Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9185D6E/4CBFF4AEDFF111EB894F3067C4F9AE02/37F43E66A27311EFA8731822C4F9AE02.roa
File:                     37F43E66A27311EFA8731822C4F9AE02.roa (raw, json)
Hash identifier:          vy2TZeybvxjXMBwVfAEFXRXQN3w7mLcQMjLoNDfW68Y=
Subject key identifier:   54:6E:96:3F:FB:00:66:9C:AB:1B:95:1B:32:5A:89:7E:97:05:D5:F4
Certificate issuer:       /CN=A9185D6E/serialNumber=9524EA9B823C20FA78923BE6667E14F6C4C3B47E
Certificate serial:       05CE
Authority key identifier: 95:24:EA:9B:82:3C:20:FA:78:92:3B:E6:66:7E:14:F6:C4:C3:B4:7E
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/lSTqm4I8IPp4kjvmZn4U9sTDtH4.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9185D6E/4CBFF4AEDFF111EB894F3067C4F9AE02/37F43E66A27311EFA8731822C4F9AE02.roa
Signing time:             Thu 02 Oct 2025 23:24:35 +0000
ROA not before:           Thu 02 Oct 2025 23:24:35 +0000
ROA not after:            Sat 31 Oct 2026 00:00:00 +0000
asID:                     16509
IP address blocks:        104.161.192.0/20 maxlen: 24
                          104.161.208.0/20 maxlen: 24
                          161.32.64.0/20 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9185D6E/4CBFF4AEDFF111EB894F3067C4F9AE02/lSTqm4I8IPp4kjvmZn4U9sTDtH4.crl
                          rsync://rpki.apnic.net/member_repository/A9185D6E/4CBFF4AEDFF111EB894F3067C4F9AE02/lSTqm4I8IPp4kjvmZn4U9sTDtH4.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/lSTqm4I8IPp4kjvmZn4U9sTDtH4.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 26 Oct 2025 00:46:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1486 (0x5ce)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9185D6E, serialNumber=9524EA9B823C20FA78923BE6667E14F6C4C3B47E
        Validity
            Not Before: Oct  2 23:24:35 2025 GMT
            Not After : Oct 31 00:00:00 2026 GMT
        Subject: CN=68df09b3-d302
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:b7:e9:23:52:db:55:9f:03:19:55:02:01:87:a3:
                    7a:00:95:60:b7:b5:c4:b3:dd:01:c8:26:62:67:40:
                    26:1c:18:12:ab:2e:a8:c2:56:9a:28:3e:10:d7:80:
                    76:93:a1:7e:59:bd:92:34:0e:63:c6:bf:60:05:77:
                    04:5b:fe:73:6a:35:9d:d1:7d:27:d5:87:bc:ce:b0:
                    7f:f0:7e:15:46:7d:bb:b0:da:90:a4:3f:48:b5:d2:
                    a9:63:0f:7e:ca:72:23:34:ef:fc:ac:cc:0f:0f:21:
                    95:78:df:9e:8f:60:a8:cc:75:b0:70:ef:8d:d2:34:
                    19:7e:81:d0:e4:27:6d:de:fa:f1:4b:b0:6d:24:ca:
                    58:55:b5:b7:3e:23:2c:30:e4:d4:a9:07:df:d6:e6:
                    32:93:1d:2c:b3:b9:3f:0e:f0:ab:41:61:ac:9e:1c:
                    85:b5:0b:4d:5d:e3:36:f1:52:b0:d2:0a:b1:51:f9:
                    f6:d9:02:2d:ad:57:3e:b0:7f:3f:03:8b:a4:55:25:
                    4b:ef:54:a9:e1:0e:7b:42:dd:cd:15:c1:85:56:73:
                    14:17:97:41:48:2f:72:4b:1b:63:1e:b4:6b:ea:01:
                    a0:aa:3c:d8:5e:4a:55:47:89:0d:49:72:e3:70:38:
                    ba:96:02:e0:cd:6a:1b:33:a3:f3:e1:e0:cc:15:4c:
                    b8:8b
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                54:6E:96:3F:FB:00:66:9C:AB:1B:95:1B:32:5A:89:7E:97:05:D5:F4
            X509v3 Authority Key Identifier:
                keyid:95:24:EA:9B:82:3C:20:FA:78:92:3B:E6:66:7E:14:F6:C4:C3:B4:7E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9185D6E/4CBFF4AEDFF111EB894F3067C4F9AE02/lSTqm4I8IPp4kjvmZn4U9sTDtH4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/lSTqm4I8IPp4kjvmZn4U9sTDtH4.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9185D6E/4CBFF4AEDFF111EB894F3067C4F9AE02/37F43E66A27311EFA8731822C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.161.192.0/19
                  161.32.64.0/20

    Signature Algorithm: sha256WithRSAEncryption
         8f:ab:a2:e1:68:0f:9d:85:bc:2f:3b:7d:05:50:f5:77:05:f2:
         bb:58:96:1d:ed:d7:31:78:23:0d:c0:d2:90:d3:66:31:70:88:
         3b:2e:f8:62:29:43:2b:10:ad:6d:53:bb:a7:f6:ff:d0:7d:91:
         c5:6c:33:52:86:6f:fc:75:1d:e2:9e:a7:bb:16:84:83:7d:21:
         f0:b7:9d:d2:77:5d:dc:cc:ab:2c:bc:18:a7:2d:3b:71:b6:52:
         ba:91:2a:75:f6:76:ec:6d:3f:bd:4e:dd:e3:f3:72:97:e3:ba:
         74:29:f8:46:51:4d:c9:4f:0d:6e:69:93:ed:04:95:fc:94:e5:
         f0:e3:05:c5:f5:fe:43:bd:27:a7:8e:08:c7:7c:a7:88:50:7b:
         bd:6b:1d:cc:55:b3:8d:be:f7:ed:df:e2:d3:29:2b:79:b0:eb:
         2c:e3:b2:a5:2e:32:2e:07:bb:e4:81:c5:65:77:ce:bf:13:10:
         75:f2:a6:56:0f:d5:25:0a:28:7b:41:10:06:23:8b:1b:07:c3:
         50:66:ba:78:e8:e4:84:28:12:6b:a0:24:d2:d0:08:0b:91:84:
         d7:82:a3:9a:fd:9b:61:85:b7:aa:4d:40:2b:0a:5b:4c:91:73:
         e8:6e:14:db:c7:f1:04:f5:f3:e0:1a:54:77:42:0a:5e:5e:80:
         57:78:d2:68
-----BEGIN CERTIFICATE-----
MIIFdzCCBF+gAwIBAgICBc4wDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
ODVENkUxMTAvBgNVBAUTKDk1MjRFQTlCODIzQzIwRkE3ODkyM0JFNjY2N0UxNEY2
QzRDM0I0N0UwHhcNMjUxMDAyMjMyNDM1WhcNMjYxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGRmMDliMy1kMzAyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEAt+kjUttVnwMZVQIBh6N6AJVgt7XEs90ByCZiZ0AmHBgSqy6owlaaKD4Q14B2
k6F+Wb2SNA5jxr9gBXcEW/5zajWd0X0n1Ye8zrB/8H4VRn27sNqQpD9ItdKpYw9+
ynIjNO/8rMwPDyGVeN+ej2CozHWwcO+N0jQZfoHQ5Cdt3vrxS7BtJMpYVbW3PiMs
MOTUqQff1uYykx0ss7k/DvCrQWGsnhyFtQtNXeM28VKw0gqxUfn22QItrVc+sH8/
A4ukVSVL71Sp4Q57Qt3NFcGFVnMUF5dBSC9ySxtjHrRr6gGgqjzYXkpVR4kNSXLj
cDi6lgLgzWobM6Pz4eDMFUy4iwIDAQABo4ICmzCCApcwHQYDVR0OBBYEFFRulj/7
AGacqxuVGzJaiX6XBdX0MB8GA1UdIwQYMBaAFJUk6puCPCD6eJI75mZ+FPbEw7R+
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4NUQ2RS80Q0JGRjRBRURG
RjExMUVCODk0RjMwNjdDNEY5QUUwMi9sU1RxbTRJOElQcDRranZtWm40VTlzVER0
SDQuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL2xTVHFtNEk4SVBwNGtqdm1abjRVOXNURHRINC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
ODVENkUvNENCRkY0QUVERkYxMTFFQjg5NEYzMDY3QzRGOUFFMDIvMzdGNDNFNjZB
MjczMTFFRkE4NzMxODIyQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwJQYIKwYBBQUHAQcBAf8E
FjAUMBIEAgABMAwDBAVoocADBAShIEAwDQYJKoZIhvcNAQELBQADggEBAI+rouFo
D52FvC87fQVQ9XcF8rtYlh3t1zF4Iw3A0pDTZjFwiDsu+GIpQysQrW1Tu6f2/9B9
kcVsM1KGb/x1HeKep7sWhIN9IfC3ndJ3XdzMqyy8GKctO3G2UrqRKnX2duxtP71O
3ePzcpfjunQp+EZRTclPDW5pk+0ElfyU5fDjBcX1/kO9J6eOCMd8p4hQe71rHcxV
s42+9+3f4tMpK3mw6yzjsqUuMi4Hu+SBxWV3zr8TEHXyplYP1SUKKHtBEAYjixsH
w1Bmunjo5IQoEmugJNLQCAuRhNeCo5r9m2GFt6pNQCsKW0yRc+huFNvH8QT18+Aa
VHdCCl5egFd40mg=
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:40:22 2025 by rpki-client