Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9118749/BA57DBA6DC2011EF91B5401EC4F9AE02/0D9D8C8CDC2311EFAEB2F679C4F9AE02.roa
File:                     0D9D8C8CDC2311EFAEB2F679C4F9AE02.roa (raw, json)
Hash identifier:          03QUr5ZAl3/ykq0wAZ+dvJyS4Q+1vw+rUu54WRSVzn8=
Subject key identifier:   4E:CA:ED:02:78:5E:7E:C6:FC:B2:AA:3D:30:92:A8:A3:CE:1D:FA:FB
Certificate issuer:       /CN=A9118749/serialNumber=95459D5D1EB04095FD163F0D84D1F3A46C15E4F0
Certificate serial:       7A
Authority key identifier: 95:45:9D:5D:1E:B0:40:95:FD:16:3F:0D:84:D1:F3:A4:6C:15:E4:F0
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/lUWdXR6wQJX9Fj8NhNHzpGwV5PA.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9118749/BA57DBA6DC2011EF91B5401EC4F9AE02/0D9D8C8CDC2311EFAEB2F679C4F9AE02.roa
Signing time:             Fri 29 Aug 2025 07:56:35 +0000
ROA not before:           Fri 29 Aug 2025 07:56:35 +0000
ROA not after:            Sat 31 Oct 2026 00:00:00 +0000
asID:                     206804
IP address blocks:        2401:eaa0:1::/48 maxlen: 48
                          2401:eaa0:2::/48 maxlen: 48
                          2401:eaa0:3::/48 maxlen: 48
                          2401:eaa0:4::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9118749/BA57DBA6DC2011EF91B5401EC4F9AE02/lUWdXR6wQJX9Fj8NhNHzpGwV5PA.crl
                          rsync://rpki.apnic.net/member_repository/A9118749/BA57DBA6DC2011EF91B5401EC4F9AE02/lUWdXR6wQJX9Fj8NhNHzpGwV5PA.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/lUWdXR6wQJX9Fj8NhNHzpGwV5PA.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 26 Oct 2025 09:51:25 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 122 (0x7a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9118749, serialNumber=95459D5D1EB04095FD163F0D84D1F3A46C15E4F0
        Validity
            Not Before: Aug 29 07:56:35 2025 GMT
            Not After : Oct 31 00:00:00 2026 GMT
        Subject: CN=68b15d33-7863
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:3f:f1:64:b9:f3:b2:7a:09:69:a0:41:4f:29:
                    56:fa:13:c1:90:26:f8:59:00:4e:4d:1b:a3:d3:be:
                    95:37:98:73:cf:ac:ec:e9:74:35:16:01:e3:b7:be:
                    9e:45:55:2f:1d:d7:c1:cc:d1:da:6d:30:c7:e0:25:
                    c4:c5:1e:34:de:6a:26:e5:e9:e5:de:2a:4b:a8:6f:
                    41:c6:70:7b:95:c9:71:a7:93:5d:b8:73:72:6e:89:
                    d7:4d:7d:54:50:94:75:1f:c6:82:bd:4d:9f:9c:e5:
                    bd:bd:85:01:31:fd:ef:8f:14:66:d5:00:82:13:82:
                    a1:2b:fa:3c:56:32:69:04:79:88:1e:52:6f:17:26:
                    b2:44:6e:07:b6:b5:60:3d:1c:37:ff:8a:ab:af:db:
                    9c:13:54:92:35:4d:e1:1c:a5:53:ff:59:99:63:df:
                    73:7d:7a:c7:a9:83:76:5d:0a:75:2e:1f:20:9d:98:
                    de:d5:9c:32:bb:95:d2:ab:0b:80:76:02:89:4d:96:
                    e2:d9:e4:eb:07:d9:51:c1:e5:57:12:97:ec:1a:35:
                    7f:91:3b:80:bc:c1:31:48:bb:17:1c:99:6c:4b:af:
                    24:06:35:56:2a:39:65:d8:9c:c6:69:79:b8:56:cb:
                    2c:84:01:df:ac:9c:ea:60:a2:95:3a:58:ab:8d:f4:
                    9c:ab
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                4E:CA:ED:02:78:5E:7E:C6:FC:B2:AA:3D:30:92:A8:A3:CE:1D:FA:FB
            X509v3 Authority Key Identifier:
                keyid:95:45:9D:5D:1E:B0:40:95:FD:16:3F:0D:84:D1:F3:A4:6C:15:E4:F0

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9118749/BA57DBA6DC2011EF91B5401EC4F9AE02/lUWdXR6wQJX9Fj8NhNHzpGwV5PA.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/lUWdXR6wQJX9Fj8NhNHzpGwV5PA.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9118749/BA57DBA6DC2011EF91B5401EC4F9AE02/0D9D8C8CDC2311EFAEB2F679C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2401:eaa0:1::-2401:eaa0:4:ffff:ffff:ffff:ffff:ffff

    Signature Algorithm: sha256WithRSAEncryption
         22:21:10:f8:e0:fd:d6:a7:50:92:6e:30:c3:d4:88:5b:fa:2a:
         fb:ad:58:5d:10:b7:c7:55:73:fa:56:a8:e4:d2:31:21:3b:63:
         85:d4:51:d7:6b:1d:29:32:cc:fb:ac:1b:78:02:b9:dc:76:6f:
         c5:c3:dc:ca:f1:2b:fe:1f:dd:e5:9c:bb:ce:8a:c8:05:c0:9d:
         a7:20:f1:c0:ac:e4:c4:91:f8:b3:94:7f:e2:da:2f:e2:8a:1c:
         74:67:8e:7b:7c:04:21:da:2e:30:a5:90:7e:0e:f1:61:31:bd:
         81:3f:c2:de:e9:ee:fd:55:e0:1c:f9:02:ba:ea:ba:e8:9e:a7:
         9f:a8:26:a9:eb:95:b4:9d:7b:30:a7:07:72:9f:0a:09:d4:06:
         d1:7a:2a:45:c2:75:70:e0:bb:9e:70:95:66:5b:62:36:43:ca:
         80:77:2a:84:a5:b6:e7:b9:65:70:af:b0:1d:5d:16:71:eb:06:
         bd:5c:df:69:9b:ad:aa:d9:95:31:26:d2:37:85:de:3d:be:7d:
         64:2c:5f:fb:51:ef:b9:fd:5f:67:54:76:f1:9b:8c:b1:ca:a7:
         b9:89:a6:05:c2:ae:4b:f8:f9:42:d5:7e:5d:42:85:cd:41:f5:
         ea:5b:d7:73:83:87:f0:cc:b1:27:ec:a2:d4:bd:3d:ca:df:f2:
         70:99:2c:98
-----BEGIN CERTIFICATE-----
MIIFfjCCBGagAwIBAgIBejANBgkqhkiG9w0BAQsFADBGMREwDwYDVQQDEwhBOTEx
ODc0OTExMC8GA1UEBRMoOTU0NTlENUQxRUIwNDA5NUZEMTYzRjBEODREMUYzQTQ2
QzE1RTRGMDAeFw0yNTA4MjkwNzU2MzVaFw0yNjEwMzEwMDAwMDBaMBgxFjAUBgNV
BAMTDTY4YjE1ZDMzLTc4NjMwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQDIP/FkufOyeglpoEFPKVb6E8GQJvhZAE5NG6PTvpU3mHPPrOzpdDUWAeO3vp5F
VS8d18HM0dptMMfgJcTFHjTeaibl6eXeKkuob0HGcHuVyXGnk124c3JuiddNfVRQ
lHUfxoK9TZ+c5b29hQEx/e+PFGbVAIITgqEr+jxWMmkEeYgeUm8XJrJEbge2tWA9
HDf/iquv25wTVJI1TeEcpVP/WZlj33N9esepg3ZdCnUuHyCdmN7VnDK7ldKrC4B2
AolNluLZ5OsH2VHB5VcSl+waNX+RO4C8wTFIuxccmWxLryQGNVYqOWXYnMZpebhW
yyyEAd+snOpgopU6WKuN9JyrAgMBAAGjggKjMIICnzAdBgNVHQ4EFgQUTsrtAnhe
fsb8sqo9MJKoo84d+vswHwYDVR0jBBgwFoAUlUWdXR6wQJX9Fj8NhNHzpGwV5PAw
DgYDVR0PAQH/BAQDAgeAMIGDBgNVHR8EfDB6MHigdqB0hnJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L21lbWJlcl9yZXBvc2l0b3J5L0E5MTE4NzQ5L0JBNTdEQkE2REMy
MDExRUY5MUI1NDAxRUM0RjlBRTAyL2xVV2RYUjZ3UUpYOUZqOE5oTkh6cEd3VjVQ
QS5jcmwwfgYIKwYBBQUHAQEEcjBwMG4GCCsGAQUFBzAChmJyc3luYzovL3Jwa2ku
YXBuaWMubmV0L3JlcG9zaXRvcnkvQjUyN0VGNTgxRDY2MTFFMkJCNDY4RjdDNzJG
RDFGRjIvbFVXZFhSNndRSlg5Rmo4TmhOSHpwR3dWNVBBLmNlcjBKBgNVHSABAf8E
QDA+MDwGCCsGAQUFBw4CMDAwLgYIKwYBBQUHAgEWImh0dHBzOi8vd3d3LmFwbmlj
Lm5ldC9SUEtJL0NQUy5wZGYwgcsGCCsGAQUFBwELBIG+MIG7MIGDBggrBgEFBQcw
C4Z3cnN5bmM6Ly9ycGtpLmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTEx
ODc0OS9CQTU3REJBNkRDMjAxMUVGOTFCNTQwMUVDNEY5QUUwMi8wRDlEOEM4Q0RD
MjMxMUVGQUVCMkY2NzlDNEY5QUUwMi5yb2EwMwYIKwYBBQUHMA2GJ2h0dHBzOi8v
cnJkcC5hcG5pYy5uZXQvbm90aWZpY2F0aW9uLnhtbDAtBggrBgEFBQcBBwEB/wQe
MBwwGgQCAAIwFDASAwcAJAHqoAABAwcAJAHqoAAEMA0GCSqGSIb3DQEBCwUAA4IB
AQAiIRD44P3Wp1CSbjDD1Ihb+ir7rVhdELfHVXP6Vqjk0jEhO2OF1FHXax0pMsz7
rBt4Arncdm/Fw9zK8Sv+H93lnLvOisgFwJ2nIPHArOTEkfizlH/i2i/iihx0Z457
fAQh2i4wpZB+DvFhMb2BP8Le6e79VeAc+QK66rronqefqCap65W0nXswpwdynwoJ
1AbReipFwnVw4LuecJVmW2I2Q8qAdyqEpbbnuWVwr7AdXRZx6wa9XN9pm62q2ZUx
JtI3hd49vn1kLF/7Ue+5/V9nVHbxm4yxyqe5iaYFwq5L+PlC1X5dQoXNQfXqW9dz
g4fwzLEn7KLUvT3K3/JwmSyY
-----END CERTIFICATE-----
Generated at Mon Oct 20 05:03:42 2025 by rpki-client