Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9185344/515CABE01DA111E2B2CD6D9308B02CD2/438B5C5E2CD411EC8884B41FC4F9AE02.roa
File:                     438B5C5E2CD411EC8884B41FC4F9AE02.roa (raw, json)
Hash identifier:          fvjNR7aEXviMeBGpx7kzk2S8B+LOJKavqoJJ41ujD8w=
Subject key identifier:   2C:4A:F2:9C:8D:EB:12:56:7F:60:A9:E1:7A:0F:65:9C:74:BD:82:CD
Certificate issuer:       /CN=A9185344/serialNumber=89FD27C5067B4CF412296FEBA6CE6D831185800B
Certificate serial:       34E8
Authority key identifier: 89:FD:27:C5:06:7B:4C:F4:12:29:6F:EB:A6:CE:6D:83:11:85:80:0B
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/if0nxQZ7TPQSKW_rps5tgxGFgAs.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9185344/515CABE01DA111E2B2CD6D9308B02CD2/438B5C5E2CD411EC8884B41FC4F9AE02.roa
Signing time:             Mon 06 Oct 2025 15:11:08 +0000
ROA not before:           Mon 06 Oct 2025 15:11:08 +0000
ROA not after:            Wed 30 Dec 2026 00:00:00 +0000
asID:                     198247
IP address blocks:        203.171.126.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9185344/515CABE01DA111E2B2CD6D9308B02CD2/if0nxQZ7TPQSKW_rps5tgxGFgAs.crl
                          rsync://rpki.apnic.net/member_repository/A9185344/515CABE01DA111E2B2CD6D9308B02CD2/if0nxQZ7TPQSKW_rps5tgxGFgAs.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/if0nxQZ7TPQSKW_rps5tgxGFgAs.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sat 25 Oct 2025 15:13:21 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 13544 (0x34e8)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9185344, serialNumber=89FD27C5067B4CF412296FEBA6CE6D831185800B
        Validity
            Not Before: Oct  6 15:11:08 2025 GMT
            Not After : Dec 30 00:00:00 2026 GMT
        Subject: CN=68e3dc0b-9239
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dd:a6:4b:ae:1c:d7:c4:c9:d9:15:f1:d5:d2:c3:
                    d3:02:e1:4c:8b:45:47:54:7f:41:21:aa:9e:44:be:
                    7a:69:bc:ec:6f:33:60:7f:ee:4e:ba:fa:b3:7d:df:
                    3d:f2:75:c9:dc:eb:1b:06:10:d9:da:cb:d2:ab:d0:
                    ff:5a:95:03:ac:20:94:74:34:68:c7:e7:cc:fa:06:
                    69:a0:06:a0:86:b3:ff:9a:6e:10:db:69:f0:17:ae:
                    61:5c:98:5c:a1:4a:5e:ba:5f:58:fe:c1:4d:d7:61:
                    55:f6:27:40:e2:91:4c:26:c4:13:f7:f4:51:47:d9:
                    69:4a:a1:b4:56:37:18:d9:5d:13:fd:c2:e8:5d:9e:
                    bd:01:2a:12:df:04:9f:74:d1:76:ac:ab:e8:01:a5:
                    f2:4e:a2:99:57:30:4d:bb:00:59:11:de:b4:c5:95:
                    4b:e3:b4:1d:6b:2b:12:7f:23:21:81:b8:83:10:ea:
                    2c:38:f0:d8:44:97:50:0a:11:0d:78:96:65:95:20:
                    d4:18:0f:55:50:eb:ed:21:99:34:22:c2:97:8a:75:
                    15:ce:65:f2:63:97:63:b8:ab:4b:dd:87:ea:40:a0:
                    7f:9e:c8:f1:d9:02:d2:3d:b3:74:8a:ce:0b:a2:73:
                    25:8f:79:74:3c:d1:06:19:4e:5e:09:0b:99:5a:a2:
                    0c:37
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                2C:4A:F2:9C:8D:EB:12:56:7F:60:A9:E1:7A:0F:65:9C:74:BD:82:CD
            X509v3 Authority Key Identifier:
                keyid:89:FD:27:C5:06:7B:4C:F4:12:29:6F:EB:A6:CE:6D:83:11:85:80:0B

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9185344/515CABE01DA111E2B2CD6D9308B02CD2/if0nxQZ7TPQSKW_rps5tgxGFgAs.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/if0nxQZ7TPQSKW_rps5tgxGFgAs.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9185344/515CABE01DA111E2B2CD6D9308B02CD2/438B5C5E2CD411EC8884B41FC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  203.171.126.0/24

    Signature Algorithm: sha256WithRSAEncryption
         7f:22:31:f4:ed:18:ef:80:b1:84:b3:89:8b:56:7a:63:21:b0:
         e4:69:0b:b0:a1:28:5c:cc:ef:12:e8:06:37:36:b4:c7:b4:0b:
         de:1d:78:91:f7:17:e3:6d:b7:6e:79:8a:cd:ea:00:ce:f9:f5:
         3e:07:fb:1c:d7:1a:23:1d:aa:aa:a1:8b:3e:93:02:5b:6e:80:
         12:8a:87:f3:9b:bb:85:65:e7:c3:9e:a3:bd:a0:7d:9b:f4:03:
         e0:ce:56:03:ce:fd:5b:f6:3e:28:2a:9f:43:18:d1:55:92:34:
         eb:67:10:71:b0:5f:a7:24:fe:e5:09:fc:e5:95:37:2c:f1:6c:
         f0:7d:39:84:c7:76:f4:03:74:64:3c:6f:12:5e:05:7f:38:b1:
         cf:8a:27:30:cc:5a:15:8c:9c:ec:c9:65:a2:d5:5a:1b:fc:49:
         fb:a4:07:f2:13:c7:1b:65:ba:89:cf:67:6a:bc:d2:65:9e:a6:
         eb:e0:dc:38:70:97:1f:fe:db:b8:83:d0:e6:c9:54:a4:ca:56:
         4c:e2:60:24:eb:35:39:02:ba:b6:05:a6:56:1a:e7:b7:24:21:
         7c:36:a7:4a:1c:5a:b2:53:06:6f:a7:66:6d:d9:fe:3e:97:e4:
         c7:88:bc:5e:e9:40:44:84:5b:3b:f4:49:94:76:5b:40:6a:21:
         3e:b4:2b:74
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICNOgwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
ODUzNDQxMTAvBgNVBAUTKDg5RkQyN0M1MDY3QjRDRjQxMjI5NkZFQkE2Q0U2RDgz
MTE4NTgwMEIwHhcNMjUxMDA2MTUxMTA4WhcNMjYxMjMwMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGUzZGMwYi05MjM5MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA3aZLrhzXxMnZFfHV0sPTAuFMi0VHVH9BIaqeRL56abzsbzNgf+5Ouvqzfd89
8nXJ3OsbBhDZ2svSq9D/WpUDrCCUdDRox+fM+gZpoAaghrP/mm4Q22nwF65hXJhc
oUpeul9Y/sFN12FV9idA4pFMJsQT9/RRR9lpSqG0VjcY2V0T/cLoXZ69ASoS3wSf
dNF2rKvoAaXyTqKZVzBNuwBZEd60xZVL47QdaysSfyMhgbiDEOosOPDYRJdQChEN
eJZllSDUGA9VUOvtIZk0IsKXinUVzmXyY5djuKtL3YfqQKB/nsjx2QLSPbN0is4L
onMlj3l0PNEGGU5eCQuZWqIMNwIDAQABo4IClTCCApEwHQYDVR0OBBYEFCxK8pyN
6xJWf2Cp4XoPZZx0vYLNMB8GA1UdIwQYMBaAFIn9J8UGe0z0Eilv66bObYMRhYAL
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4NTM0NC81MTVDQUJFMDFE
QTExMUUyQjJDRDZEOTMwOEIwMkNEMi9pZjBueFFaN1RQUVNLV19ycHM1dGd4R0Zn
QXMuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2lmMG54UVo3VFBRU0tXX3JwczV0Z3hHRmdBcy5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
ODUzNDQvNTE1Q0FCRTAxREExMTFFMkIyQ0Q2RDkzMDhCMDJDRDIvNDM4QjVDNUUy
Q0Q0MTFFQzg4ODRCNDFGQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBADLq34wDQYJKoZIhvcNAQELBQADggEBAH8iMfTtGO+AsYSz
iYtWemMhsORpC7ChKFzM7xLoBjc2tMe0C94deJH3F+Ntt255is3qAM759T4H+xzX
GiMdqqqhiz6TAltugBKKh/Obu4Vl58Oeo72gfZv0A+DOVgPO/Vv2Pigqn0MY0VWS
NOtnEHGwX6ck/uUJ/OWVNyzxbPB9OYTHdvQDdGQ8bxJeBX84sc+KJzDMWhWMnOzJ
ZaLVWhv8SfukB/ITxxtluonPZ2q80mWepuvg3Dhwlx/+27iD0ObJVKTKVkziYCTr
NTkCurYFplYa57ckIXw2p0ocWrJTBm+nZm3Z/j6X5MeIvF7pQESEWzv0SZR2W0Bq
IT60K3Q=
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:45:40 2025 by rpki-client