Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A916807A/0263AB483E8811EDA61A9B2AC4F9AE02/2DE0A80251B311F0B5484379C4F9AE02.roa
File:                     2DE0A80251B311F0B5484379C4F9AE02.roa (raw, json)
Hash identifier:          65RTD6y1rAYkfh/dg3rdS7+Xv2sTjKltPtbnzB/c3wk=
Subject key identifier:   8C:22:C5:1E:BC:CC:85:ED:A6:2B:EF:A1:42:52:B9:63:DF:F5:A5:FE
Certificate issuer:       /CN=A916807A/serialNumber=729E2F9C1D87C214735078CFD21C638E07157B5D
Certificate serial:       0258
Authority key identifier: 72:9E:2F:9C:1D:87:C2:14:73:50:78:CF:D2:1C:63:8E:07:15:7B:5D
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/cp4vnB2HwhRzUHjP0hxjjgcVe10.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A916807A/0263AB483E8811EDA61A9B2AC4F9AE02/2DE0A80251B311F0B5484379C4F9AE02.roa
Signing time:             Wed 25 Jun 2025 10:57:26 +0000
ROA not before:           Wed 25 Jun 2025 10:57:26 +0000
ROA not after:            Tue 30 Dec 2025 00:00:00 +0000
asID:                     138868
IP address blocks:        202.155.116.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A916807A/0263AB483E8811EDA61A9B2AC4F9AE02/cp4vnB2HwhRzUHjP0hxjjgcVe10.crl
                          rsync://rpki.apnic.net/member_repository/A916807A/0263AB483E8811EDA61A9B2AC4F9AE02/cp4vnB2HwhRzUHjP0hxjjgcVe10.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/cp4vnB2HwhRzUHjP0hxjjgcVe10.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Thu 10 Jul 2025 02:23:29 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 600 (0x258)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A916807A, serialNumber=729E2F9C1D87C214735078CFD21C638E07157B5D
        Validity
            Not Before: Jun 25 10:57:26 2025 GMT
            Not After : Dec 30 00:00:00 2025 GMT
        Subject: CN=685bd616-33a8
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d0:25:c3:ed:c3:ed:29:63:7d:33:99:56:15:25:
                    4e:ef:85:b0:fd:fb:a9:0f:22:99:67:70:a5:83:9d:
                    eb:91:34:42:bf:74:fa:de:cd:0a:40:c9:df:98:c2:
                    dd:ff:b5:77:a5:da:08:5f:bd:14:ef:23:23:39:3b:
                    4f:13:8d:49:60:c2:f5:43:70:1b:47:4e:8b:2d:25:
                    ca:e9:ac:80:2f:bb:95:4a:4c:cd:89:57:21:3d:f3:
                    da:09:85:37:44:b7:56:23:08:af:03:73:03:d5:ec:
                    4f:31:1d:c8:d5:2c:1c:a6:da:53:6a:49:33:a7:24:
                    9b:8b:a7:9d:70:33:51:0b:aa:8d:ee:a2:87:27:84:
                    93:32:f4:90:f4:82:b7:d9:a4:15:21:cd:d7:63:ee:
                    79:ae:76:7b:87:05:82:12:c8:0a:b0:27:30:8f:2e:
                    27:90:c5:bd:84:a7:d4:40:77:b3:44:50:28:31:da:
                    4e:ad:f9:cf:d0:e3:99:98:30:46:94:69:76:1a:69:
                    da:2f:f6:bd:ed:c7:56:32:89:9f:a2:28:45:f5:06:
                    ad:e5:6a:21:79:6e:7e:7c:b5:ec:c5:58:6d:5e:85:
                    ff:25:2b:96:36:27:cf:63:55:1c:92:c4:21:06:cd:
                    3b:10:f2:b8:76:ba:f1:0c:b3:8d:f0:39:f1:72:39:
                    8e:d1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                8C:22:C5:1E:BC:CC:85:ED:A6:2B:EF:A1:42:52:B9:63:DF:F5:A5:FE
            X509v3 Authority Key Identifier:
                keyid:72:9E:2F:9C:1D:87:C2:14:73:50:78:CF:D2:1C:63:8E:07:15:7B:5D

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A916807A/0263AB483E8811EDA61A9B2AC4F9AE02/cp4vnB2HwhRzUHjP0hxjjgcVe10.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/cp4vnB2HwhRzUHjP0hxjjgcVe10.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A916807A/0263AB483E8811EDA61A9B2AC4F9AE02/2DE0A80251B311F0B5484379C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.155.116.0/22

    Signature Algorithm: sha256WithRSAEncryption
         51:d9:38:75:ac:c4:ab:d9:a3:96:b4:8c:83:e9:4c:ed:66:bf:
         e6:31:96:2a:e4:e2:c0:92:b9:7c:3d:58:13:03:0a:06:ce:d0:
         a0:3e:0e:e6:0d:74:3b:a4:0c:8f:3f:8d:d1:70:93:7d:cf:81:
         8f:16:d3:b8:7e:09:0a:11:98:ee:2d:57:a9:d4:4d:7d:7c:83:
         01:c6:24:68:ea:c2:79:c9:81:7e:95:09:3b:80:20:21:ec:38:
         20:f3:88:d2:e1:12:31:94:d1:36:4d:47:00:75:d3:fb:be:e2:
         0d:79:5a:96:cd:21:a3:3f:21:15:1a:95:54:8a:61:0f:1b:b2:
         8a:d0:a5:3a:c3:88:73:78:1e:7a:b9:0c:fb:b7:38:a7:1c:57:
         e7:8f:80:0b:93:29:81:3f:10:ff:9f:bb:94:98:7c:8d:c6:64:
         35:49:df:79:5e:bc:28:76:ea:b4:22:b0:49:78:03:1a:da:4c:
         82:c2:ec:39:9c:92:94:8e:dc:12:4f:26:ec:d2:81:88:da:75:
         69:f1:a6:36:7c:f7:e8:c1:45:16:be:fb:71:d7:06:ad:74:69:
         7c:3d:bd:1d:24:1d:44:98:7d:23:e3:49:f3:2a:b2:ef:7a:02:
         ec:b7:07:8e:c1:9e:75:95:6f:98:5d:60:30:b6:69:fc:27:a9:
         b3:38:1a:0d
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICAlgwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NjgwN0ExMTAvBgNVBAUTKDcyOUUyRjlDMUQ4N0MyMTQ3MzUwNzhDRkQyMUM2MzhF
MDcxNTdCNUQwHhcNMjUwNjI1MTA1NzI2WhcNMjUxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODViZDYxNi0zM2E4MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA0CXD7cPtKWN9M5lWFSVO74Ww/fupDyKZZ3Clg53rkTRCv3T63s0KQMnfmMLd
/7V3pdoIX70U7yMjOTtPE41JYML1Q3AbR06LLSXK6ayAL7uVSkzNiVchPfPaCYU3
RLdWIwivA3MD1exPMR3I1SwcptpTakkzpySbi6edcDNRC6qN7qKHJ4STMvSQ9IK3
2aQVIc3XY+55rnZ7hwWCEsgKsCcwjy4nkMW9hKfUQHezRFAoMdpOrfnP0OOZmDBG
lGl2GmnaL/a97cdWMomfoihF9Qat5WoheW5+fLXsxVhtXoX/JSuWNifPY1UcksQh
Bs07EPK4drrxDLON8DnxcjmO0QIDAQABo4IClTCCApEwHQYDVR0OBBYEFIwixR68
zIXtpivvoUJSuWPf9aX+MB8GA1UdIwQYMBaAFHKeL5wdh8IUc1B4z9IcY44HFXtd
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE2ODA3QS8wMjYzQUI0ODNF
ODgxMUVEQTYxQTlCMkFDNEY5QUUwMi9jcDR2bkIySHdoUnpVSGpQMGh4ampnY1Zl
MTAuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2NwNHZuQjJId2hSelVIalAwaHhqamdjVmUxMC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NjgwN0EvMDI2M0FCNDgzRTg4MTFFREE2MUE5QjJBQzRGOUFFMDIvMkRFMEE4MDI1
MUIzMTFGMEI1NDg0Mzc5QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBALKm3QwDQYJKoZIhvcNAQELBQADggEBAFHZOHWsxKvZo5a0
jIPpTO1mv+Yxlirk4sCSuXw9WBMDCgbO0KA+DuYNdDukDI8/jdFwk33PgY8W07h+
CQoRmO4tV6nUTX18gwHGJGjqwnnJgX6VCTuAICHsOCDziNLhEjGU0TZNRwB10/u+
4g15WpbNIaM/IRUalVSKYQ8bsorQpTrDiHN4Hnq5DPu3OKccV+ePgAuTKYE/EP+f
u5SYfI3GZDVJ33levCh26rQisEl4AxraTILC7DmckpSO3BJPJuzSgYjadWnxpjZ8
9+jBRRa++3HXBq10aXw9vR0kHUSYfSPjSfMqsu96Auy3B47BnnWVb5hdYDC2afwn
qbM4Gg0=
-----END CERTIFICATE-----
Generated at Thu Jul 3 21:49:04 2025 by rpki-client