Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/A42AF5D0559111F08D8D0584C4F9AE02.roa
File:                     A42AF5D0559111F08D8D0584C4F9AE02.roa (raw, json)
Hash identifier:          FkUa4Y4fE67M165KQOCXOv0uBb3P1ghowmi2/pRPoi0=
Subject key identifier:   9E:B5:5C:DC:52:F4:64:30:47:57:7C:A5:1D:1C:05:0D:4D:B0:57:F3
Certificate issuer:       /CN=A914EAE4/serialNumber=AD56B67187A98BA314084405797BD9656E8AC8BA
Certificate serial:       1F69
Authority key identifier: AD:56:B6:71:87:A9:8B:A3:14:08:44:05:79:7B:D9:65:6E:8A:C8:BA
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/rVa2cYepi6MUCEQFeXvZZW6KyLo.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/A42AF5D0559111F08D8D0584C4F9AE02.roa
Signing time:             Sat 30 Aug 2025 16:35:28 +0000
ROA not before:           Sat 30 Aug 2025 16:35:28 +0000
ROA not after:            Tue 01 Dec 2026 00:00:00 +0000
asID:                     151058
IP address blocks:        124.225.0.0/16 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/rVa2cYepi6MUCEQFeXvZZW6KyLo.crl
                          rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/rVa2cYepi6MUCEQFeXvZZW6KyLo.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/rVa2cYepi6MUCEQFeXvZZW6KyLo.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 27 Oct 2025 16:35:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 8041 (0x1f69)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A914EAE4, serialNumber=AD56B67187A98BA314084405797BD9656E8AC8BA
        Validity
            Not Before: Aug 30 16:35:28 2025 GMT
            Not After : Dec  1 00:00:00 2026 GMT
        Subject: CN=68b3284f-3d57
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:a8:5c:47:63:39:95:87:cd:d5:3f:98:20:8d:06:
                    65:0d:55:23:24:10:5a:88:a1:5a:23:68:44:24:fe:
                    2b:64:31:90:ed:07:38:35:90:f5:14:c6:f1:b7:4f:
                    58:77:69:d3:f1:0f:35:6c:06:02:2a:a1:7d:1e:b0:
                    13:9a:ed:a0:6d:7e:c4:bb:19:95:1b:71:ad:15:53:
                    b8:36:00:b5:c8:61:9d:e1:3a:9e:b5:18:4a:c7:0f:
                    54:cd:7d:9d:1e:ad:83:df:ad:33:70:1f:10:4e:cc:
                    cd:be:b1:a7:e4:e9:db:6d:97:95:9f:23:bb:a3:cc:
                    36:2f:9d:b7:11:90:1c:93:e5:8a:02:b2:4c:8a:f1:
                    f0:56:29:c6:a2:79:7d:3a:f3:8f:a6:b9:96:65:24:
                    a8:28:0f:82:fc:91:cf:eb:bd:1d:fb:e8:1a:a3:6e:
                    a3:72:b8:44:f0:be:3b:65:aa:fd:05:73:53:a0:36:
                    e9:b3:49:24:6d:52:3f:1c:a9:01:df:03:6f:65:e9:
                    d8:80:08:b1:5c:3f:d2:41:56:6f:75:39:1f:60:90:
                    eb:29:a0:6c:47:85:1c:87:51:e7:00:90:68:85:af:
                    e5:ab:43:ad:6f:73:cf:c1:e2:e0:1d:88:ff:93:dc:
                    66:70:69:24:c5:72:bd:26:e2:b4:34:03:8b:b5:8d:
                    17:b7
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                9E:B5:5C:DC:52:F4:64:30:47:57:7C:A5:1D:1C:05:0D:4D:B0:57:F3
            X509v3 Authority Key Identifier:
                keyid:AD:56:B6:71:87:A9:8B:A3:14:08:44:05:79:7B:D9:65:6E:8A:C8:BA

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/rVa2cYepi6MUCEQFeXvZZW6KyLo.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/rVa2cYepi6MUCEQFeXvZZW6KyLo.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A914EAE4/6753B8AE257511E7AC0D172AC4F9AE02/A42AF5D0559111F08D8D0584C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  124.225.0.0/16

    Signature Algorithm: sha256WithRSAEncryption
         1e:46:5f:da:48:9e:30:0f:47:6b:32:a7:af:2a:7b:14:e1:f3:
         45:17:17:9b:16:df:40:c8:fc:ea:34:5d:67:7e:81:19:58:77:
         05:71:fa:bd:9c:77:0c:b4:d1:57:a4:4d:eb:c6:e1:f0:30:a6:
         b8:2e:ec:0a:3c:0d:8f:90:42:a7:d4:3d:34:f4:1b:e0:4d:63:
         ca:86:53:89:3c:d5:ef:08:c1:26:52:db:bb:66:f5:e8:76:99:
         05:2c:8b:1d:f8:a3:ce:2e:92:44:77:2b:3e:da:96:30:9c:50:
         a5:15:9e:62:cc:2f:ab:03:d9:92:47:db:46:dc:e6:43:9d:f7:
         c8:80:6b:68:1d:e1:80:83:20:5f:62:d5:2e:a6:2e:5e:1d:a9:
         1b:b5:53:7e:8f:87:5c:df:97:f9:d4:e2:ea:26:3d:d7:be:31:
         b8:e8:64:2c:f5:07:bb:ce:07:95:4d:af:17:a3:a9:6a:b2:f8:
         8b:4f:c3:31:fb:f4:63:12:b7:6f:db:ec:6a:89:29:47:d4:c7:
         47:da:70:46:c6:1d:73:ae:f4:7e:72:07:18:59:f1:8f:a7:82:
         df:7d:2d:3f:eb:1f:0e:c0:09:f7:08:e1:4b:ea:66:be:45:2f:
         71:10:c4:0e:01:af:53:92:7d:09:0f:f5:84:88:3e:f4:f1:46:
         72:5d:55:93
-----BEGIN CERTIFICATE-----
MIIFcDCCBFigAwIBAgICH2kwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NEVBRTQxMTAvBgNVBAUTKEFENTZCNjcxODdBOThCQTMxNDA4NDQwNTc5N0JEOTY1
NkU4QUM4QkEwHhcNMjUwODMwMTYzNTI4WhcNMjYxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGIzMjg0Zi0zZDU3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAqFxHYzmVh83VP5ggjQZlDVUjJBBaiKFaI2hEJP4rZDGQ7Qc4NZD1FMbxt09Y
d2nT8Q81bAYCKqF9HrATmu2gbX7EuxmVG3GtFVO4NgC1yGGd4TqetRhKxw9UzX2d
Hq2D360zcB8QTszNvrGn5OnbbZeVnyO7o8w2L523EZAck+WKArJMivHwVinGonl9
OvOPprmWZSSoKA+C/JHP670d++gao26jcrhE8L47Zar9BXNToDbps0kkbVI/HKkB
3wNvZenYgAixXD/SQVZvdTkfYJDrKaBsR4Uch1HnAJBoha/lq0Otb3PPweLgHYj/
k9xmcGkkxXK9JuK0NAOLtY0XtwIDAQABo4IClDCCApAwHQYDVR0OBBYEFJ61XNxS
9GQwR1d8pR0cBQ1NsFfzMB8GA1UdIwQYMBaAFK1WtnGHqYujFAhEBXl72WVuisi6
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE0RUFFNC82NzUzQjhBRTI1
NzUxMUU3QUMwRDE3MkFDNEY5QUUwMi9yVmEyY1llcGk2TVVDRVFGZVh2WlpXNkt5
TG8uY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL3JWYTJjWWVwaTZNVUNFUUZlWHZaWlc2S3lMby5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NEVBRTQvNjc1M0I4QUUyNTc1MTFFN0FDMEQxNzJBQzRGOUFFMDIvQTQyQUY1RDA1
NTkxMTFGMDhEOEQwNTg0QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHgYIKwYBBQUHAQcBAf8E
DzANMAsEAgABMAUDAwB84TANBgkqhkiG9w0BAQsFAAOCAQEAHkZf2kieMA9HazKn
ryp7FOHzRRcXmxbfQMj86jRdZ36BGVh3BXH6vZx3DLTRV6RN68bh8DCmuC7sCjwN
j5BCp9Q9NPQb4E1jyoZTiTzV7wjBJlLbu2b16HaZBSyLHfijzi6SRHcrPtqWMJxQ
pRWeYswvqwPZkkfbRtzmQ533yIBraB3hgIMgX2LVLqYuXh2pG7VTfo+HXN+X+dTi
6iY9174xuOhkLPUHu84HlU2vF6OparL4i0/DMfv0YxK3b9vsaokpR9THR9pwRsYd
c670fnIHGFnxj6eC330tP+sfDsAJ9wjhS+pmvkUvcRDEDgGvU5J9CQ/1hIg+9PFG
cl1Vkw==
-----END CERTIFICATE-----
Generated at Mon Oct 20 21:36:31 2025 by rpki-client