Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9185D6E/4CBFF4AEDFF111EB894F3067C4F9AE02/229CD24AF9FB11EB8CFF5E7DC4F9AE02.roa
File:                     229CD24AF9FB11EB8CFF5E7DC4F9AE02.roa (raw, json)
Hash identifier:          n04Y3sGneIDc0gFY4gtPPq0L4eOtSWnQu7Ei64M+chk=
Subject key identifier:   84:79:6D:45:DB:E5:23:EA:B3:C4:BE:6E:39:A6:CB:0C:B3:F5:F0:0D
Certificate issuer:       /CN=A9185D6E/serialNumber=9524EA9B823C20FA78923BE6667E14F6C4C3B47E
Certificate serial:       05CF
Authority key identifier: 95:24:EA:9B:82:3C:20:FA:78:92:3B:E6:66:7E:14:F6:C4:C3:B4:7E
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/lSTqm4I8IPp4kjvmZn4U9sTDtH4.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9185D6E/4CBFF4AEDFF111EB894F3067C4F9AE02/229CD24AF9FB11EB8CFF5E7DC4F9AE02.roa
Signing time:             Thu 02 Oct 2025 23:24:36 +0000
ROA not before:           Thu 02 Oct 2025 23:24:35 +0000
ROA not after:            Sat 31 Oct 2026 00:00:00 +0000
asID:                     394808
IP address blocks:        104.161.234.0/23 maxlen: 24
                          104.161.252.0/24 maxlen: 24
                          104.161.253.0/24 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9185D6E/4CBFF4AEDFF111EB894F3067C4F9AE02/lSTqm4I8IPp4kjvmZn4U9sTDtH4.crl
                          rsync://rpki.apnic.net/member_repository/A9185D6E/4CBFF4AEDFF111EB894F3067C4F9AE02/lSTqm4I8IPp4kjvmZn4U9sTDtH4.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/lSTqm4I8IPp4kjvmZn4U9sTDtH4.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 26 Oct 2025 00:46:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1487 (0x5cf)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9185D6E, serialNumber=9524EA9B823C20FA78923BE6667E14F6C4C3B47E
        Validity
            Not Before: Oct  2 23:24:35 2025 GMT
            Not After : Oct 31 00:00:00 2026 GMT
        Subject: CN=68df09b3-99d7
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:ab:0a:29:5b:9d:d3:e0:cc:12:3c:9e:68:a0:88:
                    c4:5f:e9:de:3d:bb:d4:fb:36:44:5a:9f:88:1c:32:
                    fc:21:87:4f:c3:e0:a1:32:45:7d:d8:98:9f:f2:ca:
                    16:cb:e0:cd:ef:64:5e:20:79:24:04:11:61:bc:96:
                    65:e7:cc:21:a9:ce:b8:b9:0a:bb:22:78:f5:4c:79:
                    f8:9a:fa:87:1f:de:9b:82:2c:5a:39:77:82:c7:3c:
                    0a:29:fe:57:5a:65:55:91:e5:c9:30:41:c6:4a:fa:
                    e8:9d:6b:7c:be:78:b7:1d:52:53:5d:09:87:7e:64:
                    b9:34:c0:81:71:54:63:b2:f2:1f:cf:1b:d9:e2:7e:
                    2d:e6:d5:53:f2:a8:53:d5:79:4c:89:35:01:6d:2c:
                    43:66:68:52:f0:8d:a8:b9:3a:39:d9:1b:50:eb:24:
                    66:81:ef:c0:4d:13:84:a7:e3:ad:2b:2d:51:fa:a7:
                    ea:fe:df:e5:0b:82:d3:70:a0:df:d9:e7:5e:d6:ed:
                    88:37:e4:3c:d3:3d:76:15:e1:ec:e8:b1:a4:b2:c6:
                    9b:b0:c2:50:f9:9c:0c:25:79:a2:31:a8:18:9b:42:
                    f7:d4:b3:ea:41:8f:01:d5:2f:9a:ed:c0:d6:99:22:
                    74:92:15:4c:e9:09:6c:00:9d:73:63:70:b1:21:36:
                    38:fd
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                84:79:6D:45:DB:E5:23:EA:B3:C4:BE:6E:39:A6:CB:0C:B3:F5:F0:0D
            X509v3 Authority Key Identifier:
                keyid:95:24:EA:9B:82:3C:20:FA:78:92:3B:E6:66:7E:14:F6:C4:C3:B4:7E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9185D6E/4CBFF4AEDFF111EB894F3067C4F9AE02/lSTqm4I8IPp4kjvmZn4U9sTDtH4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/lSTqm4I8IPp4kjvmZn4U9sTDtH4.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9185D6E/4CBFF4AEDFF111EB894F3067C4F9AE02/229CD24AF9FB11EB8CFF5E7DC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.161.234.0/23
                  104.161.252.0/23

    Signature Algorithm: sha256WithRSAEncryption
         92:ef:67:50:08:4b:c7:37:67:9b:8d:d8:b2:fd:8c:5b:21:71:
         c8:31:21:61:8c:ba:d4:dc:52:27:5d:d7:6c:57:47:41:22:e6:
         f7:36:87:94:2c:ce:51:c8:14:59:03:99:31:06:61:27:bc:0e:
         fd:f9:cf:ab:72:2a:d0:47:36:85:f0:22:4f:03:78:8c:00:be:
         6e:b4:07:ab:86:6a:30:71:fb:0e:ce:9a:85:47:0f:91:6c:db:
         b4:f2:2d:f6:e4:c9:c6:5c:a7:d8:97:e1:f0:08:88:92:b2:2e:
         46:37:a9:1e:9e:d2:fd:9d:09:75:c4:47:40:19:1e:a3:8b:ea:
         3e:17:91:85:93:0c:d8:6e:46:4b:d7:8e:47:ef:34:c3:21:5e:
         6a:0c:06:f9:53:0c:7e:6d:5e:30:71:17:1b:c1:fd:37:4a:e5:
         0e:19:46:c0:15:0a:c6:ff:e8:b6:6c:74:18:aa:c2:7b:c8:4c:
         c7:91:d9:91:f9:85:3a:33:f9:38:e2:38:c2:c2:18:7d:bc:55:
         8e:04:ef:81:11:9f:7c:88:af:3d:8a:55:b9:3d:62:dc:c7:f3:
         5b:71:ae:71:81:f9:49:54:6c:50:5c:fd:de:f7:12:ca:6c:9e:
         1f:d0:1f:a0:21:82:84:4c:62:23:c4:79:21:52:39:54:7c:77:
         cf:54:6b:e6
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICBc8wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
ODVENkUxMTAvBgNVBAUTKDk1MjRFQTlCODIzQzIwRkE3ODkyM0JFNjY2N0UxNEY2
QzRDM0I0N0UwHhcNMjUxMDAyMjMyNDM1WhcNMjYxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGRmMDliMy05OWQ3MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAqwopW53T4MwSPJ5ooIjEX+nePbvU+zZEWp+IHDL8IYdPw+ChMkV92Jif8soW
y+DN72ReIHkkBBFhvJZl58whqc64uQq7Inj1THn4mvqHH96bgixaOXeCxzwKKf5X
WmVVkeXJMEHGSvronWt8vni3HVJTXQmHfmS5NMCBcVRjsvIfzxvZ4n4t5tVT8qhT
1XlMiTUBbSxDZmhS8I2ouTo52RtQ6yRmge/ATROEp+OtKy1R+qfq/t/lC4LTcKDf
2ede1u2IN+Q80z12FeHs6LGkssabsMJQ+ZwMJXmiMagYm0L31LPqQY8B1S+a7cDW
mSJ0khVM6QlsAJ1zY3CxITY4/QIDAQABo4ICmzCCApcwHQYDVR0OBBYEFIR5bUXb
5SPqs8S+bjmmywyz9fANMB8GA1UdIwQYMBaAFJUk6puCPCD6eJI75mZ+FPbEw7R+
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4NUQ2RS80Q0JGRjRBRURG
RjExMUVCODk0RjMwNjdDNEY5QUUwMi9sU1RxbTRJOElQcDRranZtWm40VTlzVER0
SDQuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL2xTVHFtNEk4SVBwNGtqdm1abjRVOXNURHRINC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
ODVENkUvNENCRkY0QUVERkYxMTFFQjg5NEYzMDY3QzRGOUFFMDIvMjI5Q0QyNEFG
OUZCMTFFQjhDRkY1RTdEQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBAFooeoDBAFoofwwDQYJKoZIhvcNAQELBQADggEBAJLvZ1AI
S8c3Z5uN2LL9jFshccgxIWGMutTcUidd12xXR0Ei5vc2h5QszlHIFFkDmTEGYSe8
Dv35z6tyKtBHNoXwIk8DeIwAvm60B6uGajBx+w7OmoVHD5Fs27TyLfbkycZcp9iX
4fAIiJKyLkY3qR6e0v2dCXXER0AZHqOL6j4XkYWTDNhuRkvXjkfvNMMhXmoMBvlT
DH5tXjBxFxvB/TdK5Q4ZRsAVCsb/6LZsdBiqwnvITMeR2ZH5hToz+TjiOMLCGH28
VY4E74ERn3yIrz2KVbk9YtzH81txrnGB+UlUbFBc/d73Espsnh/QH6AhgoRMYiPE
eSFSOVR8d89Ua+Y=
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:45:38 2025 by rpki-client