Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A91423C1/0E0DFA988CCF11EE96F4E65AC4F9AE02/3B83B2F4E30611EFA4B67C52C4F9AE02.roa
File:                     3B83B2F4E30611EFA4B67C52C4F9AE02.roa (raw, json)
Hash identifier:          /7gtZFsLsyHJNir9Gd/XvdqnjJVrpsqBtRIA/+ab938=
Subject key identifier:   E9:B2:07:61:3A:43:15:61:25:71:EB:9F:85:55:BE:3C:23:6D:5C:DE
Certificate issuer:       /CN=A91423C1/serialNumber=4153BA499A44E7EC1041C60EF7F369AC62357AA8
Certificate serial:       016D
Authority key identifier: 41:53:BA:49:9A:44:E7:EC:10:41:C6:0E:F7:F3:69:AC:62:35:7A:A8
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QVO6SZpE5-wQQcYO9_NprGI1eqg.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A91423C1/0E0DFA988CCF11EE96F4E65AC4F9AE02/3B83B2F4E30611EFA4B67C52C4F9AE02.roa
Signing time:             Mon 15 Sep 2025 20:39:26 +0000
ROA not before:           Mon 15 Sep 2025 20:39:26 +0000
ROA not after:            Mon 02 Mar 2026 00:00:00 +0000
asID:                     152125
IP address blocks:        36.50.31.0/24 maxlen: 24
                          2001:df3:3340::/48 maxlen: 48
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A91423C1/0E0DFA988CCF11EE96F4E65AC4F9AE02/QVO6SZpE5-wQQcYO9_NprGI1eqg.crl
                          rsync://rpki.apnic.net/member_repository/A91423C1/0E0DFA988CCF11EE96F4E65AC4F9AE02/QVO6SZpE5-wQQcYO9_NprGI1eqg.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QVO6SZpE5-wQQcYO9_NprGI1eqg.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 26 Oct 2025 06:39:54 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 365 (0x16d)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A91423C1, serialNumber=4153BA499A44E7EC1041C60EF7F369AC62357AA8
        Validity
            Not Before: Sep 15 20:39:26 2025 GMT
            Not After : Mar  2 00:00:00 2026 GMT
        Subject: CN=68c8797e-81c3
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b2:5b:23:7d:8b:56:3f:47:d6:88:a8:fb:39:60:
                    9a:5f:50:a2:e0:9b:b8:1a:3a:ea:ed:4d:06:03:8f:
                    81:da:63:23:8c:19:ad:e4:5f:f6:d3:a0:05:07:55:
                    00:65:cc:be:e9:f3:83:63:81:e6:77:2f:ce:26:b5:
                    23:55:09:51:78:65:55:71:45:eb:41:bf:bd:40:8c:
                    39:63:44:71:ce:3f:db:3b:77:0c:30:13:87:ce:ad:
                    6b:67:c3:ef:51:59:94:b3:80:15:d1:bc:d4:bb:ee:
                    c0:92:2a:1b:6f:a3:bc:be:97:28:34:0d:50:3d:9b:
                    c3:e0:a4:f8:22:3a:55:82:94:f8:56:3b:2b:1c:57:
                    b7:53:18:8e:0d:46:12:95:b6:d5:44:a0:ab:d1:28:
                    ba:2a:24:cc:b9:0c:ae:d6:de:94:4d:4a:16:4f:1c:
                    d1:dc:e3:65:93:10:66:52:61:95:f3:38:ea:4e:0f:
                    1c:34:26:6b:2b:e0:b1:ac:e6:08:62:76:6b:69:49:
                    1b:0a:fe:3b:39:30:24:07:6e:bb:7b:e1:af:1b:b3:
                    44:91:eb:cc:cc:ff:ea:a5:76:f9:3a:6d:d1:28:0d:
                    a1:95:49:7a:a6:91:c5:0d:2d:84:ae:f9:22:f5:2b:
                    cd:57:45:f6:43:91:e0:06:6c:28:e6:ce:b1:56:9f:
                    23:27
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E9:B2:07:61:3A:43:15:61:25:71:EB:9F:85:55:BE:3C:23:6D:5C:DE
            X509v3 Authority Key Identifier:
                keyid:41:53:BA:49:9A:44:E7:EC:10:41:C6:0E:F7:F3:69:AC:62:35:7A:A8

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A91423C1/0E0DFA988CCF11EE96F4E65AC4F9AE02/QVO6SZpE5-wQQcYO9_NprGI1eqg.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QVO6SZpE5-wQQcYO9_NprGI1eqg.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A91423C1/0E0DFA988CCF11EE96F4E65AC4F9AE02/3B83B2F4E30611EFA4B67C52C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  36.50.31.0/24
                IPv6:
                  2001:df3:3340::/48

    Signature Algorithm: sha256WithRSAEncryption
         8a:14:f5:45:a4:6a:59:70:ba:1f:e6:99:d6:16:ba:79:3b:5b:
         41:ce:c3:b8:7e:7b:83:ee:52:25:5e:67:bc:bb:13:88:86:3d:
         3d:d5:82:06:4c:92:fa:43:63:bd:cc:18:ed:c0:16:92:ad:65:
         3d:dd:03:fb:a1:ae:cb:24:32:9a:ff:50:ce:a9:c4:6b:c0:ee:
         3d:1f:7c:a7:75:27:d7:1b:58:70:b3:13:fa:84:b1:73:54:8c:
         ac:51:e2:f9:3f:fa:1a:fc:0e:92:60:02:9d:08:8c:84:0e:a6:
         09:05:8f:4e:b0:b2:25:92:ec:b9:38:43:83:15:27:50:ff:1a:
         81:df:d3:8e:b7:25:c0:e4:6e:57:23:5f:47:78:0f:78:5e:20:
         cc:50:7a:4a:42:e0:ff:e2:4a:59:34:9d:f3:2d:55:e5:8d:eb:
         8e:03:3e:a6:8f:77:3e:45:cd:88:28:a6:7e:50:e3:7d:e1:a7:
         06:1d:87:93:1a:ac:e3:6f:9a:f3:e5:e6:f6:f8:21:88:17:93:
         80:98:b3:dd:fd:bb:40:b8:a9:24:5f:56:20:63:34:fe:0f:00:
         41:51:30:dd:08:e5:5c:c8:60:59:2a:40:69:50:e8:5a:56:b9:
         cc:52:4e:79:23:50:39:6d:a7:99:4a:5d:13:fa:57:bb:1f:64:
         98:40:0d:3e
-----BEGIN CERTIFICATE-----
MIIFgjCCBGqgAwIBAgICAW0wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NDIzQzExMTAvBgNVBAUTKDQxNTNCQTQ5OUE0NEU3RUMxMDQxQzYwRUY3RjM2OUFD
NjIzNTdBQTgwHhcNMjUwOTE1MjAzOTI2WhcNMjYwMzAyMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGM4Nzk3ZS04MWMzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAslsjfYtWP0fWiKj7OWCaX1Ci4Ju4Gjrq7U0GA4+B2mMjjBmt5F/206AFB1UA
Zcy+6fODY4Hmdy/OJrUjVQlReGVVcUXrQb+9QIw5Y0Rxzj/bO3cMMBOHzq1rZ8Pv
UVmUs4AV0bzUu+7Akiobb6O8vpcoNA1QPZvD4KT4IjpVgpT4VjsrHFe3UxiODUYS
lbbVRKCr0Si6KiTMuQyu1t6UTUoWTxzR3ONlkxBmUmGV8zjqTg8cNCZrK+CxrOYI
YnZraUkbCv47OTAkB267e+GvG7NEkevMzP/qpXb5Om3RKA2hlUl6ppHFDS2Ervki
9SvNV0X2Q5HgBmwo5s6xVp8jJwIDAQABo4ICpjCCAqIwHQYDVR0OBBYEFOmyB2E6
QxVhJXHrn4VVvjwjbVzeMB8GA1UdIwQYMBaAFEFTukmaROfsEEHGDvfzaaxiNXqo
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0MjNDMS8wRTBERkE5ODhD
Q0YxMUVFOTZGNEU2NUFDNEY5QUUwMi9RVk82U1pwRTUtd1FRY1lPOV9OcHJHSTFl
cWcuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1FWTzZTWnBFNS13UVFjWU85X05wckdJMWVxZy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NDIzQzEvMEUwREZBOTg4Q0NGMTFFRTk2RjRFNjVBQzRGOUFFMDIvM0I4M0IyRjRF
MzA2MTFFRkE0QjY3QzUyQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwMAYIKwYBBQUHAQcBAf8E
ITAfMAwEAgABMAYDBAAkMh8wDwQCAAIwCQMHACABDfMzQDANBgkqhkiG9w0BAQsF
AAOCAQEAihT1RaRqWXC6H+aZ1ha6eTtbQc7DuH57g+5SJV5nvLsTiIY9PdWCBkyS
+kNjvcwY7cAWkq1lPd0D+6GuyyQymv9QzqnEa8DuPR98p3Un1xtYcLMT+oSxc1SM
rFHi+T/6GvwOkmACnQiMhA6mCQWPTrCyJZLsuThDgxUnUP8agd/TjrclwORuVyNf
R3gPeF4gzFB6SkLg/+JKWTSd8y1V5Y3rjgM+po93PkXNiCimflDjfeGnBh2Hkxqs
42+a8+Xm9vghiBeTgJiz3f27QLipJF9WIGM0/g8AQVEw3QjlXMhgWSpAaVDoWla5
zFJOeSNQOW2nmUpdE/pXux9kmEANPg==
-----END CERTIFICATE-----
Generated at Mon Oct 20 05:44:36 2025 by rpki-client