Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9194E03/3F48F2241DA611E29A075D9D08B02CD2/2A24EFB878D011F08CEB9275C4F9AE02.roa
File:                     2A24EFB878D011F08CEB9275C4F9AE02.roa (raw, json)
Hash identifier:          civYJKjv+rMWikYh4a7W2bxU8PQ81xsHn2H6a66BKGA=
Subject key identifier:   EE:DB:BE:83:EF:4C:C8:E8:64:24:63:4F:EA:01:F7:CD:1F:CE:F8:8C
Certificate issuer:       /CN=A9194E03/serialNumber=E39AB1D07B50DBB9ABE2CB51CD9B1E3A5A854521
Certificate serial:       34E8
Authority key identifier: E3:9A:B1:D0:7B:50:DB:B9:AB:E2:CB:51:CD:9B:1E:3A:5A:85:45:21
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/45qx0HtQ27mr4stRzZseOlqFRSE.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9194E03/3F48F2241DA611E29A075D9D08B02CD2/2A24EFB878D011F08CEB9275C4F9AE02.roa
Signing time:             Thu 02 Oct 2025 15:41:09 +0000
ROA not before:           Thu 02 Oct 2025 15:41:09 +0000
ROA not after:            Wed 30 Dec 2026 00:00:00 +0000
asID:                     132827
IP address blocks:        27.123.208.0/22 maxlen: 22
                          101.0.8.0/24 maxlen: 24
                          101.0.9.0/24 maxlen: 24
                          101.0.10.0/24 maxlen: 24
                          101.0.11.0/24 maxlen: 24
                          101.0.24.0/24 maxlen: 24
                          101.0.25.0/24 maxlen: 24
                          101.0.26.0/23 maxlen: 23
                          103.3.16.0/24 maxlen: 24
                          103.3.17.0/24 maxlen: 24
                          103.3.19.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9194E03/3F48F2241DA611E29A075D9D08B02CD2/45qx0HtQ27mr4stRzZseOlqFRSE.crl
                          rsync://rpki.apnic.net/member_repository/A9194E03/3F48F2241DA611E29A075D9D08B02CD2/45qx0HtQ27mr4stRzZseOlqFRSE.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/45qx0HtQ27mr4stRzZseOlqFRSE.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 25 Oct 2025 15:20:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 13544 (0x34e8)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9194E03, serialNumber=E39AB1D07B50DBB9ABE2CB51CD9B1E3A5A854521
        Validity
            Not Before: Oct  2 15:41:09 2025 GMT
            Not After : Dec 30 00:00:00 2026 GMT
        Subject: CN=68de9d15-1d8f
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cb:5a:35:3e:9e:55:f2:80:ca:d5:e9:58:c0:46:
                    63:15:23:98:c1:0b:9d:5f:5f:d9:db:91:7e:2c:95:
                    63:40:61:92:2a:77:6f:71:df:d8:6b:4f:54:73:2f:
                    20:d6:e7:e5:b0:41:50:1e:f0:67:2e:74:7b:cf:fc:
                    75:ad:81:8c:00:fb:e7:6a:d0:42:59:b9:fe:d0:ad:
                    d5:08:81:a0:5b:8a:d2:1f:67:f6:9f:35:e3:eb:ea:
                    e4:1d:e8:e5:64:a7:70:08:83:7c:c6:f4:3a:67:d1:
                    cc:97:0c:73:a2:fb:23:9e:42:af:e4:e0:71:14:2d:
                    58:07:8c:5a:8a:4d:92:7a:c5:b9:48:e2:d4:8b:5b:
                    d9:bb:cd:e4:30:1e:a7:49:86:86:02:ec:0a:a8:e9:
                    83:22:97:d9:96:f0:71:08:fd:65:6c:ad:4b:66:7c:
                    b6:a8:46:53:5b:8f:8b:a7:95:0e:e5:f5:17:15:b9:
                    74:b8:2a:37:01:5f:b6:68:a9:e5:f2:57:67:d8:19:
                    6c:92:f5:a5:38:1e:6b:6d:a9:da:91:c2:14:22:09:
                    28:8d:fa:f8:d0:ec:5e:47:83:bc:86:ea:89:6c:84:
                    92:a9:88:61:ac:d0:4f:51:be:24:96:0c:d2:a9:a0:
                    5d:fb:c1:5b:ea:35:29:b1:48:b6:c9:2f:35:cf:91:
                    a5:4d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                EE:DB:BE:83:EF:4C:C8:E8:64:24:63:4F:EA:01:F7:CD:1F:CE:F8:8C
            X509v3 Authority Key Identifier:
                keyid:E3:9A:B1:D0:7B:50:DB:B9:AB:E2:CB:51:CD:9B:1E:3A:5A:85:45:21

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9194E03/3F48F2241DA611E29A075D9D08B02CD2/45qx0HtQ27mr4stRzZseOlqFRSE.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/45qx0HtQ27mr4stRzZseOlqFRSE.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9194E03/3F48F2241DA611E29A075D9D08B02CD2/2A24EFB878D011F08CEB9275C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  27.123.208.0/22
                  101.0.8.0/22
                  101.0.24.0/22
                  103.3.16.0/23
                  103.3.19.0/24

    Signature Algorithm: sha256WithRSAEncryption
         a6:d7:f8:f3:2a:95:34:e0:b5:1c:23:f5:f1:9c:6f:46:bb:42:
         e4:ce:de:0a:58:7c:dc:1d:45:31:1a:2f:0b:3d:ae:56:c6:27:
         0e:95:a1:7b:c8:7d:2b:37:ac:a3:f9:ee:08:43:17:10:36:71:
         23:89:94:86:f8:39:25:15:e9:f8:9c:e5:e5:77:a0:0e:23:3e:
         f5:15:9d:92:97:de:1a:80:55:e9:a3:51:73:90:c1:c2:4b:db:
         ef:5a:39:e0:3b:6f:0e:9a:bd:4a:24:00:f3:ce:52:00:88:3a:
         36:a9:d4:e7:59:09:f5:11:fd:f5:8f:16:31:85:72:aa:c1:8f:
         31:ac:01:28:04:8a:a8:be:07:07:1b:3d:80:3d:bc:5e:bc:4a:
         40:08:6b:ec:72:d5:50:a7:aa:bc:89:f7:a6:19:24:59:f7:24:
         8c:90:50:52:1b:82:7e:eb:92:83:bb:c0:55:e1:90:ec:30:71:
         78:58:fb:9a:8a:24:50:8d:52:e6:e2:ca:fd:6c:ad:39:d9:7f:
         4f:12:83:16:5b:11:a2:a7:7b:27:5e:77:3a:99:79:fb:c6:a2:
         65:8d:b2:83:5f:c5:3d:78:00:2e:91:86:15:3b:41:55:a1:9f:
         26:af:c1:48:0d:47:e0:01:e1:1f:a8:c3:86:df:18:ad:34:6d:
         13:a4:a1:60
-----BEGIN CERTIFICATE-----
MIIFiTCCBHGgAwIBAgICNOgwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OTRFMDMxMTAvBgNVBAUTKEUzOUFCMUQwN0I1MERCQjlBQkUyQ0I1MUNEOUIxRTNB
NUE4NTQ1MjEwHhcNMjUxMDAyMTU0MTA5WhcNMjYxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGRlOWQxNS0xZDhmMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAy1o1Pp5V8oDK1elYwEZjFSOYwQudX1/Z25F+LJVjQGGSKndvcd/Ya09Ucy8g
1uflsEFQHvBnLnR7z/x1rYGMAPvnatBCWbn+0K3VCIGgW4rSH2f2nzXj6+rkHejl
ZKdwCIN8xvQ6Z9HMlwxzovsjnkKv5OBxFC1YB4xaik2SesW5SOLUi1vZu83kMB6n
SYaGAuwKqOmDIpfZlvBxCP1lbK1LZny2qEZTW4+Lp5UO5fUXFbl0uCo3AV+2aKnl
8ldn2BlskvWlOB5rbanakcIUIgkojfr40OxeR4O8huqJbISSqYhhrNBPUb4klgzS
qaBd+8Fb6jUpsUi2yS81z5GlTQIDAQABo4ICrTCCAqkwHQYDVR0OBBYEFO7bvoPv
TMjoZCRjT+oB980fzviMMB8GA1UdIwQYMBaAFOOasdB7UNu5q+LLUc2bHjpahUUh
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5NEUwMy8zRjQ4RjIyNDFE
QTYxMUUyOUEwNzVEOUQwOEIwMkNEMi80NXF4MEh0UTI3bXI0c3RSelpzZU9scUZS
U0UuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzQ1cXgwSHRRMjdtcjRzdFJ6WnNlT2xxRlJTRS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OTRFMDMvM0Y0OEYyMjQxREE2MTFFMjlBMDc1RDlEMDhCMDJDRDIvMkEyNEVGQjg3
OEQwMTFGMDhDRUI5Mjc1QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwNwYIKwYBBQUHAQcBAf8E
KDAmMCQEAgABMB4DBAIbe9ADBAJlAAgDBAJlABgDBAFnAxADBABnAxMwDQYJKoZI
hvcNAQELBQADggEBAKbX+PMqlTTgtRwj9fGcb0a7QuTO3gpYfNwdRTEaLws9rlbG
Jw6VoXvIfSs3rKP57ghDFxA2cSOJlIb4OSUV6fic5eV3oA4jPvUVnZKX3hqAVemj
UXOQwcJL2+9aOeA7bw6avUokAPPOUgCIOjap1OdZCfUR/fWPFjGFcqrBjzGsASgE
iqi+BwcbPYA9vF68SkAIa+xy1VCnqryJ96YZJFn3JIyQUFIbgn7rkoO7wFXhkOww
cXhY+5qKJFCNUubiyv1srTnZf08SgxZbEaKneydedzqZefvGomWNsoNfxT14AC6R
hhU7QVWhnyavwUgNR+AB4R+ow4bfGK00bROkoWA=
-----END CERTIFICATE-----
Generated at Mon Oct 20 14:01:55 2025 by rpki-client