Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/B228FE46257C11E79EE15E3CC4F9AE02.roa
File:                     B228FE46257C11E79EE15E3CC4F9AE02.roa (raw, json)
Hash identifier:          KwfuEN2GtNIeymat9QicYfvjGAixMAdsbfteX7WUvEg=
Subject key identifier:   52:B5:6E:17:C7:DA:A2:8B:4B:5A:76:85:C6:31:34:C2:26:8E:82:96
Certificate issuer:       /CN=A914EAE4/serialNumber=AD56B67187A98BA314084405797BD9656E8AC8BA
Certificate serial:       1F6E
Authority key identifier: AD:56:B6:71:87:A9:8B:A3:14:08:44:05:79:7B:D9:65:6E:8A:C8:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/rVa2cYepi6MUCEQFeXvZZW6KyLo.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/B228FE46257C11E79EE15E3CC4F9AE02.roa
Signing time:             Sat 30 Aug 2025 16:35:32 +0000
ROA not before:           Sat 30 Aug 2025 16:35:32 +0000
ROA not after:            Tue 01 Dec 2026 00:00:00 +0000
asID:                     17896
IP address blocks:        123.172.0.0/20 maxlen: 20
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/rVa2cYepi6MUCEQFeXvZZW6KyLo.crl
                          rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/rVa2cYepi6MUCEQFeXvZZW6KyLo.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/rVa2cYepi6MUCEQFeXvZZW6KyLo.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 25 Oct 2025 16:37:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 8046 (0x1f6e)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A914EAE4, serialNumber=AD56B67187A98BA314084405797BD9656E8AC8BA
        Validity
            Not Before: Aug 30 16:35:32 2025 GMT
            Not After : Dec  1 00:00:00 2026 GMT
        Subject: CN=68b32854-97f5
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d3:77:0b:fa:19:bc:11:44:3f:6d:da:c2:3a:47:
                    2d:f7:74:9b:af:25:d9:92:13:9c:5d:ba:19:3a:ed:
                    38:63:7b:3f:bc:61:1c:b4:2a:e5:4f:4c:e5:2f:ed:
                    cf:28:00:11:af:1b:a5:7c:3f:fb:79:9a:59:d3:ec:
                    94:50:07:f4:1f:e4:40:b2:76:5d:57:0b:7f:d0:13:
                    75:94:ca:b6:56:c4:5b:7c:6b:74:26:5c:6d:0d:98:
                    79:a2:f1:bc:34:55:71:bd:9a:dd:c7:9a:ae:11:05:
                    84:1c:74:3e:53:b4:2e:47:d4:bf:85:cb:f1:e1:4b:
                    9a:0d:39:e0:1a:0a:0b:54:b7:53:ec:cc:e3:48:e1:
                    41:9a:ed:29:6d:99:04:f6:38:0b:55:4c:22:e6:ca:
                    11:01:e2:92:34:31:c9:57:cf:ab:b4:bd:fb:f1:c6:
                    6f:32:03:1f:f9:f8:21:04:1f:8b:f7:5f:b3:6d:05:
                    b7:6b:73:0d:82:70:02:86:66:12:e7:3c:cc:d6:86:
                    de:2e:08:a6:8a:51:44:d6:e3:3a:10:8b:62:84:10:
                    6a:5c:9c:9a:a5:de:cc:37:d7:48:1f:dd:27:27:4f:
                    bd:77:71:63:d3:a6:79:fe:83:ce:88:45:4c:8b:d8:
                    b1:89:33:a8:16:ec:e8:93:81:6f:32:2a:05:6b:1d:
                    6f:d3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                52:B5:6E:17:C7:DA:A2:8B:4B:5A:76:85:C6:31:34:C2:26:8E:82:96
            X509v3 Authority Key Identifier:
                keyid:AD:56:B6:71:87:A9:8B:A3:14:08:44:05:79:7B:D9:65:6E:8A:C8:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/rVa2cYepi6MUCEQFeXvZZW6KyLo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/rVa2cYepi6MUCEQFeXvZZW6KyLo.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/B228FE46257C11E79EE15E3CC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  123.172.0.0/20

    Signature Algorithm: sha256WithRSAEncryption
         b3:d7:4f:ec:0a:10:c9:b5:cb:a1:21:c2:fa:32:1b:14:3d:63:
         09:31:b1:f2:a0:df:ac:38:15:ea:84:e5:e7:37:3e:f0:3c:51:
         73:03:41:da:3c:20:84:42:9b:b2:70:13:d0:c9:65:d8:23:72:
         55:0a:ef:be:1d:63:74:41:f6:5a:e9:b7:62:f0:77:b1:76:ae:
         b8:80:d3:6c:cc:65:46:b4:73:78:fe:d9:7e:ca:5b:40:4c:e0:
         dc:44:ed:b6:fa:58:51:ac:2d:2c:e2:c6:e4:03:56:89:c8:2a:
         ca:fd:52:72:84:0e:03:8b:82:3e:db:74:40:53:01:36:16:e0:
         fb:8d:cc:c1:24:01:5b:0d:e6:e9:37:b8:bb:5f:ec:a6:a2:f5:
         10:04:5f:98:f3:d5:b9:7d:ed:3d:e3:7d:81:67:67:9a:3d:53:
         6e:66:c3:4e:bc:b0:c9:be:09:7d:6f:72:c8:fb:74:1e:2d:80:
         5d:e4:7d:f5:9d:31:db:17:5b:e5:1a:ff:d8:80:8a:5f:ee:7a:
         3d:b9:61:d1:f1:2f:39:28:d6:4c:36:ac:d6:79:d3:b5:98:6d:
         6e:48:87:f4:77:1b:27:a3:6a:71:ba:27:76:c7:f1:c1:5c:52:
         06:26:b5:26:e4:63:21:9a:1c:32:25:1f:d8:9f:97:87:59:33:
         df:f2:17:cf
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICH24wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NEVBRTQxMTAvBgNVBAUTKEFENTZCNjcxODdBOThCQTMxNDA4NDQwNTc5N0JEOTY1
NkU4QUM4QkEwHhcNMjUwODMwMTYzNTMyWhcNMjYxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGIzMjg1NC05N2Y1MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA03cL+hm8EUQ/bdrCOkct93SbryXZkhOcXboZOu04Y3s/vGEctCrlT0zlL+3P
KAARrxulfD/7eZpZ0+yUUAf0H+RAsnZdVwt/0BN1lMq2VsRbfGt0JlxtDZh5ovG8
NFVxvZrdx5quEQWEHHQ+U7QuR9S/hcvx4UuaDTngGgoLVLdT7MzjSOFBmu0pbZkE
9jgLVUwi5soRAeKSNDHJV8+rtL378cZvMgMf+fghBB+L91+zbQW3a3MNgnAChmYS
5zzM1obeLgimilFE1uM6EItihBBqXJyapd7MN9dIH90nJ0+9d3Fj06Z5/oPOiEVM
i9ixiTOoFuzok4FvMioFax1v0wIDAQABo4IClTCCApEwHQYDVR0OBBYEFFK1bhfH
2qKLS1p2hcYxNMImjoKWMB8GA1UdIwQYMBaAFK1WtnGHqYujFAhEBXl72WVuisi6
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0RUFFNC82NzUzQjhBRTI1
NzUxMUU3QUMwRDE3MkFDNEY5QUUwMi9yVmEyY1llcGk2TVVDRVFGZVh2WlpXNkt5
TG8uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3JWYTJjWWVwaTZNVUNFUUZlWHZaWlc2S3lMby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NEVBRTQvNjc1M0I4QUUyNTc1MTFFN0FDMEQxNzJBQzRGOUFFMDIvQjIyOEZFNDYy
NTdDMTFFNzlFRTE1RTNDQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAR7rAAwDQYJKoZIhvcNAQELBQADggEBALPXT+wKEMm1y6Eh
wvoyGxQ9YwkxsfKg36w4FeqE5ec3PvA8UXMDQdo8IIRCm7JwE9DJZdgjclUK774d
Y3RB9lrpt2Lwd7F2rriA02zMZUa0c3j+2X7KW0BM4NxE7bb6WFGsLSzixuQDVonI
Ksr9UnKEDgOLgj7bdEBTATYW4PuNzMEkAVsN5uk3uLtf7Kai9RAEX5jz1bl97T3j
fYFnZ5o9U25mw068sMm+CX1vcsj7dB4tgF3kffWdMdsXW+Ua/9iAil/uej25YdHx
Lzko1kw2rNZ507WYbW5Ih/R3GyejanG6J3bH8cFcUgYmtSbkYyGaHDIlH9ifl4dZ
M9/yF88=
-----END CERTIFICATE-----
Generated at Mon Oct 20 17:49:32 2025 by rpki-client