Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/52E1349E04D211E9BA47303FC4F9AE02.roa
File:                     52E1349E04D211E9BA47303FC4F9AE02.roa (raw, json)
Hash identifier:          xjE1wzsHVmSRCzFdeF0NIrknzjRrx9wDvb8yKtaqn18=
Subject key identifier:   5D:3C:2A:57:CF:42:41:43:37:D6:CB:23:A8:67:15:42:A2:57:8F:FF
Certificate issuer:       /CN=A914EAE4/serialNumber=AD56B67187A98BA314084405797BD9656E8AC8BA
Certificate serial:       1F79
Authority key identifier: AD:56:B6:71:87:A9:8B:A3:14:08:44:05:79:7B:D9:65:6E:8A:C8:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/rVa2cYepi6MUCEQFeXvZZW6KyLo.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/52E1349E04D211E9BA47303FC4F9AE02.roa
Signing time:             Sat 30 Aug 2025 16:35:42 +0000
ROA not before:           Sat 30 Aug 2025 16:35:42 +0000
ROA not after:            Tue 01 Dec 2026 00:00:00 +0000
asID:                     4813
IP address blocks:        121.10.40.0/24 maxlen: 24
                          125.88.15.0/24 maxlen: 24
                          125.88.58.0/24 maxlen: 24
                          125.88.59.0/24 maxlen: 24
                          125.88.60.0/23 maxlen: 23
                          125.88.88.0/24 maxlen: 24
                          125.88.103.0/24 maxlen: 24
                          125.88.108.0/23 maxlen: 23
                          125.88.114.0/24 maxlen: 24
                          125.88.115.0/24 maxlen: 24
                          125.88.116.0/22 maxlen: 22
                          125.88.120.0/23 maxlen: 23
                          125.88.124.0/22 maxlen: 22
                          125.88.128.0/20 maxlen: 20
                          202.96.168.0/24 maxlen: 24
                          202.103.182.0/24 maxlen: 24
                          202.105.2.0/23 maxlen: 23
                          202.105.5.0/24 maxlen: 24
                          202.105.7.0/24 maxlen: 24
                          202.105.80.0/22 maxlen: 22
                          202.105.212.0/23 maxlen: 23
                          202.105.214.0/24 maxlen: 24
                          202.105.215.0/24 maxlen: 24
                          202.105.240.0/22 maxlen: 22
                          218.13.104.0/22 maxlen: 22
                          218.13.108.0/22 maxlen: 22
                          218.13.112.0/22 maxlen: 22
                          218.13.118.0/23 maxlen: 23
                          218.13.120.0/21 maxlen: 21
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/rVa2cYepi6MUCEQFeXvZZW6KyLo.crl
                          rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/rVa2cYepi6MUCEQFeXvZZW6KyLo.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/rVa2cYepi6MUCEQFeXvZZW6KyLo.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 25 Oct 2025 16:37:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 8057 (0x1f79)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A914EAE4, serialNumber=AD56B67187A98BA314084405797BD9656E8AC8BA
        Validity
            Not Before: Aug 30 16:35:42 2025 GMT
            Not After : Dec  1 00:00:00 2026 GMT
        Subject: CN=68b3285e-be84
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:f5:f3:73:f2:67:16:5b:3f:99:5b:60:b1:d2:35:
                    50:ca:b9:4b:4e:7d:4a:a2:5a:97:d7:45:a4:5c:47:
                    47:a4:71:1c:dc:f5:21:86:7e:76:79:ac:0d:25:45:
                    ac:eb:41:28:07:c1:cb:fa:8a:db:a3:59:9a:7d:5d:
                    bb:20:25:a1:a1:5b:08:90:45:2a:24:d7:cc:df:58:
                    ab:22:9b:09:76:00:99:2c:d7:3d:ca:fc:b7:96:26:
                    ec:e5:82:f4:a1:fe:bf:22:ad:2f:15:b2:c9:5f:2a:
                    03:f6:2c:b3:a6:5d:87:d7:d3:5f:27:33:eb:09:4d:
                    f9:37:92:af:28:92:b9:8b:4c:01:68:1a:fa:f1:ae:
                    cd:1b:cc:74:8d:84:07:81:27:97:30:8e:31:d2:8b:
                    1e:dc:0c:6d:1e:c9:f8:6c:b8:2a:ab:9c:30:10:be:
                    9f:00:44:ab:54:cd:ee:4f:5d:02:2c:ff:80:ad:94:
                    c1:56:fd:be:d1:7a:8b:fc:a6:77:e7:e5:de:fe:88:
                    48:1b:79:f1:ee:d0:16:4d:34:df:c0:c6:68:c1:19:
                    23:8a:13:67:57:f5:41:9b:47:36:ed:f2:d9:2a:de:
                    c4:40:5d:36:8b:cf:98:59:79:38:77:f3:b6:3d:12:
                    c8:9f:e3:b1:cd:2c:cb:6b:5d:ea:34:28:3b:bd:95:
                    46:79
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                5D:3C:2A:57:CF:42:41:43:37:D6:CB:23:A8:67:15:42:A2:57:8F:FF
            X509v3 Authority Key Identifier:
                keyid:AD:56:B6:71:87:A9:8B:A3:14:08:44:05:79:7B:D9:65:6E:8A:C8:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/rVa2cYepi6MUCEQFeXvZZW6KyLo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/rVa2cYepi6MUCEQFeXvZZW6KyLo.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/52E1349E04D211E9BA47303FC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  121.10.40.0/24
                  125.88.15.0/24
                  125.88.58.0-125.88.61.255
                  125.88.88.0/24
                  125.88.103.0/24
                  125.88.108.0/23
                  125.88.114.0-125.88.121.255
                  125.88.124.0-125.88.143.255
                  202.96.168.0/24
                  202.103.182.0/24
                  202.105.2.0/23
                  202.105.5.0/24
                  202.105.7.0/24
                  202.105.80.0/22
                  202.105.212.0/22
                  202.105.240.0/22
                  218.13.104.0-218.13.115.255
                  218.13.118.0-218.13.127.255

    Signature Algorithm: sha256WithRSAEncryption
         a3:46:f9:47:5b:4a:f9:85:a1:a5:75:49:1e:43:6e:34:57:7e:
         58:56:53:f0:6b:eb:07:51:9d:74:cc:59:81:9a:ed:dc:4b:77:
         f4:77:fa:7c:84:8a:13:fc:e6:6b:11:83:86:7b:d1:50:54:56:
         d4:f2:7e:fe:7b:a5:04:e0:cc:14:a4:ce:5c:e0:bf:77:0d:7e:
         3f:a9:7e:41:99:11:94:67:58:87:19:e7:26:e6:c3:9c:1a:9a:
         6d:db:a3:90:67:ef:17:ec:74:4d:2d:90:84:10:34:0e:3c:e7:
         08:e7:6b:4e:0b:79:33:18:45:26:c0:96:b4:f1:c2:66:64:39:
         12:e3:df:55:b5:1c:87:c4:bf:fe:6a:b7:b7:56:05:81:2a:ed:
         d9:c9:4d:52:92:59:fe:8a:3d:78:41:2c:02:59:0b:d4:36:93:
         31:35:95:73:e5:9d:5b:33:dd:27:ed:2e:02:3c:9c:5d:3c:9e:
         d6:89:b9:b7:72:d3:7a:48:c2:3d:52:7e:43:b5:00:0a:fe:dd:
         b1:d8:4b:95:37:0c:b7:b4:01:8b:10:db:48:58:e9:3e:f9:7e:
         29:d9:c9:4b:7b:03:7b:49:88:0e:12:2b:d0:18:ba:ee:86:ec:
         9f:a3:e8:34:c5:bf:2c:1e:a1:50:60:26:8d:6d:b1:1c:e7:82:
         bb:59:a8:dd
-----BEGIN CERTIFICATE-----
MIIGBDCCBOygAwIBAgICH3kwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NEVBRTQxMTAvBgNVBAUTKEFENTZCNjcxODdBOThCQTMxNDA4NDQwNTc5N0JEOTY1
NkU4QUM4QkEwHhcNMjUwODMwMTYzNTQyWhcNMjYxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGIzMjg1ZS1iZTg0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA9fNz8mcWWz+ZW2Cx0jVQyrlLTn1KolqX10WkXEdHpHEc3PUhhn52eawNJUWs
60EoB8HL+orbo1mafV27ICWhoVsIkEUqJNfM31irIpsJdgCZLNc9yvy3libs5YL0
of6/Iq0vFbLJXyoD9iyzpl2H19NfJzPrCU35N5KvKJK5i0wBaBr68a7NG8x0jYQH
gSeXMI4x0ose3AxtHsn4bLgqq5wwEL6fAESrVM3uT10CLP+ArZTBVv2+0XqL/KZ3
5+Xe/ohIG3nx7tAWTTTfwMZowRkjihNnV/VBm0c27fLZKt7EQF02i8+YWXk4d/O2
PRLIn+OxzSzLa13qNCg7vZVGeQIDAQABo4IDKDCCAyQwHQYDVR0OBBYEFF08KlfP
QkFDN9bLI6hnFUKiV4//MB8GA1UdIwQYMBaAFK1WtnGHqYujFAhEBXl72WVuisi6
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0RUFFNC82NzUzQjhBRTI1
NzUxMUU3QUMwRDE3MkFDNEY5QUUwMi9yVmEyY1llcGk2TVVDRVFGZVh2WlpXNkt5
TG8uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3JWYTJjWWVwaTZNVUNFUUZlWHZaWlc2S3lMby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NEVBRTQvNjc1M0I4QUUyNTc1MTFFN0FDMEQxNzJBQzRGOUFFMDIvNTJFMTM0OUUw
NEQyMTFFOUJBNDczMDNGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwgbEGCCsGAQUFBwEHAQH/
BIGhMIGeMIGbBAIAATCBlAMEAHkKKAMEAH1YDzAMAwQBfVg6AwQBfVg8AwQAfVhY
AwQAfVhnAwQBfVhsMAwDBAF9WHIDBAF9WHgwDAMEAn1YfAMEBH1YgAMEAMpgqAME
AMpntgMEAcppAgMEAMppBQMEAMppBwMEAsppUAMEAspp1AMEAspp8DAMAwQD2g1o
AwQC2g1wMAwDBAHaDXYDBAfaDQAwDQYJKoZIhvcNAQELBQADggEBAKNG+UdbSvmF
oaV1SR5DbjRXflhWU/Br6wdRnXTMWYGa7dxLd/R3+nyEihP85msRg4Z70VBUVtTy
fv57pQTgzBSkzlzgv3cNfj+pfkGZEZRnWIcZ5ybmw5wamm3bo5Bn7xfsdE0tkIQQ
NA485wjna04LeTMYRSbAlrTxwmZkORLj31W1HIfEv/5qt7dWBYEq7dnJTVKSWf6K
PXhBLAJZC9Q2kzE1lXPlnVsz3SftLgI8nF08ntaJubdy03pIwj1SfkO1AAr+3bHY
S5U3DLe0AYsQ20hY6T75finZyUt7A3tJiA4SK9AYuu6G7J+j6DTFvyweoVBgJo1t
sRzngrtZqN0=
-----END CERTIFICATE-----
Generated at Mon Oct 20 16:37:29 2025 by rpki-client