26:d1:58:d6:49:d4:a1:65:5b:4c:be:15:8c:f8:97:52:
         2f:87:17:41:4a:bf:5b:16:03:07:f8:71:d5:fd:3f:7a:82:22:
         fa:10:cf:33:f8:e5:72:d6:7f:85:70:c0:ad:db:32:c2:9e:c9:
         40:87:27:9d:48:9b:89:b4:ff:92:91:76:30:c3:38:ec:6c:0c:
         9f:a3:5d:30:c2:d7:46:e6:88:ea:df:c4:ec:52:2e:fc:b7:b4:
         92:c7:0b:9e:4e:49:e0:43:8d:fb:6b:cd:dc:1e:39:2c:ca:c0:
         f9:29:ee:ed:67:ae:9b:5a:20:68:98:f0:15:fc:86:36:b6:eb:
         60:17:82:04
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICAUEwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MTA2OUExMTAvBgNVBAUTKDVCODJFODhDMDE0MTMyODIzRDAyMEQ1QzMwQTZCRkI2
RDVCNTAyMjEwHhcNMjUwNjE3MDg0MTM5WhcNMjUxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODUxMmE0My05YjYxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAzGx/R7HwBKU0YpugE37rdIX0P5QDsfFda9DUU1dWas/2ZGj/7wY63oPU8o+n
vuQ0QB4BCUyeR1gD+goNYTPUHA2YPYkQZkm713Pk6pSglYz0KJZG/7hAeIf/NDwi
NcOFjpQE5nmqBrxQJT8x910UVWR7MWrcU845J4iYiZMDrBbY6uI0dNZQdtBQYe8n
oYLm32F5MuExXDOusBZpxFAtu+2Hf71yRXKa/zXU4g1lzuzgIMZWl12Nb9d6sAEX
5nRSoGmnm8HFxgjex4IYsdLxD+TOC6gLM0GND7ez1NA4lFMHRGPZeX0cPbSiaH4c
G02TuBmVDYq4R6hqkd11gWRHrQIDAQABo4IClTCCApEwHQYDVR0OBBYEFCmejgvO
7qRB66VQmPREg4RHiz16MB8GA1UdIwQYMBaAFFuC6IwBQTKCPQINXDCmv7bVtQIh
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTExMDY5QS85NjFCMkE0NjY2
RjUxMUVFQTQzODRGNzRDNEY5QUUwMi9XNExvakFGQk1vSTlBZzFjTUthX3R0VzFB
aUUuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1c0TG9qQUZCTW9JOUFnMWNNS2FfdHRXMUFpRS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MTA2OUEvOTYxQjJBNDY2NkY1MTFFRUE0Mzg0Rjc0QzRGOUFFMDIvRTI4NkJBQTI0
QjU2MTFGMEE5ODc4NjREQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAJ1eCAwDQYJKoZIhvcNAQELBQADggEBAKx1SAh+pVhPwPVL
DwEJSZ0ZV5/YNOJe99TYIKFzLpuRcFrf974Ftu7MqLa/+8BDBBMe08vElWoX4Z0x
9R+JICb/dCml43V32W8LvEi05vtCBZ5T4wNQIPRzfV7RcPySH3Enb2wgniE/WuoF
9YSbjYexEgbX+GjIJ95KhtwwUApKJtFY1knUoWVbTL4VjPiXUi+HF0FKv1sWAwf4
cdX9P3qCIvoQzzP45XLWf4VwwK3bMsKeyUCHJ51Im4m0/5KRdjDDOOxsDJ+jXTDC
10bmiOrfxOxSLvy3tJLHC55OSeBDjftrzdweOSzKwPkp7u1nrptaIGiY8BX8hja2
62AXggQ=
-----END CERTIFICATE-----
Generated at Fri Jul 4 22:22:34 2025 by rpki-client