Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A914A139/EBB9EC6024CA11EAAC2AE586C4F9AE02/65BB2B42C0E311EEBEF3D409C4F9AE02.roa
File:                     65BB2B42C0E311EEBEF3D409C4F9AE02.roa (raw, json)
Hash identifier:          OwW86qMJFwbNjXHq+OTRD7Vzx3peXb6YxQieVHGeMos=
Subject key identifier:   C7:70:21:A7:3B:52:F8:4D:17:A4:F1:C1:C5:71:8F:85:42:4F:6A:56
Certificate issuer:       /CN=A914A139/serialNumber=A25ED8A1427AE93B24D30DCCDFA832538B5008AD
Certificate serial:       0C0B
Authority key identifier: A2:5E:D8:A1:42:7A:E9:3B:24:D3:0D:CC:DF:A8:32:53:8B:50:08:AD
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ol7YoUJ66Tsk0w3M36gyU4tQCK0.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A914A139/EBB9EC6024CA11EAAC2AE586C4F9AE02/65BB2B42C0E311EEBEF3D409C4F9AE02.roa
Signing time:             Mon 06 Oct 2025 19:19:00 +0000
ROA not before:           Mon 06 Oct 2025 19:19:00 +0000
ROA not after:            Sat 31 Oct 2026 00:00:00 +0000
asID:                     138640
IP address blocks:        2401:79e0:8000::/34 maxlen: 38
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A914A139/EBB9EC6024CA11EAAC2AE586C4F9AE02/ol7YoUJ66Tsk0w3M36gyU4tQCK0.crl
                          rsync://rpki.apnic.net/member_repository/A914A139/EBB9EC6024CA11EAAC2AE586C4F9AE02/ol7YoUJ66Tsk0w3M36gyU4tQCK0.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ol7YoUJ66Tsk0w3M36gyU4tQCK0.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 25 Oct 2025 19:41:06 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 3083 (0xc0b)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A914A139, serialNumber=A25ED8A1427AE93B24D30DCCDFA832538B5008AD
        Validity
            Not Before: Oct  6 19:19:00 2025 GMT
            Not After : Oct 31 00:00:00 2026 GMT
        Subject: CN=68e41624-25f4
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:cc:68:2c:f2:02:31:17:a3:5d:a7:80:ee:aa:14:
                    a4:5e:f1:85:8f:06:09:b1:8f:2c:86:c6:3f:74:87:
                    96:ce:02:ca:ef:34:10:13:f5:ce:c2:a8:0c:2e:75:
                    a5:4d:4e:87:b5:c7:90:4b:69:6d:fa:ac:10:05:af:
                    34:1a:ab:d5:60:71:b1:22:e8:5d:a2:fc:27:f7:f0:
                    25:fa:90:ab:18:b4:07:56:96:d7:2e:c8:69:93:e2:
                    a5:3a:76:f9:2c:c3:0f:ad:d2:6b:a0:c3:8c:61:45:
                    6f:ac:71:a4:0b:bc:65:5c:56:36:fe:ac:41:12:10:
                    3b:a6:35:a6:a7:e9:f2:80:ee:4f:97:74:e4:2f:59:
                    f8:c2:f1:50:77:8d:98:3a:76:80:c8:0f:3f:52:d2:
                    9e:88:26:07:46:a0:0f:ea:c9:06:51:79:b0:08:0a:
                    a1:67:ca:3b:13:86:77:bf:e4:70:72:56:e7:78:20:
                    45:76:80:9e:b6:13:b3:47:4c:82:61:9b:d9:79:61:
                    04:fd:a4:dd:61:2f:0f:3f:eb:c0:d6:46:fa:fb:23:
                    35:1c:76:2f:92:da:c9:57:8f:e0:19:1a:e1:fc:5e:
                    02:0c:9b:c2:50:85:4a:30:70:30:00:02:83:ef:5e:
                    3e:20:a9:cf:fa:de:e3:b4:e2:e3:fd:3e:ac:21:28:
                    b1:f1
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                C7:70:21:A7:3B:52:F8:4D:17:A4:F1:C1:C5:71:8F:85:42:4F:6A:56
            X509v3 Authority Key Identifier:
                keyid:A2:5E:D8:A1:42:7A:E9:3B:24:D3:0D:CC:DF:A8:32:53:8B:50:08:AD

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A914A139/EBB9EC6024CA11EAAC2AE586C4F9AE02/ol7YoUJ66Tsk0w3M36gyU4tQCK0.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/ol7YoUJ66Tsk0w3M36gyU4tQCK0.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A914A139/EBB9EC6024CA11EAAC2AE586C4F9AE02/65BB2B42C0E311EEBEF3D409C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv6:
                  2401:79e0:8000::/34

    Signature Algorithm: sha256WithRSAEncryption
         22:f3:67:6b:e9:ab:f3:f6:35:23:85:1e:83:8e:20:c4:14:0d:
         7c:a9:de:1a:9b:33:99:1c:9a:13:12:4a:1d:62:f8:a9:ce:4e:
         f5:4b:79:cd:d1:3b:e4:27:51:49:04:60:35:31:f0:31:4f:e8:
         2b:e1:81:9f:90:28:46:8c:98:05:f7:28:95:45:41:f0:b7:cb:
         d5:75:f6:87:72:14:9d:fe:18:ac:40:a3:66:70:09:bd:a4:92:
         bf:dd:6b:19:ef:32:0f:f1:f4:e5:eb:ca:cd:a5:f2:3b:5b:67:
         e5:94:3c:4c:7b:d8:0b:7d:c2:19:bc:b8:61:3f:ff:a9:31:51:
         07:5f:61:cc:6b:bc:1d:1d:c0:49:2a:96:2c:09:b9:b7:39:68:
         cb:fa:f9:d9:06:0f:1e:92:6f:80:c1:04:01:22:64:d9:36:fe:
         df:b9:f4:10:4a:49:82:63:aa:93:d2:c9:11:97:53:24:61:2b:
         fd:6a:05:47:9d:69:54:74:13:4f:52:e4:d2:70:85:e5:60:84:
         f0:1f:b4:97:b9:61:0d:2a:9a:ed:0f:aa:a8:2a:4d:a0:7e:e0:
         d6:fe:93:f1:61:98:48:3a:25:03:be:9a:84:d9:fd:99:78:63:
         e4:c0:7d:5c:9e:69:c5:77:b4:da:06:39:27:55:b6:00:49:82:
         07:c6:86:f4
-----BEGIN CERTIFICATE-----
MIIFczCCBFugAwIBAgICDAswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NEExMzkxMTAvBgNVBAUTKEEyNUVEOEExNDI3QUU5M0IyNEQzMERDQ0RGQTgzMjUz
OEI1MDA4QUQwHhcNMjUxMDA2MTkxOTAwWhcNMjYxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGU0MTYyNC0yNWY0MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAzGgs8gIxF6Ndp4DuqhSkXvGFjwYJsY8shsY/dIeWzgLK7zQQE/XOwqgMLnWl
TU6HtceQS2lt+qwQBa80GqvVYHGxIuhdovwn9/Al+pCrGLQHVpbXLshpk+KlOnb5
LMMPrdJroMOMYUVvrHGkC7xlXFY2/qxBEhA7pjWmp+nygO5Pl3TkL1n4wvFQd42Y
OnaAyA8/UtKeiCYHRqAP6skGUXmwCAqhZ8o7E4Z3v+RwclbneCBFdoCethOzR0yC
YZvZeWEE/aTdYS8PP+vA1kb6+yM1HHYvktrJV4/gGRrh/F4CDJvCUIVKMHAwAAKD
714+IKnP+t7jtOLj/T6sISix8QIDAQABo4IClzCCApMwHQYDVR0OBBYEFMdwIac7
UvhNF6TxwcVxj4VCT2pWMB8GA1UdIwQYMBaAFKJe2KFCeuk7JNMNzN+oMlOLUAit
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0QTEzOS9FQkI5RUM2MDI0
Q0ExMUVBQUMyQUU1ODZDNEY5QUUwMi9vbDdZb1VKNjZUc2swdzNNMzZneVU0dFFD
SzAuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL29sN1lvVUo2NlRzazB3M00zNmd5VTR0UUNLMC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NEExMzkvRUJCOUVDNjAyNENBMTFFQUFDMkFFNTg2QzRGOUFFMDIvNjVCQjJCNDJD
MEUzMTFFRUJFRjNENDA5QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwIQYIKwYBBQUHAQcBAf8E
EjAQMA4EAgACMAgDBgYkAXnggDANBgkqhkiG9w0BAQsFAAOCAQEAIvNna+mr8/Y1
I4Ueg44gxBQNfKneGpszmRyaExJKHWL4qc5O9Ut5zdE75CdRSQRgNTHwMU/oK+GB
n5AoRoyYBfcolUVB8LfL1XX2h3IUnf4YrECjZnAJvaSSv91rGe8yD/H05evKzaXy
O1tn5ZQ8THvYC33CGby4YT//qTFRB19hzGu8HR3ASSqWLAm5tzloy/r52QYPHpJv
gMEEASJk2Tb+37n0EEpJgmOqk9LJEZdTJGEr/WoFR51pVHQTT1Lk0nCF5WCE8B+0
l7lhDSqa7Q+qqCpNoH7g1v6T8WGYSDolA76ahNn9mXhj5MB9XJ5pxXe02gY5J1W2
AEmCB8aG9A==
-----END CERTIFICATE-----
Generated at Mon Oct 20 05:42:58 2025 by rpki-client