Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9185D6E/4CBFF4AEDFF111EB894F3067C4F9AE02/53BCB840EA4211EB846B8757C4F9AE02.roa
File:                     53BCB840EA4211EB846B8757C4F9AE02.roa (raw, json)
Hash identifier:          lxZNfyimV3NQpo4JPb58fRVzNwdRpPB3SMYQ8hq+yFg=
Subject key identifier:   93:A2:DE:4E:1B:53:E4:FA:18:2D:03:82:80:79:2E:80:79:68:47:88
Certificate issuer:       /CN=A9185D6E/serialNumber=9524EA9B823C20FA78923BE6667E14F6C4C3B47E
Certificate serial:       05CC
Authority key identifier: 95:24:EA:9B:82:3C:20:FA:78:92:3B:E6:66:7E:14:F6:C4:C3:B4:7E
Authority info access:    rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/lSTqm4I8IPp4kjvmZn4U9sTDtH4.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9185D6E/4CBFF4AEDFF111EB894F3067C4F9AE02/53BCB840EA4211EB846B8757C4F9AE02.roa
Signing time:             Thu 02 Oct 2025 23:24:33 +0000
ROA not before:           Thu 02 Oct 2025 23:24:33 +0000
ROA not after:            Sat 31 Oct 2026 00:00:00 +0000
asID:                     14340
IP address blocks:        104.161.128.0/18 maxlen: 24
                          104.161.248.0/23 maxlen: 24
                          104.161.252.0/24 maxlen: 24
                          104.161.253.0/24 maxlen: 24
                          161.32.64.0/18 maxlen: 24
                          161.32.128.0/17 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9185D6E/4CBFF4AEDFF111EB894F3067C4F9AE02/lSTqm4I8IPp4kjvmZn4U9sTDtH4.crl
                          rsync://rpki.apnic.net/member_repository/A9185D6E/4CBFF4AEDFF111EB894F3067C4F9AE02/lSTqm4I8IPp4kjvmZn4U9sTDtH4.mft
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/lSTqm4I8IPp4kjvmZn4U9sTDtH4.cer
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.crl
                          rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/dAFlqA0QcZcKvAnAK3HBrHwdbg4.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/dAFlqA0QcZcKvAnAK3HBrHwdbg4.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Sun 26 Oct 2025 00:46:32 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 1484 (0x5cc)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9185D6E, serialNumber=9524EA9B823C20FA78923BE6667E14F6C4C3B47E
        Validity
            Not Before: Oct  2 23:24:33 2025 GMT
            Not After : Oct 31 00:00:00 2026 GMT
        Subject: CN=68df09b1-a57e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e0:c3:50:83:0b:61:1b:2b:4b:cb:23:ed:f9:51:
                    84:68:92:56:ce:fe:94:51:9d:cf:e9:b1:68:d7:e4:
                    61:9a:3b:ea:72:2e:3e:cf:90:56:e9:c1:d9:f4:46:
                    9e:d6:4b:d5:7c:3f:68:ab:5e:af:48:72:ca:12:09:
                    73:1d:09:11:37:06:92:c9:dc:50:59:e2:36:ce:d9:
                    78:07:21:bb:66:1a:20:03:58:33:f0:81:35:fb:71:
                    2c:47:7d:03:8f:31:21:3d:2c:50:89:df:d2:51:d4:
                    93:d3:c9:79:14:1c:02:7d:82:0e:12:f4:54:62:3a:
                    de:67:78:94:33:36:57:29:b4:a7:ad:70:33:9f:a3:
                    2c:87:4f:77:a4:03:d6:ef:a7:9d:cc:b7:fb:0e:46:
                    d9:3c:e3:ea:29:d5:6a:ff:db:a2:65:d8:ba:26:d8:
                    c3:2b:27:f9:4f:f1:b0:24:9f:32:3f:a4:08:fb:c0:
                    23:e0:04:ba:67:6d:9b:dd:7a:e9:21:93:16:24:af:
                    97:2d:f0:b3:9f:fe:c8:03:6d:04:a6:44:f7:db:13:
                    88:34:be:c7:e9:d3:4b:2c:fa:fc:55:ce:ff:43:f1:
                    1c:e1:fd:90:fb:5f:ac:45:80:8d:b8:84:e3:48:59:
                    c1:ce:34:59:a9:fe:8c:96:5d:ec:b3:c8:3f:51:22:
                    4f:65
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                93:A2:DE:4E:1B:53:E4:FA:18:2D:03:82:80:79:2E:80:79:68:47:88
            X509v3 Authority Key Identifier:
                keyid:95:24:EA:9B:82:3C:20:FA:78:92:3B:E6:66:7E:14:F6:C4:C3:B4:7E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9185D6E/4CBFF4AEDFF111EB894F3067C4F9AE02/lSTqm4I8IPp4kjvmZn4U9sTDtH4.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B3A24F201D6611E28AC8837C72FD1FF2/lSTqm4I8IPp4kjvmZn4U9sTDtH4.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9185D6E/4CBFF4AEDFF111EB894F3067C4F9AE02/53BCB840EA4211EB846B8757C4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  104.161.128.0/18
                  104.161.248.0/23
                  104.161.252.0/23
                  161.32.64.0-161.32.255.255

    Signature Algorithm: sha256WithRSAEncryption
         5d:6f:d7:3c:c1:24:19:39:c2:09:78:2d:11:41:a1:a3:43:df:
         a2:dd:b7:8e:a3:57:6b:78:a5:a7:a5:45:9f:a4:da:da:7d:57:
         4e:f4:1a:74:91:1d:3d:fb:d1:42:d3:c1:5f:64:c8:9e:85:d4:
         86:33:cb:a0:90:e7:4d:d0:75:42:38:75:89:84:df:05:91:3f:
         b3:81:49:2f:76:64:11:e8:d9:f4:d0:07:68:95:7e:0c:aa:56:
         53:51:24:4d:62:d6:d6:ef:4e:fe:d8:b5:31:88:97:13:7c:0b:
         b9:3f:71:6a:8a:e1:62:38:74:4d:57:d5:d7:d5:1e:bd:88:e5:
         41:f6:aa:db:97:64:d4:8c:3a:e0:34:49:f4:f8:b5:2f:78:73:
         54:9a:08:af:2d:00:b9:fa:96:b5:68:d9:2a:89:d8:81:c0:a9:
         7d:02:7f:aa:3d:ec:c3:40:2c:e9:6d:89:a4:5c:e3:8e:7d:e8:
         e9:42:5b:9e:7e:75:c9:45:5e:6e:25:f2:24:8d:c8:2c:18:49:
         c8:55:56:0a:21:ba:b6:1a:87:70:a5:3c:b4:fd:04:a9:3e:51:
         64:d9:4f:41:ba:bb:dc:88:ad:08:b9:23:87:8e:b0:b4:a8:99:
         32:41:a9:34:26:0e:b5:95:f7:5e:47:82:f0:47:40:5d:25:9a:
         73:5d:96:9b
-----BEGIN CERTIFICATE-----
MIIFijCCBHKgAwIBAgICBcwwDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
ODVENkUxMTAvBgNVBAUTKDk1MjRFQTlCODIzQzIwRkE3ODkyM0JFNjY2N0UxNEY2
QzRDM0I0N0UwHhcNMjUxMDAyMjMyNDMzWhcNMjYxMDMxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGRmMDliMS1hNTdlMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA4MNQgwthGytLyyPt+VGEaJJWzv6UUZ3P6bFo1+Rhmjvqci4+z5BW6cHZ9Eae
1kvVfD9oq16vSHLKEglzHQkRNwaSydxQWeI2ztl4ByG7ZhogA1gz8IE1+3EsR30D
jzEhPSxQid/SUdST08l5FBwCfYIOEvRUYjreZ3iUMzZXKbSnrXAzn6Msh093pAPW
76edzLf7DkbZPOPqKdVq/9uiZdi6JtjDKyf5T/GwJJ8yP6QI+8Aj4AS6Z22b3Xrp
IZMWJK+XLfCzn/7IA20EpkT32xOINL7H6dNLLPr8Vc7/Q/Ec4f2Q+1+sRYCNuITj
SFnBzjRZqf6Mll3ss8g/USJPZQIDAQABo4ICrjCCAqowHQYDVR0OBBYEFJOi3k4b
U+T6GC0DgoB5LoB5aEeIMB8GA1UdIwQYMBaAFJUk6puCPCD6eJI75mZ+FPbEw7R+
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE4NUQ2RS80Q0JGRjRBRURG
RjExMUVCODk0RjMwNjdDNEY5QUUwMi9sU1RxbTRJOElQcDRranZtWm40VTlzVER0
SDQuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0IzQTI0RjIwMUQ2NjExRTI4QUM4ODM3Qzcy
RkQxRkYyL2xTVHFtNEk4SVBwNGtqdm1abjRVOXNURHRINC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
ODVENkUvNENCRkY0QUVERkYxMTFFQjg5NEYzMDY3QzRGOUFFMDIvNTNCQ0I4NDBF
QTQyMTFFQjg0NkI4NzU3QzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwOAYIKwYBBQUHAQcBAf8E
KTAnMCUEAgABMB8DBAZooYADBAFoofgDBAFoofwwCwMEBqEgQAMDAKEgMA0GCSqG
SIb3DQEBCwUAA4IBAQBdb9c8wSQZOcIJeC0RQaGjQ9+i3beOo1dreKWnpUWfpNra
fVdO9Bp0kR09+9FC08FfZMiehdSGM8ugkOdN0HVCOHWJhN8FkT+zgUkvdmQR6Nn0
0AdolX4MqlZTUSRNYtbW707+2LUxiJcTfAu5P3FqiuFiOHRNV9XX1R69iOVB9qrb
l2TUjDrgNEn0+LUveHNUmgivLQC5+pa1aNkqidiBwKl9An+qPezDQCzpbYmkXOOO
fejpQluefnXJRV5uJfIkjcgsGEnIVVYKIbq2GodwpTy0/QSpPlFk2U9BurvciK0I
uSOHjrC0qJkyQak0Jg61lfdeR4LwR0BdJZpzXZab
-----END CERTIFICATE-----
Generated at Mon Oct 20 13:42:19 2025 by rpki-client