Route Origin Authorization

$ rpki-client -vvf rpki.apnic.net/member_repository/A9194335/342D222851D111E9AF1FF73CC4F9AE02/13C01CC0C4AD11EA9E35F20AC4F9AE02.roa
File:                     13C01CC0C4AD11EA9E35F20AC4F9AE02.roa (raw, json)
Hash identifier:          fGi0j+kZLxX+sDKoi6qsiuh9Ro/0HWo7bGmH8+R6rpM=
Subject key identifier:   E1:5D:58:B2:AA:09:FE:3F:7C:2C:35:D4:68:73:F8:9C:B8:E4:14:AD
Certificate issuer:       /CN=A9194335/serialNumber=91BC79AE15CCAEA44E4FE7845FBFCA63E7FAEB9E
Certificate serial:       103A
Authority key identifier: 91:BC:79:AE:15:CC:AE:A4:4E:4F:E7:84:5F:BF:CA:63:E7:FA:EB:9E
Authority info access:    rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/kbx5rhXMrqROT-eEX7_KY-f6654.cer
Subject info access:      rsync://rpki.apnic.net/member_repository/A9194335/342D222851D111E9AF1FF73CC4F9AE02/13C01CC0C4AD11EA9E35F20AC4F9AE02.roa
Signing time:             Thu 02 Oct 2025 17:47:10 +0000
ROA not before:           Thu 02 Oct 2025 17:47:10 +0000
ROA not after:            Tue 01 Dec 2026 00:00:00 +0000
asID:                     9268
IP address blocks:        202.87.4.0/22 maxlen: 24
Validation:               OK
Signature path:           rsync://rpki.apnic.net/member_repository/A9194335/342D222851D111E9AF1FF73CC4F9AE02/kbx5rhXMrqROT-eEX7_KY-f6654.crl
                          rsync://rpki.apnic.net/member_repository/A9194335/342D222851D111E9AF1FF73CC4F9AE02/kbx5rhXMrqROT-eEX7_KY-f6654.mft
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/kbx5rhXMrqROT-eEX7_KY-f6654.cer
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.crl
                          rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/DmWk9f02tb1o6zySNAiXjJB6p58.mft
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/DmWk9f02tb1o6zySNAiXjJB6p58.cer
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.crl
                          rsync://rpki.apnic.net/repository/980652E0B77E11E7A96A39521A4F4FB4/mBQsnQtBo7n7YD12mEgjb9HzGSQ.mft
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/mBQsnQtBo7n7YD12mEgjb9HzGSQ.cer
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.crl
                          rsync://rpki.apnic.net/repository/838DB214166511E2B3BC286172FD1FF2/C5zKkN0Neoo3ZmsZIX_g2EA3t6I.mft
                          rsync://rpki.apnic.net/repository/apnic-rpki-root-iana-origin.cer
Signature path expires:   Mon 27 Oct 2025 17:54:55 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number: 4154 (0x103a)
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=A9194335, serialNumber=91BC79AE15CCAEA44E4FE7845FBFCA63E7FAEB9E
        Validity
            Not Before: Oct  2 17:47:10 2025 GMT
            Not After : Dec  1 00:00:00 2026 GMT
        Subject: CN=68deba9d-9efa
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:dc:61:67:48:ff:cb:e2:cd:fb:db:5a:3a:05:3a:
                    af:cf:88:6a:87:ef:b4:0e:93:b4:7c:af:f4:77:bf:
                    e4:6e:8f:b6:a7:c7:da:96:74:83:6b:d0:21:ed:87:
                    09:ae:b9:4d:22:79:b2:8b:cd:d8:be:a0:37:15:c3:
                    fa:6f:a7:a7:3d:f7:df:b5:ae:e4:29:35:6a:a5:e3:
                    4e:f2:6a:3d:e0:b6:d6:83:76:dd:fa:ce:e1:f1:d2:
                    75:ed:62:bd:3a:4c:27:ec:9b:4f:bb:50:99:00:4e:
                    6b:81:ae:fe:0a:2b:07:12:78:4c:53:3d:ff:6d:d3:
                    09:8e:86:e7:b9:57:44:fd:ab:b7:f5:75:fb:aa:c5:
                    58:d8:df:7f:50:dd:43:45:0a:7d:2f:e0:89:86:b7:
                    64:3b:c1:22:8d:ef:38:c1:75:c7:2c:f7:4c:ff:cd:
                    ca:64:79:26:b8:26:69:27:6d:68:9a:6f:7d:7b:21:
                    d3:84:2b:ff:84:ac:c3:a2:1d:38:73:1d:e8:d6:69:
                    d5:e8:d2:9f:41:65:1c:67:53:48:0f:8a:79:5e:b2:
                    38:75:ce:15:c9:a2:d4:06:f3:2b:d6:2a:d1:22:60:
                    49:5a:52:a9:18:26:27:7e:a6:1e:03:e3:b4:35:0a:
                    b4:77:b3:19:9d:22:b5:d5:93:23:4b:66:16:22:ec:
                    68:a3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                E1:5D:58:B2:AA:09:FE:3F:7C:2C:35:D4:68:73:F8:9C:B8:E4:14:AD
            X509v3 Authority Key Identifier:
                keyid:91:BC:79:AE:15:CC:AE:A4:4E:4F:E7:84:5F:BF:CA:63:E7:FA:EB:9E

            X509v3 Key Usage: critical
                Digital Signature
            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.apnic.net/member_repository/A9194335/342D222851D111E9AF1FF73CC4F9AE02/kbx5rhXMrqROT-eEX7_KY-f6654.crl

            Authority Information Access:
                CA Issuers - URI:rsync://rpki.apnic.net/repository/B527EF581D6611E2BB468F7C72FD1FF2/kbx5rhXMrqROT-eEX7_KY-f6654.cer

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber
                  CPS: https://www.apnic.net/RPKI/CPS.pdf

            Subject Information Access:
                Signed Object - URI:rsync://rpki.apnic.net/member_repository/A9194335/342D222851D111E9AF1FF73CC4F9AE02/13C01CC0C4AD11EA9E35F20AC4F9AE02.roa
                RPKI Notify - URI:https://rrdp.apnic.net/notification.xml

            sbgp-ipAddrBlock: critical
                IPv4:
                  202.87.4.0/22

    Signature Algorithm: sha256WithRSAEncryption
         83:88:3c:10:86:9b:6e:d4:cc:7d:c1:1b:89:de:c0:66:58:af:
         c4:1c:8d:b2:fe:6b:38:22:0c:b7:e6:89:53:dc:f7:9e:e5:16:
         07:67:b2:d1:1a:3c:5a:ee:e7:83:28:28:e2:9c:3e:b1:89:43:
         9c:83:e9:27:fb:e5:08:ab:eb:7b:58:8c:18:e4:2e:2f:10:a0:
         e5:4b:ff:98:7d:4e:d6:38:8e:41:11:f9:bc:35:0b:1b:56:ad:
         c8:65:72:44:fa:59:53:b9:53:9d:21:02:a2:0d:07:36:bb:0e:
         1c:4e:67:11:0f:cc:38:7a:63:10:19:4a:a6:1c:0b:5c:1b:e0:
         73:93:a6:09:76:42:b9:c9:ef:32:a4:89:d8:ed:8d:f8:4b:0e:
         56:ec:68:bb:13:ee:44:1a:80:ce:a6:b5:69:e0:4f:fe:9e:15:
         10:c6:90:3e:e9:a0:8d:b6:02:e1:9a:d6:2a:88:ef:d2:c8:29:
         ed:0f:39:a4:81:91:58:3c:2b:93:bd:57:d0:f7:1a:76:a9:7a:
         dc:ad:4b:9b:fa:15:e1:a7:c2:77:cd:81:8d:09:a8:24:73:54:
         11:14:16:21:63:e3:12:f4:97:f3:53:ab:41:aa:c2:6d:71:b6:
         3c:e2:09:a3:22:a9:27:b5:ea:a3:6f:2a:eb:dd:e9:8c:c7:2d:
         af:f3:f9:41
-----BEGIN CERTIFICATE-----
MIIFcTCCBFmgAwIBAgICEDowDQYJKoZIhvcNAQELBQAwRjERMA8GA1UEAxMIQTkx
OTQzMzUxMTAvBgNVBAUTKDkxQkM3OUFFMTVDQ0FFQTQ0RTRGRTc4NDVGQkZDQTYz
RTdGQUVCOUUwHhcNMjUxMDAyMTc0NzEwWhcNMjYxMjAxMDAwMDAwWjAYMRYwFAYD
VQQDEw02OGRlYmE5ZC05ZWZhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC
AQEA3GFnSP/L4s3721o6BTqvz4hqh++0DpO0fK/0d7/kbo+2p8falnSDa9Ah7YcJ
rrlNInmyi83YvqA3FcP6b6enPfffta7kKTVqpeNO8mo94LbWg3bd+s7h8dJ17WK9
Okwn7JtPu1CZAE5rga7+CisHEnhMUz3/bdMJjobnuVdE/au39XX7qsVY2N9/UN1D
RQp9L+CJhrdkO8Eije84wXXHLPdM/83KZHkmuCZpJ21omm99eyHThCv/hKzDoh04
cx3o1mnV6NKfQWUcZ1NID4p5XrI4dc4VyaLUBvMr1irRImBJWlKpGCYnfqYeA+O0
NQq0d7MZnSK11ZMjS2YWIuxoowIDAQABo4IClTCCApEwHQYDVR0OBBYEFOFdWLKq
Cf4/fCw11Ghz+Jy45BStMB8GA1UdIwQYMBaAFJG8ea4VzK6kTk/nhF+/ymPn+uue
MA4GA1UdDwEB/wQEAwIHgDCBgwYDVR0fBHwwejB4oHagdIZycnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9tZW1iZXJfcmVwb3NpdG9yeS9BOTE5NDMzNS8zNDJEMjIyODUx
RDExMUU5QUYxRkY3M0NDNEY5QUUwMi9rYng1cmhYTXJxUk9ULWVFWDdfS1ktZjY2
NTQuY3JsMH4GCCsGAQUFBwEBBHIwcDBuBggrBgEFBQcwAoZicnN5bmM6Ly9ycGtp
LmFwbmljLm5ldC9yZXBvc2l0b3J5L0I1MjdFRjU4MUQ2NjExRTJCQjQ2OEY3Qzcy
RkQxRkYyL2tieDVyaFhNcnFST1QtZUVYN19LWS1mNjY1NC5jZXIwSgYDVR0gAQH/
BEAwPjA8BggrBgEFBQcOAjAwMC4GCCsGAQUFBwIBFiJodHRwczovL3d3dy5hcG5p
Yy5uZXQvUlBLSS9DUFMucGRmMIHLBggrBgEFBQcBCwSBvjCBuzCBgwYIKwYBBQUH
MAuGd3JzeW5jOi8vcnBraS5hcG5pYy5uZXQvbWVtYmVyX3JlcG9zaXRvcnkvQTkx
OTQzMzUvMzQyRDIyMjg1MUQxMTFFOUFGMUZGNzNDQzRGOUFFMDIvMTNDMDFDQzBD
NEFEMTFFQTlFMzVGMjBBQzRGOUFFMDIucm9hMDMGCCsGAQUFBzANhidodHRwczov
L3JyZHAuYXBuaWMubmV0L25vdGlmaWNhdGlvbi54bWwwHwYIKwYBBQUHAQcBAf8E
EDAOMAwEAgABMAYDBALKVwQwDQYJKoZIhvcNAQELBQADggEBAIOIPBCGm27UzH3B
G4newGZYr8QcjbL+azgiDLfmiVPc957lFgdnstEaPFru54MoKOKcPrGJQ5yD6Sf7
5Qir63tYjBjkLi8QoOVL/5h9TtY4jkER+bw1CxtWrchlckT6WVO5U50hAqINBza7
DhxOZxEPzDh6YxAZSqYcC1wb4HOTpgl2QrnJ7zKkidjtjfhLDlbsaLsT7kQagM6m
tWngT/6eFRDGkD7poI22AuGa1iqI79LIKe0POaSBkVg8K5O9V9D3GnapetytS5v6
FeGnwnfNgY0JqCRzVBEUFiFj4xL0l/NTq0Gqwm1xtjziCaMiqSe16qNvKuvd6YzH
La/z+UE=
-----END CERTIFICATE-----
Generated at Mon Oct 20 22:43:07 2025 by rpki-client