Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9157D7A/5DDCCCC6991511EB96727243C4F9AE02/2E96A63A690A11EF9525E980C4F9AE02.roa
File:                     2E96A63A690A11EF9525E980C4F9AE02.roa (raw, json)
Hash identifier:          n+cZOeCarx5jNko9dz4X4vMi8IAEqtDVRtDk4yCyv7k=
Subject key identifier:   56:22:2A:46:AA:13:D3:39:E6:0B:9D:85:22:5E:E1:6F:CB:28:D3:03
Certificate issuer:       /CN=A9157D7A/serialNumber=401B429906C90EA03ECFC61B15BA4EF123903379
Certificate serial:       07D6
Authority key identifier: 40:1B:42:99:06:C9:0E:A0:3E:CF:C6:1B:15:BA:4E:F1:23:90:33:79
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QBtCmQbJDqA-z8YbFbpO8SOQM3k.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9157D7A/5DDCCCC6991511EB96727243C4F9AE02/2E96A63A690A11EF9525E980C4F9AE02.roa
Signing time:             Mon 13 Oct 2025 12:28:19 +0000
ROA not before:           Mon 13 Oct 2025 12:28:19 +0000
ROA not after:            Thu 28 May 2026 00:00:00 +0000
asID:                     45820
IP address blocks:        14.194.0.0/18 maxlen: 24
                          14.194.64.0/18 maxlen: 24
                          14.194.128.0/18 maxlen: 24
                          14.194.208.0/20 maxlen: 24
                          14.194.240.0/20 maxlen: 24
                          14.195.0.0/18 maxlen: 24
                          14.195.64.0/19 maxlen: 24
                          14.195.96.0/19 maxlen: 24
                          14.195.128.0/18 maxlen: 24
                          14.195.192.0/20 maxlen: 24
                          14.195.208.0/20 maxlen: 24
                          14.195.240.0/20 maxlen: 24
                          49.200.0.0/14 maxlen: 14
                          49.200.0.0/19 maxlen: 24
                          49.200.48.0/21 maxlen: 24
                          49.202.208.0/24 maxlen: 24
                          49.249.0.0/17 maxlen: 24
                          49.249.128.0/18 maxlen: 24
                          115.160.217.0/24 maxlen: 24
                          182.156.0.0/18 maxlen: 22
                          182.156.0.0/22 maxlen: 24
                          182.156.4.0/23 maxlen: 24
                          182.156.8.0/21 maxlen: 24
                          182.156.16.0/22 maxlen: 24
                          182.156.22.0/23 maxlen: 24
                          182.156.24.0/21 maxlen: 23
                          182.156.24.0/23 maxlen: 24
                          182.156.28.0/22 maxlen: 24
                          182.156.32.0/19 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9157D7A/5DDCCCC6991511EB96727243C4F9AE02/QBtCmQbJDqA-z8YbFbpO8SOQM3k.crl
                          rsync://rpki.apnic.net/member_repository/A9157D7A/5DDCCCC6991511EB96727243C4F9AE02/QBtCmQbJDqA-z8YbFbpO8SOQM3k.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QBtCmQbJDqA-z8YbFbpO8SOQM3k.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 26 Oct 2025 00:04:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 2006 (0x7d6)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9157D7A, serialNumber=401B429906C90EA03ECFC61B15BA4EF123903379
        Validity
            Not Before: Oct 13 12:28:19 2025 GMT
            Not After : May 28 00:00:00 2026 GMT
        Subject: CN=68ecf063-7319
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ef:00:e3:dd:a3:a4:87:be:7a:21:d3:80:65:f3:
                    77:6f:45:4f:ad:e6:4a:c5:df:da:d7:26:fc:e4:bc:
                    51:26:7b:7d:eb:13:68:98:c4:7e:cb:ba:c1:3c:78:
                    56:c0:cf:08:13:04:95:7c:aa:fe:36:3b:e7:2e:d6:
                    a0:29:75:e1:e6:46:74:6f:7a:d2:b7:4a:3e:90:3e:
                    30:56:3b:57:3b:ed:e2:f3:3b:9f:5a:94:dd:0f:b8:
                    5d:d9:64:ff:bc:4c:3f:e1:48:95:65:45:d8:19:65:
                    69:69:50:8e:4c:7d:7f:56:1f:a6:62:54:c9:90:b3:
                    17:1e:cf:0c:2b:56:ca:d6:6c:2d:16:f6:8a:e2:9f:
                    cb:fa:31:38:88:9b:f4:30:ac:f0:50:f0:c2:41:b0:
                    60:2f:6b:15:e3:73:c8:42:18:53:ff:0f:b6:d5:fe:
                    3d:8e:76:c9:c3:4f:f7:26:9d:4f:77:1c:86:70:a8:
                    b4:a1:43:67:d8:56:2c:84:b1:18:f3:8f:2c:f0:c8:
                    0d:56:44:ca:f7:d9:0a:44:72:26:8a:3d:00:90:86:
                    42:44:fb:56:97:89:7b:0d:94:d8:75:f4:86:c4:3d:
                    99:ab:2a:cc:43:74:d7:93:db:9e:ee:3b:58:5b:35:
                    65:45:ce:46:2e:b5:87:c4:be:77:5c:3d:1a:ac:cb:
                    f3:25
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                56:22:2A:46:AA:13:D3:39:E6:0B:9D:85:22:5E:E1:6F:CB:28:D3:03
            X509v3 Authority Key Identifier:
                keyid:40:1B:42:99:06:C9:0E:A0:3E:CF:C6:1B:15:BA:4E:F1:23:90:33:79

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9157D7A/5DDCCCC6991511EB96727243C4F9AE02/QBtCmQbJDqA-z8YbFbpO8SOQM3k.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/QBtCmQbJDqA-z8YbFbpO8SOQM3k.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9157D7A/5DDCCCC6991511EB96727243C4F9AE02/2E96A63A690A11EF9525E980C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  14.194.0.0-14.194.191.255
                  14.194.208.0/20
                  14.194.240.0-14.195.223.255
                  14.195.240.0/20
                  49.200.0.0/14
                  49.249.0.0-49.249.191.255
                  115.160.217.0/24
                  182.156.0.0/18

    Signature Algorithm: sha256WithRSAEncryption
         1d:82:9a:b9:4f:0e:8c:7f:59:be:60:a3:c9:5f:7e:86:1d:ff:
         94:e2:e7:ac:f8:c5:48:78:f6:1a:b2:a7:bb:18:b1:23:e6:69:
         e2:57:ec:1f:19:ea:f2:39:95:25:b4:2b:e7:50:69:90:cc:1b:
         48:9e:2d:62:8e:ff:d7:56:b9:c5:6a:56:b8:39:96:dd:78:de:
         b2:70:c8:97:ac:ac:13:ee:81:a6:be:46:37:d3:1e:1a:86:d9:
         75:15:4e:18:b3:8b:80:38:81:26:95:10:bb:79:08:11:04:da:
         61:01:7e:d3:da:35:57:00:32:bd:e4:38:7b:e6:1d:0b:49:94:
         9e:63:e0:13:2d:50:89:b3:6d:c6:46:7d:3f:fe:c4:93:f4:17:
         96:47:e0:a0:24:10:4a:63:96:27:ae:08:51:40:40:6e:83:6f:
         74:bc:dd:09:a3:98:01:78:84:ac:80:38:83:a2:0f:05:0f:58:
         94:59:95:f0:cd:5d:13:a5:1f:81:66:2a:7d:ce:b3:f8:e5:7e:
         e2:13:4d:c9:b4:af:7d:38:2d:fd:4f:49:49:0b:2f:0a:f3:65:
         63:db:ea:5e:d3:67:e9:a7:02:8a:9b:8b:fc:08:73:96:0d:7e:
         3a:7c:6b:af:7a:5b:3a:91:8c:cb:05:8f:6b:5a:ce:54:74:c0:
         1d:a7:4e:25
-----BEGIN CERTIFICATE-----
MIIFsDCCBJigAwIBAgICB9YwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
NTdEN0ExMTAvBgNVBAUTKDQwMUI0Mjk5MDZDOTBFQTAzRUNGQzYxQjE1QkE0RUYx
MjM5MDMzNzkwHhcNMjUxMDEzMTIyODE5WhcNMjYwNTI4MDAwMDAwWjAYMRYwFAYD
VQQDEw02OGVjZjA2My03MzE5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA7wDj3aOkh756IdOAZfN3b0VPreZKxd/a1yb85LxRJnt96xNomMR+y7rBPHhW
wM8IEwSVfKr+NjvnLtagKXXh5kZ0b3rSt0o+kD4wVjtXO+3i8zufWpTdD7hd2WT/
vEw/4UiVZUXYGWVpaVCOTH1/Vh+mYlTJkLMXHs8MK1bK1mwtFvaK4p/L+jE4iJv0
MKzwUPDCQbBgL2sV43PIQhhT/w+21f49jnbJw0/3Jp1PdxyGcKi0oUNn2FYshLEY
848s8MgNVkTK99kKRHImij0AkIZCRPtWl4l7DZTYdfSGxD2ZqyrMQ3TXk9ue7jtY
WzVlRc5GLrWHxL53XD0arMvzJQIDAQABo4IC1DCCAtAwHQYDVR0OBBYEFFYiKkaq
E9M55gudhSJe4W/LKNMDMB8GA1UdIwQYMBaAFEAbQpkGyQ6gPs/GGxW6TvEjkDN5
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE1N0Q3QS81RERDQ0NDNjk5
MTUxMUVCOTY3MjcyNDNDNEY5QUUwMi9RQnRDbVFiSkRxQS16OFliRmJwTzhTT1FN
M2suY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL1FCdENtUWJKRHFBLXo4WWJGYnBPOFNPUU0zay5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
NTdEN0EvNUREQ0NDQzY5OTE1MTFFQjk2NzI3MjQzQzRGOUFFMDIvMkU5NkE2M0E2
OTBBMTFFRjk1MjVFOTgwQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwXgYIKwYBBQUHAQcBAf8E
TzBNMEsEAgABMEUwCwMDAQ7CAwQGDsKAAwQEDsLQMAwDBAQOwvADBAUOw8ADBAQO
w/ADAwIxyDALAwMAMfkDBAYx+YADBABzoNkDBAa2nAAwDQYJKoZIhvcNAQELBQAD
ggEBAB2CmrlPDox/Wb5go8lffoYd/5Ti56z4xUh49hqyp7sYsSPmaeJX7B8Z6vI5
lSW0K+dQaZDMG0ieLWKO/9dWucVqVrg5lt143rJwyJesrBPugaa+RjfTHhqG2XUV
Thizi4A4gSaVELt5CBEE2mEBftPaNVcAMr3kOHvmHQtJlJ5j4BMtUImzbcZGfT/+
xJP0F5ZH4KAkEEpjlieuCFFAQG6Db3S83QmjmAF4hKyAOIOiDwUPWJRZlfDNXROl
H4FmKn3Os/jlfuITTcm0r304Lf1PSUkLLwrzZWPb6l7TZ+mnAoqbi/wIc5YNfjp8
a696WzqRjMsFj2tazlR0wB2nTiU=
-----END CERTIFICATE-----
Generated at Mon Oct 20 17:49:31 2025 by rpki-client