Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/792BA6283AAC11EF93D3E072C4F9AE02.roa
File:                     792BA6283AAC11EF93D3E072C4F9AE02.roa (raw, json)
Hash identifier:          mgxcBaGr7BI/56HJBlh6MCkHXWiHbJ+08mgJcXvNvJg=
Subject key identifier:   D6:96:49:CC:CE:20:44:CA:4C:C2:44:9B:2D:DB:13:CE:86:0B:F6:C5
Certificate issuer:       /CN=A914EAE4/serialNumber=AD56B67187A98BA314084405797BD9656E8AC8BA
Certificate serial:       1F85
Authority key identifier: AD:56:B6:71:87:A9:8B:A3:14:08:44:05:79:7B:D9:65:6E:8A:C8:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/rVa2cYepi6MUCEQFeXvZZW6KyLo.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/792BA6283AAC11EF93D3E072C4F9AE02.roa
Signing time:             Sat 30 Aug 2025 16:35:52 +0000
ROA not before:           Sat 30 Aug 2025 16:35:52 +0000
ROA not after:            Tue 01 Dec 2026 00:00:00 +0000
asID:                     64079
IP address blocks:        203.56.50.0/24 maxlen: 24
                          203.56.51.0/24 maxlen: 24
                          203.86.118.0/24 maxlen: 24
                          203.86.119.0/24 maxlen: 24
                          203.86.120.0/24 maxlen: 24
                          203.86.121.0/24 maxlen: 24
                          203.86.122.0/24 maxlen: 24
                          203.86.123.0/24 maxlen: 24
                          203.86.124.0/24 maxlen: 24
                          203.86.125.0/24 maxlen: 24
                          220.247.138.0/24 maxlen: 24
                          220.247.139.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/rVa2cYepi6MUCEQFeXvZZW6KyLo.crl
                          rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/rVa2cYepi6MUCEQFeXvZZW6KyLo.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/rVa2cYepi6MUCEQFeXvZZW6KyLo.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 25 Oct 2025 16:37:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 8069 (0x1f85)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A914EAE4, serialNumber=AD56B67187A98BA314084405797BD9656E8AC8BA
        Validity
            Not Before: Aug 30 16:35:52 2025 GMT
            Not After : Dec  1 00:00:00 2026 GMT
        Subject: CN=68b32868-ec60
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b5:8f:4b:a4:91:5b:35:36:d1:7e:73:d9:44:3d:
                    ca:85:2f:c1:9f:1e:de:61:30:2f:84:92:bf:64:82:
                    48:e9:4f:78:d9:e4:38:62:58:c9:1f:1a:ca:6b:29:
                    ac:53:f9:3a:59:c1:52:5d:f8:1f:eb:4d:18:9f:d9:
                    79:01:fc:2c:9e:ef:36:82:e6:d4:63:9c:72:d8:1f:
                    57:2e:b8:75:29:0c:07:ca:af:f1:1c:b4:b1:ca:f7:
                    99:79:3b:1a:1a:bf:df:76:84:ba:f4:4f:18:f0:37:
                    5e:5a:4d:d6:7d:e3:c0:cf:3f:97:3f:49:12:de:fc:
                    8b:c0:23:6f:c1:cf:bb:02:a4:45:69:ed:40:de:73:
                    40:ce:6f:5f:91:e7:e8:11:dc:c8:ae:26:0b:a0:78:
                    65:36:c2:7c:fc:6a:f3:9b:20:a0:9f:49:98:bf:d8:
                    74:77:eb:ac:15:ce:66:25:39:13:f0:aa:fe:ac:9d:
                    42:9c:86:91:1f:a5:7f:7a:66:3d:ca:08:8b:49:63:
                    87:69:9d:a1:46:a5:4a:e3:37:67:54:17:f1:c7:dc:
                    0b:d6:83:fc:47:eb:12:22:c4:e0:31:36:c3:4b:25:
                    94:e9:54:3f:16:a1:c5:f0:d0:ad:8b:84:f2:20:90:
                    8e:3c:d3:d2:28:e5:cd:52:89:7d:d6:a2:8b:34:94:
                    ae:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                D6:96:49:CC:CE:20:44:CA:4C:C2:44:9B:2D:DB:13:CE:86:0B:F6:C5
            X509v3 Authority Key Identifier:
                keyid:AD:56:B6:71:87:A9:8B:A3:14:08:44:05:79:7B:D9:65:6E:8A:C8:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/rVa2cYepi6MUCEQFeXvZZW6KyLo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/rVa2cYepi6MUCEQFeXvZZW6KyLo.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/792BA6283AAC11EF93D3E072C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.56.50.0/23
                  203.86.118.0-203.86.125.255
                  220.247.138.0/23

    Signature Algorithm: sha256WithRSAEncryption
         7b:aa:22:b8:ad:55:93:e6:00:42:2e:40:87:1f:47:11:8a:b9:
         74:2d:bb:ca:26:66:d6:9e:88:3b:ef:ec:88:37:73:94:c0:bd:
         f3:4d:71:80:9a:3b:8c:df:62:40:e7:bf:e9:88:7d:d9:98:c7:
         1d:a9:ad:a0:a6:7c:6b:c1:ab:32:70:e6:8a:19:e6:cc:d6:3b:
         c9:d3:f2:2f:2f:66:5c:09:22:2c:10:d5:9b:51:53:9b:c7:0b:
         67:ae:16:65:45:14:d2:50:10:8d:b1:1d:f3:36:34:18:6b:5f:
         5e:e2:f0:ea:00:3d:1b:5c:c1:a6:24:2f:12:06:5d:70:62:e2:
         9c:7a:b7:01:3b:9d:55:02:52:d3:7b:83:ad:53:8a:02:1e:33:
         e7:9e:93:54:55:87:49:43:03:47:b8:98:3c:59:8e:ab:9d:c2:
         a0:52:c4:a3:84:dc:25:4f:1d:2c:7c:16:4d:46:cd:33:ce:47:
         42:61:d6:db:69:0f:9d:92:0a:25:67:d8:3a:1e:bc:c1:d6:66:
         7f:c9:2b:b6:c5:0c:06:e7:47:3b:1c:b4:d3:a9:95:9f:6d:16:
         24:31:d6:05:f3:12:94:3e:40:6d:6c:51:f2:0c:ca:ff:f3:48:
         ce:9f:da:56:b9:c5:76:0d:97:a3:2e:6a:ea:2b:2b:3a:46:57:
         1d:60:75:08
-----BEGIN CERTIFICATE-----
MIIFhTCCBG2gAwIBAgICH4UwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NEVBRTQxMTAvBgNVBAUTKEFENTZCNjcxODdBOThCQTMxNDA4NDQwNTc5N0JEOTY1
NkU4QUM4QkEwHhcNMjUwODMwMTYzNTUyWhcNMjYxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGIzMjg2OC1lYzYwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAtY9LpJFbNTbRfnPZRD3KhS/Bnx7eYTAvhJK/ZIJI6U942eQ4YljJHxrKayms
U/k6WcFSXfgf600Yn9l5Afwsnu82gubUY5xy2B9XLrh1KQwHyq/xHLSxyveZeTsa
Gr/fdoS69E8Y8DdeWk3WfePAzz+XP0kS3vyLwCNvwc+7AqRFae1A3nNAzm9fkefo
EdzIriYLoHhlNsJ8/GrzmyCgn0mYv9h0d+usFc5mJTkT8Kr+rJ1CnIaRH6V/emY9
ygiLSWOHaZ2hRqVK4zdnVBfxx9wL1oP8R+sSIsTgMTbDSyWU6VQ/FqHF8NCti4Ty
IJCOPNPSKOXNUol91qKLNJSuQwIDAQABo4ICqTCCAqUwHQYDVR0OBBYEFNaWSczO
IETKTMJEmy3bE86GC/bFMB8GA1UdIwQYMBaAFK1WtnGHqYujFAhEBXl72WVuisi6
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0RUFFNC82NzUzQjhBRTI1
NzUxMUU3QUMwRDE3MkFDNEY5QUUwMi9yVmEyY1llcGk2TVVDRVFGZVh2WlpXNkt5
TG8uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3JWYTJjWWVwaTZNVUNFUUZlWHZaWlc2S3lMby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NEVBRTQvNjc1M0I4QUUyNTc1MTFFN0FDMEQxNzJBQzRGOUFFMDIvNzkyQkE2Mjgz
QUFDMTFFRjkzRDNFMDcyQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMwYIKwYBBQUHAQcBAf8E
JDAiMCAEAgABMBoDBAHLODIwDAMEActWdgMEActWfAMEAdz3ijANBgkqhkiG9w0B
AQsFAAOCAQEAe6oiuK1Vk+YAQi5Ahx9HEYq5dC27yiZm1p6IO+/siDdzlMC9801x
gJo7jN9iQOe/6Yh92ZjHHamtoKZ8a8GrMnDmihnmzNY7ydPyLy9mXAkiLBDVm1FT
m8cLZ64WZUUU0lAQjbEd8zY0GGtfXuLw6gA9G1zBpiQvEgZdcGLinHq3ATudVQJS
03uDrVOKAh4z556TVFWHSUMDR7iYPFmOq53CoFLEo4TcJU8dLHwWTUbNM85HQmHW
22kPnZIKJWfYOh68wdZmf8krtsUMBudHOxy006mVn20WJDHWBfMSlD5AbWxR8gzK
//NIzp/aVrnFdg2Xoy5q6isrOkZXHWB1CA==
-----END CERTIFICATE-----
Generated at Mon Oct 20 17:49:45 2025 by rpki-client