Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9191A09/4ACFF3601D9011E2B87CF2EF08B02CD2/F8A618E05E3511F0ACCE4C26C4F9AE02.roa
File:                     F8A618E05E3511F0ACCE4C26C4F9AE02.roa (raw, json)
Hash identifier:          m2j1B34dLV8e+8aZDtrd8sUHvxPLnZ+q1nP+VwT9JTY=
Subject key identifier:   38:EC:15:A2:AD:7D:D2:57:DC:88:30:F6:8E:58:FE:7D:1F:A5:BD:4D
Certificate issuer:       /CN=A9191A09/serialNumber=ACF2C8D0DCFBA74516B33CEBE26AE14F8B067C80
Certificate serial:       3534
Authority key identifier: AC:F2:C8:D0:DC:FB:A7:45:16:B3:3C:EB:E2:6A:E1:4F:8B:06:7C:80
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/rPLI0Nz7p0UWszzr4mrhT4sGfIA.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9191A09/4ACFF3601D9011E2B87CF2EF08B02CD2/F8A618E05E3511F0ACCE4C26C4F9AE02.roa
Signing time:             Fri 11 Jul 2025 09:03:54 +0000
ROA not before:           Fri 11 Jul 2025 09:03:54 +0000
ROA not after:            Mon 02 Mar 2026 00:00:00 +0000
asID:                     24492
IP address blocks:        27.111.8.0/22 maxlen: 24
                          43.245.216.0/22 maxlen: 24
                          49.156.32.0/20 maxlen: 24
                          103.17.212.0/22 maxlen: 24
                          116.206.16.0/22 maxlen: 24
                          119.15.80.0/20 maxlen: 24
                          202.79.24.0/21 maxlen: 24
                          218.100.71.0/24 maxlen: 24
                          2405:1a00::/32 maxlen: 36
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9191A09/4ACFF3601D9011E2B87CF2EF08B02CD2/rPLI0Nz7p0UWszzr4mrhT4sGfIA.crl
                          rsync://rpki.apnic.net/member_repository/A9191A09/4ACFF3601D9011E2B87CF2EF08B02CD2/rPLI0Nz7p0UWszzr4mrhT4sGfIA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/rPLI0Nz7p0UWszzr4mrhT4sGfIA.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Wed 23 Jul 2025 14:41:43 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 13620 (0x3534)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9191A09, serialNumber=ACF2C8D0DCFBA74516B33CEBE26AE14F8B067C80
        Validity
            Not Before: Jul 11 09:03:54 2025 GMT
            Not After : Mar  2 00:00:00 2026 GMT
        Subject: CN=6870d37a-b6e1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9d:63:2c:0d:5f:22:02:b2:e2:c3:95:c8:54:43:
                    84:e5:25:1e:54:e8:ab:10:27:7f:fd:01:7b:07:e4:
                    b4:cd:6f:4f:4e:40:ee:cb:97:eb:28:68:04:0c:2e:
                    8c:71:36:e2:6e:9d:ca:cf:8c:55:54:0e:65:cf:35:
                    46:e5:a6:af:7d:23:46:7b:3c:f0:25:fe:19:94:2b:
                    ad:c9:81:9f:d0:62:cc:5d:f5:8b:e5:8d:7a:75:9f:
                    ea:92:27:87:69:39:bc:89:9b:04:2b:b7:0c:cf:7e:
                    02:c3:55:29:01:09:5f:47:9f:57:98:f5:92:64:3c:
                    2e:4a:3e:17:16:a7:3c:2c:b1:57:d3:da:c5:69:d8:
                    4a:bc:46:a8:d2:49:85:20:9f:83:32:38:52:7d:f5:
                    74:33:a1:79:56:ed:ce:06:f4:2c:4b:8a:f4:50:cd:
                    df:8b:55:2c:49:55:e0:ef:af:1a:ff:24:12:6d:b8:
                    aa:82:86:c5:70:df:6a:f5:e7:81:75:74:4f:19:3c:
                    19:fa:41:ea:ad:ab:11:ee:29:48:33:15:3f:62:fd:
                    69:43:27:7c:02:0b:17:76:6f:7d:12:e0:db:66:84:
                    47:c1:3e:f2:6f:f9:1b:5d:e9:45:d5:28:0f:eb:48:
                    6b:3b:21:76:a2:2c:93:8d:7d:9c:4b:8d:85:3f:b4:
                    3a:7d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:EC:15:A2:AD:7D:D2:57:DC:88:30:F6:8E:58:FE:7D:1F:A5:BD:4D
            X509v3 Authority Key Identifier:
                keyid:AC:F2:C8:D0:DC:FB:A7:45:16:B3:3C:EB:E2:6A:E1:4F:8B:06:7C:80

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9191A09/4ACFF3601D9011E2B87CF2EF08B02CD2/rPLI0Nz7p0UWszzr4mrhT4sGfIA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/rPLI0Nz7p0UWszzr4mrhT4sGfIA.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9191A09/4ACFF3601D9011E2B87CF2EF08B02CD2/F8A618E05E3511F0ACCE4C26C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  27.111.8.0/22
                  43.245.216.0/22
                  49.156.32.0/20
                  103.17.212.0/22
                  116.206.16.0/22
                  119.15.80.0/20
                  202.79.24.0/21
                  218.100.71.0/24
                IPv6:
                  2405:1a00::/32

    Signature Algorithm: sha256WithRSAEncryption
         d6:46:9a:18:8a:55:8a:3c:1f:d1:bc:37:cf:7b:27:42:60:1b:
         41:8f:69:2d:4d:98:a8:de:67:6a:1e:e1:f6:4d:a7:6c:28:82:
         03:ec:ce:23:cb:1b:fd:56:8a:68:1f:c4:c3:8c:7c:f8:be:c4:
         42:3f:18:ee:cd:2f:b3:3b:aa:c6:a8:ef:9f:eb:10:b1:bf:65:
         fe:32:6d:3a:56:f6:9a:e4:5a:ec:ce:18:dd:30:49:82:c8:b5:
         2c:36:ba:2e:d2:6c:c5:fa:b5:6a:c1:7e:e3:ad:cf:41:d1:29:
         02:71:8d:44:45:4d:0a:8e:74:27:3e:53:e8:e0:c7:3d:78:af:
         ac:ff:8b:81:df:f6:37:f5:f4:95:1f:03:a2:8e:39:71:91:72:
         cc:8a:a0:d2:b3:61:60:65:c9:0c:5e:61:a6:65:93:26:be:aa:
         cf:4a:c9:66:38:9a:ea:6f:6f:8b:5a:32:84:d5:2e:b7:41:0e:
         f6:62:12:a1:fa:19:3e:2e:22:18:1a:1b:92:02:6e:77:e2:ad:
         62:e1:f2:7e:c5:fa:f8:77:2f:42:f7:c5:a8:b7:fe:68:90:5c:
         4d:9b:a1:57:36:82:da:15:f7:27:9d:b1:b8:3f:a2:b3:72:ce:
         a0:54:ac:a0:60:dd:02:0c:b6:b7:6e:91:c3:9e:ef:36:30:7a:
         e6:55:65:c8
-----BEGIN CERTIFICATE-----
MIIFqjCCBJKgAwIBAgICNTQwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OTFBMDkxMTAvBgNVBAUTKEFDRjJDOEQwRENGQkE3NDUxNkIzM0NFQkUyNkFFMTRG
OEIwNjdDODAwHhcNMjUwNzExMDkwMzU0WhcNMjYwMzAyMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODcwZDM3YS1iNmUxMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAnWMsDV8iArLiw5XIVEOE5SUeVOirECd//QF7B+S0zW9PTkDuy5frKGgEDC6M
cTbibp3Kz4xVVA5lzzVG5aavfSNGezzwJf4ZlCutyYGf0GLMXfWL5Y16dZ/qkieH
aTm8iZsEK7cMz34Cw1UpAQlfR59XmPWSZDwuSj4XFqc8LLFX09rFadhKvEao0kmF
IJ+DMjhSffV0M6F5Vu3OBvQsS4r0UM3fi1UsSVXg768a/yQSbbiqgobFcN9q9eeB
dXRPGTwZ+kHqrasR7ilIMxU/Yv1pQyd8AgsXdm99EuDbZoRHwT7yb/kbXelF1SgP
60hrOyF2oiyTjX2cS42FP7Q6fQIDAQABo4ICzjCCAsowHQYDVR0OBBYEFDjsFaKt
fdJX3Igw9o5Y/n0fpb1NMB8GA1UdIwQYMBaAFKzyyNDc+6dFFrM86+Jq4U+LBnyA
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5MUEwOS80QUNGRjM2MDFE
OTAxMUUyQjg3Q0YyRUYwOEIwMkNEMi9yUExJME56N3AwVVdzenpyNG1yaFQ0c0dm
SUEuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3JQTEkwTno3cDBVV3N6enI0bXJoVDRzR2ZJQS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OTFBMDkvNEFDRkYzNjAxRDkwMTFFMkI4N0NGMkVGMDhCMDJDRDIvRjhBNjE4RTA1
RTM1MTFGMEFDQ0U0QzI2QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwWAYIKwYBBQUHAQcBAf8E
STBHMDYEAgABMDADBAIbbwgDBAIr9dgDBAQxnCADBAJnEdQDBAJ0zhADBAR3D1AD
BAPKTxgDBADaZEcwDQQCAAIwBwMFACQFGgAwDQYJKoZIhvcNAQELBQADggEBANZG
mhiKVYo8H9G8N897J0JgG0GPaS1NmKjeZ2oe4fZNp2woggPsziPLG/1WimgfxMOM
fPi+xEI/GO7NL7M7qsao75/rELG/Zf4ybTpW9prkWuzOGN0wSYLItSw2ui7SbMX6
tWrBfuOtz0HRKQJxjURFTQqOdCc+U+jgxz14r6z/i4Hf9jf19JUfA6KOOXGRcsyK
oNKzYWBlyQxeYaZlkya+qs9KyWY4mupvb4taMoTVLrdBDvZiEqH6GT4uIhgaG5IC
bnfirWLh8n7F+vh3L0L3xai3/miQXE2boVc2gtoV9yedsbg/orNyzqBUrKBg3QIM
trdukcOe7zYweuZVZcg=
-----END CERTIFICATE-----
Generated at Thu Jul 17 11:10:48 2025 by rpki-client