Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91402DC/2D51AF42FD3E11E888C53944C4F9AE02/660C8B72D03511EC9D87A00DC4F9AE02.roa
File:                     660C8B72D03511EC9D87A00DC4F9AE02.roa (raw, json)
Hash identifier:          ew8cW9pgjuyfp1DgnDklnBC1cWChQLDChxAz6sJgc3o=
Subject key identifier:   C4:87:80:AC:1A:00:BD:84:C3:FF:96:79:4B:C4:4C:52:CA:D3:85:32
Certificate issuer:       /CN=A91402DC/serialNumber=C2B9F5F3C68C576727239B92A93B36297D1B1653
Certificate serial:       1344
Authority key identifier: C2:B9:F5:F3:C6:8C:57:67:27:23:9B:92:A9:3B:36:29:7D:1B:16:53
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/wrn188aMV2cnI5uSqTs2KX0bFlM.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91402DC/2D51AF42FD3E11E888C53944C4F9AE02/660C8B72D03511EC9D87A00DC4F9AE02.roa
Signing time:             Thu 14 Aug 2025 17:26:44 +0000
ROA not before:           Thu 14 Aug 2025 17:26:44 +0000
ROA not after:            Wed 30 Sep 2026 00:00:00 +0000
asID:                     139690
IP address blocks:        45.65.2.0/23 maxlen: 24
                          124.155.216.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91402DC/2D51AF42FD3E11E888C53944C4F9AE02/wrn188aMV2cnI5uSqTs2KX0bFlM.crl
                          rsync://rpki.apnic.net/member_repository/A91402DC/2D51AF42FD3E11E888C53944C4F9AE02/wrn188aMV2cnI5uSqTs2KX0bFlM.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/wrn188aMV2cnI5uSqTs2KX0bFlM.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Fri 29 Aug 2025 17:19:26 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4932 (0x1344)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91402DC, serialNumber=C2B9F5F3C68C576727239B92A93B36297D1B1653
        Validity
            Not Before: Aug 14 17:26:44 2025 GMT
            Not After : Sep 30 00:00:00 2026 GMT
        Subject: CN=689e1c53-ebb0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:9c:6c:90:12:a4:f4:c0:3c:24:c4:71:25:0b:11:
                    ee:a6:e2:6b:9b:c8:45:e6:ba:af:62:c6:b4:c1:c4:
                    27:8f:00:59:ad:74:6f:ac:4a:5b:aa:c7:83:0f:f8:
                    7e:76:81:10:5d:1e:0a:52:f0:3a:36:a0:6e:ed:7c:
                    0e:7e:ab:1e:8a:87:51:71:7e:ab:0e:8c:66:42:0a:
                    7d:3d:ba:11:0d:5f:16:67:26:ae:20:e1:19:d3:c1:
                    ac:92:41:3a:92:71:9f:3a:59:a8:eb:82:bb:06:41:
                    33:65:c6:19:6f:50:9f:af:3c:f8:c7:1b:99:3b:31:
                    c0:1e:a1:2c:c3:e3:93:ea:6a:10:4d:8a:6e:0d:6c:
                    50:67:52:e7:15:60:b0:78:47:b3:29:f2:62:ad:ad:
                    73:d2:9f:df:f4:da:fc:3b:bf:cb:2f:26:2f:77:8b:
                    3f:93:72:05:2d:0e:29:d8:c7:04:44:f8:93:f8:a7:
                    4c:18:90:2b:92:e1:f3:1d:ef:09:fb:66:a1:6e:f8:
                    74:51:8e:cf:f7:19:02:b8:33:96:71:84:78:33:e2:
                    a3:34:ac:b2:d8:83:6c:55:ee:59:05:22:e4:5a:2e:
                    7c:05:87:0f:a4:97:b6:4d:6e:18:96:96:f8:6c:83:
                    2a:46:98:81:a7:b0:7a:d6:8e:6b:53:57:20:ac:be:
                    83:3d
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C4:87:80:AC:1A:00:BD:84:C3:FF:96:79:4B:C4:4C:52:CA:D3:85:32
            X509v3 Authority Key Identifier:
                keyid:C2:B9:F5:F3:C6:8C:57:67:27:23:9B:92:A9:3B:36:29:7D:1B:16:53

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91402DC/2D51AF42FD3E11E888C53944C4F9AE02/wrn188aMV2cnI5uSqTs2KX0bFlM.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/wrn188aMV2cnI5uSqTs2KX0bFlM.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91402DC/2D51AF42FD3E11E888C53944C4F9AE02/660C8B72D03511EC9D87A00DC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  45.65.2.0/23
                  124.155.216.0/24

    Signature Algorithm: sha256WithRSAEncryption
         1f:66:af:8c:72:2c:ef:6b:d0:55:9a:bd:6b:92:35:a3:b2:18:
         24:74:22:4b:1a:7a:68:e0:f2:b3:ad:54:f9:71:f4:d4:23:04:
         7f:96:8e:d2:0b:c2:ab:16:85:29:be:1c:fa:36:2f:d9:50:fa:
         0f:bd:4e:9b:44:41:70:90:05:6b:af:c3:d6:17:af:64:1f:61:
         db:ae:ef:dd:73:da:ed:8a:3d:f7:4f:ba:ab:3f:3f:88:81:9e:
         33:37:b3:24:6e:f4:b1:d9:e4:5b:c3:b3:bc:d3:77:ed:2c:12:
         58:96:95:bf:a8:1e:92:87:94:49:2a:39:ee:55:33:30:15:de:
         0f:13:fc:d6:b0:e5:21:fe:a0:e9:c3:dc:64:a1:37:3b:da:49:
         d3:37:f3:17:25:22:79:c2:e6:c2:ba:c1:cf:08:2b:17:fb:10:
         bf:7f:23:68:56:4e:9e:3a:82:23:83:cd:25:a6:82:6d:cb:2e:
         53:2d:0b:65:b2:84:4e:06:13:61:99:8b:6f:f4:65:00:ed:e0:
         f5:4a:26:60:a1:e2:15:6e:ae:3f:89:ba:5b:ad:09:95:62:87:
         f0:03:f9:9a:d5:94:f0:9d:e0:33:da:7c:24:25:8a:79:b1:4f:
         fe:4e:a0:44:f2:ab:c0:81:74:3e:a0:30:17:d8:68:18:24:99:
         59:6f:db:e7
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICE0QwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDAyREMxMTAvBgNVBAUTKEMyQjlGNUYzQzY4QzU3NjcyNzIzOUI5MkE5M0IzNjI5
N0QxQjE2NTMwHhcNMjUwODE0MTcyNjQ0WhcNMjYwOTMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02ODllMWM1My1lYmIwMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAnGyQEqT0wDwkxHElCxHupuJrm8hF5rqvYsa0wcQnjwBZrXRvrEpbqseDD/h+
doEQXR4KUvA6NqBu7XwOfqseiodRcX6rDoxmQgp9PboRDV8WZyauIOEZ08GskkE6
knGfOlmo64K7BkEzZcYZb1Cfrzz4xxuZOzHAHqEsw+OT6moQTYpuDWxQZ1LnFWCw
eEezKfJira1z0p/f9Nr8O7/LLyYvd4s/k3IFLQ4p2McERPiT+KdMGJArkuHzHe8J
+2ahbvh0UY7P9xkCuDOWcYR4M+KjNKyy2INsVe5ZBSLkWi58BYcPpJe2TW4Ylpb4
bIMqRpiBp7B61o5rU1cgrL6DPQIDAQABo4ICmzCCApcwHQYDVR0OBBYEFMSHgKwa
AL2Ew/+WeUvETFLK04UyMB8GA1UdIwQYMBaAFMK59fPGjFdnJyObkqk7Nil9GxZT
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0MDJEQy8yRDUxQUY0MkZE
M0UxMUU4ODhDNTM5NDRDNEY5QUUwMi93cm4xODhhTVYyY25JNXVTcVRzMktYMGJG
bE0uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3dybjE4OGFNVjJjbkk1dVNxVHMyS1gwYkZsTS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDAyREMvMkQ1MUFGNDJGRDNFMTFFODg4QzUzOTQ0QzRGOUFFMDIvNjYwQzhCNzJE
MDM1MTFFQzlEODdBMDBEQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBAEtQQIDBAB8m9gwDQYJKoZIhvcNAQELBQADggEBAB9mr4xy
LO9r0FWavWuSNaOyGCR0Iksaemjg8rOtVPlx9NQjBH+WjtILwqsWhSm+HPo2L9lQ
+g+9TptEQXCQBWuvw9YXr2QfYduu791z2u2KPfdPuqs/P4iBnjM3syRu9LHZ5FvD
s7zTd+0sEliWlb+oHpKHlEkqOe5VMzAV3g8T/Naw5SH+oOnD3GShNzvaSdM38xcl
InnC5sK6wc8IKxf7EL9/I2hWTp46giODzSWmgm3LLlMtC2WyhE4GE2GZi2/0ZQDt
4PVKJmCh4hVurj+JulutCZVih/AD+ZrVlPCd4DPafCQlinmxT/5OoETyq8CBdD6g
MBfYaBgkmVlv2+c=
-----END CERTIFICATE-----
Generated at Sat Aug 23 15:58:14 2025 by rpki-client