Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/4CD2AB2A066011EEA5F59657C4F9AE02.roa
File:                     4CD2AB2A066011EEA5F59657C4F9AE02.roa (raw, json)
Hash identifier:          gPqt9BXjKpUpT8BxS+2RF03m6ynmeK5bKK/XmFQPRsc=
Subject key identifier:   73:3D:E5:B3:B7:BC:53:E4:03:A0:7C:0D:5F:EA:41:80:54:7C:DB:51
Certificate issuer:       /CN=A914EAE4/serialNumber=AD56B67187A98BA314084405797BD9656E8AC8BA
Certificate serial:       1F67
Authority key identifier: AD:56:B6:71:87:A9:8B:A3:14:08:44:05:79:7B:D9:65:6E:8A:C8:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/rVa2cYepi6MUCEQFeXvZZW6KyLo.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/4CD2AB2A066011EEA5F59657C4F9AE02.roa
Signing time:             Sat 30 Aug 2025 16:35:25 +0000
ROA not before:           Sat 30 Aug 2025 16:35:25 +0000
ROA not after:            Tue 01 Dec 2026 00:00:00 +0000
asID:                     141739
IP address blocks:        125.85.64.0/18 maxlen: 18
                          125.85.128.0/19 maxlen: 19
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/rVa2cYepi6MUCEQFeXvZZW6KyLo.crl
                          rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/rVa2cYepi6MUCEQFeXvZZW6KyLo.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/rVa2cYepi6MUCEQFeXvZZW6KyLo.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 25 Oct 2025 16:37:47 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 8039 (0x1f67)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A914EAE4, serialNumber=AD56B67187A98BA314084405797BD9656E8AC8BA
        Validity
            Not Before: Aug 30 16:35:25 2025 GMT
            Not After : Dec  1 00:00:00 2026 GMT
        Subject: CN=68b3284d-2a79
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:d7:15:cd:23:3c:cc:99:42:48:e7:b3:d7:98:14:
                    ce:c0:25:42:35:46:bb:3d:c2:5e:a7:ca:13:28:7b:
                    43:dc:9b:3f:b5:31:69:c8:1f:31:47:bf:44:7c:17:
                    33:f3:54:76:27:0a:8e:be:3c:aa:5e:02:41:59:da:
                    bf:25:f2:d4:96:a8:6c:a3:b0:e2:45:9a:3d:76:73:
                    e6:8d:e6:a4:08:e0:cb:c8:5f:2c:6c:57:f9:19:54:
                    3c:c6:7d:29:25:bc:7e:e0:f5:1a:2b:21:c1:fa:c9:
                    fe:74:c9:a4:79:af:45:77:9b:35:6d:6e:0d:7d:02:
                    37:4f:f4:b5:88:27:2a:f4:29:36:60:bb:be:63:8a:
                    62:5b:2f:d3:e0:1e:33:9e:29:7a:bc:02:be:35:dd:
                    ef:92:82:61:a2:36:01:87:3b:97:ef:2e:47:db:cb:
                    09:1b:74:1c:17:83:7a:bf:00:8f:cf:f1:60:ae:c9:
                    6a:23:27:a2:38:71:71:3f:bc:a2:c7:25:09:68:e9:
                    c2:db:a0:cc:29:13:29:d7:02:db:08:28:4a:e0:d9:
                    74:a3:90:4b:3d:4b:ff:f7:ab:e6:bc:f3:40:32:ad:
                    2b:37:af:56:b8:0d:eb:c1:15:31:46:fb:ea:43:3e:
                    fe:58:21:7a:c7:df:1d:4c:65:ec:ab:fb:2d:12:fe:
                    49:af
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                73:3D:E5:B3:B7:BC:53:E4:03:A0:7C:0D:5F:EA:41:80:54:7C:DB:51
            X509v3 Authority Key Identifier:
                keyid:AD:56:B6:71:87:A9:8B:A3:14:08:44:05:79:7B:D9:65:6E:8A:C8:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/rVa2cYepi6MUCEQFeXvZZW6KyLo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/rVa2cYepi6MUCEQFeXvZZW6KyLo.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/4CD2AB2A066011EEA5F59657C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  125.85.64.0-125.85.159.255

    Signature Algorithm: sha256WithRSAEncryption
         76:74:8a:10:37:76:7d:37:b5:89:4e:be:64:2d:bb:6f:3d:c8:
         2d:6c:ea:a5:4f:17:42:bf:ed:e2:f7:5c:c7:3e:34:cc:6a:51:
         f1:88:18:75:c4:99:5c:41:07:75:d4:56:42:0e:fc:71:d1:ac:
         6d:2f:12:96:da:a1:0a:70:d0:0c:d9:ed:8a:b9:97:d4:f0:9f:
         09:0b:e7:3a:9d:4c:1a:50:55:19:7d:de:4b:13:39:48:6e:fd:
         24:ab:90:75:be:3b:c7:fc:c3:81:23:51:15:27:16:2d:65:e0:
         c9:e7:f7:88:33:16:8a:88:35:9a:cb:03:95:7f:80:d1:03:47:
         eb:90:ec:eb:cc:6a:05:44:1c:d8:8c:aa:82:1c:ad:22:29:63:
         95:d3:e3:fb:e3:b3:e8:f8:9c:46:62:cc:9c:5f:d3:0f:86:79:
         37:55:c2:a9:3a:0a:13:e9:67:9f:56:a1:b7:73:28:19:be:f3:
         46:f3:0b:83:2b:a4:c7:d7:49:ea:92:cd:a4:ca:6c:77:76:62:
         cb:0d:75:81:b0:17:a7:16:cd:9c:97:fe:d4:97:96:31:ea:0a:
         d7:d8:af:2c:c1:ff:3a:c4:ae:78:2b:88:26:f2:74:cb:70:69:
         c8:8a:ca:9c:24:3e:a1:a1:26:d8:1a:9f:9c:24:b7:80:be:29:
         f3:d6:8e:6b
-----BEGIN CERTIFICATE-----
MIIFeTCCBGGgAwIBAgICH2cwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NEVBRTQxMTAvBgNVBAUTKEFENTZCNjcxODdBOThCQTMxNDA4NDQwNTc5N0JEOTY1
NkU4QUM4QkEwHhcNMjUwODMwMTYzNTI1WhcNMjYxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGIzMjg0ZC0yYTc5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA1xXNIzzMmUJI57PXmBTOwCVCNUa7PcJep8oTKHtD3Js/tTFpyB8xR79EfBcz
81R2JwqOvjyqXgJBWdq/JfLUlqhso7DiRZo9dnPmjeakCODLyF8sbFf5GVQ8xn0p
Jbx+4PUaKyHB+sn+dMmkea9Fd5s1bW4NfQI3T/S1iCcq9Ck2YLu+Y4piWy/T4B4z
nil6vAK+Nd3vkoJhojYBhzuX7y5H28sJG3QcF4N6vwCPz/FgrslqIyeiOHFxP7yi
xyUJaOnC26DMKRMp1wLbCChK4Nl0o5BLPUv/96vmvPNAMq0rN69WuA3rwRUxRvvq
Qz7+WCF6x98dTGXsq/stEv5JrwIDAQABo4ICnTCCApkwHQYDVR0OBBYEFHM95bO3
vFPkA6B8DV/qQYBUfNtRMB8GA1UdIwQYMBaAFK1WtnGHqYujFAhEBXl72WVuisi6
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0RUFFNC82NzUzQjhBRTI1
NzUxMUU3QUMwRDE3MkFDNEY5QUUwMi9yVmEyY1llcGk2TVVDRVFGZVh2WlpXNkt5
TG8uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3JWYTJjWWVwaTZNVUNFUUZlWHZaWlc2S3lMby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NEVBRTQvNjc1M0I4QUUyNTc1MTFFN0FDMEQxNzJBQzRGOUFFMDIvNENEMkFCMkEw
NjYwMTFFRUE1RjU5NjU3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJwYIKwYBBQUHAQcBAf8E
GDAWMBQEAgABMA4wDAMEBn1VQAMEBX1VgDANBgkqhkiG9w0BAQsFAAOCAQEAdnSK
EDd2fTe1iU6+ZC27bz3ILWzqpU8XQr/t4vdcxz40zGpR8YgYdcSZXEEHddRWQg78
cdGsbS8SltqhCnDQDNntirmX1PCfCQvnOp1MGlBVGX3eSxM5SG79JKuQdb47x/zD
gSNRFScWLWXgyef3iDMWiog1mssDlX+A0QNH65Ds68xqBUQc2IyqghytIiljldPj
++Oz6PicRmLMnF/TD4Z5N1XCqToKE+lnn1aht3MoGb7zRvMLgyukx9dJ6pLNpMps
d3Ziyw11gbAXpxbNnJf+1JeWMeoK19ivLMH/OsSueCuIJvJ0y3BpyIrKnCQ+oaEm
2BqfnCS3gL4p89aOaw==
-----END CERTIFICATE-----
Generated at Mon Oct 20 15:15:19 2025 by rpki-client