Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9149F3E/AC52B7481D8211E2BC6417D708B02CD2/52850542A60811EF91FB1113C4F9AE02.roa
File:                     52850542A60811EF91FB1113C4F9AE02.roa (raw, json)
Hash identifier:          GHuU22IcLLuVEBztwOQTmPjjw0AaG0ih1tK2Bd/2TRA=
Subject key identifier:   BB:BF:80:ED:58:7B:7A:60:F5:6C:62:B9:93:83:11:AF:99:3E:1B:3F
Certificate issuer:       /CN=A9149F3E/serialNumber=EB389FB339B3908D549A65390C92E15F9DF7C54B
Certificate serial:       3AA5
Authority key identifier: EB:38:9F:B3:39:B3:90:8D:54:9A:65:39:0C:92:E1:5F:9D:F7:C5:4B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/6zifszmzkI1UmmU5DJLhX533xUs.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9149F3E/AC52B7481D8211E2BC6417D708B02CD2/52850542A60811EF91FB1113C4F9AE02.roa
Signing time:             Fri 17 Oct 2025 05:10:42 +0000
ROA not before:           Fri 17 Oct 2025 05:10:42 +0000
ROA not after:            Mon 31 Aug 2026 00:00:00 +0000
asID:                     20200
IP address blocks:        45.250.221.0/24 maxlen: 24
                          45.250.222.0/24 maxlen: 24
                          61.251.182.0/24 maxlen: 24
                          115.71.26.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9149F3E/AC52B7481D8211E2BC6417D708B02CD2/6zifszmzkI1UmmU5DJLhX533xUs.crl
                          rsync://rpki.apnic.net/member_repository/A9149F3E/AC52B7481D8211E2BC6417D708B02CD2/6zifszmzkI1UmmU5DJLhX533xUs.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/6zifszmzkI1UmmU5DJLhX533xUs.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 25 Oct 2025 14:23:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 15013 (0x3aa5)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9149F3E, serialNumber=EB389FB339B3908D549A65390C92E15F9DF7C54B
        Validity
            Not Before: Oct 17 05:10:42 2025 GMT
            Not After : Aug 31 00:00:00 2026 GMT
        Subject: CN=68f1cfd2-7220
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b1:fd:43:4d:0b:4c:73:27:d2:7d:51:da:76:81:
                    1e:0f:96:64:a9:e0:56:c1:53:63:a5:c1:8c:19:ee:
                    dc:65:41:88:24:7d:5d:93:37:3f:6b:63:7f:97:26:
                    31:8c:00:34:db:25:c4:96:a8:af:bf:48:b0:e5:4e:
                    c2:9b:3e:d6:9a:74:15:65:30:60:ff:ac:c6:eb:80:
                    ef:3b:73:7a:e1:23:f3:6f:98:34:33:ab:31:44:b6:
                    79:f3:91:9d:5a:bc:38:a5:95:24:de:43:72:3b:95:
                    57:02:29:ec:eb:09:54:b3:8b:c4:9a:c9:ef:56:43:
                    79:25:0d:c7:4b:a3:1f:ec:eb:13:c2:3a:92:e3:6f:
                    68:63:7a:28:32:0e:ab:28:da:0a:6f:79:4c:de:19:
                    7f:50:04:eb:da:53:69:87:96:e8:65:5d:a1:7d:15:
                    eb:eb:83:95:ab:4f:2d:4c:a3:dd:80:b0:1d:25:a1:
                    75:7b:f9:0f:31:58:e8:fe:4a:ba:83:d3:eb:aa:2c:
                    75:50:b1:d5:89:ec:fb:95:0a:1c:bc:58:54:82:08:
                    52:b4:72:ad:13:79:64:b2:1b:b6:d3:67:c5:bd:10:
                    50:03:61:78:65:88:43:35:8a:c6:c4:5e:b8:c8:fd:
                    21:54:40:63:47:88:18:f2:03:be:63:b5:9f:4a:46:
                    b1:23
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                BB:BF:80:ED:58:7B:7A:60:F5:6C:62:B9:93:83:11:AF:99:3E:1B:3F
            X509v3 Authority Key Identifier:
                keyid:EB:38:9F:B3:39:B3:90:8D:54:9A:65:39:0C:92:E1:5F:9D:F7:C5:4B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9149F3E/AC52B7481D8211E2BC6417D708B02CD2/6zifszmzkI1UmmU5DJLhX533xUs.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/6zifszmzkI1UmmU5DJLhX533xUs.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9149F3E/AC52B7481D8211E2BC6417D708B02CD2/52850542A60811EF91FB1113C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.250.221.0-45.250.222.255
                  61.251.182.0/24
                  115.71.26.0/24

    Signature Algorithm: sha256WithRSAEncryption
         19:18:ba:b5:0e:11:09:f3:38:64:bb:5e:f8:79:dd:70:0e:23:
         d6:93:0b:01:ef:9f:7b:51:b0:22:41:83:c6:50:1a:22:94:09:
         1b:6d:0c:76:0f:03:5e:f3:57:d9:4f:c1:7b:9a:c1:90:23:0f:
         79:a7:09:e8:a4:3e:5a:e1:49:4d:91:37:bd:59:d1:42:99:85:
         2e:2d:92:a9:3d:eb:19:c6:60:13:92:30:a6:e7:9a:00:49:4c:
         f8:bd:b2:50:31:6f:65:fd:c0:bb:55:cc:63:94:d6:58:c2:90:
         86:cb:2f:83:ed:80:8c:e5:f3:3b:bb:ed:4a:a9:1c:f3:ae:9c:
         ea:39:f1:0b:1c:2b:19:07:d1:89:23:c6:d2:e3:28:70:bf:f6:
         2c:0e:80:12:3a:4b:2e:98:e2:39:87:c9:bc:f9:c4:50:61:1a:
         c9:7d:d6:4b:e8:2e:ed:f5:c0:a0:f3:1a:08:f4:d4:c3:3d:18:
         6a:dd:87:24:fe:f7:14:85:cd:4d:d1:b6:12:76:50:e0:fb:12:
         ab:06:1f:48:3a:d9:85:b9:39:07:7b:b5:af:16:0c:42:75:99:
         5c:39:ec:f2:24:6f:c1:2a:09:92:5d:2d:08:86:64:f4:24:27:
         e1:17:f5:72:77:1c:64:47:40:0e:33:a3:cf:4a:71:e7:05:21:
         b1:f1:58:02
-----BEGIN CERTIFICATE-----
MIIFhTCCBG2gAwIBAgICOqUwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDlGM0UxMTAvBgNVBAUTKEVCMzg5RkIzMzlCMzkwOEQ1NDlBNjUzOTBDOTJFMTVG
OURGN0M1NEIwHhcNMjUxMDE3MDUxMDQyWhcNMjYwODMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGYxY2ZkMi03MjIwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAsf1DTQtMcyfSfVHadoEeD5ZkqeBWwVNjpcGMGe7cZUGIJH1dkzc/a2N/lyYx
jAA02yXElqivv0iw5U7Cmz7WmnQVZTBg/6zG64DvO3N64SPzb5g0M6sxRLZ585Gd
Wrw4pZUk3kNyO5VXAins6wlUs4vEmsnvVkN5JQ3HS6Mf7OsTwjqS429oY3ooMg6r
KNoKb3lM3hl/UATr2lNph5boZV2hfRXr64OVq08tTKPdgLAdJaF1e/kPMVjo/kq6
g9Prqix1ULHViez7lQocvFhUgghStHKtE3lkshu202fFvRBQA2F4ZYhDNYrGxF64
yP0hVEBjR4gY8gO+Y7WfSkaxIwIDAQABo4ICqTCCAqUwHQYDVR0OBBYEFLu/gO1Y
e3pg9WxiuZODEa+ZPhs/MB8GA1UdIwQYMBaAFOs4n7M5s5CNVJplOQyS4V+d98VL
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0OUYzRS9BQzUyQjc0ODFE
ODIxMUUyQkM2NDE3RDcwOEIwMkNEMi82emlmc3ptemtJMVVtbVU1REpMaFg1MzN4
VXMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzZ6aWZzem16a0kxVW1tVTVESkxoWDUzM3hVcy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDlGM0UvQUM1MkI3NDgxRDgyMTFFMkJDNjQxN0Q3MDhCMDJDRDIvNTI4NTA1NDJB
NjA4MTFFRjkxRkIxMTEzQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMwYIKwYBBQUHAQcBAf8E
JDAiMCAEAgABMBowDAMEAC363QMEAC363gMEAD37tgMEAHNHGjANBgkqhkiG9w0B
AQsFAAOCAQEAGRi6tQ4RCfM4ZLte+HndcA4j1pMLAe+fe1GwIkGDxlAaIpQJG20M
dg8DXvNX2U/Be5rBkCMPeacJ6KQ+WuFJTZE3vVnRQpmFLi2SqT3rGcZgE5Iwpuea
AElM+L2yUDFvZf3Au1XMY5TWWMKQhssvg+2AjOXzO7vtSqkc866c6jnxCxwrGQfR
iSPG0uMocL/2LA6AEjpLLpjiOYfJvPnEUGEayX3WS+gu7fXAoPMaCPTUwz0Yat2H
JP73FIXNTdG2EnZQ4PsSqwYfSDrZhbk5B3u1rxYMQnWZXDns8iRvwSoJkl0tCIZk
9CQn4Rf1cnccZEdADjOjz0px5wUhsfFYAg==
-----END CERTIFICATE-----
Generated at Mon Oct 20 16:27:45 2025 by rpki-client