Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9156740/3528B0CC16C011ED80089A21C4F9AE02/BBF0DD5216CD11EDBB046C79C4F9AE02.roa
File:                     BBF0DD5216CD11EDBB046C79C4F9AE02.roa (raw, json)
Hash identifier:          qXJ6WIYPz1bw3bsc4PG2hiq2kWx6ipTX7+9TfJ3AB80=
Subject key identifier:   96:3D:17:5A:3C:52:27:84:1E:EC:09:78:B0:81:8C:C0:44:77:47:DA
Certificate issuer:       /CN=A9156740/serialNumber=E2BBAD393158A0674C6949EC3B8A0B73F86029A2
Certificate serial:       02AB
Authority key identifier: E2:BB:AD:39:31:58:A0:67:4C:69:49:EC:3B:8A:0B:73:F8:60:29:A2
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/4rutOTFYoGdMaUnsO4oLc_hgKaI.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9156740/3528B0CC16C011ED80089A21C4F9AE02/BBF0DD5216CD11EDBB046C79C4F9AE02.roa
Signing time:             Thu 25 Sep 2025 02:20:13 +0000
ROA not before:           Thu 25 Sep 2025 02:20:13 +0000
ROA not after:            Tue 01 Dec 2026 00:00:00 +0000
asID:                     4648
IP address blocks:        202.27.146.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9156740/3528B0CC16C011ED80089A21C4F9AE02/4rutOTFYoGdMaUnsO4oLc_hgKaI.crl
                          rsync://rpki.apnic.net/member_repository/A9156740/3528B0CC16C011ED80089A21C4F9AE02/4rutOTFYoGdMaUnsO4oLc_hgKaI.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/4rutOTFYoGdMaUnsO4oLc_hgKaI.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 26 Oct 2025 03:42:59 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 683 (0x2ab)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9156740, serialNumber=E2BBAD393158A0674C6949EC3B8A0B73F86029A2
        Validity
            Not Before: Sep 25 02:20:13 2025 GMT
            Not After : Dec  1 00:00:00 2026 GMT
        Subject: CN=68d4a6dd-e7a1
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:14:bb:43:a9:64:eb:c0:21:05:8a:48:94:98:
                    74:49:5a:1c:2c:ce:75:09:75:ef:d6:fa:8c:18:d1:
                    d2:29:db:a7:f7:0f:fc:17:d7:87:e0:2f:c1:82:77:
                    72:77:d4:fe:4d:92:18:14:d8:23:d4:a6:f5:2e:39:
                    d0:06:11:65:9c:07:c5:00:e9:06:20:06:f1:fc:f7:
                    b7:01:3c:5d:e8:7a:fa:44:23:05:19:a4:f2:37:9b:
                    b8:6a:1b:58:99:5e:51:0c:c0:97:fd:7b:45:d8:e3:
                    8a:93:a5:cf:b6:7c:2e:31:d2:53:91:36:82:78:d2:
                    d0:9f:ca:fd:ec:4d:18:be:04:17:09:ea:6a:68:5a:
                    06:c6:d2:83:39:d0:54:0d:20:ff:b7:1d:c8:dd:95:
                    93:93:76:bf:e2:20:d1:82:fc:00:3f:c7:61:32:b4:
                    e1:c1:40:3a:18:5e:69:c6:f3:22:19:9b:3b:01:67:
                    80:50:07:fe:42:9c:1d:ab:4a:0b:82:0e:d4:df:0f:
                    e5:b6:12:ea:bd:08:5c:61:12:fa:55:4d:4e:1d:23:
                    a2:2b:a4:fc:1f:56:c7:c8:1d:3a:06:b2:3c:ca:51:
                    84:c9:74:77:1b:2f:53:5c:92:f2:58:f9:9d:24:df:
                    dc:76:1c:73:29:9d:8e:c1:bb:89:25:14:09:7c:63:
                    49:45
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                96:3D:17:5A:3C:52:27:84:1E:EC:09:78:B0:81:8C:C0:44:77:47:DA
            X509v3 Authority Key Identifier:
                keyid:E2:BB:AD:39:31:58:A0:67:4C:69:49:EC:3B:8A:0B:73:F8:60:29:A2

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9156740/3528B0CC16C011ED80089A21C4F9AE02/4rutOTFYoGdMaUnsO4oLc_hgKaI.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/4rutOTFYoGdMaUnsO4oLc_hgKaI.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9156740/3528B0CC16C011ED80089A21C4F9AE02/BBF0DD5216CD11EDBB046C79C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.27.146.0/24

    Signature Algorithm: sha256WithRSAEncryption
         40:c9:c6:c7:7a:a8:04:ad:60:80:cf:3e:f0:88:b3:b2:c2:8d:
         7e:af:94:f5:bf:df:ea:2b:66:ab:28:8b:54:b8:cd:8c:c8:e5:
         90:45:75:08:e3:65:4a:9a:6b:06:b1:db:dc:6e:e7:8b:fd:09:
         6a:41:eb:db:cc:8f:21:04:41:98:64:3c:e5:d1:7e:49:0b:fd:
         d3:2a:75:28:3e:a6:6e:b6:c9:6e:1a:13:8f:93:63:8b:d4:53:
         e9:5c:cd:25:82:41:15:1c:33:3f:7c:b5:f5:0d:37:be:c3:04:
         b8:1d:ab:2c:6b:57:f9:ef:59:55:82:95:27:ab:8c:38:cd:8b:
         16:48:1b:92:ce:89:ca:5e:ed:10:09:51:5a:98:b6:03:8a:91:
         1f:8f:8a:e1:58:25:b5:10:67:7e:fb:76:86:ae:5c:a3:38:4c:
         a0:e8:ed:db:0d:77:a4:1b:f1:eb:4e:33:00:8c:47:98:86:42:
         aa:0c:4f:64:64:63:a2:a1:21:6d:e3:3e:ca:22:7c:67:a6:74:
         9c:b9:3f:2b:56:0c:3c:12:c1:46:5e:31:d1:02:2d:8b:56:55:
         bd:2d:35:fc:52:1a:d0:b0:41:45:f9:44:d8:03:76:a9:3d:54:
         65:02:6b:84:48:5a:db:d7:6f:b5:38:e8:d6:eb:ee:9d:0c:b7:
         cc:2e:83:a1
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICAqswDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NTY3NDAxMTAvBgNVBAUTKEUyQkJBRDM5MzE1OEEwNjc0QzY5NDlFQzNCOEEwQjcz
Rjg2MDI5QTIwHhcNMjUwOTI1MDIyMDEzWhcNMjYxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGQ0YTZkZC1lN2ExMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA4BS7Q6lk68AhBYpIlJh0SVocLM51CXXv1vqMGNHSKdun9w/8F9eH4C/Bgndy
d9T+TZIYFNgj1Kb1LjnQBhFlnAfFAOkGIAbx/Pe3ATxd6Hr6RCMFGaTyN5u4ahtY
mV5RDMCX/XtF2OOKk6XPtnwuMdJTkTaCeNLQn8r97E0YvgQXCepqaFoGxtKDOdBU
DSD/tx3I3ZWTk3a/4iDRgvwAP8dhMrThwUA6GF5pxvMiGZs7AWeAUAf+Qpwdq0oL
gg7U3w/lthLqvQhcYRL6VU1OHSOiK6T8H1bHyB06BrI8ylGEyXR3Gy9TXJLyWPmd
JN/cdhxzKZ2OwbuJJRQJfGNJRQIDAQABo4IClTCCApEwHQYDVR0OBBYEFJY9F1o8
UieEHuwJeLCBjMBEd0faMB8GA1UdIwQYMBaAFOK7rTkxWKBnTGlJ7DuKC3P4YCmi
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1Njc0MC8zNTI4QjBDQzE2
QzAxMUVEODAwODlBMjFDNEY5QUUwMi80cnV0T1RGWW9HZE1hVW5zTzRvTGNfaGdL
YUkuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyLzRydXRPVEZZb0dkTWFVbnNPNG9MY19oZ0thSS5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NTY3NDAvMzUyOEIwQ0MxNkMwMTFFRDgwMDg5QTIxQzRGOUFFMDIvQkJGMERENTIx
NkNEMTFFREJCMDQ2Qzc5QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADKG5IwDQYJKoZIhvcNAQELBQADggEBAEDJxsd6qAStYIDP
PvCIs7LCjX6vlPW/3+orZqsoi1S4zYzI5ZBFdQjjZUqaawax29xu54v9CWpB69vM
jyEEQZhkPOXRfkkL/dMqdSg+pm62yW4aE4+TY4vUU+lczSWCQRUcMz98tfUNN77D
BLgdqyxrV/nvWVWClSerjDjNixZIG5LOicpe7RAJUVqYtgOKkR+PiuFYJbUQZ377
doauXKM4TKDo7dsNd6Qb8etOMwCMR5iGQqoMT2RkY6KhIW3jPsoifGemdJy5PytW
DDwSwUZeMdECLYtWVb0tNfxSGtCwQUX5RNgDdqk9VGUCa4RIWtvXb7U46Nbr7p0M
t8wug6E=
-----END CERTIFICATE-----
Generated at Mon Oct 20 14:21:43 2025 by rpki-client