Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9116BB8/861963163DA411EFAD3EA818C4F9AE02/5B3369383DC911EFAFD59635C4F9AE02.roa
File:                     5B3369383DC911EFAFD59635C4F9AE02.roa (raw, json)
Hash identifier:          7FmlPjs6RdFVVzx2SBNvcWPo4zfkd0/gp7rPFjcGA8U=
Subject key identifier:   38:41:A8:E2:DC:CE:D4:C3:22:A3:79:BF:C3:B4:65:DE:49:DC:C7:BC
Certificate issuer:       /CN=A9116BB8/serialNumber=A4E6EE2A2BD4B6DF3B353BAE6BC4892A6D38EF29
Certificate serial:       F1
Authority key identifier: A4:E6:EE:2A:2B:D4:B6:DF:3B:35:3B:AE:6B:C4:89:2A:6D:38:EF:29
Authority info access:    rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/pObuKivUtt87NTuua8SJKm047yk.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9116BB8/861963163DA411EFAD3EA818C4F9AE02/5B3369383DC911EFAFD59635C4F9AE02.roa
Signing time:             Thu 02 Oct 2025 21:52:17 +0000
ROA not before:           Thu 02 Oct 2025 21:52:17 +0000
ROA not after:            Wed 30 Dec 2026 00:00:00 +0000
asID:                     138995
IP address blocks:        185.203.36.0/24 maxlen: 24
                          185.203.37.0/24 maxlen: 24
                          185.203.38.0/24 maxlen: 24
                          185.203.39.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9116BB8/861963163DA411EFAD3EA818C4F9AE02/pObuKivUtt87NTuua8SJKm047yk.crl
                          rsync://rpki.apnic.net/member_repository/A9116BB8/861963163DA411EFAD3EA818C4F9AE02/pObuKivUtt87NTuua8SJKm047yk.mft
                          rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/pObuKivUtt87NTuua8SJKm047yk.cer
                          rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/DPzneFf88B852ZpitKpi5hWedvg.crl
                          rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/DPzneFf88B852ZpitKpi5hWedvg.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DPzneFf88B852ZpitKpi5hWedvg.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 25 Oct 2025 23:05:48 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 241 (0xf1)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9116BB8, serialNumber=A4E6EE2A2BD4B6DF3B353BAE6BC4892A6D38EF29
        Validity
            Not Before: Oct  2 21:52:17 2025 GMT
            Not After : Dec 30 00:00:00 2026 GMT
        Subject: CN=68def410-70cc
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:bd:98:f0:2f:5a:7e:5b:0a:c7:7c:de:75:f5:3c:
                    6d:57:39:fd:dc:90:f0:33:69:e8:c8:7e:06:43:42:
                    07:ab:f4:7b:d4:3d:16:8e:72:c1:72:83:be:6f:04:
                    aa:40:37:fe:d8:89:19:29:2c:96:b7:75:73:ab:72:
                    d7:0e:4b:59:2f:79:e4:c8:4f:a5:cb:e6:20:72:94:
                    ca:ca:11:e1:5a:43:bd:aa:82:a6:36:9c:6e:72:cb:
                    e5:03:07:3e:16:31:0b:3c:0e:83:e8:9c:90:91:4c:
                    73:7f:d3:89:86:ac:16:4a:6b:27:74:3d:29:56:56:
                    ed:55:67:55:2a:f6:33:1b:02:6e:c6:19:41:a4:39:
                    1f:bc:8d:32:39:c4:f5:b3:0e:fa:c8:57:db:84:cc:
                    61:6b:4f:4a:a2:30:0e:e4:5b:12:e5:1e:3e:04:13:
                    7b:da:4c:cc:04:c1:53:6a:3f:46:fa:3b:f3:58:d7:
                    8a:f0:4b:b6:8a:0d:f4:54:a1:03:49:87:f7:8d:01:
                    fc:39:e2:99:70:db:a3:84:d0:50:17:45:26:83:ef:
                    7b:a7:67:7f:a9:a9:8f:d1:6d:7e:c6:22:15:6a:53:
                    06:48:5b:e0:44:36:c7:bc:e1:d0:0f:0e:cc:3c:2d:
                    02:0d:c8:28:df:89:7a:f7:3b:67:7b:94:2c:d8:23:
                    aa:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                38:41:A8:E2:DC:CE:D4:C3:22:A3:79:BF:C3:B4:65:DE:49:DC:C7:BC
            X509v3 Authority Key Identifier:
                keyid:A4:E6:EE:2A:2B:D4:B6:DF:3B:35:3B:AE:6B:C4:89:2A:6D:38:EF:29

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9116BB8/861963163DA411EFAD3EA818C4F9AE02/pObuKivUtt87NTuua8SJKm047yk.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B322A5F41D6611E2A3F27F7C72FD1FF2/pObuKivUtt87NTuua8SJKm047yk.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9116BB8/861963163DA411EFAD3EA818C4F9AE02/5B3369383DC911EFAFD59635C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  185.203.36.0/22

    Signature Algorithm: sha256WithRSAEncryption
         50:cb:38:2e:1f:7d:f1:d2:af:cd:d7:11:da:48:22:15:00:44:
         6c:31:30:46:6b:b5:f5:43:0b:2a:4a:95:42:63:00:dd:f9:4d:
         8e:96:17:32:e2:97:2a:46:28:f0:06:77:2e:1a:57:80:f3:e4:
         86:7c:ee:86:7b:38:2c:26:15:ae:a6:5f:bc:c2:02:45:30:ea:
         94:97:17:65:eb:5b:a3:59:3f:07:f8:3f:3f:40:f3:28:9b:bf:
         78:5e:5c:0c:6b:c2:9a:27:be:bb:14:21:d9:77:7c:84:dd:97:
         e9:57:57:1f:6a:28:de:6f:3c:3d:91:22:77:e2:f5:15:d9:aa:
         f6:d6:f9:44:8b:1a:d3:b4:79:9c:54:d0:f0:e3:2b:5e:db:e6:
         5d:05:27:31:4d:42:bc:38:69:33:01:e7:6d:da:d0:da:6b:06:
         58:92:4b:b2:c2:fd:e4:ac:6c:b9:3d:10:1a:dc:7d:f5:b8:26:
         a9:1d:7c:d0:64:89:45:df:6c:d8:09:e4:01:58:a5:f5:59:c9:
         c5:01:97:d9:b6:53:e4:f1:77:63:37:61:25:fb:df:24:c5:b3:
         fe:67:93:3b:97:75:00:53:0b:0a:53:48:b0:0d:30:70:c1:71:
         f2:9d:a5:09:be:c3:09:cf:6f:30:0f:8e:23:51:7d:ba:f8:2b:
         86:38:c1:d9
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICAPEwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
MTZCQjgxMTAvBgNVBAUTKEE0RTZFRTJBMkJENEI2REYzQjM1M0JBRTZCQzQ4OTJB
NkQzOEVGMjkwHhcNMjUxMDAyMjE1MjE3WhcNMjYxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGRlZjQxMC03MGNjMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAvZjwL1p+WwrHfN519TxtVzn93JDwM2noyH4GQ0IHq/R71D0WjnLBcoO+bwSq
QDf+2IkZKSyWt3Vzq3LXDktZL3nkyE+ly+YgcpTKyhHhWkO9qoKmNpxucsvlAwc+
FjELPA6D6JyQkUxzf9OJhqwWSmsndD0pVlbtVWdVKvYzGwJuxhlBpDkfvI0yOcT1
sw76yFfbhMxha09KojAO5FsS5R4+BBN72kzMBMFTaj9G+jvzWNeK8Eu2ig30VKED
SYf3jQH8OeKZcNujhNBQF0Umg+97p2d/qamP0W1+xiIValMGSFvgRDbHvOHQDw7M
PC0CDcgo34l69ztne5Qs2COqZQIDAQABo4IClTCCApEwHQYDVR0OBBYEFDhBqOLc
ztTDIqN5v8O0Zd5J3Me8MB8GA1UdIwQYMBaAFKTm7ior1LbfOzU7rmvEiSptOO8p
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTExNkJCOC84NjE5NjMxNjNE
QTQxMUVGQUQzRUE4MThDNEY5QUUwMi9wT2J1S2l2VXR0ODdOVHV1YThTSkttMDQ3
eWsuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzMjJBNUY0MUQ2NjExRTJBM0YyN0Y3Qzcy
RkQxRkYyL3BPYnVLaXZVdHQ4N05UdXVhOFNKS20wNDd5ay5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
MTZCQjgvODYxOTYzMTYzREE0MTFFRkFEM0VBODE4QzRGOUFFMDIvNUIzMzY5Mzgz
REM5MTFFRkFGRDU5NjM1QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBAK5yyQwDQYJKoZIhvcNAQELBQADggEBAFDLOC4fffHSr83X
EdpIIhUARGwxMEZrtfVDCypKlUJjAN35TY6WFzLilypGKPAGdy4aV4Dz5IZ87oZ7
OCwmFa6mX7zCAkUw6pSXF2XrW6NZPwf4Pz9A8yibv3heXAxrwponvrsUIdl3fITd
l+lXVx9qKN5vPD2RInfi9RXZqvbW+USLGtO0eZxU0PDjK17b5l0FJzFNQrw4aTMB
523a0NprBliSS7LC/eSsbLk9EBrcffW4JqkdfNBkiUXfbNgJ5AFYpfVZycUBl9m2
U+Txd2M3YSX73yTFs/5nkzuXdQBTCwpTSLANMHDBcfKdpQm+wwnPbzAPjiNRfbr4
K4Y4wdk=
-----END CERTIFICATE-----
Generated at Mon Oct 20 05:44:19 2025 by rpki-client