Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/B33C5F9C05FB11EE9D130335C4F9AE02.roa
File:                     B33C5F9C05FB11EE9D130335C4F9AE02.roa (raw, json)
Hash identifier:          Lvk9jUc2nOmVqiloTp/GHNCkrAD4k8B4c9WxpWLobz0=
Subject key identifier:   CD:28:4D:49:E5:75:A3:13:44:48:A2:23:F6:F9:EB:A1:E3:33:48:7D
Certificate issuer:       /CN=A914EAE4/serialNumber=AD56B67187A98BA314084405797BD9656E8AC8BA
Certificate serial:       1F6F
Authority key identifier: AD:56:B6:71:87:A9:8B:A3:14:08:44:05:79:7B:D9:65:6E:8A:C8:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/rVa2cYepi6MUCEQFeXvZZW6KyLo.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/B33C5F9C05FB11EE9D130335C4F9AE02.roa
Signing time:             Sat 30 Aug 2025 16:35:33 +0000
ROA not before:           Sat 30 Aug 2025 16:35:33 +0000
ROA not after:            Tue 01 Dec 2026 00:00:00 +0000
asID:                     23650
IP address blocks:        121.227.30.0/23 maxlen: 23
                          218.30.129.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/rVa2cYepi6MUCEQFeXvZZW6KyLo.crl
                          rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/rVa2cYepi6MUCEQFeXvZZW6KyLo.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/rVa2cYepi6MUCEQFeXvZZW6KyLo.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 25 Oct 2025 16:37:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 8047 (0x1f6f)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A914EAE4, serialNumber=AD56B67187A98BA314084405797BD9656E8AC8BA
        Validity
            Not Before: Aug 30 16:35:33 2025 GMT
            Not After : Dec  1 00:00:00 2026 GMT
        Subject: CN=68b32855-73bc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ec:23:b9:8e:36:34:9f:b8:0c:ef:24:9b:15:12:
                    32:cc:70:19:ce:a5:e7:d6:f2:15:70:28:34:d9:ea:
                    f1:98:af:86:3d:b2:a6:ca:1d:35:e7:e2:f4:9c:ba:
                    27:b1:56:92:85:60:6f:63:e4:6d:46:17:1f:bc:48:
                    56:e3:a3:5a:5e:f2:96:51:26:de:c8:5c:91:5b:dc:
                    25:f9:7e:c0:56:2e:87:5d:43:41:69:63:e4:e3:40:
                    4d:59:1f:25:38:e6:2e:dc:db:cd:6e:33:be:da:cd:
                    e8:68:65:03:35:5c:b3:8e:e1:24:bc:4c:fe:2e:a3:
                    d3:51:5c:5b:6a:ff:9b:02:d1:36:1a:36:d8:5e:66:
                    26:df:ef:80:27:80:84:0c:21:03:bb:0a:f9:3f:3b:
                    7f:88:f5:93:4c:bd:f8:81:39:c2:fe:ac:44:b8:19:
                    e6:77:c3:82:62:cb:95:7a:aa:5a:0f:f5:35:d8:b0:
                    18:41:52:d2:74:62:69:38:02:da:34:7e:2a:8f:10:
                    e5:9f:76:ae:87:55:08:5a:88:73:45:f8:76:c4:7e:
                    33:d7:1f:db:d0:a5:90:57:19:dd:81:1b:4a:ad:8c:
                    ce:1e:56:03:8f:7d:19:e2:de:de:cc:4b:39:fd:bb:
                    3e:d4:c6:54:c6:e2:e4:4c:2f:18:5d:cc:ea:58:a3:
                    fe:89
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                CD:28:4D:49:E5:75:A3:13:44:48:A2:23:F6:F9:EB:A1:E3:33:48:7D
            X509v3 Authority Key Identifier:
                keyid:AD:56:B6:71:87:A9:8B:A3:14:08:44:05:79:7B:D9:65:6E:8A:C8:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/rVa2cYepi6MUCEQFeXvZZW6KyLo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/rVa2cYepi6MUCEQFeXvZZW6KyLo.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/B33C5F9C05FB11EE9D130335C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  121.227.30.0/23
                  218.30.129.0/24

    Signature Algorithm: sha256WithRSAEncryption
         0c:4e:74:f8:5f:db:2c:2f:eb:bc:e9:f2:16:26:00:d4:e0:0e:
         2c:c9:b1:6b:57:bb:26:d5:4c:4d:12:d2:d3:63:4d:6d:56:dd:
         ac:76:fd:3e:93:9a:20:21:2e:6e:04:84:71:7b:ca:06:dd:7b:
         6f:6a:48:5e:5d:cd:b1:22:02:9c:9f:e1:03:49:a7:b9:19:33:
         68:f7:ea:22:16:21:bb:d3:e1:cb:e8:65:ac:6e:b9:61:f1:75:
         93:84:8d:59:1c:0f:c4:05:88:68:11:82:19:99:40:f6:2b:5c:
         51:9d:5e:3c:39:3c:d7:41:92:e6:d7:4b:62:a8:10:07:6c:ab:
         9f:1e:1a:f7:55:40:29:b7:9f:c8:c1:9c:de:f7:50:8d:92:2b:
         4b:5d:54:59:51:af:cd:2a:9d:1b:c2:84:2f:f1:02:ea:fc:85:
         b8:71:fa:a1:b2:0c:ca:df:bf:23:2f:cf:b2:2d:42:8e:b8:c8:
         0b:a0:94:9b:10:58:40:40:58:a6:3f:da:67:95:d0:d0:17:c5:
         76:c7:10:08:d2:62:8b:7f:76:e4:ba:d4:7a:26:d3:bb:a2:fb:
         79:f3:c1:0b:b8:32:ff:b3:29:6d:68:20:3e:2e:f3:2d:68:8d:
         83:27:42:1e:2a:84:8b:21:ee:da:ef:4d:df:12:58:d4:25:0d:
         b0:88:27:22
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICH28wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NEVBRTQxMTAvBgNVBAUTKEFENTZCNjcxODdBOThCQTMxNDA4NDQwNTc5N0JEOTY1
NkU4QUM4QkEwHhcNMjUwODMwMTYzNTMzWhcNMjYxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGIzMjg1NS03M2JjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA7CO5jjY0n7gM7ySbFRIyzHAZzqXn1vIVcCg02erxmK+GPbKmyh015+L0nLon
sVaShWBvY+RtRhcfvEhW46NaXvKWUSbeyFyRW9wl+X7AVi6HXUNBaWPk40BNWR8l
OOYu3NvNbjO+2s3oaGUDNVyzjuEkvEz+LqPTUVxbav+bAtE2GjbYXmYm3++AJ4CE
DCEDuwr5Pzt/iPWTTL34gTnC/qxEuBnmd8OCYsuVeqpaD/U12LAYQVLSdGJpOALa
NH4qjxDln3auh1UIWohzRfh2xH4z1x/b0KWQVxndgRtKrYzOHlYDj30Z4t7ezEs5
/bs+1MZUxuLkTC8YXczqWKP+iQIDAQABo4ICmzCCApcwHQYDVR0OBBYEFM0oTUnl
daMTREiiI/b566HjM0h9MB8GA1UdIwQYMBaAFK1WtnGHqYujFAhEBXl72WVuisi6
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0RUFFNC82NzUzQjhBRTI1
NzUxMUU3QUMwRDE3MkFDNEY5QUUwMi9yVmEyY1llcGk2TVVDRVFGZVh2WlpXNkt5
TG8uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3JWYTJjWWVwaTZNVUNFUUZlWHZaWlc2S3lMby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NEVBRTQvNjc1M0I4QUUyNTc1MTFFN0FDMEQxNzJBQzRGOUFFMDIvQjMzQzVGOUMw
NUZCMTFFRTlEMTMwMzM1QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBAF54x4DBADaHoEwDQYJKoZIhvcNAQELBQADggEBAAxOdPhf
2ywv67zp8hYmANTgDizJsWtXuybVTE0S0tNjTW1W3ax2/T6TmiAhLm4EhHF7ygbd
e29qSF5dzbEiApyf4QNJp7kZM2j36iIWIbvT4cvoZaxuuWHxdZOEjVkcD8QFiGgR
ghmZQPYrXFGdXjw5PNdBkubXS2KoEAdsq58eGvdVQCm3n8jBnN73UI2SK0tdVFlR
r80qnRvChC/xAur8hbhx+qGyDMrfvyMvz7ItQo64yAuglJsQWEBAWKY/2meV0NAX
xXbHEAjSYot/duS61Hom07ui+3nzwQu4Mv+zKW1oID4u8y1ojYMnQh4qhIsh7trv
Td8SWNQlDbCIJyI=
-----END CERTIFICATE-----
Generated at Mon Oct 20 17:49:24 2025 by rpki-client